diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 383c1a4d7a..6ac2e03625 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -5321,11 +5321,6 @@ "redirect_document_id": true }, { -"source_path": "devices/hololens/hololens-insider.md", -"redirect_url": "/devices/hololens/hololens-whats-new", -"redirect_document_id": true -}, -{ "source_path": "windows/configuration/windows-diagnostic-data-1709.md", "redirect_url": "/windows/configuration/windows-diagnostic-data", "redirect_document_id": true diff --git a/README.md b/README.md [FRENCH] similarity index 100% rename from README.md rename to README.md [FRENCH] diff --git a/browsers/edge/group-policies/start-pages-gp.md b/browsers/edge/group-policies/start-pages-gp.md index 4a048616d8..8aded2af76 100644 --- a/browsers/edge/group-policies/start-pages-gp.md +++ b/browsers/edge/group-policies/start-pages-gp.md @@ -27,7 +27,7 @@ You can find the Microsoft Edge Group Policy settings in the following location ## Configuration options -![Load URLs defined in Configure Start Pages](../images/load-urls-defined-in-configure-open-edge-with-main-sm.png) +![Load URLs defined in Configure Start pages](../images/load-urls-defined-in-configure-open-edge-with-sm.png) ## Configure Open Microsoft Edge With diff --git a/browsers/edge/images/allow-shared-books-folder.png b/browsers/edge/images/allow-shared-books-folder.png new file mode 100644 index 0000000000..84465f886e Binary files /dev/null and b/browsers/edge/images/allow-shared-books-folder.png differ diff --git a/browsers/edge/images/allow-shared-books-folder_sm.png b/browsers/edge/images/allow-shared-books-folder_sm.png index fc49829b14..0eb5feb868 100644 Binary files a/browsers/edge/images/allow-shared-books-folder_sm.png and b/browsers/edge/images/allow-shared-books-folder_sm.png differ diff --git a/browsers/edge/images/home-buttom-custom-url-v4-sm.png b/browsers/edge/images/home-buttom-custom-url-v4-sm.png index 397b46c75b..dcacfdd7cf 100644 Binary files a/browsers/edge/images/home-buttom-custom-url-v4-sm.png and b/browsers/edge/images/home-buttom-custom-url-v4-sm.png differ diff --git a/browsers/edge/images/home-buttom-custom-url-v4.png b/browsers/edge/images/home-buttom-custom-url-v4.png index db47a93117..edc22f0ce2 100644 Binary files a/browsers/edge/images/home-buttom-custom-url-v4.png and b/browsers/edge/images/home-buttom-custom-url-v4.png differ diff --git a/browsers/edge/images/home-button-hide-sm.png b/browsers/edge/images/home-button-hide-sm.png deleted file mode 100644 index beab1c22ef..0000000000 Binary files a/browsers/edge/images/home-button-hide-sm.png and /dev/null differ diff --git a/browsers/edge/images/home-button-hide-v4-sm.png b/browsers/edge/images/home-button-hide-v4-sm.png index fe21f0523c..adf5961b64 100644 Binary files a/browsers/edge/images/home-button-hide-v4-sm.png and b/browsers/edge/images/home-button-hide-v4-sm.png differ diff --git a/browsers/edge/images/home-button-hide-v4.png b/browsers/edge/images/home-button-hide-v4.png deleted file mode 100644 index 761143f0c8..0000000000 Binary files a/browsers/edge/images/home-button-hide-v4.png and /dev/null differ diff --git a/browsers/edge/images/home-button-hide.png b/browsers/edge/images/home-button-hide.png deleted file mode 100644 index 761143f0c8..0000000000 Binary files a/browsers/edge/images/home-button-hide.png and /dev/null differ diff --git a/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png b/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png index 7b04f17b28..5f4d97445d 100644 Binary files a/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png and b/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png differ diff --git a/browsers/edge/images/home-button-start-new-tab-page-v4.png b/browsers/edge/images/home-button-start-new-tab-page-v4.png deleted file mode 100644 index 599ebeb8df..0000000000 Binary files a/browsers/edge/images/home-button-start-new-tab-page-v4.png and /dev/null differ diff --git a/browsers/edge/images/kiosk-mode-types.png b/browsers/edge/images/kiosk-mode-types.png deleted file mode 100644 index 1ae43b31ac..0000000000 Binary files a/browsers/edge/images/kiosk-mode-types.png and /dev/null differ diff --git a/browsers/edge/images/load-any-start-page-let-users-make-changes.png b/browsers/edge/images/load-any-start-page-let-users-make-changes.png deleted file mode 100644 index fd4caf021e..0000000000 Binary files a/browsers/edge/images/load-any-start-page-let-users-make-changes.png and /dev/null differ diff --git a/browsers/edge/images/load-blank-page-not-new-tab-page-sm.png b/browsers/edge/images/load-blank-page-not-new-tab-page-sm.png index bddfed4cf8..5cd776f936 100644 Binary files a/browsers/edge/images/load-blank-page-not-new-tab-page-sm.png and b/browsers/edge/images/load-blank-page-not-new-tab-page-sm.png differ diff --git a/browsers/edge/images/load-default-new-tab-page-sm.png b/browsers/edge/images/load-default-new-tab-page-sm.png index 66a5cc830f..3fd9b6b714 100644 Binary files a/browsers/edge/images/load-default-new-tab-page-sm.png and b/browsers/edge/images/load-default-new-tab-page-sm.png differ diff --git a/browsers/edge/images/load-urls-defined-in-configure-open-edge-with-main-sm.png b/browsers/edge/images/load-urls-defined-in-configure-open-edge-with-main-sm.png deleted file mode 100644 index eb3987003d..0000000000 Binary files a/browsers/edge/images/load-urls-defined-in-configure-open-edge-with-main-sm.png and /dev/null differ diff --git a/browsers/edge/images/load-urls-defined-in-configure-open-edge-with-main.png b/browsers/edge/images/load-urls-defined-in-configure-open-edge-with-main.png deleted file mode 100644 index bf4dc617aa..0000000000 Binary files a/browsers/edge/images/load-urls-defined-in-configure-open-edge-with-main.png and /dev/null differ diff --git a/browsers/edge/images/load-urls-defined-in-configure-open-edge-with-sm.png b/browsers/edge/images/load-urls-defined-in-configure-open-edge-with-sm.png index eacac1b216..f82383cb1d 100644 Binary files a/browsers/edge/images/load-urls-defined-in-configure-open-edge-with-sm.png and b/browsers/edge/images/load-urls-defined-in-configure-open-edge-with-sm.png differ diff --git a/browsers/edge/images/load-urls-defined-in-configure-open-edge-with.png b/browsers/edge/images/load-urls-defined-in-configure-open-edge-with.png deleted file mode 100644 index eacac1b216..0000000000 Binary files a/browsers/edge/images/load-urls-defined-in-configure-open-edge-with.png and /dev/null differ diff --git a/browsers/edge/images/microsoft-edge-infographic-sm.png b/browsers/edge/images/microsoft-edge-infographic-sm.png deleted file mode 100644 index 1794540e5c..0000000000 Binary files a/browsers/edge/images/microsoft-edge-infographic-sm.png and /dev/null differ diff --git a/browsers/edge/images/microsoft-edge-kiosk-mode.png b/browsers/edge/images/microsoft-edge-kiosk-mode.png index ea96e6f845..d2ccfb42cf 100644 Binary files a/browsers/edge/images/microsoft-edge-kiosk-mode.png and b/browsers/edge/images/microsoft-edge-kiosk-mode.png differ diff --git a/browsers/edge/images/prelaunch-edge-and-preload-tabs-sm.png b/browsers/edge/images/prelaunch-edge-and-preload-tabs-sm.png index 823309be3e..2e0c2caaa5 100644 Binary files a/browsers/edge/images/prelaunch-edge-and-preload-tabs-sm.png and b/browsers/edge/images/prelaunch-edge-and-preload-tabs-sm.png differ diff --git a/browsers/edge/images/prelaunch-edge-and-preload-tabs.png b/browsers/edge/images/prelaunch-edge-and-preload-tabs.png deleted file mode 100644 index a287ebb8fd..0000000000 Binary files a/browsers/edge/images/prelaunch-edge-and-preload-tabs.png and /dev/null differ diff --git a/browsers/edge/images/prelaunch-edge-only-sm.png b/browsers/edge/images/prelaunch-edge-only-sm.png index 365bddf96a..e5ae065226 100644 Binary files a/browsers/edge/images/prelaunch-edge-only-sm.png and b/browsers/edge/images/prelaunch-edge-only-sm.png differ diff --git a/browsers/edge/images/prelaunch-edge-only.png b/browsers/edge/images/prelaunch-edge-only.png deleted file mode 100644 index 975a745f3f..0000000000 Binary files a/browsers/edge/images/prelaunch-edge-only.png and /dev/null differ diff --git a/browsers/edge/images/preload-tabs-only-sm.png b/browsers/edge/images/preload-tabs-only-sm.png index 32089d3fce..1ea5a5af23 100644 Binary files a/browsers/edge/images/preload-tabs-only-sm.png and b/browsers/edge/images/preload-tabs-only-sm.png differ diff --git a/browsers/edge/images/preload-tabs-only.png b/browsers/edge/images/preload-tabs-only.png deleted file mode 100644 index 01181d6b82..0000000000 Binary files a/browsers/edge/images/preload-tabs-only.png and /dev/null differ diff --git a/browsers/edge/images/prevent-syncing-browser-settings-sm.png b/browsers/edge/images/prevent-syncing-browser-settings-sm.png index 7bcdfcdc8c..fb88466201 100644 Binary files a/browsers/edge/images/prevent-syncing-browser-settings-sm.png and b/browsers/edge/images/prevent-syncing-browser-settings-sm.png differ diff --git a/browsers/edge/images/prevent-syncing-browser-settings.png b/browsers/edge/images/prevent-syncing-browser-settings.png deleted file mode 100644 index 6f98dc6c22..0000000000 Binary files a/browsers/edge/images/prevent-syncing-browser-settings.png and /dev/null differ diff --git a/browsers/edge/images/set-default-search-engine-v4-sm.png b/browsers/edge/images/set-default-search-engine-v4-sm.png index 44a5ae094a..cf43642b65 100644 Binary files a/browsers/edge/images/set-default-search-engine-v4-sm.png and b/browsers/edge/images/set-default-search-engine-v4-sm.png differ diff --git a/browsers/edge/images/set-default-search-engine-v4.png