deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 13:57:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'release-windows-2302' of github.com:MicrosoftDocs/windows-docs-pr into pm-win-2302-federated-signin

Browse Source
This commit is contained in:
Paolo Matarazzo 2023-02-16 15:15:31 -05:00
commit d76c160229
177 changed files with 2283 additions and 2177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.openpublishing.redirection.json
View File

@ -20519,6 +20519,11 @@
"source_path": "windows/client-management/mdm/policy-ddf-file.md",
"redirect_url": "/windows/client-management/mdm/configuration-service-provider-ddf",
"redirect_document_id": true
},
{
"source_path": "windows/security/identity-protection/credential-guard/dg-readiness-tool.md",
"redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard",
"redirect_document_id": true
}
]
}

3
browsers/edge/docfx.json
View File

@ -28,6 +28,9 @@
],
"globalMetadata": {
"recommendations": true,
"ms.collection": [
"tier3"
],
"breadcrumb_path": "/microsoft-edge/breadcrumbs/toc.json",
"ROBOTS": "INDEX, FOLLOW",
"ms.technology": "microsoft-edge",

3
browsers/internet-explorer/docfx.json
View File

@ -24,6 +24,9 @@
],
"globalMetadata": {
"recommendations": true,
"ms.collection": [
"tier3"
],
"breadcrumb_path": "/internet-explorer/breadcrumb/toc.json",
"ROBOTS": "INDEX, FOLLOW",
"ms.topic": "article",

10
browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
View File

@ -1,16 +1,12 @@
---
author: aczechowski
ms.author: aaroncz
ms.date: 12/16/2022
ms.date: 02/14/2023
ms.reviewer: cathask
manager: aaroncz
ms.prod: ie11
ms.topic: include
---
> [!WARNING]
> **Update:** The retired, out-of-support Internet Explorer 11 desktop application is scheduled to be permanently disabled through a Microsoft Edge update on certain versions of Windows 10 on February 14, 2023.
>
> We highly recommend setting up IE mode in Microsoft Edge and disabling IE11 prior to this date to ensure your organization does not experience business disruption.
>
> For more information, see [Internet Explorer 11 desktop app retirement FAQ](https://aka.ms/iemodefaq).
> [!CAUTION]
> **Update:** The retired, out-of-support Internet Explorer 11 desktop application has been permanently disabled through a Microsoft Edge update on certain versions of Windows 10. For more information, see [Internet Explorer 11 desktop app retirement FAQ](https://aka.ms/iemodefaq).

5
education/docfx.json
View File

@ -29,7 +29,10 @@
"globalMetadata": {
"recommendations": true,
"ms.topic": "article",
"ms.collection": "education",
"ms.collection": [
"education",
"tier2"
],
"ms.prod": "windows-client",
"ms.technology": "itpro-edu",
"author": "paolomatarazzo",

1
education/windows/autopilot-reset.md
View File

@ -7,6 +7,7 @@ appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
ms.collection:
- highpri
- tier2
- education
---

3
education/windows/change-home-to-edu.md
View File

@ -7,6 +7,9 @@ author: scottbreenmsft
ms.author: scbree
ms.reviewer: paoloma
manager: jeffbu
ms.collection:
- tier3
- education
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
---

3
education/windows/change-to-pro-education.md
View File

@ -7,6 +7,7 @@ appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
ms.collection:
- highpri
- tier2
- education
---
@ -147,7 +148,7 @@ Existing Azure AD domain joined devices will be changed to Windows 10 Pro Educat
### For new devices that are not Azure AD joined
Now that you've turned on the setting to automatically change to Windows 10 Pro Education, the users are ready to change their devices running Windows 10 Pro, version 1607 or higher, version 1703 to Windows 10 Pro Education edition.
#### Step 1: Join users devices to Azure AD
#### Step 1: Join users' devices to Azure AD
Users can join a device to Azure AD the first time they start the device (during setup), or they can join a device that they already use running Windows 10 Pro, version 1607 or higher, version 1703.

1
education/windows/edu-stickers.md
View File

@ -8,6 +8,7 @@ appliesto:
ms.collection:
- highpri
- education
- tier2
---
# Configure Stickers for Windows 11 SE

4
education/windows/federated-sign-in.md
View File

@ -5,6 +5,10 @@ ms.date: 02/10/2023
ms.topic: how-to
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
ms.collection:
- highpri
- tier1
- education
---
# Configure federated sign-in for Windows devices

1
education/windows/get-minecraft-for-education.md
View File

@ -8,6 +8,7 @@ appliesto:
ms.collection:
- highpri
- education
- tier2
---
# Get Minecraft: Education Edition

