deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

learMerge branch 'main' of github.com:MicrosoftDocs/windows-docs-pr into pm-security-book

Browse Source
This commit is contained in:
Paolo Matarazzo 2024-04-17 17:21:22 -04:00
commit d733525f69
71 changed files with 647 additions and 402 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/client-management/mdm/activesync-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: ActiveSync DDF file
description: View the XML file containing the device description framework (DDF) for the ActiveSync configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/applocker-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: AppLocker DDF file
description: View the XML file containing the device description framework (DDF) for the AppLocker configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/assignedaccess-csp.md
View File

@ -1,7 +1,7 @@
---
title: AssignedAccess CSP
description: Learn more about the AssignedAccess CSP.
ms.date: 02/29/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -14,7 +14,6 @@ ms.date: 02/29/2024
The AssignedAccess configuration service provider (CSP) is used to configure a kiosk or restricted user experience. Once the CSP is executed, the next user login that is associated with the Assigned Access profile puts the device into the kiosk mode specified in the CSP configuration.
To learn more about how to configure Assigned Access, see [Configure kiosks and restricted user experiences](/windows/configuration/assigned-access).
<!-- AssignedAccess-Editable-End -->
<!-- AssignedAccess-Tree-Begin -->
@ -51,7 +50,6 @@ This node accepts an AssignedAccessConfiguration xml as input.
<!-- Device-Configuration-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
To learn how to configure xml file, see [Create an Assigned Access configuration XML file](/windows/configuration/assigned-access/configuration-file)
<!-- Device-Configuration-Editable-End -->
<!-- Device-Configuration-DFProperties-Begin -->

4
windows/client-management/mdm/assignedaccess-ddf.md
View File

@ -1,7 +1,7 @@
---
title: AssignedAccess DDF file
description: View the XML file containing the device description framework (DDF) for the AssignedAccess configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/bitlocker-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: BitLocker DDF file
description: View the XML file containing the device description framework (DDF) for the BitLocker configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the B
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

94
windows/client-management/mdm/clientcertificateinstall-csp.md
View File

@ -1,7 +1,7 @@
---
title: ClientCertificateInstall CSP
description: Learn more about the ClientCertificateInstall CSP.
ms.date: 01/31/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -9,6 +9,8 @@ ms.date: 01/31/2024
<!-- ClientCertificateInstall-Begin -->
# ClientCertificateInstall CSP
[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
<!-- ClientCertificateInstall-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
The ClientCertificateInstall configuration service provider enables the enterprise to install client certificates. A client certificate has a unique ID, which is the *\[UniqueID\]* for this configuration. Each client certificate must have different UniqueIDs for the SCEP enrollment request.
@ -38,6 +40,7 @@ The following list shows the ClientCertificateInstall configuration service prov
- [ErrorCode](#devicescepuniqueiderrorcode)
- [Install](#devicescepuniqueidinstall)
- [AADKeyIdentifierList](#devicescepuniqueidinstallaadkeyidentifierlist)
- [AttestPrivateKey](#devicescepuniqueidinstallattestprivatekey)
- [CAThumbprint](#devicescepuniqueidinstallcathumbprint)
- [Challenge](#devicescepuniqueidinstallchallenge)
- [ContainerName](#devicescepuniqueidinstallcontainername)
@ -76,6 +79,7 @@ The following list shows the ClientCertificateInstall configuration service prov
- [ErrorCode](#userscepuniqueiderrorcode)
- [Install](#userscepuniqueidinstall)
- [AADKeyIdentifierList](#userscepuniqueidinstallaadkeyidentifierlist)
- [AttestPrivateKey](#userscepuniqueidinstallattestprivatekey)
- [CAThumbprint](#userscepuniqueidinstallcathumbprint)
- [Challenge](#userscepuniqueidinstallchallenge)
- [ContainerName](#userscepuniqueidinstallcontainername)
@ -828,6 +832,45 @@ Optional. Specify the Microsoft Entra ID Key Identifier List as a semicolon sepa
<!-- Device-SCEP-{UniqueID}-Install-AADKeyIdentifierList-End -->
<!-- Device-SCEP-{UniqueID}-Install-AttestPrivateKey-Begin -->
##### Device/SCEP/{UniqueID}/Install/AttestPrivateKey
<!-- Device-SCEP-{UniqueID}-Install-AttestPrivateKey-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- Device-SCEP-{UniqueID}-Install-AttestPrivateKey-Applicability-End -->
<!-- Device-SCEP-{UniqueID}-Install-AttestPrivateKey-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/{UniqueID}/Install/AttestPrivateKey
```
<!-- Device-SCEP-{UniqueID}-Install-AttestPrivateKey-OmaUri-End -->
<!-- Device-SCEP-{UniqueID}-Install-AttestPrivateKey-Description-Begin -->
<!-- Description-Source-DDF -->
Defines the attest SCEP private key behavior 0 - normal, 1 - best effort, 2 - on error, fail the installation.
<!-- Device-SCEP-{UniqueID}-Install-AttestPrivateKey-Description-End -->
<!-- Device-SCEP-{UniqueID}-Install-AttestPrivateKey-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-SCEP-{UniqueID}-Install-AttestPrivateKey-Editable-End -->
<!-- Device-SCEP-{UniqueID}-Install-AttestPrivateKey-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `int` |
| Access Type | Add, Get |
<!-- Device-SCEP-{UniqueID}-Install-AttestPrivateKey-DFProperties-End -->
<!-- Device-SCEP-{UniqueID}-Install-AttestPrivateKey-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-SCEP-{UniqueID}-Install-AttestPrivateKey-Examples-End -->
<!-- Device-SCEP-{UniqueID}-Install-AttestPrivateKey-End -->
<!-- Device-SCEP-{UniqueID}-Install-CAThumbprint-Begin -->
##### Device/SCEP/{UniqueID}/Install/CAThumbprint
@ -2402,6 +2445,55 @@ Optional. Specify the Microsoft Entra ID Key Identifier List as a semicolon sepa
<!-- User-SCEP-{UniqueID}-Install-AADKeyIdentifierList-End -->
<!-- User-SCEP-{UniqueID}-Install-AttestPrivateKey-Begin -->
##### User/SCEP/{UniqueID}/Install/AttestPrivateKey
<!-- User-SCEP-{UniqueID}-Install-AttestPrivateKey-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- User-SCEP-{UniqueID}-Install-AttestPrivateKey-Applicability-End -->
<!-- User-SCEP-{UniqueID}-Install-AttestPrivateKey-OmaUri-Begin -->
```User
./User/Vendor/MSFT/ClientCertificateInstall/SCEP/{UniqueID}/Install/AttestPrivateKey
```
<!-- User-SCEP-{UniqueID}-Install-AttestPrivateKey-OmaUri-End -->
<!-- User-SCEP-{UniqueID}-Install-AttestPrivateKey-Description-Begin -->
<!-- Description-Source-DDF -->
Defines the attest SCEP private key behavior 0 - normal, 1 - best effort, 2 - on error, fail the installation.
<!-- User-SCEP-{UniqueID}-Install-AttestPrivateKey-Description-End -->
<!-- User-SCEP-{UniqueID}-Install-AttestPrivateKey-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- User-SCEP-{UniqueID}-Install-AttestPrivateKey-Editable-End -->
<!-- User-SCEP-{UniqueID}-Install-AttestPrivateKey-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `int` |
| Access Type | Add, Get |
<!-- User-SCEP-{UniqueID}-Install-AttestPrivateKey-DFProperties-End -->
<!-- User-SCEP-{UniqueID}-Install-AttestPrivateKey-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| 0 | Don't attest private key. |
| 1 | Attest key, but in case attestation failed, best effort approach - CSR is sent to the server. |
| 2 | Attest key, but in case attestation failed, fail fast (i.e release the key and not issue a CSR to the server). |
<!-- User-SCEP-{UniqueID}-Install-AttestPrivateKey-AllowedValues-End -->
<!-- User-SCEP-{UniqueID}-Install-AttestPrivateKey-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- User-SCEP-{UniqueID}-Install-AttestPrivateKey-Examples-End -->
<!-- User-SCEP-{UniqueID}-Install-AttestPrivateKey-End -->
<!-- User-SCEP-{UniqueID}-Install-CAThumbprint-Begin -->
##### User/SCEP/{UniqueID}/Install/CAThumbprint

70
windows/client-management/mdm/clientcertificateinstall-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: ClientCertificateInstall DDF file
description: View the XML file containing the device description framework (DDF) for the ClientCertificateInstall configuration service provider.
ms.date: 01/31/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -560,6 +560,46 @@ Calling Delete on the this node, should delete the corresponding SCEP certificat
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>AttestPrivateKey</NodeName>
<DFProperties>
<AccessType>
<Add />
<Get />
</AccessType>
<Description>Defines the attest SCEP private key behavior 0 - normal, 1 - best effort, 2 - on error, fail the installation</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
<MSFT:CspVersion>9.9</MSFT:CspVersion>
</MSFT:Applicability>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>0</MSFT:Value>
<MSFT:ValueDescription> Do not attest private key</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>1</MSFT:Value>
<MSFT:ValueDescription> Attest key, but in case attestation failed, best effort approach - CSR is sent to the server </MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>2</MSFT:Value>
<MSFT:ValueDescription> Attest key, but in case attestation failed, fail fast (i.e release the key and not issue a CSR to the server) </MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>SubjectName</NodeName>
<DFProperties>
@ -1643,6 +1683,34 @@ Calling Delete on the this node, should delete the corresponding SCEP certificat
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>AttestPrivateKey</NodeName>
<DFProperties>
<AccessType>
<Add />
<Get />
</AccessType>
<Description>Defines the attest SCEP private key behavior 0 - normal, 1 - best effort, 2 - on error, fail the installation</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
<MSFT:CspVersion>9.9</MSFT:CspVersion>
</MSFT:Applicability>
<MSFT:AllowedValues ValueType="None">
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>SubjectName</NodeName>
<DFProperties>

4
windows/client-management/mdm/declaredconfiguration-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: DeclaredConfiguration DDF file
description: View the XML file containing the device description framework (DDF) for the DeclaredConfiguration configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
<MSFT:Applicability>
<MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
<MSFT:CspVersion>9.9</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/devdetail-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: DevDetail DDF file
description: View the XML file containing the device description framework (DDF) for the DevDetail configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/devicemanageability-ddf.md
View File

@ -1,7 +1,7 @@
---
title: DeviceManageability DDF file
description: View the XML file containing the device description framework (DDF) for the DeviceManageability configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the D
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

29
windows/client-management/mdm/devicepreparation-csp.md
View File

@ -1,7 +1,7 @@
---
title: DevicePreparation CSP
description: Learn more about the DevicePreparation CSP.