b/browsers/edge/images/set-default-search-engine-v4.png deleted file mode 100644 index 59528a3282..0000000000 Binary files a/browsers/edge/images/set-default-search-engine-v4.png and /dev/null differ diff --git a/browsers/edge/images/sync-browser-settings-automatically-sm.png b/browsers/edge/images/sync-browser-settings-automatically-sm.png index 25b68500d5..ff9695d64c 100644 Binary files a/browsers/edge/images/sync-browser-settings-automatically-sm.png and b/browsers/edge/images/sync-browser-settings-automatically-sm.png differ diff --git a/browsers/edge/images/sync-browser-settings-automatically.png b/browsers/edge/images/sync-browser-settings-automatically.png deleted file mode 100644 index 3f81196ebc..0000000000 Binary files a/browsers/edge/images/sync-browser-settings-automatically.png and /dev/null differ diff --git a/browsers/edge/images/use-enterprise-mode-with-microsoft-edge-sm.png b/browsers/edge/images/use-enterprise-mode-with-microsoft-edge-sm.png index 99c2e9bf12..bc64f2dade 100644 Binary files a/browsers/edge/images/use-enterprise-mode-with-microsoft-edge-sm.png and b/browsers/edge/images/use-enterprise-mode-with-microsoft-edge-sm.png differ diff --git a/browsers/edge/images/use-enterprise-mode-with-microsoft-edge.png b/browsers/edge/images/use-enterprise-mode-with-microsoft-edge.png deleted file mode 100644 index 8a9b11ff19..0000000000 Binary files a/browsers/edge/images/use-enterprise-mode-with-microsoft-edge.png and /dev/null differ diff --git a/browsers/edge/images/users-choose-new-tab-page-sm.png b/browsers/edge/images/users-choose-new-tab-page-sm.png index 9373069370..21e7c7ea7f 100644 Binary files a/browsers/edge/images/users-choose-new-tab-page-sm.png and b/browsers/edge/images/users-choose-new-tab-page-sm.png differ diff --git a/browsers/edge/img-microsoft-edge-infographic-lg.md b/browsers/edge/img-microsoft-edge-infographic-lg.md deleted file mode 100644 index cb3a42f1b9..0000000000 --- a/browsers/edge/img-microsoft-edge-infographic-lg.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -description: A full-sized view of the Microsoft Edge infographic. -title: Full-sized view of the Microsoft Edge infographic -ms.date: 11/10/2016 -ms.author: pashort -author: shortpatti ---- - -Return to: [Browser: Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md)
-Download image: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892) - -![Full-sized Microsoft Edge infographic](images/img-microsoft-edge-infographic-lg.png) - diff --git a/browsers/edge/shortdesc/shortdesc-test.md b/browsers/edge/shortdesc/shortdesc-test.md deleted file mode 100644 index c1d657d88b..0000000000 --- a/browsers/edge/shortdesc/shortdesc-test.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -author: shortpatti -ms.author: pashort -ms.date: 10/02/2018 -ms.prod: edge -ms:topic: include ---- - -UI settings for the home button are disabled preventing your users from making changes \ No newline at end of file diff --git a/browsers/edge/use-powershell-to-manage-group-policy.md b/browsers/edge/use-powershell-to-manage-group-policy.md deleted file mode 100644 index 5747091d66..0000000000 --- a/browsers/edge/use-powershell-to-manage-group-policy.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: Use Windows PowerShell to manage group policy -description: -ms.prod: edge -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: -ms.localizationpriority: medium -ms.date: 10/02/2018 -ms.author: pashort -author: shortpatti ---- - -# Use Windows PowerShell to manage group policy - -Windows PowerShell supports group policy automation of the same tasks you perform in Group Policy Management Console (GPMC) for domain-based group policy objects (GPOs): - -- Maintain GPOs (GPO creation, removal, backup, and import) -- Associate GPOs with Active Directory service containers (group policy link creation, update, and removal) -- Set permissions on GPOs -- Modify inheritance flags on Active Directory organization units (OUs) and domains -- Configure registry-based policy settings and group policy preferences registry settings (update, retrieval, and removal) -- Create starter GPOs - - - diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index 49d9417151..e1fa685f30 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -1,5 +1,6 @@ # [Microsoft HoloLens](index.md) ## [What's new in Microsoft HoloLens](hololens-whats-new.md) +## [Insider preview for Microsoft HoloLens](hololens-insider.md) ## [HoloLens in the enterprise: requirements and FAQ](hololens-requirements.md) ## [Set up HoloLens](hololens-setup.md) ## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md index 2223a05c76..95f7f92bed 100644 --- a/devices/hololens/change-history-hololens.md +++ b/devices/hololens/change-history-hololens.md @@ -16,10 +16,6 @@ ms.date: 07/27/2018 This topic lists new and updated topics in the [Microsoft HoloLens documentation](index.md). -## Windows 10 Holographic for Business, version 1800 - -The topics in this library have been updated for Windows 10 Holographic for Business, version 1809. - ## July 2018 New or changed topic | Description diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md new file mode 100644 index 0000000000..f7fe891a58 --- /dev/null +++ b/devices/hololens/hololens-insider.md @@ -0,0 +1,176 @@ +--- +title: Insider preview for Microsoft HoloLens (HoloLens) +description: It’s simple to get started with Insider builds and to provide valuable feedback for our next major operating system update for HoloLens. +ms.prod: hololens +ms.sitesec: library +author: jdeckerms +ms.author: jdecker +ms.topic: article +ms.localizationpriority: medium +ms.date: 07/27/2018 +--- + +# Insider preview for Microsoft HoloLens + +Welcome to the latest Insider Preview builds for HoloLens! It’s simple to get started and provide valuable feedback for our next major operating system update for HoloLens. + + + + +## How do I install the Insider builds? + +On a device running the Windows 10 April 2018 Update, go to **Settings -> Update & Security -> Windows Insider Program** and select **Get started**. Link the account you used to register as a Windows Insider. + +Then, select **Active development of Windows**, choose whether you’d like to receive **Fast** or **Slow** builds, and review the program terms. + +Select **Confirm -> Restart Now** to finish up. After your device has rebooted, go to **Settings -> Update & Security -> Check for updates** to get the latest build. + +## New features for HoloLens + +The latest Insider Preview (RS5) has arrived for all HoloLens customers! This latest flight is packed with improvements that have been introduced since the [last major release of HoloLens software in May 2018](https://docs.microsoft.com/windows/mixed-reality/release-notes-october-2018). + +### For everyone + + +Feature | Details | Instructions +--- | --- | --- +Stop video capture from the Start or quick actions menu | If you start video capture from the Start menu or quick actions menu, you’ll be able to stop recording from the same place. (Don’t forget, you can always do this with voice commands too.) | To start recording, select **Start > Video**. To stop recording, select **Start > Stop video**. +Project to a Miracast-enabled device | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter | On **Start**, select **Connect**. Select the device you want to project to. +New notifications | View and respond to notification toasts on HoloLens, just like you do on a PC. | You’ll now see notifications from apps that provide them. Gaze to respond to or dismiss them (or if you’re in an immersive experience, use the bloom gesture). +HoloLens overlays (file picker, keyboard, dialogs, etc.) | You’ll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. | When you’re using an immersive app, input text, select a file from the file picker, or interact with dialogs without leaving the app. +Visual feedback overlay UI for volume change | When you use the volume up/down buttons on your HoloLens you’ll see a visual display of the volume level. | Adjust the device volume using the volume up/down buttons located on the right arm of the HoloLens. Use the visual display to track the volume level. +New UI for device boot | A loading indicator was added during the boot process to provide visual feedback that the system is loading. | Reboot your device to see the new loading indicator—it’s between the "Hello" message and the Windows boot logo. +Share UX: Nearby Sharing | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. | Capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge). Select a nearby Windows device to share with. +Share from Microsoft Edge | Share button is now available on Microsoft Edge windows on HoloLens. | In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. + +### For developers + +- Support for Holographic [Camera Capture UI API](https://docs.microsoft.com/windows/uwp/audio-video-camera/capture-photos-and-video-with-cameracaptureui), which will let developers expose a way for users to seamlessly invoke camera or video capture from within their applications. For example, users can now capture and insert photo or video content directly within apps like Word. +- Mixed Reality Capture has been improved to exclude hidden mesh from captures, which means videos captures by apps will no longer contain black corners around the content. + +### For commercial customers + + +Feature | Details | Instructions +--- | --- | --- +Enable post-setup provisioning | Can now apply a runtime provisioning package at any time using **Settings**. | On your PC:

1. Create a provisioning package as described at [Create a provisioning package for HoloLens using the HoloLens wizard](hololens-provisioning.md).
2. Connect the HoloLens device via USB to a PC. HoloLens will show up as a device in File Explorer on the PC.
3. Drag and drop the provisioning package to the Documents folder on the HoloLens.

On your HoloLens:

1. Go to **Settings > Accounts > Access work or school**.
2. In **Related Settings**, select **Add or remove a provisioning package**.
3. On the next page, select **Add a package** to launch the file picker and select your provisioning package.
**Note:** if the folder is empty, make sure you select **This Device** and select **Documents**.
After your package has been applied, it will show in the list of Installed packages. To view package details or to remove the package from the device, select the listed package. +Assigned access with Azure AD groups | Flexibility to use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. | Prepare XML file to configure Assigned Access on PC:

1. In a text editor, open [the provided file AssignedAccessHoloLensConfiguration_AzureADGroup.xml](#xml).
2. Change the group ID to one available in your Azure AD tenant. You can find the group ID of an Azure Active Directory Group by either :
- following the steps at [Azure Active Directory version 2 cmdlets for group management](https://docs.microsoft.com/azure/active-directory/active-directory-accessmanagement-groups-settings-v2-cmdlets),
OR
- in the Azure portal, with the steps at [Manage the settings for a group in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-groups-settings-azure-portal).

**Note:** The sample configures the following apps: Skype, Learning, Feedback Hub, Flow, Camera, and Calibration.

Create provisioning package with WCD:

1. On a PC, follow the steps at [Create a provisioning package for HoloLens using the HoloLens wizard](hololens-provisioning.md) to create a provisioning package.
2. Ensure that you include the license file in **Set up device**.
3. Select **Switch to advanced editor** (bottom left), and **Yes** for warning prompt.
4. Expand the runtime settings selection in the **Available customizations** panel and select **AssignedAccess > MultiAppAssignedAccessSettings**.
5. In the middle panel, you should now see the setting displayed with documentation in the panel below. Browse to the XML you modified for Assigned Access.
6. On the **Export** menu, select **Provisioning package**.
**Warning:** If you encrypt the provisioning package, provisioning the HoloLens device will fail.
7. Select **Next** to specify the output location where you want the provisioning package to go once it's built.
8. Select **Next**, and then select **Build** to start building the package.
9. When the build completes, select **Finish**.

Apply the package to HoloLens:

1. Connect HoloLens via USB to a PC and start the device, but do not continue past the **Fit** page of OOBE (the first page with the blue box). HoloLens will show up as a device in File Explorer on the PC.
2. In File Explorer, drag and drop the provisioning package (.ppkg) onto the device storage.
3. Briefly press and release the **Volume Down** and **Power** buttons simultaneously again while on the fit page.
4. The device will ask you if you trust the package and would like to apply it. Confirm that you trust the package.
5. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with OOBE.

Enable assigned access on HoloLens:

1. After applying the provisioning package, during the **Account Setup** flows in OOBE, select **My work or school owns this** to set up your device with an Azure AD account.
**Note:** This account must not be in the group chosen for Assigned Access.
2. Once you reach the Shell, ensure the Skype app is installed either via your MDM environment or from the Store.
3. After the Skype app is installed, sign out.
4. On the sign-in screen, select the **Other User** option and enter an Azure AD account email address that belongs to the group chosen for Assigned Access. Then enter the password to sign in. You should now see this user with only the apps configured in the Assigned Access profile. +PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**.  | When signing in as **Other User**, the PIN option is now available under **Sign-In options**. +Sign in with Web Cred Provider using password | You can now select the Globe sign-in option to launch web sign-in with your password. Look for additional web sign-in methods coming in the future. | From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password.
**Note:** You can choose to bypass any PIN/Smartcard options when prompted during web sign-in.  +Read device hardware info through MDM so devices can be tracked by serial # | IT administrators can see and track HoloLens by device serial number in their MDM console. | Refer to your MDM documentation for feature availability, and for how to use your MDM console to view HoloLens device serial number. +Set HoloLens device name through MDM (rename) |  IT administrators can see and rename HoloLens devices in their MDM console. | Refer to your MDM documentation for feature availability, and for how to use your MDM console to view and set your HoloLens device name (rename). + +### For international customers + + +Feature | Details | Instructions +--- | --- | --- +Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands. | See below. + +#### Installing the Chinese or Japanese versions of the Insider builds + +In order to switch to the Chinese or Japanese version of HoloLens, you’ll need to download the build for the language on a PC and then install it on your HoloLens using the Windows Device Recovery Tool (WDRT). + +>[!IMPORTANT] +>Installing the Chinese or Japanese builds of HoloLens using WDRT will delete existing data, like personal files and settings, from your HoloLens. + +1. On a retail HoloLens device, [opt in to Insider Preview builds](#get-insider) to prepare your device for the RS5 Preview. +2. On your PC, download and install [the Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379). +3. Download the package for the language you want to your PC: [Simplified Chinese](https://aka.ms/hololenspreviewdownload-ch) or [Japanese](https://aka.ms/hololenspreviewdownload-jp). +4. When the download is finished, select **File Explorer > Downloads**. Right-click the zipped folder you just downloaded, and select **Extract all... > Extract** to unzip it. +5. Connect your HoloLens to your PC using the micro-USB cable it came with. (Even if you've been using other cables to connect your HoloLens, this one works best.)  +6. The tool will automatically detect your HoloLens. Select the Microsoft HoloLens tile. +7. On the next screen, select **Manual package selection** and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the extension “.ffu”.) +8. Select **Install software** and follow the instructions to finish installing. +9. Once the build is installed, HoloLens setup will start automatically. Put on the device and follow the setup directions. +10. After you complete setup, go to **Settings -> Update & Security -> Windows Insider Program** and select **Get started**. Link the account you used to register as a Windows Insider. Then, select **Active development of Windows**, choose whether you’d like to receive **Fast** or **Slow** builds, and review the program terms. Select **Confirm -> Restart Now** to finish up. After your device has rebooted, go to **Settings -> Update & Security -> Check for updates** to get the latest build. + + +## Note for language support + +- You can’t change the system language between English, Japanese, and Chinese using the Settings app. Flashing a new build is the only supported way to change the device system language. +- While you can enter Simplified Chinese / Japanese text using the on-screen Pinyin keyboard, typing in Simplified Chinese / Japanese using a Bluetooth hardware keyboard is not supported at this time. However, on Chinese/Japanese HoloLens, you can continue to use a BT keyboard to type in English (the Shift key on a hardware keyboard toggles the keyboard to type in English). + +## Note for developers + +You are welcome and encouraged to try developing your applications using this build of HoloLens. Check out the [HoloLens Developer Documentation](https://developer.microsoft.com/windows/mixed-reality/development) to get started. Those same instructions work with this latest build of HoloLens. You can use the same builds of Unity and Visual Studio that you're already using for HoloLens development. + +## Provide feedback and report issues + +Please use [the Feedback Hub app](https://docs.microsoft.com/windows/mixed-reality/give-us-feedback) on your HoloLens or Windows 10 PC to provide feedback and report issues. Using Feedback Hub ensures that all necessary diagnostics information is included to help our engineers quickly debug and resolve the problem. Issues with the Chinese and Japanese version of HoloLens should be reported the same way. + +>[!NOTE] +>Be sure to accept the prompt that asks whether you’d like Feedback Hub to access your Documents folder (select **Yes** when prompted). + + +## AssignedAccessHoloLensConfiguration_AzureADGroup.xml + +Copy this sample XML to use for the [**Assigned access with Azure AD groups** feature](#for-commercial-customers). + +```xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ]]> + + + + + + + + + + + + + + +``` + diff --git a/devices/hololens/hololens-install-apps.md b/devices/hololens/hololens-install-apps.md index 0799523310..3de34452cf 100644 --- a/devices/hololens/hololens-install-apps.md +++ b/devices/hololens/hololens-install-apps.md @@ -8,7 +8,7 @@ author: jdeckerms ms.author: jdecker ms.topic: article ms.localizationpriority: medium -ms.date: 09/11/2018 +ms.date: 12/20/2017 --- # Install apps on HoloLens @@ -55,7 +55,8 @@ The method that you use to install an app from your Microsoft Store for Business ## Use MDM to deploy apps to HoloLens - +>[!IMPORTANT] +>Online-licensed apps cannot be deployed with Microsoft Store for Business on HoloLens via an MDM provider. If attempted, apps will remain in “downloading” state. Instead, you can use your MDM provider to deploy MDM-hosted apps to HoloLens, or deploy offline-licensed apps to HoloLens via Store for Business You can deploy UWP apps to HoloLens using your MDM provider. For Intune instructions, see [Deploy apps in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/add-apps). @@ -63,8 +64,6 @@ You can deploy UWP apps to HoloLens using your MDM provider. For Intune instruct Using Intune, you can also [monitor your app deployment](https://docs.microsoft.com/intune/deploy-use/monitor-apps-in-microsoft-intune). ->[!TIP] ->In Windows 10, version 1607, online-licensed apps cannot be deployed with Microsoft Store for Business on HoloLens via an MDM provider. If attempted, apps will remain in “downloading” state. [Update your HoloLens to a later build](https://support.microsoft.com/help/12643/hololens-update-hololens) for this capability. ## Use the Windows Device Portal to install apps on HoloLens @@ -80,15 +79,13 @@ Using Intune, you can also [monitor your app deployment](https://docs.microsoft. >[!TIP] >If you see a certificate error in the browser, follow [these troubleshooting steps](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#security_certificate). -4. In the Windows Device Portal, click **Views** and select **Apps**. +4. In the Windows Device Portal, click **Apps**. ![App Manager](images/apps.png) -5. Click **Add** to open the **Deploy or Install Application dialog**. +5. In **Install app**, select an **app package** from a folder on your computer or network. If the app package requires additional software, click **Add dependency**. -6. Select an **app package** from a folder on your computer or network. If the app package requires additional software or framework packages, click **I want to specify framework packages**. - -7. Click **Next** to deploy the app package and added dependencies to the connected HoloLens. +6. In **Deploy**, click **Go** to deploy the app package and added dependencies to the connected HoloLens. diff --git a/devices/hololens/hololens-kiosk.md b/devices/hololens/hololens-kiosk.md index f9964c731b..5e1218f90c 100644 --- a/devices/hololens/hololens-kiosk.md +++ b/devices/hololens/hololens-kiosk.md @@ -7,43 +7,32 @@ author: jdeckerms ms.author: jdecker ms.topic: article ms.localizationpriority: medium -ms.date: 10/02/2018 +ms.date: 08/14/2018 --- # Set up HoloLens in kiosk mode -In Windows 10, version 1803 and later, you can configure your HoloLens devices to run as multi-app or single-app kiosks. You can also configure guest access for a HoloLens kiosk device by [designating a SpecialGroup account in your XML file.](#guest) +In Windows 10, version 1803, you can configure your HoloLens devices to run as multi-app or single-app kiosks. You can also configure guest access for a HoloLens kiosk device by [designating a SpecialGroup account in your XML file.](#guest) When HoloLens is configured as a multi-app kiosk, only the allowed apps are available to the user. The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. -Single-app kiosk mode starts the specified app when the user signs in, and restricts the user's ability to launch new apps or change the running app. +Single-app kiosk mode starts the specified app when the user signs in, and restricts the user's ability to launch new apps or change the running app. When single-app kiosk mode is enabled for HoloLens, the bloom gesture and Cortana are disabled, and placed apps aren't shown in the user's surroundings. -The following table lists the device capabilities in the different kiosk modes. - -Kiosk mode | Voice and Bloom commands | Mini-menu | Camera and video | Miracast ---- | --- | --- | --- | --- -Single-app kiosk | ![no](images/crossmark.png) | ![no](images/crossmark.png) | ![no](images/crossmark.png) | ![no](images/crossmark.png) -Multi-app kiosk | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) with **Home** and **Volume** (default)