7
education/windows/school-get-minecraft.md
View File

@ -8,6 +8,7 @@ appliesto:
ms.collection:
- highpri
- education
- tier2
---
# For IT administrators - get Minecraft: Education Edition
@ -34,7 +35,7 @@ If you turn off this setting after students have been using Minecraft: Education
Users in a Microsoft verified academic institution account will have access to the free trial limited logins for Minecraft: Education Edition. This grants faculty accounts 25 free logins and student accounts 10 free logins. To purchase direct licenses, see [Minecraft: Education Edition - direct purchase](#individual-copies).
If youve been approved and are part of the Enrollment for Education Solutions volume license program, you can purchase a volume license for Minecraft: Education Edition. For more information, see [Minecraft: Education Edition - volume license](#volume-license).
If you've been approved and are part of the Enrollment for Education Solutions volume license program, you can purchase a volume license for Minecraft: Education Edition. For more information, see [Minecraft: Education Edition - volume license](#volume-license).
### <a href="" id="individual-copies"></a>Minecraft: Education Edition - direct purchase
@ -48,7 +49,7 @@ If youve been approved and are part of the Enrollment for Education Solutions
5. Select the quantity of licenses you would like to purchase and select **Place Order**.
6. After youve purchased licenses, youll need to [assign them to users in the Admin Center](/microsoft-365/admin/manage/assign-licenses-to-users).
6. After you've purchased licenses, you'll need to [assign them to users in the Admin Center](/microsoft-365/admin/manage/assign-licenses-to-users).
If you need additional licenses for **Minecraft: Education Edition**, see [Buy or remove subscription licenses](/microsoft-365/commerce/licenses/buy-licenses).
@ -57,7 +58,7 @@ If you need additional licenses for **Minecraft: Education Edition**, see [Buy o
Qualified education institutions can purchase Minecraft: Education Edition licenses through their Microsoft channel partner. Schools need to be part of the Enrollment for Education Solutions (EES) volume licensing program. Educational institutions should work with their channel partner to determine which Minecraft: Education Edition licensing offer is best for their institution. The process looks like this:
- Your channel partner will submit and process your volume license order, your licenses will be shown on [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx), and the licenses will be available in your [Microsoft Store for Education](https://www.microsoft.com/business-store) inventory.
- Youll receive an email with a link to Microsoft Store for Education.
- You'll receive an email with a link to Microsoft Store for Education.
- Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com) to distribute and manage the Minecraft: Education Edition licenses. For more information on distribution options, see [Distribute Minecraft](#distribute-minecraft)
## Minecraft: Education Edition payment options

1
education/windows/teacher-get-minecraft.md
View File

@ -8,6 +8,7 @@ appliesto:
ms.collection:
- highpri
- education
- tier2
---
# For teachers - get Minecraft: Education Edition

1
education/windows/test-windows10s-for-edu.md
View File

@ -8,6 +8,7 @@ appliesto:
ms.collection:
- highpri
- education
- tier2
---
# Test Windows 10 in S mode on existing Windows 10 education devices

1
education/windows/windows-11-se-overview.md
View File

@ -8,6 +8,7 @@ appliesto:
ms.collection:
- highpri
- education
- tier1
---
# Windows 11 SE Overview

3
education/windows/windows-11-se-settings-list.md
View File

@ -5,6 +5,9 @@ ms.topic: article
ms.date: 09/12/2022
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
ms.collection:
- education
- tier1
---
# Windows 11 SE for Education settings list

3
store-for-business/docfx.json
View File

@ -32,6 +32,9 @@
"externalReference": [],
"globalMetadata": {
"recommendations": true,
"ms.collection": [
"tier2"
],
"breadcrumb_path": "/microsoft-store/breadcrumb/toc.json",
"ms.author": "trudyha",
"audience": "ITPro",

3
windows/application-management/docfx.json
View File

@ -35,6 +35,9 @@
"globalMetadata": {
"recommendations": true,
"breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
"ms.collection": [
"tier2"
],
"uhfHeaderId": "MSDocsHeader-M365-IT",
"ms.technology": "itpro-apps",
"ms.topic": "article",

210
windows/application-management/system-apps-windows-client-os.md
View File

@ -43,314 +43,314 @@ The following information lists the system apps on some Windows Enterprise OS ve
- File Picker | Package name: 1527c705-839a-4832-9118-54d4Bd6a0c89
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- File Explorer | Package name: c5e2524a-ea46-4f67-841f-6a9465d9d515
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- App Resolver UX | Package name: E2A4F912-2574-4A75-9BB0-0D023378592B
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Add Suggested Folders To Library | Package name: F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- InputApp
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | | | ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | | | ✔️ |
---
- Microsoft.AAD.Broker.Plugin | Package name: Microsoft.AAD.Broker.Plugin
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.AccountsControl | Package name: Microsoft.AccountsControl
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.AsyncTextService | Package name: Microsoft.AsyncTextService
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Hello setup UI | Package name: Microsoft.BioEnrollment
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.CredDialogHost
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.ECApp
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.LockApp
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft Edge | Package name: Microsoft.MicrosoftEdge
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.MicrosoftEdgeDevToolsClient
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.PPIProjection
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | | | ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | | | ✔️ |
---
- Microsoft.Win32WebViewHost
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.Apprep.ChxApp
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.AssignedAccessLockApp
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.CapturePicker
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.CloudExperienceHost
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.ContentDeliveryManager
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Cortana | Package name: Microsoft.Windows.Cortana
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | | | ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | | | ✔️ |
---
- Microsoft.Windows.OOBENetworkCaptivePort
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.OOBENetworkConnectionFlow
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.ParentalControls
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- People Hub | Package name: Microsoft.Windows.PeopleExperienceHost
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.PinningConfirmationDialog
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.SecHealthUI
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.SecureAssessmentBrowser
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Start | Package name: Microsoft.Windows.ShellExperienceHost
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.XboxGameCallableUI
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Windows.CBSPreview
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Settings | Package name: Windows.immersivecontrolpanel
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Print 3D | Package name: Windows.Print3D
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ✔️ | | | ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ✔️ | ✔️ | | | ✔️ |
---
- Print UI | Package name: Windows.PrintDialog
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---

4
windows/client-management/administrative-tools-in-windows-10.md
View File

@ -8,7 +8,9 @@ manager: aaroncz
ms.localizationpriority: medium
ms.date: 03/28/2022
ms.topic: article
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-manage
---

18
windows/client-management/azure-active-directory-integration-with-mdm.md
View File