ms.date: 01/31/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -184,6 +184,15 @@ This node indicates whether the MDM agent was installed or not. When set to true
| Default Value | False |
<!-- Device-MDMProvider-MdmAgentInstalled-DFProperties-End -->
<!-- Device-MDMProvider-MdmAgentInstalled-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| false (Default) | Mdm Agent Not Installed. |
| true | Mdm Agent Installed. |
<!-- Device-MDMProvider-MdmAgentInstalled-AllowedValues-End -->
<!-- Device-MDMProvider-MdmAgentInstalled-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-MDMProvider-MdmAgentInstalled-Examples-End -->
@ -263,6 +272,15 @@ This node indicates whether an MDM policy was provisioned that requires a reboot
| Default Value | False |
<!-- Device-MDMProvider-RebootRequired-DFProperties-End -->
<!-- Device-MDMProvider-RebootRequired-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| false (Default) | No Reboot Required. |
| true | Reboot Required. |
<!-- Device-MDMProvider-RebootRequired-AllowedValues-End -->
<!-- Device-MDMProvider-RebootRequired-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-MDMProvider-RebootRequired-Examples-End -->
@ -303,6 +321,15 @@ This node determines whether to show the Device Preparation page during OOBE.
| Default Value | false |
<!-- Device-PageEnabled-DFProperties-End -->
<!-- Device-PageEnabled-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| false (Default) | Disable Page. |
| true | Enable Page. |
<!-- Device-PageEnabled-AllowedValues-End -->
<!-- Device-PageEnabled-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-PageEnabled-Examples-End -->

32
windows/client-management/mdm/devicepreparation-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: DevicePreparation DDF file
description: View the XML file containing the device description framework (DDF) for the DevicePreparation configuration service provider.
ms.date: 01/31/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -64,6 +64,16 @@ The following XML file contains the device description framework (DDF) for the D
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>false</MSFT:Value>
<MSFT:ValueDescription>Disable Page</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>Enable Page</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
@ -320,6 +330,16 @@ The following XML file contains the device description framework (DDF) for the D
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>false</MSFT:Value>
<MSFT:ValueDescription>Mdm Agent Not Installed</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>Mdm Agent Installed</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
@ -342,6 +362,16 @@ The following XML file contains the device description framework (DDF) for the D
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>false</MSFT:Value>
<MSFT:ValueDescription>No Reboot Required</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>Reboot Required</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
</Node>
</Node>

4
windows/client-management/mdm/devicestatus-ddf.md
View File

@ -1,7 +1,7 @@
---
title: DeviceStatus DDF file
description: View the XML file containing the device description framework (DDF) for the DeviceStatus configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the D
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/devinfo-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: DevInfo DDF file
description: View the XML file containing the device description framework (DDF) for the DevInfo configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -41,7 +41,7 @@ The following XML file contains the device description framework (DDF) for the D
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/diagnosticlog-ddf.md
View File

@ -1,7 +1,7 @@
---
title: DiagnosticLog DDF file
description: View the XML file containing the device description framework (DDF) for the DiagnosticLog configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the D
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.2</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/dmacc-csp.md
View File

@ -1,7 +1,7 @@
---
title: DMAcc CSP
description: Learn more about the DMAcc CSP.
ms.date: 01/31/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -709,7 +709,7 @@ Specifies the authentication type. If AAuthLevel is CLCRED, the supported types
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Get, Replace |
| Dependency [AAuthlevelDependency] | Dependency Type: `DependsOn` <br> Dependency URI: `Syncml/DMAcc/[AccountUID]/AppAuth/[ObjectName]/AAuthLevel` <br> Dependency Allowed Value: `SRVCRED` <br> Dependency Allowed Value Type: `ENUM` <br> |
| Dependency [AAuthlevelDependency] | Dependency Type: `DependsOn` <br> Dependency URI: `SyncML/DMAcc/{AccountUID}/AppAuth/{ObjectName}/AAuthLevel` <br> Dependency Allowed Value: `SRVCRED` <br> Dependency Allowed Value Type: `ENUM` <br> |
<!-- Device-{AccountUID}-AppAuth-{ObjectName}-AAuthType-DFProperties-End -->
<!-- Device-{AccountUID}-AppAuth-{ObjectName}-AAuthType-AllowedValues-Begin -->

4
windows/client-management/mdm/dmacc-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: DMAcc DDF file
description: View the XML file containing the device description framework (DDF) for the DMAcc configuration service provider.
ms.date: 01/31/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -527,7 +527,7 @@ The following XML file contains the device description framework (DDF) for the D
</MSFT:Enum>
</MSFT:DependencyChangedAllowedValues>
<MSFT:Dependency Type="DependsOn">
<MSFT:DependencyUri>Syncml/DMAcc/[AccountUID]/AppAuth/[ObjectName]/AAuthLevel</MSFT:DependencyUri>
<MSFT:DependencyUri>SyncML/DMAcc/{AccountUID}/AppAuth/{ObjectName}/AAuthLevel</MSFT:DependencyUri>
<MSFT:DependencyAllowedValue ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>SRVCRED</MSFT:Value>

10
windows/client-management/mdm/dmclient-csp.md
View File

@ -1,7 +1,7 @@
---
title: DMClient CSP
description: Learn more about the DMClient CSP.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -632,7 +632,7 @@ This node, when it's set, tells the client to set how many minutes the device sh
<!-- Device-Provider-{ProviderID}-ConfigRefresh-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.2836] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.3235] and later <br> ✅ Windows Insider Preview |
<!-- Device-Provider-{ProviderID}-ConfigRefresh-Applicability-End -->
<!-- Device-Provider-{ProviderID}-ConfigRefresh-OmaUri-Begin -->
@ -671,7 +671,7 @@ Parent node for ConfigRefresh nodes.
<!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.2836] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.3235] and later <br> ✅ Windows Insider Preview |
<!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-Applicability-End -->
<!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-OmaUri-Begin -->
@ -712,7 +712,7 @@ This node determines the number of minutes between refreshes.
<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.2836] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.3235] and later <br> ✅ Windows Insider Preview |
<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-Applicability-End -->
<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-OmaUri-Begin -->
@ -761,7 +761,7 @@ This node determines whether or not a periodic settings refresh for MDM policies
<!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.2836] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.3235] and later <br> ✅ Windows Insider Preview |
<!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-Applicability-End -->
<!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-OmaUri-Begin -->

8
windows/client-management/mdm/dmclient-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: DMClient DDF file
description: View the XML file containing the device description framework (DDF) for the DMClient configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
@ -477,7 +477,7 @@ The following XML file contains the device description framework (DDF) for the D
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
@ -2958,7 +2958,7 @@ The following XML file contains the device description framework (DDF) for the D
<DDFName />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
<MSFT:OsBuildVersion>99.9.99999, 10.0.22621.3235, 10.0.22000.2836</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.6</MSFT:CspVersion>
</MSFT:Applicability>
</DFProperties>

4
windows/client-management/mdm/email2-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: EMAIL2 DDF file
description: View the XML file containing the device description framework (DDF) for the EMAIL2 configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the E
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
<MSFT:Deprecated />
</DFProperties>

6
windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: EnterpriseDesktopAppManagement DDF file
description: View the XML file containing the device description framework (DDF) for the EnterpriseDesktopAppManagement configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the E
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
@ -400,7 +400,7 @@ The following XML file contains the device description framework (DDF) for the E
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/enterprisemodernappmanagement-csp.md
View File

@ -1,7 +1,7 @@
---
title: EnterpriseModernAppManagement CSP
description: Learn more about the EnterpriseModernAppManagement CSP.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -4602,7 +4602,7 @@ Specifies HoursBetweenUpdateChecks for a specific package.
| Property name | Property value |
|:--|:--|
| Format | `bool` |
| Format | `int` |
| Access Type | Get, Replace |
| Allowed Values | Range: `[8-10000]` |
| Default Value | 8 |

8
windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
View File

@ -1,7 +1,7 @@
---
title: EnterpriseModernAppManagement DDF file
description: View the XML file containing the device description framework (DDF) for the EnterpriseModernAppManagement configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the E
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
@ -2587,7 +2587,7 @@ The following XML file contains the device description framework (DDF) for the E
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
@ -4550,7 +4550,7 @@ The following XML file contains the device description framework (DDF) for the E
<DefaultValue>8</DefaultValue>
<Description>Specifies HoursBetweenUpdateChecks for a specific package</Description>
<DFFormat>
<bool />
<int />
</DFFormat>
<Occurrence>
<One />

4
windows/client-management/mdm/euiccs-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: eUICCs DDF file
description: View the XML file containing the device description framework (DDF) for the eUICCs configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -43,7 +43,7 @@ The following XML file contains the device description framework (DDF) for the e
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

5
windows/client-management/mdm/firewall-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: Firewall DDF file
description: View the XML file containing the device description framework (DDF) for the Firewall configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the F
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
@ -4337,6 +4337,7 @@ This is a string in Security Descriptor Definition Language (SDDL) format..</Des
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="SDDL">
<MSFT:List Delimiter="," />
</MSFT:AllowedValues>
</DFProperties>
</Node>

4
windows/client-management/mdm/language-pack-management-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: LanguagePackManagement DDF file
description: View the XML file containing the device description framework (DDF) for the LanguagePackManagement configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the L
<MSFT:Applicability>
<MSFT:OsBuildVersion>99.9.9999</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/laps-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: LAPS DDF file
description: View the XML file containing the device description framework (DDF) for the LAPS configuration service provider.