Photo and video buttons shown in mini-menu if the Camera app is enabled in the kiosk configuration.

Miracast is shown if the Camera app and device picker app are enabled in the kiosk configuration. | ![yes](images/checkmark.png) if the Camera app is enabled in the kiosk configuration. | ![yes](images/checkmark.png) if the Camera app and device picker app are enabled in the kiosk configuration. - ->[!NOTE] ->Use the Application User Model ID (AUMID) to allow apps in your kiosk configuration. The Camera app AUMID is `HoloCamera_cw5n1h2txyewy!HoloCamera`. The device picker app AUMID is `HoloDevicesFlow_cw5n1h2txyewy!HoloDevicesFlow`. - -The [AssignedAccess Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) enables kiosk configuration. +The [AssignedAccess Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) enables kiosk configuration. >[!WARNING] >The assigned access feature which enables kiosk mode is intended for corporate-owned fixed-purpose devices. When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all [the enforced policies](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#policies-set-by-multi-app-kiosk-configuration). A factory reset is needed to clear all the policies enforced via assigned access. > ->Be aware that voice commands are enabled for multi-app kiosk mode configured in Microsoft Intune or provisioning packages, even if the Cortana app is not selected as a kiosk app. +>Be aware that voice commands are enabled for kiosk mode configured in Microsoft Intune or provisioning packages, even if the Cortana app is not selected as a kiosk app. -For HoloLens devices running Windows 10, version 1803 or later, there are three methods that you can use to configure the device as a kiosk: +For HoloLens devices running Windows 10, version 1803, there are three methods that you can use to configure the device as a kiosk: - You can use [Microsoft Intune or other mobile device management (MDM) service](#intune-kiosk) to configure single-app and multi-app kiosks. - You can [use a provisioning package](#ppkg-kiosk) to configure single-app and multi-app kiosks. - You can [use the Windows Device Portal](#portal-kiosk) to configure single-app kiosks. This method is recommended only for demonstrations, as it requires that developer mode be enabled on the device. ->[!NOTE] ->For HoloLens devices running Windows 10, version 1607, [use the Windows Device Portal](#portal-kiosk) to configure single-app kiosks. +For HoloLens devices running Windows 10, version 1607, you can [use the Windows Device Portal](#portal-kiosk) to configure single-app kiosks. ## Start layout for HoloLens @@ -219,11 +208,11 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest* - You cannot select Microsoft Edge, Microsoft Store, or the Shell app as a kiosk app. - We recommend that you do **not** select the Settings app and the File Explorer app as a kiosk app. - You can select Cortana as a kiosk app. -- To enable photo or video capture, the HoloCamera app must be enabled as a kiosk app. +- To enable photo or video capture, the HoloCamera app must be enabled as a kiosk app. + ## More information Watch how to configure a kiosk in a provisioning package. ->[!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false] - +>[!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false] \ No newline at end of file diff --git a/devices/hololens/hololens-provisioning.md b/devices/hololens/hololens-provisioning.md index c51029ccd7..c1a90edadb 100644 --- a/devices/hololens/hololens-provisioning.md +++ b/devices/hololens/hololens-provisioning.md @@ -7,7 +7,7 @@ author: jdeckerms ms.author: jdecker ms.topic: article ms.localizationpriority: medium -ms.date: 10/02/2018 +ms.date: 04/30/2018 --- # Configure HoloLens using a provisioning package @@ -137,7 +137,7 @@ After you're done, click **Create**. It only takes a few seconds. When the packa 10. When the build completes, click **Finish**. -## Apply a provisioning package to HoloLens during setup +## Apply a provisioning package to HoloLens 1. Connect the device via USB to a PC and start the device, but do not continue past the **Fit** page of OOBE (the first page with the blue box). @@ -156,23 +156,6 @@ After you're done, click **Create**. It only takes a few seconds. When the packa >[!NOTE] >If the device was purchased before August 2016, you will need to sign into the device with a Microsoft account, get the latest OS update, and then reset the OS in order to apply the provisioning package. -## Apply a provisioning package to HoloLens after setup - ->[!NOTE] ->Windows 10, version 1809 only - -On your PC: -1. Create a provisioning package as described at [Create a provisioning package for HoloLens using the HoloLens wizard](hololens-provisioning.md). -2. Connect the HoloLens device via USB to a PC. HoloLens will show up as a device in File Explorer on the PC. -3. Drag and drop the provisioning package to the Documents folder on the HoloLens. - -On your HoloLens: -1. Go to **Settings > Accounts > Access work or school**. -2. In **Related Settings**, select **Add or remove a provisioning package**. -3. On the next page, select **Add a package** to launch the file picker and select your provisioning package. If the folder is empty, make sure you select **This Device** and select **Documents**. - -After your package has been applied, it will show in the list of **Installed packages**. To view package details or to remove the package from the device, select the listed package. - ## What you can configure Provisioning packages make use of configuration service providers (CSPs). If you're not familiar with CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](https://technet.microsoft.com/itpro/windows/manage/how-it-pros-can-use-configuration-service-providers). diff --git a/devices/hololens/hololens-setup.md b/devices/hololens/hololens-setup.md index 6912c956f4..0f62fc2e6e 100644 --- a/devices/hololens/hololens-setup.md +++ b/devices/hololens/hololens-setup.md @@ -7,7 +7,7 @@ author: jdeckerms ms.author: jdecker ms.topic: article ms.localizationpriority: medium -ms.date: 08/02/2018 +ms.date: 07/27/2017 --- # Set up HoloLens @@ -30,12 +30,7 @@ The HoloLens setup process combines a quick tutorial on using HoloLens with the 2. [Turn on HoloLens](https://support.microsoft.com/help/12642). You will be guided through a calibration procedure and how to perform [the gestures](https://support.microsoft.com/help/12644/hololens-use-gestures) that you will use to operate HoloLens. 3. Next, you'll be guided through connecting to a Wi-Fi network. 4. After HoloLens connects to the Wi-Fi network, you select between **My work or school owns it** and **I own it**. - - When you choose **My work or school owns it**, you sign in with an Azure AD account. - - >[!NOTE] - >[To share your HoloLens device with multiple Azure AD accounts](hololens-multiple-users.md), the HoloLens device must be running Windows 10, version 1803, and be [upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md). - - If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens will be enrolled in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). + - When you choose **My work or school owns it**, you sign in with an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens will be enrolled in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). 1. Enter your organizational account. 2. Accept privacy statement. 3. Sign in using your Azure AD credentials. This may redirect to your organization's sign-in page. diff --git a/devices/hololens/hololens-whats-new.md b/devices/hololens/hololens-whats-new.md index 0ce5db3f17..75556a83db 100644 --- a/devices/hololens/hololens-whats-new.md +++ b/devices/hololens/hololens-whats-new.md @@ -1,58 +1,18 @@ --- title: What's new in Microsoft HoloLens (HoloLens) -description: Windows Holographic for Business gets new features in Windows 10, version 1809. +description: Windows Holographic for Business gets new features in Windows 10, version 1803. ms.prod: hololens ms.sitesec: library author: jdeckerms ms.author: jdecker ms.topic: article ms.localizationpriority: medium -ms.date: 10/02/2018 +ms.date: 04/30/2018 --- # What's new in Microsoft HoloLens -## Windows 10, version 1809 for Microsoft HoloLens - -### For everyone - -Feature | Details ---- | --- -Mini-menu | When you're in an app, the Bloom gesture will now open a mini-menu to give you quick access to commonly used system features without having to leave the app. See [Set up HoloLens in kiosk mode](hololens-kiosk.md) for information about the mini-menu in kiosk mode.