@ -1,14 +1,16 @@
---
title: Azure Active Directory integration with MDM
description: Azure Active Directory is the world's largest enterprise cloud identity management service.
ms.reviewer:
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.date: 12/31/2017
---
@ -46,7 +48,7 @@ Azure AD Join also enables company owned devices to be automatically enrolled in
> [!IMPORTANT]
> Every user enabled for automatic MDM enrollment with Azure AD Join must be assigned a valid [Azure Active Directory Premium](/previous-versions/azure/dn499825(v=azure.100)) license.
### BYOD scenario
Windows 10 also introduces a simpler way to configure personal devices to access work apps and resources. Users can add their Microsoft work account to Windows and enjoy simpler and safer access to the apps and resources of the organization. During this process, Azure AD detects if the organization has configured an MDM. If thats the case, Windows attempts to enroll the device in MDM as part of the “add account” flow. In the BYOD case, users can reject the MDM Terms of Use. The device isn't enrolled in MDM and access to organization resources is typically restricted.
@ -70,7 +72,7 @@ Once a user has an Azure AD account added to Windows and enrolled in MDM, the en
> [!NOTE]
> Users can't remove the device enrollment through the **Work access** user interface because management is tied to the Azure AD or work account.
### MDM endpoints involved in Azure ADintegrated enrollment
Azure AD MDM enrollment is a two-step process:
@ -187,7 +189,7 @@ The following image show how MDM applications show up in the Azure app gallery.
### Add cloud-based MDM to the app gallery
> [!NOTE]
> You should work with the Azure AD engineering team if your MDM application is cloud-based and needs to be enabled as a multi-tenant MDM application
> You should work with the Azure AD engineering team if your MDM application is cloud-based and needs to be enabled as a multi-tenant MDM application
The following table shows the required information to create an entry in the Azure AD app gallery.
@ -200,7 +202,7 @@ The following table shows the required information to create an entry in the Azu
|**Icons**|A set of logo icons for the MDM app. Dimensions: 45 X 45, 150 X 122, 214 X 215|
### Add on-premises MDM to the app gallery
There are no special requirements for adding on-premises MDM to the app gallery. There's a generic entry for administrators to add an app to their tenant.
@ -232,7 +234,7 @@ An MDM page must adhere to a predefined theme depending on the scenario that is
|--- |--- |--- |--- |--- |
|FRX|OOBE|Dark theme + blue background color|Filename: Ui-dark.css|Filename: oobe-dekstop.css|
|MOSET|Settings/Post OOBE|Light theme|Filename: Ui-light.css|Filename: settings-desktop.css|
## Terms of Use protocol semantics
The Terms of Use endpoint is hosted by the MDM server. During the Azure AD Join protocol flow, Windows does a full-page redirect to this endpoint. This redirect enables the MDM to display the terms and conditions that apply. It allows the user to accept or reject the terms associated with enrollment. After the user accepts the terms, the MDM redirects back to Windows for the enrollment process to continue.
@ -332,7 +334,7 @@ The following table shows the error codes.
|Azure AD token validation failed|302|unauthorized_client|unauthorized_client|
|internal service error|302|server_error|internal service error|
## Enrollment protocol with Azure AD
With Azure integrated MDM enrollment, there's no discovery phase and the discovery URL is directly passed down to the system from Azure. The following table shows the comparison between the traditional and Azure enrollments.