ms.date: 01/31/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the L
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.25145, 10.0.22621.1480, 10.0.22000.1754, 10.0.20348.1663, 10.0.19041.2784, 10.0.17763.4244</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/networkproxy-ddf.md
View File

@ -1,7 +1,7 @@
---
title: NetworkProxy DDF file
description: View the XML file containing the device description framework (DDF) for the NetworkProxy configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the N
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/networkqospolicy-ddf.md
View File

@ -1,7 +1,7 @@
---
title: NetworkQoSPolicy DDF file
description: View the XML file containing the device description framework (DDF) for the NetworkQoSPolicy configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the N
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.19042</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

6
windows/client-management/mdm/nodecache-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: NodeCache DDF file
description: View the XML file containing the device description framework (DDF) for the NodeCache configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the N
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.1</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
@ -294,7 +294,7 @@ The following XML file contains the device description framework (DDF) for the N
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

6
windows/client-management/mdm/office-ddf.md
View File

@ -1,7 +1,7 @@
---
title: Office DDF file
description: View the XML file containing the device description framework (DDF) for the Office configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the O
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
@ -211,7 +211,7 @@ The following XML file contains the device description framework (DDF) for the O
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

10
windows/client-management/mdm/passportforwork-csp.md
View File

@ -1,7 +1,7 @@
---
title: PassportForWork CSP
description: Learn more about the PassportForWork CSP.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -197,8 +197,8 @@ Disable caching of the Windows Hello for Business credential after sign-in.
| Value | Description |
|:--|:--|
| false (Default) | Disabled. |
| true | Enabled. |
| false (Default) | Credential Caching Enabled. |
| true | Credential Caching Disabled. |
<!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-AllowedValues-End -->
<!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-Examples-Begin -->
@ -246,8 +246,8 @@ Don't start Windows Hello provisioning after sign-in.
| Value | Description |
|:--|:--|
| false (Default) | Post Logon Provisioning Enabled. |
| true | Post Logon Provisioning Disabled. |
| false (Default) | Provisioning Enabled. |
| true | Provisioning Disabled. |
<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-AllowedValues-End -->
<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-Examples-Begin -->

14
windows/client-management/mdm/passportforwork-ddf.md
View File

@ -1,7 +1,7 @@
---
title: PassportForWork DDF file
description: View the XML file containing the device description framework (DDF) for the PassportForWork configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the P
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.2</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
@ -565,7 +565,7 @@ If you do not configure this policy setting, Windows Hello for Business requires
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.2</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
@ -876,11 +876,11 @@ If you disable or do not configure this policy setting, the PIN recovery secret
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>false</MSFT:Value>
<MSFT:ValueDescription>Post Logon Provisioning Enabled</MSFT:ValueDescription>
<MSFT:ValueDescription>Provisioning Enabled</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>Post Logon Provisioning Disabled</MSFT:ValueDescription>
<MSFT:ValueDescription>Provisioning Disabled</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
@ -915,11 +915,11 @@ If you disable or do not configure this policy setting, the PIN recovery secret
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>false</MSFT:Value>
<MSFT:ValueDescription>Disabled</MSFT:ValueDescription>
<MSFT:ValueDescription>Credential Caching Enabled</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>true</MSFT:Value>
<MSFT:ValueDescription>Enabled</MSFT:ValueDescription>
<MSFT:ValueDescription>Credential Caching Disabled</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>

4
windows/client-management/mdm/personaldataencryption-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: PDE DDF file
description: View the XML file containing the device description framework (DDF) for the PDE configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the P
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.22621</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0xAB;0xAC;0xBC;0xBF;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0xAB;0xAC;0xBC;0xBF;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

12
windows/client-management/mdm/personalization-csp.md
View File

@ -1,7 +1,7 @@
---
title: Personalization CSP
description: Learn more about the Personalization CSP.
ms.date: 03/05/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -9,6 +9,8 @@ ms.date: 03/05/2024
<!-- Personalization-Begin -->
# Personalization CSP
[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
<!-- Personalization-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
The Personalization CSP can set the lock screen, desktop background images and company branding on sign-in screen ([BootToCloud mode](policy-csp-clouddesktop.md#boottocloudmode) only). Setting these policies also prevents the user from changing the image. You can also use the Personalization settings in a provisioning package.
@ -36,7 +38,7 @@ The following list shows the Personalization configuration service provider node
<!-- Device-CompanyLogoStatus-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.3235] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- Device-CompanyLogoStatus-Applicability-End -->
<!-- Device-CompanyLogoStatus-OmaUri-Begin -->
@ -75,7 +77,7 @@ This represents the status of the Company Logo. 1 - Successfully downloaded or c
<!-- Device-CompanyLogoUrl-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.3235] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- Device-CompanyLogoUrl-Applicability-End -->
<!-- Device-CompanyLogoUrl-OmaUri-Begin -->
@ -114,7 +116,7 @@ An http or https Url to a jpg, jpeg or png image that needs to be downloaded and
<!-- Device-CompanyName-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.3235] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- Device-CompanyName-Applicability-End -->
<!-- Device-CompanyName-OmaUri-Begin -->
@ -125,7 +127,7 @@ An http or https Url to a jpg, jpeg or png image that needs to be downloaded and
<!-- Device-CompanyName-Description-Begin -->
<!-- Description-Source-DDF -->
The name of the company to be displayed on the sign-in screen. This setting is currently available for boot to cloud shared pc mode only.
This represents the name of the company. It can be at most 30 characters long. This setting is currently available only for boot to cloud shared pc mode to display the company name on sign-in screen.
<!-- Device-CompanyName-Description-End -->
<!-- Device-CompanyName-Editable-Begin -->

16
windows/client-management/mdm/personalization-ddf.md
View File

@ -1,7 +1,7 @@
---
title: Personalization DDF file
description: View the XML file containing the device description framework (DDF) for the Personalization configuration service provider.
ms.date: 03/05/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the P
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
@ -101,7 +101,7 @@ The following XML file contains the device description framework (DDF) for the P
<Get />
<Replace />
</AccessType>
<Description>A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image.</Description>
<Description>A http or https Url to a jpg, jpeg or png image that neeeds to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image.</Description>
<DFFormat>
<chr />
</DFFormat>
@ -148,7 +148,7 @@ The following XML file contains the device description framework (DDF) for the P
<Get />
<Replace />
</AccessType>
<Description>A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Company Logo or a file Url to a local image on the file system that needs to be used as the Company Logo. This setting is currently available for boot to cloud shared pc mode only.</Description>
<Description>A http or https Url to a jpg, jpeg or png image that neeeds to be downloaded and used as the Company Logo or a file Url to a local image on the file system that needs to be used as the Company Logo. This setting is currently available for boot to cloud shared pc mode only.</Description>
<DFFormat>
<chr />
</DFFormat>
@ -162,7 +162,7 @@ The following XML file contains the device description framework (DDF) for the P
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.22621.3235</MSFT:OsBuildVersion>
<MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
<MSFT:CspVersion>2.0</MSFT:CspVersion>
</MSFT:Applicability>
<MSFT:AllowedValues ValueType="None">
@ -189,7 +189,7 @@ The following XML file contains the device description framework (DDF) for the P
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.22621.3235</MSFT:OsBuildVersion>
<MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
<MSFT:CspVersion>2.0</MSFT:CspVersion>
</MSFT:Applicability>
</DFProperties>
@ -203,7 +203,7 @@ The following XML file contains the device description framework (DDF) for the P
<Get />
<Replace />
</AccessType>
<Description>The name of the company to be displayed on the sign-in screen. This setting is currently available for boot to cloud shared pc mode only.</Description>
<Description>This represents the name of the company. It can be at most 30 characters long. This setting is currently available only for boot to cloud shared pc mode to display the company name on sign-in screen.</Description>
<DFFormat>
<chr />
</DFFormat>
@ -217,7 +217,7 @@ The following XML file contains the device description framework (DDF) for the P
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.22621.3235</MSFT:OsBuildVersion>
<MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
<MSFT:CspVersion>2.0</MSFT:CspVersion>
</MSFT:Applicability>
<MSFT:AllowedValues ValueType="RegEx">

12
windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
View File

@ -1,7 +1,7 @@
---
title: ADMX-backed policies in Policy CSP
description: Learn about the ADMX-backed policies in Policy CSP.
ms.date: 01/31/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -539,8 +539,6 @@ This article lists the ADMX-backed policies in Policy CSP.
- [HelpQualifiedRootDir_Comp](policy-csp-admx-help.md)
- [RestrictRunFromHelp_Comp](policy-csp-admx-help.md)
- [DisableHHDEP](policy-csp-admx-help.md)
- [AllowChildProcesses](policy-csp-admx-help.md)
- [HideChildProcessMessageBox](policy-csp-admx-help.md)
## ADMX_HelpAndSupport
@ -2537,8 +2535,8 @@ This article lists the ADMX-backed policies in Policy CSP.
- [RequireSecureRPCCommunication](policy-csp-remotedesktopservices.md)
- [ClientConnectionEncryptionLevel](policy-csp-remotedesktopservices.md)
- [DoNotAllowWebAuthnRedirection](policy-csp-remotedesktopservices.md)
- [DisconnectOnLockBasicAuthn](policy-csp-remotedesktopservices.md)
- [DisconnectOnLockWebAccountAuthn](policy-csp-remotedesktopservices.md)
- [DisconnectOnLockLegacyAuthn](policy-csp-remotedesktopservices.md)
- [DisconnectOnLockMicrosoftIdentityAuthn](policy-csp-remotedesktopservices.md)
## RemoteManagement
@ -2590,10 +2588,6 @@ This article lists the ADMX-backed policies in Policy CSP.