![sample of the mini-menu](images/minimenu.png) -Stop video capture from the Start or quick actions menu | If you start video capture from the Start menu or quick actions menu, you’ll be able to stop recording from the same place. (Don’t forget, you can always do this with voice commands too.) -Project to a Miracast-enabled device | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter. On **Start**, select **Connect**, and then select the device you want to project to. **Note:** You can deploy HoloLens to use Miracast projection without enabling developer mode. -New notifications | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if you’re in an immersive experience, use the bloom gesture). -HoloLens overlays (file picker, keyboard, dialogs, etc.) | You’ll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. -Visual feedback overlay UI for volume change | When you use the volume up/down buttons on your HoloLens you’ll see a visual display of the volume level. -New UI for device boot | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—it’s between the "Hello" message and the Windows boot logo. -Share UX: Nearby Sharing | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. When you capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge), select a nearby Windows device to share with. -Share from Microsoft Edge | Share button is now available on Microsoft Edge windows on HoloLens. In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. - - - -### For administrators - - -Feature | Details ---- | --- -[Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**. -Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. -PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**.  | When signing in as **Other User**, the PIN option is now available under **Sign-In options**. -Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with your password. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password.
**Note:** You can choose to bypass any PIN/Smartcard options when prompted during web sign-in.  -Read device hardware info through MDM so devices can be tracked by serial # | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer to your MDM documentation for feature availability and instructions. -Set HoloLens device name through MDM (rename) |  IT administrators can see and rename HoloLens devices in their MDM console. Refer to your MDM documentation for feature availability and instructions. - -### For international customers - - -Feature | Details ---- | --- -Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands. - - - -## Windows 10, version 1803 for Microsoft HoloLens Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. This update introduces the following changes: diff --git a/devices/hololens/index.md b/devices/hololens/index.md index 5734b2e4d5..786b38a1e3 100644 --- a/devices/hololens/index.md +++ b/devices/hololens/index.md @@ -22,6 +22,7 @@ ms.date: 07/27/2018 | Topic | Description | | --- | --- | | [What's new in Microsoft HoloLens](hololens-whats-new.md) | Discover the new features in the latest update. | +[Insider preview for Microsoft HoloLens](hololens-insider.md) | Learn about new HoloLens features available in the latest Insider Preview build. | [HoloLens in the enterprise: requirements](hololens-requirements.md) | Lists requirements for general use, Wi-Fi, and device management | | [Set up HoloLens](hololens-setup.md) | How to set up HoloLens for the first time | | [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) | How to upgrade your Development Edition HoloLens to Windows Holographic for Business | diff --git a/windows/client-management/mdm/accounts-ddf-file.md b/windows/client-management/mdm/accounts-ddf-file.md index a6e5b3ded3..c0bc44f76f 100644 --- a/windows/client-management/mdm/accounts-ddf-file.md +++ b/windows/client-management/mdm/accounts-ddf-file.md @@ -68,7 +68,7 @@ The XML below is for Windows 10, version 1803. - This node specifies the name for a device. This setting can be managed remotely. A couple of macros can be embedded within the value for dynamic substitution: %RAND:<# of digits>% and %SERIAL%. Examples: (a) "Test%RAND:6%" will generate a name "Test" followed by 6 random digits (e.g., "Test123456"). (b) "Foo%SERIAL%", will generate a name "Foo" followed by the serial number derived from device's ID. The server must explicitly reboot the device for this value to take effect. + This node specifies the name for a device. This setting can be managed remotely. A couple of macros can be embedded within the value for dynamic substitution: %RAND:<# of digits>% and %SERIAL%. Examples: (a) "Test%RAND:6%" will generate a name "Test" followed by 6 random digits (e.g., "Test123456"). (b) "Foo%SERIAL%", will generate a name "Foo" followed by the serial number derived from device's ID. The server must explicitly reboot the device for this value to take effect. diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md index aed29f1f97..d77371ecc7 100644 --- a/windows/client-management/mdm/activesync-csp.md +++ b/windows/client-management/mdm/activesync-csp.md @@ -89,7 +89,7 @@ Required. A character string that specifies the location of the icon associated Supported operations are Get, Replace, and Add (cannot Add after the account is created). -The account icon can be used as a tile in the **Start** list or an icon in the applications list under **Settings > email & accounts**. Some icons are already provided on the device. The suggested icon for POP/IMAP or generic ActiveSync accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.genericmail.png. The suggested icon for Exchange Accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.office.outlook.png. Custom icons can be added if desired. +The account icon can be used as a tile in the **Start** list or an icon in the applications list under **Settings > email & accounts**. Some icons are already provided on the device. The suggested icon for POP/IMAP or generic ActiveSync accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.genericmail.png. The suggested icon for Exchange Accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.office.outlook.png. Custom icons can be added if desired. ***Account GUID*/AccountType** Required. A character string that specifies the account type. diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index 8d960a68db..c9d931e3e6 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -587,7 +587,7 @@ The following list shows the apps that may be included in the inbox. Microsoft Frameworks ProductID = 00000000-0000-0000-0000-000000000000 -

PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"

+

PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"