18
windows/client-management/connect-to-remote-aadj-pc.md
View File

@ -6,10 +6,12 @@ author: vinaypamnani-msft
ms.localizationpriority: medium
ms.author: vinpa
ms.date: 01/18/2022
ms.reviewer:
ms.reviewer:
manager: aaroncz
ms.topic: article
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-manage
---
@ -29,23 +31,23 @@ From its release, Windows 10 has supported remote connections to PCs joined to A
## Set up
- Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 aren't supported.
- Your local PC (where you're connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device aren't supported.
- The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests aren't supported for Remote desktop.
- Your local PC (where you're connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device aren't supported.
- The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests aren't supported for Remote desktop.
Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC you're using to connect to the remote PC.
- On the PC you want to connect to:
1. Open system properties for the remote PC.
2. Enable **Allow remote connections to this computer** and select **Allow connections only from computers running Remote Desktop with Network Level Authentication**.
![Allow remote connections to this computer.](images/allow-rdp.png)
3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no other configuration is needed. To allow more users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Users can be added either manually or through MDM policies:
- Adding users manually
You can specify individual Azure AD accounts for remote connections by running the following PowerShell cmdlet:
```powershell
net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
@ -62,7 +64,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
> Starting in Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there's a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
- Adding users using policy
Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD-joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
> [!TIP]

6
windows/client-management/device-update-management.md
View File

@ -1,7 +1,7 @@
---
title: Mobile device management MDM for device updates
description: Windows 10 provides several APIs to help mobile device management (MDM) solutions manage updates. Learn how to use these APIs to implement update management.
ms.reviewer:
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@ -9,7 +9,9 @@ ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/15/2017
ms.collection: highpri
ms.collection:
- highpri
- tier2
---
# Mobile device management (MDM) for device updates

6
windows/client-management/diagnose-mdm-failures-in-windows-10.md
View File

@ -1,7 +1,7 @@
---
title: Diagnose MDM failures in Windows 10
description: Learn how to collect MDM logs. Examining these logs can help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server.
ms.reviewer:
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@ -9,7 +9,9 @@ ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/25/2018
ms.collection: highpri
ms.collection:
- highpri
- tier2
---
# Diagnose MDM failures in Windows 10

3
windows/client-management/docfx.json
View File

@ -34,6 +34,9 @@
"externalReference": [],
"globalMetadata": {
"recommendations": true,
"ms.collection": [
"tier2"
],
"breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
"uhfHeaderId": "MSDocsHeader-M365-IT",
"ms.technology": "itpro-manage",

18
windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
View File

@ -7,9 +7,11 @@ ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 04/30/2022
ms.reviewer:
ms.reviewer:
manager: aaroncz
ms.collection: highpri
ms.collection:
- highpri
- tier2
---
# Enroll a Windows 10 device automatically using Group Policy
@ -188,19 +190,19 @@ Requirements:
- 1903 --> [Administrative Templates (.admx) for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/download/details.aspx?id=58495)
- 1909 --> [Administrative Templates (.admx) for Windows 10 November 2019 Update (1909)](https://www.microsoft.com/download/confirmation.aspx?id=100591)
- 2004 --> [Administrative Templates (.admx) for Windows 10 May 2020 Update (2004)](https://www.microsoft.com/download/confirmation.aspx?id=101445)
- 20H2 --> [Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2)](https://www.microsoft.com/download/details.aspx?id=102157)
- 21H1 --> [Administrative Templates (.admx) for Windows 10 May 2021 Update (21H1)](https://www.microsoft.com/download/details.aspx?id=103124)
- 21H2 --> [Administrative Templates (.admx) for Windows 10 November 2021 Update (21H2)-v2.0](https://www.microsoft.com/download/details.aspx?id=104042)
- 22H2 --> [Administrative Templates (.admx) for Windows 10 October 2022 Update (22H2)](https://www.microsoft.com/download/104677)
- 22H2 --> [Administrative Templates (.admx) for Windows 11 2022 September Update (22H2)](https://www.microsoft.com/download/details.aspx?id=104593)
2. Install the package on the Domain Controller.
3. Navigate, depending on the version to the folder:
@ -214,13 +216,13 @@ Requirements:
- 1909 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2019 Update (1909)**
- 2004 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2020 Update (2004)**
- 20H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2020 Update (20H2)**
- 21H1 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2021 Update (21H1)**
- 21H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2021 Update V2 (21H2)**
- 22H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2022 Update (22H2)**
- 22H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 11 September 2022 Update (22H2)**

1
windows/client-management/index.yml
View File

@ -11,6 +11,7 @@ metadata:
ms.technology: itpro-manage
ms.collection:
- highpri
- tier1
author: aczechowski
ms.author: aaroncz
manager: dougeby

8
windows/client-management/mandatory-user-profile.md
View File

@ -5,10 +5,12 @@ ms.prod: windows-client
author: vinaypamnani-msft
ms.author: vinpa
ms.date: 09/14/2021
ms.reviewer:
ms.reviewer:
manager: aaroncz
ms.topic: article
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-manage
---
@ -51,7 +53,7 @@ First, you create a default user profile with the customizations that you want,
1. Sign in to a computer running Windows 10 as a member of the local Administrator group. Do not use a domain account.
> [!NOTE]
> Use a lab or extra computer running a clean installation of Windows 10 to create a default user profile. Do not use a computer that is required for business (that is, a production computer). This process removes all domain accounts from the computer, including user profile folders.
> Use a lab or extra computer running a clean installation of Windows 10 to create a default user profile. Do not use a computer that is required for business (that is, a production computer). This process removes all domain accounts from the computer, including user profile folders.
1. Configure the computer settings that you want to include in the user profile. For example, you can configure settings for the desktop background, uninstall default apps, install line-of-business apps, and so on.

28
windows/client-management/mdm-enrollment-of-windows-devices.md
View File

@ -1,17 +1,19 @@
---
title: MDM enrollment of Windows 10-based devices
description: Learn about mobile device management (MDM) enrollment of Windows 10-based devices to simplify access to your organizations resources.
MS-HAID:
MS-HAID:
- 'p\_phdevicemgmt.enrollment\_ui'
- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices'
ms.reviewer:
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.date: 12/31/2017
---
@ -35,7 +37,7 @@ Devices running Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Educatio
> [!NOTE]
> Mobile devices can't be connected to an Active Directory domain.
### Out-of-box-experience
### Out-of-box-experience
Joining your device to an Active Directory domain during the out-of-box-experience (OOBE) isn't supported. To join a domain:
@ -90,7 +92,7 @@ There are a few instances where your device can't be connected to an Active Dire