- [WPDDevicesDenyReadAccessPerDevice](policy-csp-storage.md)
- [WPDDevicesDenyWriteAccessPerDevice](policy-csp-storage.md)
## Sudo
- [EnableSudo](policy-csp-sudo.md)
## System
- [BootStartDriverInitialization](policy-csp-system.md)

6
windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
View File

@ -1,7 +1,7 @@
---
title: Policies in Policy CSP supported by Group Policy
description: Learn about the policies in Policy CSP supported by Group Policy.
ms.date: 01/31/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -659,6 +659,10 @@ This article lists the policies in Policy CSP that have a group policy mapping.
- [ConfigStorageSenseDownloadsCleanupThreshold](policy-csp-storage.md)
- [ConfigStorageSenseCloudContentDehydrationThreshold](policy-csp-storage.md)
## Sudo
- [EnableSudo](policy-csp-sudo.md)
## System
- [AllowTelemetry](policy-csp-system.md)

2
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -1,7 +1,7 @@
---
title: Policy CSP
description: Learn more about the Policy CSP.
ms.date: 01/31/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->

4
windows/client-management/mdm/policy-csp-abovelock.md
View File

@ -1,7 +1,7 @@
---
title: AboveLock Policy CSP
description: Learn more about the AboveLock Area in Policy CSP.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -22,7 +22,7 @@ ms.date: 01/18/2024
<!-- AllowActionCenterNotifications-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
| ✅ Device <br> ❌ User | Not applicable | ✅ Windows 10, version 1507 [10.0.10240] and later |
<!-- AllowActionCenterNotifications-Applicability-End -->
<!-- AllowActionCenterNotifications-OmaUri-Begin -->

104
windows/client-management/mdm/policy-csp-admx-help.md
View File

@ -1,7 +1,7 @@
---
title: ADMX_Help Policy CSP
description: Learn more about the ADMX_Help Area in Policy CSP.
ms.date: 01/31/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -11,62 +11,10 @@ ms.date: 01/31/2024
[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
<!-- ADMX_Help-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ADMX_Help-Editable-End -->
<!-- AllowChildProcesses-Begin -->
## AllowChildProcesses
<!-- AllowChildProcesses-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- AllowChildProcesses-Applicability-End -->
<!-- AllowChildProcesses-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_Help/AllowChildProcesses
```
<!-- AllowChildProcesses-OmaUri-End -->
<!-- AllowChildProcesses-Description-Begin -->
<!-- Description-Source-Not-Found -->
<!-- AllowChildProcesses-Description-End -->
<!-- AllowChildProcesses-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- AllowChildProcesses-Editable-End -->
<!-- AllowChildProcesses-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- AllowChildProcesses-DFProperties-End -->
<!-- AllowChildProcesses-AdmxBacked-Begin -->
<!-- ADMX-Not-Found -->
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | AllowChildProcesses |
| ADMX File Name | Help.admx |
<!-- AllowChildProcesses-AdmxBacked-End -->
<!-- AllowChildProcesses-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- AllowChildProcesses-Examples-End -->
<!-- AllowChildProcesses-End -->
<!-- DisableHHDEP-Begin -->
## DisableHHDEP
@ -200,56 +148,6 @@ For additional options, see the "Restrict these programs from being launched fro
<!-- HelpQualifiedRootDir_Comp-End -->
<!-- HideChildProcessMessageBox-Begin -->
## HideChildProcessMessageBox
<!-- HideChildProcessMessageBox-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- HideChildProcessMessageBox-Applicability-End -->
<!-- HideChildProcessMessageBox-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_Help/HideChildProcessMessageBox
```
<!-- HideChildProcessMessageBox-OmaUri-End -->
<!-- HideChildProcessMessageBox-Description-Begin -->
<!-- Description-Source-Not-Found -->
<!-- HideChildProcessMessageBox-Description-End -->
<!-- HideChildProcessMessageBox-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- HideChildProcessMessageBox-Editable-End -->
<!-- HideChildProcessMessageBox-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- HideChildProcessMessageBox-DFProperties-End -->
<!-- HideChildProcessMessageBox-AdmxBacked-Begin -->
<!-- ADMX-Not-Found -->
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | HideChildProcessMessageBox |
| ADMX File Name | Help.admx |
<!-- HideChildProcessMessageBox-AdmxBacked-End -->
<!-- HideChildProcessMessageBox-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- HideChildProcessMessageBox-Examples-End -->
<!-- HideChildProcessMessageBox-End -->
<!-- RestrictRunFromHelp-Begin -->
## RestrictRunFromHelp

4
windows/client-management/mdm/policy-csp-admx-startmenu.md
View File

@ -1,7 +1,7 @@
---
title: ADMX_StartMenu Policy CSP
description: Learn more about the ADMX_StartMenu Area in Policy CSP.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -3577,7 +3577,7 @@ This policy setting allows you to remove links and access to Windows Update.
- If you enable this policy setting, users are prevented from connecting to the Windows Update Web site.
Enabling this policy setting blocks user access to the Windows Update Web site at< https://windowsupdate.microsoft.com>. Also, the policy setting removes the Windows Update hyperlink from the Start menu and from the Tools menu in Internet Explorer.
Enabling this policy setting blocks user access to the Windows Update Web site at `https://windowsupdate.microsoft.com`. Also, the policy setting removes the Windows Update hyperlink from the Start menu and from the Tools menu in Internet Explorer.
Windows Update, the online extension of Windows, offers software updates to keep a user's system up-to-date. The Windows Update Product Catalog determines any system files, security fixes, and Microsoft updates that users need and shows the newest versions available for download.

6
windows/client-management/mdm/policy-csp-applicationmanagement.md
View File

@ -1,7 +1,7 @@
---
title: ApplicationManagement Policy CSP
description: Learn more about the ApplicationManagement Area in Policy CSP.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -428,7 +428,7 @@ Manages a Windows app's ability to share data between users who have installed t
<!-- AllowStore-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
| ✅ Device <br> ❌ User | Not applicable | ✅ Windows 10, version 1507 [10.0.10240] and later |
<!-- AllowStore-Applicability-End -->
<!-- AllowStore-OmaUri-Begin -->
@ -480,7 +480,7 @@ This policy is deprecated.
<!-- ApplicationRestrictions-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
| ✅ Device <br> ❌ User | Not applicable | ✅ Windows 10, version 1507 [10.0.10240] and later |
<!-- ApplicationRestrictions-Applicability-End -->
<!-- ApplicationRestrictions-OmaUri-Begin -->

6
windows/client-management/mdm/policy-csp-browser.md
View File

@ -1,7 +1,7 @@
---
title: Browser Policy CSP
description: Learn more about the Browser Area in Policy CSP.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -178,7 +178,7 @@ To verify AllowAutofill is set to 0 (not allowed):
<!-- AllowBrowser-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
| ✅ Device <br> ✅ User | Not applicable | ✅ Windows 10, version 1507 [10.0.10240] and later |
<!-- AllowBrowser-Applicability-End -->
<!-- AllowBrowser-OmaUri-Begin -->
@ -2713,7 +2713,7 @@ Important. Discontinued in Windows 10, version 1511. Use the Browser/EnterpriseM
<!-- FirstRunURL-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
| ✅ Device <br> ✅ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
<!-- FirstRunURL-Applicability-End -->
<!-- FirstRunURL-OmaUri-Begin -->

6
windows/client-management/mdm/policy-csp-connectivity.md
View File

@ -1,7 +1,7 @@
---
title: Connectivity Policy CSP
description: Learn more about the Connectivity Area in Policy CSP.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -252,7 +252,7 @@ To validate, the enterprise can confirm by observing the roaming enable switch i
<!-- AllowNFC-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
| ✅ Device <br> ❌ User | Not applicable | ✅ Windows 10, version 1507 [10.0.10240] and later |
<!-- AllowNFC-Applicability-End -->
<!-- AllowNFC-OmaUri-Begin -->
@ -375,7 +375,7 @@ Device that has previously opt-in to MMX will also stop showing on the device li
<!-- AllowUSBConnection-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
<!-- AllowUSBConnection-Applicability-End -->
<!-- AllowUSBConnection-OmaUri-Begin -->

6
windows/client-management/mdm/policy-csp-devicelock.md
View File

@ -1,7 +1,7 @@
---
title: DeviceLock Policy CSP
description: Learn more about the DeviceLock Area in Policy CSP.
ms.date: 01/31/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -114,7 +114,7 @@ Allow Administrator account lockout This security setting determines whether the
<!-- AllowIdleReturnWithoutPassword-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
<!-- AllowIdleReturnWithoutPassword-Applicability-End -->
<!-- AllowIdleReturnWithoutPassword-OmaUri-Begin -->
@ -782,7 +782,7 @@ On HoloLens, this timeout is controlled by the device's system sleep timeout, re
<!-- MaxInactivityTimeDeviceLockWithExternalDisplay-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
<!-- MaxInactivityTimeDeviceLockWithExternalDisplay-Applicability-End -->
<!-- MaxInactivityTimeDeviceLockWithExternalDisplay-OmaUri-Begin -->

10
windows/client-management/mdm/policy-csp-experience.md
View File

@ -1,7 +1,7 @@
---
title: Experience Policy CSP
description: Learn more about the Experience Area in Policy CSP.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -100,7 +100,7 @@ Policy change takes effect immediately.