@@ -851,7 +851,7 @@ The following example disables the calendar application. chr text/plain - <AppPolicy Version="1" xmlns="http://schemas.microsoft.com/phone/2013/policy"><Deny><App ProductId="{a558feba-85d7-4665-b5d8-a2ff9c19799b}"/></Deny></AppPolicy> + @@ -875,22 +875,22 @@ The following example blocks the usage of the map application. chr - <RuleCollection Type="Appx" EnforcementMode="Enabled"> - <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed Appx packages" Description="Allows members of the Everyone group to run Appx packages that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"> - <BinaryVersionRange LowSection="0.0.0.0" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + + - <FilePublisherRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="Deny Splash appmaps" Description="Deny members of the local Administrators group to run maps." UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsMaps" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - </RuleCollection> + @@ -915,22 +915,22 @@ The following example disables the Mixed Reality Portal. In the example, the **I text/plain - <RuleCollection Type="Appx" EnforcementMode="Enabled"> - <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"> - <BinaryVersionRange LowSection="0.0.0.0" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - <FilePublisherRule Id="d26da4e7-0b01-484d-a8d3-d5b5341b2d55" Name="Block Mixed Reality Portal" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.HolographicFirstRun" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - </RuleCollection>> + + + + + + + + + + + + + + + + > @@ -976,421 +976,421 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo chr -<RuleCollection Type="Appx" EnforcementMode="Enabled"> + - <FilePublisherRule Id="172B8ACE-AAF5-41FA-941A-93AEE126B4A9" Name="Default Rule to Deny ALL" Description="Deny all publisher" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="CN=*" ProductName="*" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="DDCD112F-E003-4874-8B3E-14CB23851D54" Name="Whitelist Settings splash app" Description="Allow Admins to run Settings." UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="2A4E62D8-8809-4787-89F8-69D0F01654FB" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="757D94A8-C752-4013-9896-D46EF10925E9" Name="Whitelist Settings WorkOrSchool" Description="Allow Admins to run WorkOrSchool" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA562A" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="473BCE1A-94D2-4AE1-8CB1-064B0677CACB" Name="Whitelist WorkPlace AAD BrokerPlugin" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.AAD.BrokerPlugin" BinaryName="*" > - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="E13EA64B-B0D3-4257-87F4-1B522D06EA03" Name="Whitelist Start" Description="Allow Admins to run Start." UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5602" BinaryName="*" > - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="2898C4B2-4B37-4BFF-8F7B-16B377EDEA88" Name="Whitelist SettingsPageKeyboard" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5608" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="15BBA04F-3989-4FF7-9FEF-83C4DFDABA27" Name="Whitelist SettingsPageTimeRegion" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea560c" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="C3735CB1-060D-4D40-9708-6D33B98A7A2D" Name="Whitelist SettingsPagePCSystemBluetooth" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5620" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="AFACF5A3-2974-41EE-A31A-1486F593C145" Name="Whitelist SettingsPageNetworkAirplaneMode" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5621" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="7B02A339-9E77-4694-AF86-119265138129" Name="Whitelist SettingsPageNetworkWiFi" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5623" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="F912172F-9D83-46F5-8D6C-BA7AB17063BE" Name="Whitelist SettingsPageNetworkInternetSharing" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5629" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="67AE8001-4E49-442A-AD72-F837129ABF63" Name="Whitelist SettingsPageRestoreUpdate" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5640" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="7B65BCB2-4B1D-42B6-921B-B87F1474BDC5" Name="Whitelist SettingsPageKidsCorner" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5802" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="3964A53B-E131-4ED6-88DA-71FBDBE4E232" Name="Whitelist SettingsPageDrivingMode" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5804" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="99C4CD58-51A2-429A-B479-976ADB4EA757" Name="Whitelist SettingsPageTimeLanguage" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5808" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="EBA3BCBE-4651-48CE-8F94-C5AC5D8F72FB" Name="Whitelist SettingsPageAppsCorner" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea580a" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="E16EABCC-46E7-4AB3-9F48-67FFF941BBDC" Name="Whitelist SettingsPagePhoneNfc" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="b0894dfd-4671-4bb9-bc17-a8b39947ffb6" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="1F4C3904-9976-4FEE-A492-5708F14EABA5" Name="Whitelist MSA Cloud Experience Host" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.CloudExperienceHost" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="AA741A28-7C02-49A5-AA5C-35D53FB8A9DC" Name="Whitelist Email and Accounts" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.AccountsControl" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="863BE063-D134-4C5C-9825-9DF9A86B6B56" Name="Whitelist Calculator" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsCalculator" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="1DA2F479-3D1D-4425-9FFA-D4E6908F945A" Name="Whitelist Alarms and Clock" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsAlarms" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="18E12372-21C6-4DA5-970E-0A58739D7151" Name="Whitelist People" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.People" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="FD686D83-A829-4351-8FF4-27C7DE5755D2" Name="Whitelist Camera" Description="Allow Admins to run camera." UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsCamera" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="16875F70-1778-43CC-96BB-783C9A8E53D5" Name="Whitelist WindowsMaps" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsMaps" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="D21D6F9D-CFF6-4AD1-867A-2411CE6A388D" Name="Whitelist FileExplorer" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="c5e2524a-ea46-4f67-841f-6a9465d9d515" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="450B6D7E-1738-41C9-9241-466C3FA4AB0C" Name="Whitelist FM Radio" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="F725010E-455D-4C09-AC48-BCDEF0D4B626" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="37F4272C-F4A0-4AB8-9B5F-C9194A0EC6F3" Name="Whitelist Microsoft Edge" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftEdge" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="253D3AEA-36C0-4877-B932-9E9C9493F3F3" Name="Whitelist Movies" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.ZuneVideo" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="9A73E081-01D1-4BFD-ADF4-5C29AD4031F7" Name="Whitelist Money" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingFinance" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="EE4BF66C-EBF0-4565-982C-922FFDCB2E6D" Name="Whitelist News" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingNews" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="D78E6A9D-10F8-4C23-B620-40B01B60E5EA" Name="Whitelist Onedrive" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="AD543082-80EC-45BB-AA02-FFE7F4182BA8" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="0012F35E-C242-47FF-A573-3DA06AF7E43C" Name="Whitelist Onedrive APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftSkydrive" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="178B0D68-3498-40CE-A0C3-295C6B3DA169" Name="Whitelist OneNote" Description="Allow Admins to run onenote." UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.OneNote" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="673914E4-D73A-405D-8DCF-173E36EA6722" Name="Whitelist GetStarted" Description="Allow Admins to run onenote." UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Getstarted" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="4546BD28-69B6-4175-A44C-33197D48F658" Name="Whitelist Outlook Calendar" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="microsoft.windowscommunicationsapps" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="7B843572-E1AD-45E6-A1F2-C551C70E4A34" Name="Whitelist Outlook Mail" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="microsoft.windowscommunicationsapps" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="E5A1CD1A-8C23-41E4-AACF-BF82FCE775A5" Name="Whitelist Photos" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Photos" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="0A194DD1-B25B-4512-8AFC-6F560D0EC205" Name="Whitelist PodCasts" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MSPodcast" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="F5D27860-0238-4D1A-8011-9B8B263C3A33" Name="Whitelist SkypeApp" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="Microsoft.SkypeApp" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="B8BBC965-EC6D-4C16-AC68-C5F0090CB703" Name="Whitelist Store" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsStore" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="6031E1E7-A659-4B3D-87FB-3CB4C900F9D2" Name="Whitelist Sports" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingSports" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="A6D61B56-7CF7-4E95-953C-3A5913309B4E" Name="Whitelist Wallet" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftWallet" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="A2C44744-0627-4A52-937E-E3EC1ED476E0" Name="Whitelist Weather" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingWeather" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="D79978B4-EFAE-4458-8FE1-0F13B5CE6764" Name="Whitelist Xbox" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.XboxApp" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="395713B9-DD39-4741-8AB3-63D0A0DCA2B0" Name="Whitelist Xbox Identity Provider" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.XboxIdentityProvider" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="7565A8BB-D50B-4237-A9E9-B0997B36BDF9" Name="Whitelist Voice recorder" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsSoundRecorder" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="409A286E-8C3D-48AB-9D7C-3225A48B30C9" Name="Whitelist Word" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.Word" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="F72A5DA6-CA6A-4E7F-A350-AC9FACAB47DB" Name="Whitelist Excel" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.Excel" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="169B3498-2A73-4D5C-8AFB-A0DE2908A07D" Name="Whitelist