| You're logged in as a standard user. | Your device can only be connected to an Azure AD domain if you're logged in as an administrative user. Youll need to switch to an administrator account to continue. |
| Your device is running Windows 10 Home. | This feature isn't available on Windows 10 Home, so you'll be unable to connect to an Active Directory domain. You'll need to upgrade to Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education to continue. |
### Connect your device to an Azure AD domain (join Azure AD)
@ -167,9 +169,9 @@ There are a few instances where your device can't be connected to an Azure AD do
| Your device is already managed by MDM. | The connect to Azure AD flow will attempt to enroll your device into MDM if your Azure AD tenant has a preconfigured MDM endpoint. Your device must be unenrolled from MDM to be able to connect to Azure AD in this case. |
| Your device is running Windows 10 Home. | This feature isn't available on Windows 10 Home, so you'll be unable to connect to an Azure AD domain. You'll need to upgrade to Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education to continue. |
## Connect personally owned devices
## Connect personally owned devices
Personally owned devices, also known as bring your own device (BYOD), can be connected to a work or school account, or to MDM. Windows 10 doesn't require a personal Microsoft account on devices to connect to work or school.
@ -247,7 +249,7 @@ To create a local account and connect the device:
![screen to set up your device](images/unifiedenrollment-rs1-33-b.png)
After you complete the flow, your device will be connected to your organizations MDM.
### Help with connecting personally owned devices
There are a few instances where your device may not be able to connect to work.
@ -260,7 +262,7 @@ There are a few instances where your device may not be able to connect to work.
| You dont have the right privileges to perform this operation. Talk to your admin. | You can't enroll your device into MDM as a standard user. You must be on an administrator account. |
| We couldnt auto-discover a management endpoint matching the username entered. Check your username and try again. If you know the URL to your management endpoint, enter it. | You need to provide the server URL for your MDM or check the spelling of the username you entered. |
## Connect your Windows 10-based device to work using a deep link
@ -283,13 +285,13 @@ The deep link used for connecting your device to work will always use the follow
| ownership | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used to determine whether the device is BYOD or Corp Owned. Added in Windows 10, version 1703. | 1, 2, or 3. Where "1" means ownership is unknown, "2" means the device is personally owned, and "3" means the device is corporate-owned |
> [!NOTE]
> AWA and Azure Active Directory-joined values for mode are only supported on Windows 10, version 1709 and later.
> AWA and Azure Active Directory-joined values for mode are only supported on Windows 10, version 1709 and later.
### Connect to MDM using a deep link
> [!NOTE]
> Deep links only work with Internet Explorer or Microsoft Edge browsers. Examples of URI's that may be used to connect to MDM using a deep link:
>
>
> - **ms-device-enrollment:?mode=mdm**
> - **ms-device-enrollment:?mode=mdm&username=`someone@example.com`&servername=`https://example.server.com`**
@ -342,7 +344,7 @@ Starting in Windows 10, version 1709, selecting the **Info** button will show a
![work or school info.](images/unifiedenrollment-rs1-35-b.png)
> [!NOTE]
> Starting in Windows 10, version 1709, the **Manage** button is no longer available.
> Starting in Windows 10, version 1709, the **Manage** button is no longer available.
### Disconnect
@ -363,7 +365,7 @@ Starting in Windows 10, version 1709, you can get the advanced diagnostic report
![collecting enrollment management log files.](images/unifiedenrollment-rs1-37-c.png)

4
windows/client-management/mdm-overview.md
View File

@ -9,7 +9,9 @@ ms.localizationpriority: medium
author: vinaypamnani-msft
ms.author: vinpa
manager: aaroncz
ms.collection: highpri
ms.collection:
- highpri
- tier2
---
# Mobile Device Management overview

4
windows/client-management/mdm/configuration-service-provider-ddf.md
View File

@ -9,7 +9,9 @@ ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2020
ms.collection: highpri
ms.collection:
- highpri
- tier2
---
# Configuration service provider DDF files

6
windows/client-management/mdm/configuration-service-provider-support.md
View File

@ -1,7 +1,7 @@
---
title: Configuration service provider support
description: Learn more about configuration service provider (CSP) supported scenarios.
ms.reviewer:
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@ -9,7 +9,9 @@ ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2020
ms.collection: highpri
ms.collection:
- highpri
- tier2
---
# Configuration service provider support

6
windows/client-management/mdm/dynamicmanagement-csp.md
View File

@ -7,9 +7,11 @@ ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
ms.reviewer:
ms.reviewer:
manager: aaroncz
ms.collection: highpri
ms.collection:
- highpri
- tier2
---
# DynamicManagement CSP

1
windows/client-management/mdm/index.yml
View File

@ -11,6 +11,7 @@ metadata:
ms.prod: windows-client
ms.collection:
- highpri
- tier1
ms.custom: intro-hub-or-landing
author: vinaypamnani-msft
ms.author: vinpa

4
windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
View File

@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsExplorer Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 01/09/2023
ms.date: 02/10/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -4538,7 +4538,7 @@ The first several links will also be pinned to the Start menu. A total of four l
<!-- TryHarderPinnedOpenSearch-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting allows you to add Internet or intranet sites to the "Search again" links located at the bottom of search results in File Explorer and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. The Internet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, <https://www.example.com/results.aspx?q=>{searchTerms}).
This policy setting allows you to add Internet or intranet sites to the "Search again" links located at the bottom of search results in File Explorer and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. The Internet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, `https://www.example.com/results.aspx?q={searchTerms}`).
You can add up to five additional links to the "Search again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links.

34
windows/client-management/mdm/policy-csp-audit.md
View File

@ -4,7 +4,7 @@ description: Learn more about the Audit Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 01/09/2023
ms.date: 02/10/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -343,7 +343,7 @@ Volume: Low.
<!-- AccountLogonLogoff_AuditGroupMembership-Description-Begin -->
<!-- Description-Source-DDF -->
This policy allows you to audit the group memberhsip information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group memberhsip information cannot fit in a single security audit event.
This policy allows you to audit the group membership information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group membership information cannot fit in a single security audit event.
<!-- AccountLogonLogoff_AuditGroupMembership-Description-End -->
<!-- AccountLogonLogoff_AuditGroupMembership-Editable-Begin -->
@ -836,7 +836,7 @@ Volume: Low.
<!-- AccountLogonLogoff_AuditSpecialLogon-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit events generated by special logons such as the following : The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see article 947223 in the Microsoft Knowledge Base (<https://go.microsoft.com/fwlink/?LinkId=121697)>.
This policy setting allows you to audit events generated by special logons such as the following: The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see [article 947223 in the Microsoft Knowledge Base](<https://go.microsoft.com/fwlink/?LinkId=121697>).