<!-- AllowCopyPaste-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
| ✅ Device <br> ❌ User | Not applicable | ✅ Windows 10, version 1507 [10.0.10240] and later |
<!-- AllowCopyPaste-Applicability-End -->
<!-- AllowCopyPaste-OmaUri-Begin -->
@ -833,7 +833,7 @@ This policy allows you to prevent Windows from using diagnostic data to provide
<!-- AllowTaskSwitcher-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
| ✅ Device <br> ❌ User | Not applicable | ✅ Windows 10, version 1507 [10.0.10240] and later |
<!-- AllowTaskSwitcher-Applicability-End -->
<!-- AllowTaskSwitcher-OmaUri-Begin -->
@ -949,7 +949,7 @@ Specifies whether to allow app and content suggestions from third-party software
<!-- AllowVoiceRecording-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
| ✅ Device <br> ❌ User | Not applicable | ✅ Windows 10, version 1507 [10.0.10240] and later |
<!-- AllowVoiceRecording-Applicability-End -->
<!-- AllowVoiceRecording-OmaUri-Begin -->
@ -1887,7 +1887,7 @@ _**Turn syncing off by default but dont disable**_
<!-- EnableOrganizationalMessages-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.900] and later <br> ✅ Windows Insider Preview |
<!-- EnableOrganizationalMessages-Applicability-End -->
<!-- EnableOrganizationalMessages-OmaUri-Begin -->

74
windows/client-management/mdm/policy-csp-remotedesktopservices.md
View File

@ -1,7 +1,7 @@
---
title: RemoteDesktopServices Policy CSP
description: Learn more about the RemoteDesktopServices Area in Policy CSP.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -150,39 +150,39 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
<!-- ClientConnectionEncryptionLevel-End -->
<!-- DisconnectOnLockBasicAuthn-Begin -->
## DisconnectOnLockBasicAuthn
<!-- DisconnectOnLockLegacyAuthn-Begin -->
## DisconnectOnLockLegacyAuthn
<!-- DisconnectOnLockBasicAuthn-Applicability-Begin -->
<!-- DisconnectOnLockLegacyAuthn-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- DisconnectOnLockBasicAuthn-Applicability-End -->
<!-- DisconnectOnLockLegacyAuthn-Applicability-End -->
<!-- DisconnectOnLockBasicAuthn-OmaUri-Begin -->
<!-- DisconnectOnLockLegacyAuthn-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DisconnectOnLockBasicAuthn
./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DisconnectOnLockLegacyAuthn
```
<!-- DisconnectOnLockBasicAuthn-OmaUri-End -->
<!-- DisconnectOnLockLegacyAuthn-OmaUri-End -->
<!-- DisconnectOnLockBasicAuthn-Description-Begin -->
<!-- DisconnectOnLockLegacyAuthn-Description-Begin -->
<!-- Description-Source-Not-Found -->
<!-- DisconnectOnLockBasicAuthn-Description-End -->
<!-- DisconnectOnLockLegacyAuthn-Description-End -->
<!-- DisconnectOnLockBasicAuthn-Editable-Begin -->
<!-- DisconnectOnLockLegacyAuthn-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- DisconnectOnLockBasicAuthn-Editable-End -->
<!-- DisconnectOnLockLegacyAuthn-Editable-End -->
<!-- DisconnectOnLockBasicAuthn-DFProperties-Begin -->
<!-- DisconnectOnLockLegacyAuthn-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- DisconnectOnLockBasicAuthn-DFProperties-End -->
<!-- DisconnectOnLockLegacyAuthn-DFProperties-End -->
<!-- DisconnectOnLockBasicAuthn-AdmxBacked-Begin -->
<!-- DisconnectOnLockLegacyAuthn-AdmxBacked-Begin -->
<!-- ADMX-Not-Found -->
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
@ -192,47 +192,47 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
|:--|:--|
| Name | TS_DISCONNECT_ON_LOCK_POLICY |
| ADMX File Name | terminalserver.admx |
<!-- DisconnectOnLockBasicAuthn-AdmxBacked-End -->
<!-- DisconnectOnLockLegacyAuthn-AdmxBacked-End -->
<!-- DisconnectOnLockBasicAuthn-Examples-Begin -->
<!-- DisconnectOnLockLegacyAuthn-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- DisconnectOnLockBasicAuthn-Examples-End -->
<!-- DisconnectOnLockLegacyAuthn-Examples-End -->
<!-- DisconnectOnLockBasicAuthn-End -->
<!-- DisconnectOnLockLegacyAuthn-End -->
<!-- DisconnectOnLockWebAccountAuthn-Begin -->
## DisconnectOnLockWebAccountAuthn
<!-- DisconnectOnLockMicrosoftIdentityAuthn-Begin -->
## DisconnectOnLockMicrosoftIdentityAuthn
<!-- DisconnectOnLockWebAccountAuthn-Applicability-Begin -->
<!-- DisconnectOnLockMicrosoftIdentityAuthn-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- DisconnectOnLockWebAccountAuthn-Applicability-End -->
<!-- DisconnectOnLockMicrosoftIdentityAuthn-Applicability-End -->
<!-- DisconnectOnLockWebAccountAuthn-OmaUri-Begin -->
<!-- DisconnectOnLockMicrosoftIdentityAuthn-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DisconnectOnLockWebAccountAuthn
./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DisconnectOnLockMicrosoftIdentityAuthn
```
<!-- DisconnectOnLockWebAccountAuthn-OmaUri-End -->
<!-- DisconnectOnLockMicrosoftIdentityAuthn-OmaUri-End -->
<!-- DisconnectOnLockWebAccountAuthn-Description-Begin -->
<!-- DisconnectOnLockMicrosoftIdentityAuthn-Description-Begin -->
<!-- Description-Source-Not-Found -->
<!-- DisconnectOnLockWebAccountAuthn-Description-End -->
<!-- DisconnectOnLockMicrosoftIdentityAuthn-Description-End -->
<!-- DisconnectOnLockWebAccountAuthn-Editable-Begin -->
<!-- DisconnectOnLockMicrosoftIdentityAuthn-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- DisconnectOnLockWebAccountAuthn-Editable-End -->
<!-- DisconnectOnLockMicrosoftIdentityAuthn-Editable-End -->
<!-- DisconnectOnLockWebAccountAuthn-DFProperties-Begin -->
<!-- DisconnectOnLockMicrosoftIdentityAuthn-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- DisconnectOnLockWebAccountAuthn-DFProperties-End -->
<!-- DisconnectOnLockMicrosoftIdentityAuthn-DFProperties-End -->
<!-- DisconnectOnLockWebAccountAuthn-AdmxBacked-Begin -->
<!-- DisconnectOnLockMicrosoftIdentityAuthn-AdmxBacked-Begin -->
<!-- ADMX-Not-Found -->
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
@ -242,13 +242,13 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
|:--|:--|
| Name | TS_DISCONNECT_ON_LOCK_AAD_POLICY |
| ADMX File Name | terminalserver.admx |
<!-- DisconnectOnLockWebAccountAuthn-AdmxBacked-End -->
<!-- DisconnectOnLockMicrosoftIdentityAuthn-AdmxBacked-End -->
<!-- DisconnectOnLockWebAccountAuthn-Examples-Begin -->
<!-- DisconnectOnLockMicrosoftIdentityAuthn-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- DisconnectOnLockWebAccountAuthn-Examples-End -->
<!-- DisconnectOnLockMicrosoftIdentityAuthn-Examples-End -->
<!-- DisconnectOnLockWebAccountAuthn-End -->
<!-- DisconnectOnLockMicrosoftIdentityAuthn-End -->
<!-- DoNotAllowDriveRedirection-Begin -->
## DoNotAllowDriveRedirection

4
windows/client-management/mdm/policy-csp-search.md
View File

@ -1,7 +1,7 @@
---
title: Search Policy CSP
description: Learn more about the Search Area in Policy CSP.
ms.date: 01/31/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -1116,7 +1116,7 @@ If enabled, clients will be unable to query this computer's index remotely. Thus
<!-- SafeSearchPermissions-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
| ✅ Device <br> ❌ User | Not applicable | ✅ Windows 10, version 1607 [10.0.14393] and later |
<!-- SafeSearchPermissions-Applicability-End -->
<!-- SafeSearchPermissions-OmaUri-Begin -->

6
windows/client-management/mdm/policy-csp-security.md
View File

@ -1,7 +1,7 @@
---
title: Security Policy CSP
description: Learn more about the Security Area in Policy CSP.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -71,7 +71,7 @@ Specifies whether to allow the runtime configuration agent to install provisioni
<!-- AllowManualRootCertificateInstallation-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
<!-- AllowManualRootCertificateInstallation-Applicability-End -->
<!-- AllowManualRootCertificateInstallation-OmaUri-Begin -->
@ -172,7 +172,7 @@ Specifies whether to allow the runtime configuration agent to remove provisionin
<!-- AntiTheftMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
| ✅ Device <br> ❌ User | Not applicable | ✅ Windows 10, version 1507 [10.0.10240] and later |
<!-- AntiTheftMode-Applicability-End -->
<!-- AntiTheftMode-OmaUri-Begin -->

27
windows/client-management/mdm/policy-csp-sudo.md
View File

@ -1,7 +1,7 @@
---
title: Sudo Policy CSP
description: Learn more about the Sudo Area in Policy CSP.