PowerPoint" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.PowerPoint" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="A483B662-3538-4D70-98A7-1312D51A0DB9" Name="Whitelist Contact Support" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Windows.ContactSupport" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="EAB1CEDC-DD8A-4311-9146-27A3C689DEAF" Name="Whitelist Cortana" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Cortana" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="01CD8E68-666B-4DE6-8849-7CE4F0C37CA8" Name="Whitelist Storage" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA564D" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="15D9AD89-58BC-458E-9B96-3A18DA63AC3E" Name="Whitelist Groove Music" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.ZuneMusic" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="E2B71B03-D759-4AE2-8526-E1A0CE2801DE" Name="Whitelist Windows Feedback" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsFeedback" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="E7A30489-A20B-44C3-91A8-19D9F61A8B5B" Name="Whitelist Messaging and Messaging Video" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Messaging" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="D2A16D0C-8CC0-4C3A-9FB5-C1DB1B380CED" Name="Whitelist Phone splash" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5611" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="2A355478-7449-43CB-908A-A378AA59FBB9" Name="Whitelist Phone APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.CommsPhone" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="89441630-7F1C-439B-8FFD-0BEEFF400C9B" Name="Whitelist Connect APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.DevicesFlow" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="E8AF01B5-7039-44F4-8072-6A6CC71EDF2E" Name="Whitelist Miracast APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="906BEEDA-B7E6-4DDC-BA8D-AD5031223EF9" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="DA02425B-0291-4A10-BE7E-B9C7922F4EDF" Name="Whitelist Print Dialog APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.PrintDialog" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="42919A05-347B-4A5F-ACB2-73710A2E6203" Name="Whitelist Block and Filter APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BlockandFilterglobal" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="6F3D8885-C15E-4D7E-8E1F-F2A560C08F9E" Name="Whitelist MSFacebook" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MSFacebook" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="5168A5C3-5DC9-46C1-87C0-65A9DE1B4D18" Name="Whitelist Advanced Info" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="B6E3E590-9FA5-40C0-86AC-EF475DE98E88" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + -</RuleCollection> + @@ -1689,119 +1689,119 @@ In this example, Contoso is the node name. We recommend using a GUID for this no chr - <RuleCollection Type="Exe" EnforcementMode="Enabled"> - <FilePublisherRule Id="b005eade-a5ee-4f5a-be45-d08fa557a4b2" Name="MICROSOFT OFFICE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - <FilePublisherRule Id="de9f3461-6856-405d-9624-a80ca701f6cb" Name="MICROSOFT OFFICE 2003, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2003" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - <FilePublisherRule Id="ade1b828-7055-47fc-99bc-432cf7d1209e" Name="2007 MICROSOFT OFFICE SYSTEM, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="2007 MICROSOFT OFFICE SYSTEM" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - <FilePublisherRule Id="f6a075b5-a5b5-4654-abd6-731dacb40d95" Name="MICROSOFT OFFICE ONENOTE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE ONENOTE" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="12.0.9999.9999" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - <FilePublisherRule Id="0ec03b2f-e9a4-4743-ae60-6d29886cf6ae" Name="MICROSOFT OFFICE OUTLOOK, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="12.0.9999.9999" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - <FilePublisherRule Id="7b272efd-4105-4fb7-9d40-bfa597c6792a" Name="MICROSOFT OFFICE 2013, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2013" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - <FilePublisherRule Id="89d8a4d3-f9e3-423a-92ae-86e7333e2662" Name="MICROSOFT ONENOTE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONENOTE" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - <Exceptions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONENOTE" BinaryName="ONENOTE.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - </Exceptions> - </FilePublisherRule> - <FilePublisherRule Id="5a2138bd-8042-4ec5-95b4-f990666fbf61" Name="MICROSOFT OUTLOOK, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OUTLOOK" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - <Exceptions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OUTLOOK" BinaryName="OUTLOOK.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - </Exceptions> - </FilePublisherRule> - <FilePublisherRule Id="3fc5f9c5-f180-435b-838f-2960106a3860" Name="MICROSOFT ONEDRIVE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONEDRIVE" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - <Exceptions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONEDRIVE" BinaryName="ONEDRIVE.EXE"> - <BinaryVersionRange LowSection="17.3.6386.0412" HighSection="*" /> - </FilePublisherCondition> - </Exceptions> - </FilePublisherRule> - <FilePublisherRule Id="17d988ef-073e-4d92-b4bf-f477b2ecccb5" Name="MICROSOFT OFFICE 2016, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - <Exceptions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="LYNC.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="LYNC99.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="UCMAPI.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="OCPUBMGR.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="WINWORD.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="EXCEL.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="POWERPNT.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="MSOSYNC.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - </Exceptions> - </FilePublisherRule> - </RuleCollection> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/windows/client-management/mdm/appv-deploy-and-config.md b/windows/client-management/mdm/appv-deploy-and-config.md index 62c91ca217..0afb6de537 100644 --- a/windows/client-management/mdm/appv-deploy-and-config.md +++ b/windows/client-management/mdm/appv-deploy-and-config.md @@ -106,7 +106,7 @@ ms.date: 06/26/2017 ./Device/Vendor/MSFT/Policy/Config/AppVirtualization/AllowAppvClient - <enabled/> + ``` @@ -126,7 +126,7 @@ ms.date: 06/26/2017 ./Device/Vendor/MSFT/Policy/Config/AppVirtualization/AllowPackageScripts - <enabled/> + ``` diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index f8e1ed6025..df7dcde18e 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -60,7 +60,7 @@ In the out-of-the-box scenario, the web view is 100% full screen, which gives th For Azure AD enrollment to work for an Active Directory Federated Services (AD FS) backed Azure AD account, you must enable password authentication for the intranet on the ADFS service as described in solution \#2 in [this article](https://go.microsoft.com/fwlink/?LinkId=690246). -Once a user has an Azure AD account added to Windows 10 and enrolled in MDM, the enrollment can be manages through **Settings** > **Accounts** > **Work access**. Device management of either Azure AD Join for corporate scenarios or BYOD scenarios are similar. +Once a user has an Azure AD account added to Windows 10 and enrolled in MDM, the enrollment can be manages through **Settings** > **Accounts** > **Work access**. Device management of either Azure AD Join for corporate scenarios or BYOD scenarios are similar. > **Note**  Users cannot remove the device enrollment through the **Work access** user interface because management is tied to the Azure AD or work account. @@ -122,7 +122,7 @@ Use the following steps to register a cloud-based MDM application with Azure AD. 6. Click **Add an application my organization is developing**. 7. Enter a friendly name for the application, such as ContosoMDM, select **Web Application and or Web API**, then click **Next**. 8. Enter the login URL for your MDM service. -9. For the App ID, enter **https://<your\_tenant\_name>/ContosoMDM**, then click OK. +9. For the App ID, enter **https://<your\_tenant\_name>/ContosoMDM**, then click OK. 10. While still in the Azure portal, click the **Configure** tab of your application. 11. Mark your application as **multi-tenant**. 12. Find the client ID value and copy it. diff --git a/windows/client-management/mdm/browserfavorite-csp.md b/windows/client-management/mdm/browserfavorite-csp.md index de3a4c2736..343ffbf2c3 100644 --- a/windows/client-management/mdm/browserfavorite-csp.md +++ b/windows/client-management/mdm/browserfavorite-csp.md @@ -33,7 +33,7 @@ The following diagram shows the BrowserFavorite configuration service provider i ***favorite name*** Required. Specifies the user-friendly name of the favorite URL that is displayed in the Favorites list of Internet Explorer. -> **Note**  The *favorite name* should contain only characters that are valid in the Windows file system. The invalid characters are: \\ / : \* ? " < > | +> **Note**  The *favorite name* should contain only characters that are valid in the Windows file system. The invalid characters are: \\ / : \* ? " < > |   diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md index cde5940e24..aff0b23244 100644 --- a/windows/client-management/mdm/certificatestore-csp.md +++ b/windows/client-management/mdm/certificatestore-csp.md @@ -194,7 +194,7 @@ Required. Specifies the root CA thumbprint. It is a 20-byte value of the SHA1 ce Supported operations are Get, Add, Delete, and Replace. **My/SCEP/*UniqueID*/Install/SubjectAlternativeNames** -Optional. Specifies the subject alternative name. Multiple alternative names can be specified. Each name is the combination of name format+actual name. Refer to the name type definition in MSDN. Each pair is separated by semicolon. For example, multiple subject alternative names are presented in the format *<nameformat1>*+*<actual name1>*;*<name format 2>*+*<actual name2>*. Value type is chr. +Optional. Specifies the subject alternative name. Multiple alternative names can be specified. Each name is the combination of name format+actual name. Refer to the name type definition in MSDN. Each pair is separated by semicolon. For example, multiple subject alternative names are presented in the format **+**;**+**. Value type is chr. Supported operations are Get, Add, Delete, and Replace. @@ -299,7 +299,7 @@ For ROBO renewal failure, the client retries the renewal periodically until the For manual retry failure, there are no built-in retries. The user can retry later. At the next scheduled certificate renewal retry period, the device prompts the credential dialog again. -The default value is 7 and the valid values are 1 – 1000 AND =< RenewalPeriod, otherwise it will result in errors. Value type is an integer. +The default value is 7 and the valid values are 1 – 1000 AND =< RenewalPeriod, otherwise it will result in errors. Value type is an integer. Supported operations are Add, Get, Delete, and Replace. diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md index a0cec11bb0..699a3d4489 100644 --- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md +++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md @@ -32,7 +32,7 @@ To help diagnose enrollment or device management issues in Windows 10 devices m Starting with the Windows 10, version 1511, MDM logs are captured in the Event Viewer in the following location: -- Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider +- Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider Here's a screenshot: @@ -138,7 +138,7 @@ Since there is no Event Viewer in Windows 10 Mobile, you can use the [Field Medi ![field medic screenshot](images/diagnose-mdm-failures5.png) 7. Save the logs. They will be stored in the Field Medic log location on the device. -8. You can send the logs via email by attaching the files from **Documents > Field Medic > Reports > ...