<!-- AccountLogonLogoff_AuditSpecialLogon-Description-End -->
<!-- AccountLogonLogoff_AuditSpecialLogon-Editable-Begin -->
@ -1083,7 +1083,7 @@ Volume: Low.
<!-- AccountManagement_AuditDistributionGroupManagement-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit events generated by changes to distribution groups such as the following Distribution group is created, changed, or deleted. Member is added or removed from a distribution group. Distribution group type is changed. If you configure this policy setting, an audit event is generated when an attempt to change a distribution group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when a distribution group changes
- If you do not configure this policy setting, no audit event is generated when a distribution group changes.
> [!NOTE]
> Events in this subcategory are logged only on domain controllers.
@ -1120,7 +1120,7 @@ Volume: Low.
| Name | Value |
|:--|:--|
| Name | Audit Distributio Group Management |
| Name | Audit Distribution Group Management |
| Path | Windows Settings > Security Settings > Advanced Audit Policy Configuration > System Audit Policies > Account Management |
<!-- AccountManagement_AuditDistributionGroupManagement-GpMapping-End -->
@ -1332,7 +1332,7 @@ Volume: Low.
<!-- DetailedTracking_AuditDPAPIActivity-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see <https://go.microsoft.com/fwlink/?LinkId=121720>. If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests.
This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see [How to Use Data Protection](/dotnet/standard/security/how-to-use-data-protection). If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests.
- If you do not configure this policy setting, no audit event is generated when an encryption or decryption request is made to DPAPI.
<!-- DetailedTracking_AuditDPAPIActivity-Description-End -->
@ -1825,7 +1825,7 @@ Volume: High on domain controllers. None on client computers.
<!-- DSAccess_AuditDirectoryServiceChanges-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted. When possible, events logged in this subcategory indicate the old and new values of the object's properties. Events in this subcategory are logged only on domain controllers, and only objects in AD DS with a matching system access control list (SACL) are logged
This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted. When possible, events logged in this subcategory indicate the old and new values of the object's properties. Events in this subcategory are logged only on domain controllers, and only objects in AD DS with a matching system access control list (SACL) are logged.
> [!NOTE]
> Actions on some objects and properties do not cause audit events to be generated due to settings on the object class in the schema. If you configure this policy setting, an audit event is generated when an attempt to change an object in AD DS is made. Success audits record successful attempts, however unsuccessful attempts are NOT recorded.
@ -2135,7 +2135,7 @@ Volume: Medium or Low on computers running Active Directory Certificate Services
<!-- ObjectAccess_AuditDetailedFileShare-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share. Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access. If you configure this policy setting, an audit event is generated when an attempt is made to access a file or folder on a share. The administrator can specify whether to audit only successes, only failures, or both successes and failures
This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share. Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access. If you configure this policy setting, an audit event is generated when an attempt is made to access a file or folder on a share. The administrator can specify whether to audit only successes, only failures, or both successes and failures.
> [!NOTE]
> There are no system access control lists (SACLs) for shared folders.
@ -2201,7 +2201,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc
<!-- ObjectAccess_AuditFileShare-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit attempts to access a shared folder. If you configure this policy setting, an audit event is generated when an attempt is made to access a shared folder.
- If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, or both successes and failures
- If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, or both successes and failures.
> [!NOTE]
> There are no system access control lists (SACLs) for shared folders.
@ -2267,7 +2267,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc
<!-- ObjectAccess_AuditFileSystem-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the request match the settings in the SACL. For more information about enabling object access auditing, see <https//go.microsoft.com/fwlink/?LinkId=122083>. If you configure this policy setting, an audit event is generated each time an account accesses a file system object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL
- If you do not configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL.
> [!NOTE]
> You can set a SACL on a file system object using the Security tab in that object's Properties dialog box.
@ -2455,7 +2455,7 @@ Volume: High.
<!-- ObjectAccess_AuditHandleManipulation-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events. If you configure this policy setting, an audit event is generated when a handle is manipulated. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when a handle is manipulated
- If you do not configure this policy setting, no audit event is generated when a handle is manipulated.
> [!NOTE]
> Events in this subcategory generate events only for object types where the corresponding Object Access subcategory is enabled. For example, if File system object access is enabled, handle manipulation security audit events are generated. If Registry object access is not enabled, handle manipulation security audit events will not be generated.
@ -2519,7 +2519,7 @@ Volume: Depends on how SACLs are configured.
<!-- ObjectAccess_AuditKernelObject-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit attempts to access the kernel, which include mutexes and semaphores. Only kernel objects with a matching system access control list (SACL) generate security audit events
This policy setting allows you to audit attempts to access the kernel, which include mutexes and semaphores. Only kernel objects with a matching system access control list (SACL) generate security audit events.
> [!NOTE]
> The Audit Audit the access of global system objects policy setting controls the default SACL of kernel objects.
@ -2645,7 +2645,7 @@ Volume: Low.
<!-- ObjectAccess_AuditRegistry-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL. If you configure this policy setting, an audit event is generated each time an account accesses a registry object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL
- If you do not configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL.
> [!NOTE]
> You can set a SACL on a registry object using the Permissions dialog box.
@ -2771,10 +2771,10 @@ This policy setting allows you to audit user attempts to access file system obje
<!-- ObjectAccess_AuditSAM-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects. SAM objects include the following SAM_ALIAS -- A local group. SAM_GROUP -- A group that is not a local group. SAM_USER - A user account. SAM_DOMAIN - A domain. SAM_SERVER - A computer account. If you configure this policy setting, an audit event is generated when an attempt to access a kernel object is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when an attempt to access a kernel object is made
- If you do not configure this policy setting, no audit event is generated when an attempt to access a kernel object is made.
> [!NOTE]
> Only the System Access Control List (SACL) for SAM_SERVER can be modified. Volume High on domain controllers. For information about reducing the amount of events generated in this subcategory, see article 841001 in the Microsoft Knowledge Base (<https//go.microsoft.com/fwlink/?LinkId=121698)>.