ms.date: 01/31/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -9,8 +9,6 @@ ms.date: 01/31/2024
<!-- Sudo-Begin -->
# Policy CSP - Sudo
[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
<!-- Sudo-Editable-Begin -->
@ -45,21 +43,30 @@ ms.date: 01/31/2024
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 3 |
<!-- EnableSudo-DFProperties-End -->
<!-- EnableSudo-AdmxBacked-Begin -->
<!-- ADMX-Not-Found -->
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
<!-- EnableSudo-AllowedValues-Begin -->
**Allowed values**:
**ADMX mapping**:
| Value | Description |
|:--|:--|
| 0 | Sudo is disabled. |
| 1 | Sudo is allowed in 'force new window' mode. |
| 2 | Sudo is allowed in 'disable input' mode. |
| 3 (Default) | Sudo is allowed in 'inline' mode. |
<!-- EnableSudo-AllowedValues-End -->
<!-- EnableSudo-GpMapping-Begin -->
**Group policy mapping**:
| Name | Value |
|:--|:--|
| Name | EnableSudo |
| ADMX File Name | Sudo.admx |
<!-- EnableSudo-AdmxBacked-End -->
| Path | Sudo > AT > System |
<!-- EnableSudo-GpMapping-End -->
<!-- EnableSudo-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->

36
windows/client-management/mdm/policy-csp-systemservices.md
View File

@ -1,7 +1,7 @@
---
title: SystemServices Policy CSP
description: Learn more about the SystemServices Area in Policy CSP.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -9,6 +9,8 @@ ms.date: 01/18/2024
<!-- SystemServices-Begin -->
# Policy CSP - SystemServices
[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
<!-- SystemServices-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- SystemServices-Editable-End -->
@ -19,7 +21,7 @@ ms.date: 01/18/2024
<!-- ConfigureComputerBrowserServiceStartupMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- ConfigureComputerBrowserServiceStartupMode-Applicability-End -->
<!-- ConfigureComputerBrowserServiceStartupMode-OmaUri-Begin -->
@ -169,7 +171,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
<!-- ConfigureIISAdminServiceStartupMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- ConfigureIISAdminServiceStartupMode-Applicability-End -->
<!-- ConfigureIISAdminServiceStartupMode-OmaUri-Begin -->
@ -219,7 +221,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
<!-- ConfigureInfraredMonitorServiceStartupMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- ConfigureInfraredMonitorServiceStartupMode-Applicability-End -->
<!-- ConfigureInfraredMonitorServiceStartupMode-OmaUri-Begin -->
@ -269,7 +271,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
<!-- ConfigureInternetConnectionSharingServiceStartupMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- ConfigureInternetConnectionSharingServiceStartupMode-Applicability-End -->
<!-- ConfigureInternetConnectionSharingServiceStartupMode-OmaUri-Begin -->
@ -319,7 +321,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
<!-- ConfigureLxssManagerServiceStartupMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- ConfigureLxssManagerServiceStartupMode-Applicability-End -->
<!-- ConfigureLxssManagerServiceStartupMode-OmaUri-Begin -->
@ -369,7 +371,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
<!-- ConfigureMicrosoftFTPServiceStartupMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- ConfigureMicrosoftFTPServiceStartupMode-Applicability-End -->
<!-- ConfigureMicrosoftFTPServiceStartupMode-OmaUri-Begin -->
@ -419,7 +421,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
<!-- ConfigureRemoteProcedureCallLocatorServiceStartupMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- ConfigureRemoteProcedureCallLocatorServiceStartupMode-Applicability-End -->
<!-- ConfigureRemoteProcedureCallLocatorServiceStartupMode-OmaUri-Begin -->
@ -469,7 +471,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
<!-- ConfigureRoutingAndRemoteAccessServiceStartupMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- ConfigureRoutingAndRemoteAccessServiceStartupMode-Applicability-End -->
<!-- ConfigureRoutingAndRemoteAccessServiceStartupMode-OmaUri-Begin -->
@ -519,7 +521,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
<!-- ConfigureSimpleTCPIPServicesStartupMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- ConfigureSimpleTCPIPServicesStartupMode-Applicability-End -->
<!-- ConfigureSimpleTCPIPServicesStartupMode-OmaUri-Begin -->
@ -569,7 +571,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
<!-- ConfigureSpecialAdministrationConsoleHelperServiceStartupMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- ConfigureSpecialAdministrationConsoleHelperServiceStartupMode-Applicability-End -->
<!-- ConfigureSpecialAdministrationConsoleHelperServiceStartupMode-OmaUri-Begin -->
@ -619,7 +621,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
<!-- ConfigureSSDPDiscoveryServiceStartupMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- ConfigureSSDPDiscoveryServiceStartupMode-Applicability-End -->
<!-- ConfigureSSDPDiscoveryServiceStartupMode-OmaUri-Begin -->
@ -669,7 +671,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
<!-- ConfigureUPnPDeviceHostServiceStartupMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- ConfigureUPnPDeviceHostServiceStartupMode-Applicability-End -->
<!-- ConfigureUPnPDeviceHostServiceStartupMode-OmaUri-Begin -->
@ -719,7 +721,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
<!-- ConfigureWebManagementServiceStartupMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- ConfigureWebManagementServiceStartupMode-Applicability-End -->
<!-- ConfigureWebManagementServiceStartupMode-OmaUri-Begin -->
@ -769,7 +771,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
<!-- ConfigureWindowsMediaPlayerNetworkSharingServiceStartupMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- ConfigureWindowsMediaPlayerNetworkSharingServiceStartupMode-Applicability-End -->
<!-- ConfigureWindowsMediaPlayerNetworkSharingServiceStartupMode-OmaUri-Begin -->
@ -819,7 +821,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
<!-- ConfigureWindowsMobileHotspotServiceStartupMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- ConfigureWindowsMobileHotspotServiceStartupMode-Applicability-End -->
<!-- ConfigureWindowsMobileHotspotServiceStartupMode-OmaUri-Begin -->
@ -869,7 +871,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
<!-- ConfigureWorldWideWebPublishingServiceStartupMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- ConfigureWorldWideWebPublishingServiceStartupMode-Applicability-End -->
<!-- ConfigureWorldWideWebPublishingServiceStartupMode-OmaUri-Begin -->

4
windows/client-management/mdm/policy-csp-timelanguagesettings.md
View File

@ -1,7 +1,7 @@
---
title: TimeLanguageSettings Policy CSP
description: Learn more about the TimeLanguageSettings Area in Policy CSP.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -22,7 +22,7 @@ ms.date: 01/18/2024
<!-- AllowSet24HourClock-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
| ✅ Device <br> ❌ User | Not applicable | ✅ Windows 10, version 1703 [10.0.15063] and later |
<!-- AllowSet24HourClock-Applicability-End -->
<!-- AllowSet24HourClock-OmaUri-Begin -->

2
windows/client-management/mdm/policy-csp-windowslogon.md
View File

@ -1,7 +1,7 @@
---
title: WindowsLogon Policy CSP
description: Learn more about the WindowsLogon Area in Policy CSP.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->

4
windows/client-management/mdm/printerprovisioning-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: PrinterProvisioning DDF file
description: View the XML file containing the device description framework (DDF) for the PrinterProvisioning configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the P
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.22000, 10.0.19044.1806, 10.0.19043.1806, 10.0.19042.1806</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/reboot-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: Reboot DDF file
description: View the XML file containing the device description framework (DDF) for the Reboot configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the R
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

6
windows/client-management/mdm/rootcacertificates-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: RootCATrustedCertificates DDF file
description: View the XML file containing the device description framework (DDF) for the RootCATrustedCertificates configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the R
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
@ -1067,7 +1067,7 @@ The following XML file contains the device description framework (DDF) for the R
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/secureassessment-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: SecureAssessment DDF file
description: View the XML file containing the device description framework (DDF) for the SecureAssessment configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the S
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/sharedpc-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: SharedPC DDF file
description: View the XML file containing the device description framework (DDF) for the SharedPC configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the S
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/supl-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: SUPL DDF file
description: View the XML file containing the device description framework (DDF) for the SUPL configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the S
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

6
windows/client-management/mdm/vpnv2-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: VPNv2 DDF file
description: View the XML file containing the device description framework (DDF) for the VPNv2 configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the V
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
@ -3265,7 +3265,7 @@ The following XML file contains the device description framework (DDF) for the V
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

6
windows/client-management/mdm/wifi-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: WiFi DDF file
description: View the XML file containing the device description framework (DDF) for the WiFi configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the W
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
@ -322,7 +322,7 @@ The following XML file contains the device description framework (DDF) for the W
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: WindowsDefenderApplicationGuard DDF file
description: View the XML file containing the device description framework (DDF) for the WindowsDefenderApplicationGuard configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the W
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.1</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

4
windows/client-management/mdm/windowslicensing-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: WindowsLicensing DDF file
description: View the XML file containing the device description framework (DDF) for the WindowsLicensing configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the W
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

6
windows/client-management/mdm/wirednetwork-ddf-file.md
View File

@ -1,7 +1,7 @@
---
title: WiredNetwork DDF file
description: View the XML file containing the device description framework (DDF) for the WiredNetwork configuration service provider.
ms.date: 01/18/2024
ms.date: 04/10/2024
---
<!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the W
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
@ -118,7 +118,7 @@ The following XML file contains the device description framework (DDF) for the W
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>

2
windows/deployment/windows-autopatch/TOC.yml
View File

@ -90,6 +90,8 @@
href: operate/windows-autopatch-groups-windows-quality-update-status-report.md
- name: Quality update trending report
href: operate/windows-autopatch-groups-windows-quality-update-trending-report.md
- name: Reliability report
href: operate/windows-autopatch-reliability-report.md
- name: Windows feature update reports
href:
items:

1
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md
View File

@ -33,6 +33,7 @@ The Windows quality report types are organized into the following focus areas:
| ----- | ----- |
| Organizational | The [Summary dashboard](../operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md) provide the current update status summary for all devices.<p>The [Quality update status report](../operate/windows-autopatch-groups-windows-quality-update-status-report.md) provides the current update status of all devices at the device level. |
| Device trends | The [Quality update trending report](../operate/windows-autopatch-groups-windows-quality-update-trending-report.md) provides the update status trend of all devices over the last 90 days. |
| [Reliability report](../operate/windows-autopatch-reliability-report.md) | The Reliability report provides a reliability score for each Windows quality update cycle based on stop error codes detected on managed devices. |
## Windows feature update reports

120
windows/deployment/windows-autopatch/operate/windows-autopatch-reliability-report.md Normal file
View File

@ -0,0 +1,120 @@
---
title: Reliability report
description: This article describes the reliability score for each Windows quality update cycle based on stop error codes detected on managed devices.
ms.date: 04/09/2024
ms.service: windows-client
ms.subservice: itpro-updates
ms.topic: how-to
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
manager: aaroncz
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Reliability report (public preview)
> [!IMPORTANT]
> This feature is in **public preview**. It's being actively developed, and might not be complete.