** folder. +8. You can send the logs via email by attaching the files from **Documents > Field Medic > Reports > ...** folder. ![device documents folder](images/diagnose-mdm-failures6.png)![device folder screenshot](images/diagnose-mdm-failures7.png)![device folder screenshot](images/diagnose-mdm-failures8.png) diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index 4c66aef7db..38dc886b20 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -124,7 +124,7 @@ A production ready deployment must have the appropriate certificate details as p EAP XML must be updated with relevant information for your environment This can be done either manually by editing the XML sample below, or by using the step by step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows: -- For Wi-Fi, look for the <EAPConfig> section of your current WLAN Profile XML (This is what you specify for the WLanXml node in the Wi-Fi CSP). Within these tags you will find the complete EAP configuration. Replace the section under <EAPConfig> with your updated XML and update your Wi-Fi profile. You might need to refer to your MDM’s guidance on how to deploy a new Wi-Fi profile. +- For Wi-Fi, look for the section of your current WLAN Profile XML (This is what you specify for the WLanXml node in the Wi-Fi CSP). Within these tags you will find the complete EAP configuration. Replace the section under with your updated XML and update your Wi-Fi profile. You might need to refer to your MDM’s guidance on how to deploy a new Wi-Fi profile. - For VPN, EAP Configuration is a separate field in the MDM Configuration. Work with your MDM provider to identify and update the appropriate Field. For information about EAP Settings, see diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md index dce5177a0f..e54767ae8b 100644 --- a/windows/client-management/mdm/email2-csp.md +++ b/windows/client-management/mdm/email2-csp.md @@ -302,7 +302,7 @@ Value is one of the following: When an application removal or configuration roll-back is provisioned, the EMAIL2 CSP passes the request to Configuration Manager, which handles the transaction externally. When a MAPI application is removed, the accounts that were created with it are deleted and all messages and other properties that the transport (for example, Short Message Service \[SMS\], Post Office Protocol \[POP\], or Simple Mail Transfer Protocol \[SMTP\]) might have stored, are lost. If an attempt to create a new email account is unsuccessful, the new account is automatically deleted. If an attempt to edit an existing account is unsuccessful, the original configuration is automatically rolled back (restored). -For OMA DM, the EMAIL2 CSP handles the Replace command differently from most other configuration service providers. For the EMAIL2 CSP, Configuration Manager implicitly adds the missing part of the node to be replaced or any segment in the path of the node if it is left out in the <LocURI></LocURI> block. There are separate parameters defined for the outgoing server logon credentials. The following are the usage rules for these credentials: +For OMA DM, the EMAIL2 CSP handles the Replace command differently from most other configuration service providers. For the EMAIL2 CSP, Configuration Manager implicitly adds the missing part of the node to be replaced or any segment in the path of the node if it is left out in the \\ block. There are separate parameters defined for the outgoing server logon credentials. The following are the usage rules for these credentials: - The incoming server logon credentials are used (AUTHNAME, AUTHSECRET, and DOMAIN) unless the outgoing server credentials are set. diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md index acb4952dea..fb26b71e0c 100644 --- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md +++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md @@ -70,7 +70,7 @@ Summary of steps to enable a policy: ./Device/Vendor/MSFT/Policy/Config/AppVirtualization/AllowAppVClient - <Enabled/> + @@ -270,7 +270,7 @@ The \ payload is \. Here is an example to disable AppVirtualiza ./Device/Vendor/MSFT/Policy/Config/AppVirtualization/PublishingAllowServer2 - <disabled/> + diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md index 58bdfc9908..c4454855d2 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-csp.md @@ -40,7 +40,7 @@ Supported operations are Add, Delete, Get and Replace. The Apps and Settings sections of lockdown XML constitute an Allow list. Any app or setting that is not specified in AssignedAccessXML will not be available on the device to users. The following table describes the entries in lockdown XML. > [!Important]    -> When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as \< instead of < because it is embedded in an XML. The examples provided in the topic are formatted for readability. +> When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as \< instead of < because it is embedded in an XML. The examples provided in the topic are formatted for readability. When using the AssignedAccessXml in a provisioning package using the Windows Configuration Designer tool, do not use escaped characters. @@ -51,8 +51,8 @@ ActionCenter | Example: `` ActionCenter | In Windows 10, when the Action Center is disabled, Above Lock notifications and toasts are also disabled. When the Action Center is enabled, the following policies are also enabled; **AboveLock/AllowActionCenterNotifications** and **AboveLock/AllowToasts**. For more information about these policies, see [Policy CSP](policy-configuration-service-provider.md) ActionCenter | You can also add the following optional attributes to the ActionCenter element to override the default behavior: **aboveLockToastEnabled** and **actionCenterNotificationEnabled**. Valid values are 0 (policy disabled), 1 (policy enabled), and -1 (not set, policy enabled). In this example, the Action Center is enabled and both policies are disabled.: `` ActionCenter | These optional attributes are independent of each other. In this example, Action Center is enabled, the notifications policy is disabled, and the toast policy is enabled by default because it is not set. `` -StartScreenSize | Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions. Valid values: **Small** - sets the width to 4 columns on device with short axis <400epx or 6 columns on devices with short axis >=400epx. **Large** - sets the width to 6 columns on devices with short axis <400epx or 8 columns on devices with short axis >=400epx. -StartScreenSize | If you have existing lockdown XML, you must update it if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. Example: `Large` +StartScreenSize | Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions. Valid values: **Small** - sets the width to 4 columns on device with short axis <400epx or 6 columns on devices with short axis >=400epx. **Large** - sets the width to 6 columns on devices with short axis <400epx or 8 columns on devices with short axis >=400epx. +StartScreenSize | If you have existing lockdown XML, you must update it if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. Example: `Large` Application | Provide the product ID for each app that will be available on the device. You can find the product ID for a locally developed app in the AppManifest.xml file of the app. For the list of product ID and AUMID see [ProductIDs in Windows 10 Mobile](#productid). Application | To turn on the notification for a Windows app, you must include the application's AUMID in the lockdown XML. However, the user can change the setting at any time from user interface. Example: `` Application | modern app notification @@ -105,7 +105,7 @@ aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.m Entry | Description ----------- | ------------ -Folder | A folder should be contained in <Applications/> node among with other <Application/> nodes, it shares most grammar with the Application Node, **folderId** is mandatory, **folderName** is optional, which is the folder name displayed on Start. **folderId** is a unique unsigned integer for each folder. +Folder | A folder should be contained in node among with other nodes, it shares most grammar with the Application Node, **folderId** is mandatory, **folderName** is optional, which is the folder name displayed on Start. **folderId** is a unique unsigned integer for each folder. Folder example: ``` syntax @@ -403,7 +403,7 @@ The Search and custom buttons can be remapped or configured to open a s > > Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role. -To remap a button in lockdown XML, you supply the button name, the button event (typically "press"), and the product ID for the application the button will open. +To remap a button in lockdown XML, you supply the button name, the button event (typically "press"), and the product ID for the application the button will open. ``` syntax @@ -1199,7 +1199,7 @@ The following example shows how to add a new policy.             +            value=""/>       @@ -1237,7 +1237,7 @@ The following example shows how to lock down a device. ./Vendor/MSFT/EnterpriseAssignedAccess/AssignedAccess/AssignedAccessXml - <?xml version="1.0" encoding="utf-8"?><HandheldLockdown version="1.0"><Default><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5615}" pinToStart="1"/><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5612}" pinToStart="2"/></Apps><Settings><System name="Microsoft.Themes" /><System name="Microsoft.About" /></Settings><Buttons><Button name="Start" disableEvents="PressAndHold" /><Button name="Camera" disableEvents="All" /><Button name="Search" disableEvents="All" /></Buttons><MenuItems><DisableMenuItems/></MenuItems></Default><RoleList><Role guid="{76C01983-A872-4C4E-B4C6-321EAC709CEA}" name="Associate"><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5615}" pinToStart="1"/></Apps><Settings><System name="Microsoft.Themes" /><System name="Microsoft.About" /></Settings><Buttons><Button name="Start" disableEvents="PressAndHold" /><Button name="Camera" disableEvents="All" /></Buttons><MenuItems><DisableMenuItems/></MenuItems></Role><Role guid="{8ABB8A10-4418-4467-9E18-99D11FA54E30}" name="Manager"><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5612}" pinToStart="1"/></Apps><Settings><System name="Microsoft.Themes" /></Settings><Buttons><Button name="Start" disableEvents="PressAndHold" /></Buttons><MenuItems><DisableMenuItems/></MenuItems></Role></RoleList></HandheldLockdown> +