> Only the System Access Control List (SACL) for SAM_SERVER can be modified. Volume High on domain controllers. For information about reducing the amount of events generated in this subcategory, see [article 841001 in the Microsoft Knowledge Base](https://go.microsoft.com/fwlink/?LinkId=121698).
<!-- ObjectAccess_AuditSAM-Description-End -->
<!-- ObjectAccess_AuditSAM-Editable-Begin -->
@ -2836,7 +2836,7 @@ Volume: High on domain controllers. For more information about reducing the numb
<!-- PolicyChange_AuditAuthenticationPolicyChange-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit events generated by changes to the authentication policy such as the following Creation of forest and domain trusts. Modification of forest and domain trusts. Removal of forest and domain trusts. Changes to Kerberos policy under Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy. Granting of any of the following user rights to a user or group Access This Computer From the Network. Allow Logon Locally. Allow Logon Through Terminal Services. Logon as a Batch Job. Logon a Service. Namespace collision. For example, when a new trust has the same name as an existing namespace name. If you configure this policy setting, an audit event is generated when an attempt to change the authentication policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when the authentication policy is changed
- If you do not configure this policy setting, no audit event is generated when the authentication policy is changed.
> [!NOTE]
> The security audit event is logged when the group policy is applied. It does not occur at the time when the settings are modified.
@ -3147,7 +3147,7 @@ Volume: Low.
<!-- PolicyChange_AuditPolicyChange-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit changes in the security audit policy settings such as the following Settings permissions and audit settings on the Audit Policy object. Changes to the system audit policy. Registration of security event sources. De-registration of security event sources. Changes to the per-user audit settings. Changes to the value of CrashOnAuditFail. Changes to the system access control list on a file system or registry object. Changes to the Special Groups list
This policy setting allows you to audit changes in the security audit policy settings such as the following Settings permissions and audit settings on the Audit Policy object. Changes to the system audit policy. Registration of security event sources. De-registration of security event sources. Changes to the per-user audit settings. Changes to the value of CrashOnAuditFail. Changes to the system access control list on a file system or registry object. Changes to the Special Groups list.
> [!NOTE]
> System access control list (SACL) change auditing is done when a SACL for an object changes and the policy change category is enabled. Discretionary access control list (DACL) and ownership changes are audited when object access auditing is enabled and the object's SACL is configured for auditing of DACL/Owner change.

4
windows/client-management/mdm/policy-csp-browser.md
View File

@ -1484,7 +1484,7 @@ Supported versions: Microsoft Edge on Windows 10, version 1809
Default setting: Disabled or not configured
Related policies:
- Allows development of Windows Store apps and installing them from an integrated development environment (IDE)
- Allow all trusted apps to install
- Allow all trusted apps to install
<!-- AllowSideloadingOfExtensions-Description-End -->
<!-- AllowSideloadingOfExtensions-Editable-Begin -->
@ -3248,7 +3248,7 @@ Related Documents:
- [Find a package family name (PFN) for per-app VPN](/mem/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- [How to manage volume purchased apps from the Microsoft Store for Business with Microsoft Intune](/mem/intune/apps/windows-store-for-business)
- [Assign apps to groups with Microsoft Intune](/mem/intune/apps-deploy)
- [Assign apps to groups with Microsoft Intune](/mem/intune/apps/apps-deploy)
- [Manage apps from the Microsoft Store for Business and Education with Configuration Manager](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- [Add a Windows line-of-business app to Microsoft Intune](/mem/intune/apps/lob-apps-windows)
<!-- PreventTurningOffRequiredExtensions-Editable-End -->

8
windows/client-management/mdm/policy-csp-defender.md
View File

@ -4,7 +4,7 @@ description: Learn more about the Defender Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 01/09/2023
ms.date: 02/10/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -1164,7 +1164,7 @@ This setting applies to scheduled scans, but it has no effect on scans initiated
<!-- CloudBlockLevel-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. For more information about specific values that are supported, see the Windows Defender Antivirus documentation site
This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. For more information about specific values that are supported, see [Specify the cloud protection level](/microsoft-365/security/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus).
> [!NOTE]
> This feature requires the Join Microsoft MAPS setting enabled in order to function.
@ -1232,7 +1232,7 @@ This policy setting determines how aggressive Windows Defender Antivirus will be
<!-- CloudExtendedTimeout-Description-Begin -->
<!-- Description-Source-DDF -->
This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds. For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds
This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds. For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds.
> [!NOTE]
> This feature depends on three other MAPS settings the must all be enabled- Configure the 'Block at First Sight' feature; Join Microsoft MAPS; Send file samples when further analysis is required.
@ -1980,7 +1980,7 @@ Allows an administrator to specify a list of directory paths to ignore during a
<!-- ExcludedProcesses-Description-Begin -->
<!-- Description-Source-DDF -->
Allows an administrator to specify a list of files opened by processes to ignore during a scan
Allows an administrator to specify a list of files opened by processes to ignore during a scan.
> [!IMPORTANT]
> The process itself is not excluded from the scan, but can be by using the Defender/ExcludedPaths policy to exclude its path. Each file type must be separated by a |. For example, C\Example. exe|C\Example1.exe.

2
windows/client-management/mdm/policy-csp-restrictedgroups.md
View File

@ -150,7 +150,7 @@ Descriptions of the properties:
**Policy timeline**:
The behavior of this policy setting differs in different Windows 10 versions. For Windows 10, version 1809 through version 1909, you can use name in `<accessgroup dec>` and SID in `<member name>`. For Windows 10, version 2004, you can use name or SID for both the elements, as described in the example.
The behavior of this policy setting differs in different Windows 10 versions. For Windows 10, version 1809 through version 1909, you can use name in `<accessgroup desc>` and SID in `<member name>`. For Windows 10, version 2004, you can use name or SID for both the elements, as described in the example.
The following table describes how this policy setting behaves in different Windows 10 versions:

4
windows/client-management/mdm/uefi-csp.md
View File

@ -7,7 +7,7 @@ ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 10/02/2018
ms.reviewer:
ms.reviewer:
manager: aaroncz
---
@ -31,7 +31,7 @@ The UEFI Configuration Service Provider (CSP) interfaces to UEFI's Device Firmwa
> The UEFI CSP version published in Windows 10, version 1803 is replaced with this one (version 1809).
> [!NOTE]
> The production UEFI CSP is present in 1809, but it depends upon the [Device Firmware Configuration Interface (DFCI) and UEFI firmware](https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/Dfci_Feature/) to comply with this interface.
> The production UEFI CSP is present in 1809, but it depends upon the [Device Firmware Configuration Interface (DFCI) and UEFI firmware](https://microsoft.github.io/mu/dyn/mu_feature_dfci/DfciPkg/Docs/Dfci_Feature/) to comply with this interface.
The following shows the UEFI CSP in tree format.
```