The Reliability report provides a reliability score for each Windows quality update cycle based on [stop error codes](/troubleshoot/windows-client/performance/stop-error-or-blue-screen-error-troubleshooting) detected on managed devices. Scores are determined at both the service and tenant level. Details on modules associated with stop error codes at the tenant level are provided to better understand how devices are affected.
> [!NOTE]
> **The Reliability report applies to quality updates only**. The Reliability report doesn't currently support Windows feature updates.<p>Scores used in this report are calculated based on devices running both Windows 10 and Windows 11 versions.</p>
With this feature, IT admins can access the following information:
| Information type | Description |
| ----- | ----- |
| Your score | **Your score** is a calculated tenant reliability score based on stop error codes detected on managed devices that updated successfully during the current update cycle. **Your score** is the latest single-day score in the current Windows quality update cycle. The monthly score values can be viewed under the **Trending** tab. |
| Baseline | Use the **Baseline** to compare your score with past quality update cycles. You can choose the desired historical record from the **Comparison baseline** dropdown menu at the top of the page. **Baseline** is a single-day score calculated the same number of days from the start of patching as your score. |
| Service-level | Use the **Service-level** to compare **your score** with a score computed across tenants in the Azure Data Scale Unit covering your geographic region. **Service-level** is a single-day score calculated the same number of days from the start of patching as **your score**. |
| Score details | **Score details** provides information about specific modules associated with stop error code occurrence, occurrence rate, and affected devices. View single-day or multi-day results by selecting from the **Duration** menu. Data can be exported for offline reference. |
| Trending | **Trending** provides a graphical visualization of reliability scores at both tenant and service level on a customizable timeline of 1 - 12 months. Monthly scores represent the aggregated value for a complete update cycle (second Tuesday of the month). |
| Insights | **Insights** identifies noteworthy trends that might be useful in implementing reliability improvement opportunities. |
| Affected devices | **Affected devices** are the number of unique devices associated with stop error code events. |
## Report availability
The Reliability report relies on device policies being configured properly. It's important to confirm that the minimum requirements are met to access the full Reliability report.
| Data collection policies set | Devices registered in Autopatch | Devices updated | Report availability |
| ----- | ------ | ----- | ----- |
| No | - | - | No report available.<p>In this state, a ribbon appears on the landing page alerting the user that the diagnostic data needed to generate a report appears to be turned off. The report is available 24 and 48 hours after the following conditions are met:<ul><li>[Diagnostic data device configuration policies enabled](../references/windows-autopatch-changes-to-tenant.md#device-configuration-policies)</li><li>At least 100 devices registered in Autopatch</li><li>At least 100 of these registered devices completed a quality update in the current update cycle (second Tuesday of the month)</li></ul></p> |
| Yes | 0 | - | The report includes only the historical comparison baseline and service-level score. The tenant and module impact scores are unavailable until 100 devices are updated. |
| Yes | 0 < n < 100 | 0 < n < 100 | The report includes module failure details, historical comparison baseline, and service-level score.The tenant score is unavailable until 100 devices are updated. |
| Yes | n >= 100 | 0 < n < 100 | The report includes module failure details, historical comparison baseline score, and service-level score. The tenant and module impact scores are unavailable until 100 devices are updated. |
| Yes | n >= 100 | n >= 100 | Full reporting available |
## View the Reliability report
**To view the Reliability report:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Navigate to **Reports** > **Windows Autopatch** > **Windows quality updates**.
3. Select the **Reports** tab.
4. Select **Reliability report**.
> [!NOTE]
> To use the Reliability report capability, ensure that at least 100 devices are registered in the Windows Autopatch service and capable of successfully completing a quality update. The report relies on device stop error code data being available to Microsoft (transmission of this data may take up to 24 hours).<p>A score is generated when:<ul><li>100 or more devices have completed updating to the latest quality update</li><li>Windows Autopatch receives the stop error code data related to that update cycle</li></ul><p>Windows Autopatch data collection must be enabled according to the [configuration policies](../references/windows-autopatch-changes-to-tenant.md#device-configuration-policies) set during tenant onboarding. For more information about data collection, see [Privacy](../overview/windows-autopatch-privacy.md)</p></p>
## Report information
The following information is available as default columns in the Reliability report:
> [!NOTE]
> The report is refreshed no more than once every 24 hours with data received from your Windows Autopatch managed devices. Manual data refresh is not supported. The last refreshed date and time can be found at the top of the page. For more information about how often Windows Autopatch receives data from your managed devices, see [Data latency](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#about-data-latency).
### Score details
| Column | Description |
| ----- | ----- |
| Module name | Name of module associated with stop error code detection. |
| Version | Version of module associated with stop error code detection. |
| Unique devices | Number of unique devices seeing a stop error code occurrence associated with a specific module name and version. This information is hyperlinked to the **Devices affected** flyout. |
| Total events | Total number of stop error codes detected associated with a specific module name and version. |
| Module score impact | **Your score** associated with specific module name and version. |
| Timeline | This information is hyperlinked to **Module details** flyout. |
### Export file
| Column | Description |
| ----- | ----- |
| DeviceName | Device name |
| MicrosoftEntraDeviceId | Microsoft Entra device ID |
| Model | Device model |
| Manufacturer | Device manufacturer |
| AutopatchGroup | Autopatch group assignment for the affected device |
| LatestOccurrence | Time of the most recent reported failure |
| WindowsVersion | Windows version (Windows 10 or Windows 11) |
| OSVersion | OS version |
| ModuleName | Name of the module associated with stop error code detection |
| Version | Version of the module associated with stop error code detection |
| BugCheckCode | Bug check code associated with stop error code |
| TenantId | Your Microsoft Entra tenant ID |
### Devices affected
| Column | Description |
| ----- | ----- |
| Device name | Device name |
| Microsoft Entra device ID | Microsoft Entra device ID |
| Model | Device model |
| Manufacturer | Device manufacturer |
| Autopatch group | Autopatch group assignment for the affected device |
| Latest occurrence | Time of the most recent reported failure |
### Module details
| Display selection | Description |
| ----- | ----- |
| Unique devices | Number of unique devices affected by module failure and the associated version |
| Total events | Number of occurrences by module failure and the associated version |
| Module impact | Score impact by module and version representing the relative importance of module failure. Higher positive values describe module failures that have a greater impact on the tenant and should be addressed with higher priority. Negative values describe module failures that have a lower-than-average impact on the tenant and thus can be treated with lower priority. Values around `0` describe module failures with average impact on the tenant. |
## Known limitations
The Reliability report supports tenant and service-level score data going back to September 2023. Data before that date isn't supported. A full 12 months of score data will be available to select from the menu dropdowns in September 2024.

3
windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2024.md
View File

@ -27,7 +27,8 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
| Article | Description |
| ----- | ----- |
| [Resolve policy conflicts](../operate/windows-autopatch-resolve-policy-conflicts.md) | Added [Resolve policy conflicts](../operate/windows-autopatch-resolve-policy-conflicts.md) feature |
| [Reliability report](../operate/windows-autopatch-reliability-report.md) | Added the [Reliability report](../operate/windows-autopatch-reliability-report.md) feature |
| [Resolve policy conflicts](../operate/windows-autopatch-resolve-policy-conflicts.md) | Added the [Resolve policy conflicts](../operate/windows-autopatch-resolve-policy-conflicts.md) feature |
## February 2024

31
windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md
View File

@ -2,7 +2,7 @@
title: Use multiple Windows Defender Application Control Policies
description: Windows Defender Application Control supports multiple code integrity policies for one device.
ms.localizationpriority: medium
ms.date: 07/19/2021
ms.date: 04/15/2024
ms.topic: article
---
@ -11,17 +11,22 @@ ms.topic: article
>[!NOTE]
>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
Prior to Windows 10 1903, Windows Defender Application Control only supported a single active policy on a system at any given time. This limited customers in situations where multiple policies with different intents would be useful. Beginning with Windows 10 version 1903, WDAC supports up to 32 active policies on a device at once in order to enable the following scenarios:
Beginning with Windows 10 version 1903 and Windows Server 2022, you can deploy multiple Windows Defender Application Control (WDAC) policies side-by-side on a device. To allow more than 32 active policies, install the Windows security update released on, or after, April 9, 2024 and then restart the device. With these updates, there's no limit for the number of policies you can deploy at once to a given device. Until you install the Windows security update released on or after April 9, 2024, your device is limited to 32 active policies and you must not exceed that number.
>[!NOTE]
>The policy limit was not removed on Windows 11 21H2 and will remain limited to 32 policies.
Here are some common scenarios where multiple side-by-side policies are useful:
1. Enforce and Audit Side-by-Side
- To validate policy changes before deploying in enforcement mode, users can now deploy an audit-mode base policy side by side with an existing enforcement-mode base policy
2. Multiple Base Policies
- Users can enforce two or more base policies simultaneously in order to allow simpler policy targeting for policies with different scope/intent
- If two base policies exist on a device, an application has to be allowed by both to run
- If two base policies exist on a device, an application must pass both policies for it to run
3. Supplemental Policies
- Users can deploy one or more supplemental policies to expand a base policy
- A supplemental policy expands a single base policy, and multiple supplemental policies can expand the same base policy
- For supplemental policies, applications that are allowed by either the base policy or its supplemental policy/policies are allowed to run
- For supplemental policies, applications allowed by either the base policy or its supplemental policy/policies run
> [!NOTE]
> Pre-1903 systems do not support the use of Multiple Policy Format WDAC policies.
@ -31,11 +36,11 @@ Prior to Windows 10 1903, Windows Defender Application Control only supported a
- Multiple base policies: intersection
- Only applications allowed by both policies run without generating block events
- Base + supplemental policy: union
- Files that are allowed by either the base policy or the supplemental policy aren't blocked
- Files allowed by either the base policy or the supplemental policy run
## Creating WDAC policies in Multiple Policy Format
In order to allow multiple policies to exist and take effect on a single system, policies must be created using the new Multiple Policy Format. The "MultiplePolicyFormat" switch in [New-CIPolicy](/powershell/module/configci/new-cipolicy?preserve-view=true&view=win10-ps) results in 1) unique GUIDs being generated for the policy ID and 2) the policy type being specified as base. The below example describes the process of creating a new policy in the multiple policy format.
In order to allow multiple policies to exist and take effect on a single system, policies must be created using the new Multiple Policy Format. The "MultiplePolicyFormat" switch in [New-CIPolicy](/powershell/module/configci/new-cipolicy?preserve-view=true&view=win10-ps) results in 1) unique values generated for the policy ID and 2) the policy type set as a Base policy. The below example describes the process of creating a new policy in the multiple policy format.
```powershell
New-CIPolicy -MultiplePolicyFormat -ScanPath "<path>" -UserPEs -FilePath ".\policy.xml" -Level FilePublisher -Fallback SignedVersion,Publisher,Hash
@ -55,7 +60,7 @@ Add-SignerRule -FilePath ".\policy.xml" -CertificatePath <certificate_path_> [-K
### Supplemental policy creation
In order to create a supplemental policy, begin by creating a new policy in the Multiple Policy Format as shown above. From there, use Set-CIPolicyIdInfo to convert it to a supplemental policy and specify which base policy it expands. You can use either SupplementsBasePolicyID or BasePolicyToSupplementPath to specify the base policy.
In order to create a supplemental policy, begin by creating a new policy in the Multiple Policy Format as shown earlier. From there, use Set-CIPolicyIdInfo to convert it to a supplemental policy and specify which base policy it expands. You can use either SupplementsBasePolicyID or BasePolicyToSupplementPath to specify the base policy.
- "SupplementsBasePolicyID": GUID of base policy that the supplemental policy applies to
- "BasePolicyToSupplementPath": path to base policy file that the supplemental policy applies to
@ -66,11 +71,11 @@ Set-CIPolicyIdInfo -FilePath ".\supplemental_policy.xml" [-SupplementsBasePolicy
### Merging policies
When you're merging policies, the policy type and ID of the leftmost/first policy specified is used. If the leftmost is a base policy with ID \<ID>, then regardless of what the GUIDs and types are for any subsequent policies, the merged policy will be a base policy with ID \<ID>.
When you're merging policies, the policy type and ID of the leftmost/first policy specified is used. If the leftmost is a base policy with ID \<ID>, then regardless of what the GUIDs and types are for any subsequent policies, the merged policy is a base policy with ID \<ID>.
## Deploying multiple policies
In order to deploy multiple Windows Defender Application Control policies, you must either deploy them locally by copying the `*.cip` policy files into the proper folder or by using the ApplicationControl CSP, which is supported by Microsoft Intune's custom OMA-URI feature.
In order to deploy multiple Windows Defender Application Control policies, you must either deploy them locally by copying the `*.cip` policy files into the proper folder or by using the ApplicationControl CSP.
### Deploying multiple policies locally
@ -86,15 +91,9 @@ To deploy policies locally using the new multiple policy format, follow these st
Multiple Windows Defender Application Control policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). The CSP also provides support for rebootless policy deployment.<br>
However, when policies are unenrolled from an MDM server, the CSP will attempt to remove every policy from devices, not just the policies added by the CSP. The reason for this is that the ApplicationControl CSP doesn't track enrollment sources for individual policies, even though it will query all policies on a device, regardless if they were deployed by the CSP.
However, when policies are unenrolled from an MDM server, the CSP attempts to remove every policy not actively deployed, not just the policies added by the CSP. This behavior happens because the system doesn't know what deployment methods were used to apply individual policies.
For more information on deploying multiple policies, optionally using Microsoft Intune's custom OMA-URI capability, see [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp).
> [!NOTE]
> WMI and GP do not currently support multiple policies. Instead, customers who cannot directly access the MDM stack should use the [ApplicationControl CSP via the MDM Bridge WMI Provider](/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage Multiple Policy Format Windows Defender Application Control policies.
### Known Issues in Multiple Policy Format
* If the maximum number of policies is exceeded, the device may bluescreen referencing ci.dll with a bug check value of 0x0000003b.
* If policies are loaded without requiring a reboot such as `PS_UpdateAndCompareCIPolicy`, they will still count towards this limit.
* This may pose an especially large challenge if the value of `{PolicyGUID}.cip` changes between releases. It may result in a long window between a change and the resultant reboot.

25
windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md
View File

@ -2,7 +2,7 @@
title: WDAC Admin Tips & Known Issues
description: WDAC Known Issues
ms.manager: jsuther
ms.date: 11/22/2023
ms.date: 04/15/2024
ms.topic: article
ms.localizationpriority: medium
---
@ -43,32 +43,30 @@ When the WDAC engine evaluates files against the active set of policies on the d
4. Lastly, WDAC makes a cloud call to the ISG to get reputation about the file, if the policy enables the ISG option.
5. If no explicit rule exists for the file and it's not allowed based on ISG or MI, then the file is blocked implicitly.
5. Any file not allowed by an explicit rule or based on ISG or MI is blocked implicitly.
## Known issues
### Boot stop failure (blue screen) occurs if more than 32 policies are active
If the maximum number of policies is exceeded, the device will bluescreen referencing ci.dll with a bug check value of 0x0000003b. Consider this maximum policy count limit when planning your WDAC policies. Any [Windows inbox policies](/windows/security/threat-protection/windows-defender-application-control/operations/inbox-wdac-policies) that are active on the device also count towards this limit.
Until you apply the Windows security update released on or after April 9, 2024, your device is limited to 32 active policies. If the maximum number of policies is exceeded, the device bluescreens referencing ci.dll with a bug check value of 0x0000003b. Consider this maximum policy count limit when planning your WDAC policies. Any [Windows inbox policies](/windows/security/threat-protection/windows-defender-application-control/operations/inbox-wdac-policies) that are active on the device also count towards this limit. To remove the maximum policy limit, install the Windows security update released on, or after, April 9, 2024 and then restart the device. Otherwise, reduce the number of policies on the device to remain below 32 policies.
**Note:** The policy limit was not removed on Windows 11 21H2, and will remain limited to 32 policies.
### Audit mode policies can change the behavior for some apps or cause app crashes
Although WDAC audit mode is designed to avoid impact to apps, some features are always on/always enforced with any WDAC policy that includes the option **0 Enabled:UMCI**. Here's a list of known system changes in audit mode:
Although WDAC audit mode is designed to avoid impact to apps, some features are always on/always enforced with any WDAC policy that turns on user mode code integrity (UMCI) with the option **0 Enabled:UMCI**. Here's a list of known system changes in audit mode:
- Some script hosts might block code or run code with fewer privileges even in audit mode. See [Script enforcement with WDAC](/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement) for information about individual script host behaviors.
- Option **19 Enabled:Dynamic Code Security** is always enforced if any UMCI policy includes that option. See [WDAC and .NET](/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet#wdac-and-net-hardening).
### Managed Installer and ISG may cause excessive events
When Managed Installer and ISG are enabled, 3091 and 3092 events are logged when a file didn't have Managed Installer or ISG authorization, regardless of whether the file was allowed. These events were moved to the verbose channel beginning with the September 2022 Update Preview since the events don't indicate an issue with the policy.
### .NET native images may generate false positive block events
In some cases, the code integrity logs where Windows Defender Application Control errors and warnings are written include error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image falls back to its corresponding assembly and .NET regenerates the native image at its next scheduled maintenance window.
### Signatures using elliptical curve cryptography (ECC) aren't supported
WDAC signer-based rules only work with RSA cryptography. ECC algorithms, such as ECDSA, aren't supported. If you try to allow files by signature based on ECC signatures, you'll see VerificationError = 23 on the corresponding 3089 signature information events. You can authorize the files instead by hash or file attribute rules, or using other signer rules if the file is also signed with signatures using RSA.
WDAC signer-based rules only work with RSA cryptography. ECC algorithms, such as ECDSA, aren't supported. If WDAC blocks a file based on ECC signatures, the corresponding 3089 signature information events show VerificationError = 23. You can authorize the files instead by hash or file attribute rules, or using other signer rules if the file is also signed with signatures using RSA.
### MSI installers are treated as user writeable on Windows 10 when allowed by FilePath rule
@ -88,18 +86,19 @@ As a workaround, download the MSI file and run it locally:
```console
msiexec -i c:\temp\Windows10_Version_1511_ADMX.msi
```
### Slow boot and performance with custom policies
WDAC evaluates all processes that run, including inbox Windows processes. If policies don't build off the WDAC templates or don't trust the Windows signers, you'll see slower boot times, degraded performance and possibly boot issues. For these reasons, you should use the [WDAC base templates](../design/example-wdac-base-policies.md) whenever possible to create your policies.
WDAC evaluates all processes that run, including inbox Windows processes. You can cause slower boot times, degraded performance, and possibly boot issues if your policies don't build upon the WDAC templates or don't trust the Windows signers. For these reasons, you should use the [WDAC base templates](../design/example-wdac-base-policies.md) whenever possible to create your policies.
#### AppId Tagging policy considerations
If the AppId Tagging Policy wasn't built off the WDAC base templates or doesn't allow the Windows in-box signers, you'll notice a significant increase in boot times (~2 minutes).
AppId Tagging policies that aren't built upon the WDAC base templates or don't allow the Windows in-box signers might cause a significant increase in boot times (~2 minutes).
If you can't allowlist the Windows signers, or build off the WDAC base templates, it's recommended to add the following rule to your policies to improve the performance:
If you can't allowlist the Windows signers or build off the WDAC base templates, add the following rule to your policies to improve the performance:
:::image type="content" source="../images/known-issue-appid-dll-rule.png" alt-text="Allow all dlls in the policy.":::
:::image type="content" source="../images/known-issue-appid-dll-rule-xml.png" alt-text="Allow all dll files in the xml policy.":::
Since AppId Tagging policies evaluate but can't tag dll files, this rule will short circuit dll evaluation and improve evaluation performance.
Since AppId Tagging policies evaluate but can't tag dll files, this rule short circuits dll evaluation and improve evaluation performance.