44
windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
View File

@ -40,6 +40,7 @@ WindowsAdvancedThreatProtection
----Configuration
--------SampleSharing
--------TelemetryReportingFrequency
--------AadDdeviceId
----Offboarding
----DeviceTagging
--------Group
@ -48,34 +49,34 @@ WindowsAdvancedThreatProtection
The following list describes the characteristics and parameters.
<a href="" id="--device-vendor-msft-windowsadvancedthreatprotection"></a>**./Device/Vendor/MSFT/WindowsAdvancedThreatProtection**
**./Device/Vendor/MSFT/WindowsAdvancedThreatProtection**
The root node for the Windows Defender Advanced Threat Protection configuration service provider.
Supported operation is Get.
<a href="" id="onboarding"></a>**Onboarding**
**Onboarding**
Sets Windows Defender Advanced Threat Protection Onboarding blob and initiates onboarding to Windows Defender Advanced Threat Protection.
The data type is a string.
Supported operations are Get and Replace.
<a href="" id="healthstate"></a>**HealthState**
**HealthState**
Node that represents the Windows Defender Advanced Threat Protection health state.
<a href="" id="healthstate-lastconnected"></a>**HealthState/LastConnected**
**HealthState/LastConnected**
Contains the timestamp of the last successful connection.
Supported operation is Get.
<a href="" id="healthstate-senseisrunning"></a>**HealthState/SenseIsRunning**
**HealthState/SenseIsRunning**
Boolean value that identifies the Windows Defender Advanced Threat Protection Sense running state.
The default value is false.
Supported operation is Get.
<a href="" id="healthstate-onboardingstate"></a>**HealthState/OnboardingState**
**HealthState/OnboardingState**
Represents the onboarding state.
Supported operation is Get.
@ -85,15 +86,15 @@ The following list shows the supported values:
- 0 (default) Not onboarded
- 1 Onboarded
<a href="" id="healthstate-orgid"></a>**HealthState/OrgId**
**HealthState/OrgId**
String that represents the OrgID.
Supported operation is Get.
<a href="" id="configuration"></a>**Configuration**
**Configuration**
Represents Windows Defender Advanced Threat Protection configuration.
<a href="" id="configuration-samplesharing"></a>**Configuration/SampleSharing**
**Configuration/SampleSharing**
Returns or sets the Windows Defender Advanced Threat Protection Sample Sharing configuration parameter.
The following list shows the supported values:
@ -103,7 +104,7 @@ The following list shows the supported values:
Supported operations are Get and Replace.
<a href="" id="configuration-telemetryreportingfrequency"></a>**Configuration/TelemetryReportingFrequency**
**Configuration/TelemetryReportingFrequency**
Added in Windows 10, version 1703. Returns or sets the Windows Defender Advanced Threat Protection diagnostic data reporting frequency.
The following list shows the supported values:
@ -113,26 +114,31 @@ The following list shows the supported values:
Supported operations are Get and Replace.
<a href="" id="offboarding"></a>**Offboarding**
**Configuration/AadDeviceId**
Returns or sets the Intune's reported known AadDeviceId for the machine
Supported operations are Get and Replace.
**Offboarding**
Sets the Windows Defender Advanced Threat Protection Offboarding blob and initiates offboarding to Windows Defender Advanced Threat Protection.
The data type is a string.
Supported operations are Get and Replace.
<a href="" id="devicetagging"></a>**DeviceTagging**
**DeviceTagging**
Added in Windows 10, version 1709. Represents Windows Defender Advanced Threat Protection configuration for managing role based access and device tagging.
Supported operation is Get.
<a href="" id="group"></a>**DeviceTagging/Group**
**DeviceTagging/Group**
Added in Windows 10, version 1709. Device group identifiers.
The data type is a string.
Supported operations are Get and Replace.
<a href="" id="criticality"></a>**DeviceTagging/Criticality**
**DeviceTagging/Criticality**
Added in Windows 10, version 1709. Asset criticality value. Supported values:
- 0 - Normal
@ -217,6 +223,16 @@ Supported operations are Get and Replace.
</Target>
</Item>
</Get>
<Get>
<CmdID>7</CmdID>
<Item>
<Target>
<LocURI>
./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/AadDeviceId
</LocURI>
</Target>
</Item>
</Get>
<Get>
<CmdID>11</CmdID>
<Item>

6
windows/client-management/mobile-device-enrollment.md
View File

@ -1,7 +1,7 @@
---
title: Mobile device enrollment
description: Learn how mobile device enrollment verifies that only authenticated and authorized devices can be managed by their enterprise.
ms.reviewer:
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@ -9,7 +9,9 @@ ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 08/11/2017
ms.collection: highpri
ms.collection:
- highpri
- tier2
---
# Mobile device enrollment

4
windows/client-management/quick-assist.md
View File

@ -9,7 +9,9 @@ author: vinaypamnani-msft
ms.author: vinpa
manager: aaroncz
ms.reviewer: pmadrigal
ms.collection: highpri
ms.collection:
- highpri
- tier1
ms.date: 08/26/2022
---

10
windows/configuration/configure-windows-10-taskbar.md
View File

@ -1,10 +1,7 @@
---
title: Configure Windows 10 taskbar (Windows 10)
title: Configure Windows 10 taskbar
description: Administrators can pin more apps to the taskbar and remove default pinned apps from the taskbar by adding a section to a layout modification XML file.
keywords: [taskbar layout, pin apps]
ms.prod: windows-client
ms.mktglfcycl: manage
ms.sitesec: library
author: lizgt2000
ms.author: lizlong
ms.topic: article
@ -12,9 +9,12 @@ ms.localizationpriority: medium
ms.date: 01/18/2018
ms.reviewer:
manager: aaroncz
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-configure
---
# Configure Windows 10 taskbar
Starting in Windows 10, version 1607, administrators can pin more apps to the taskbar and remove default pinned apps from the taskbar by adding a `<TaskbarLayout>` section to a layout modification XML file. This method never removes user-pinned apps from the taskbar.

1
windows/configuration/cortana-at-work/cortana-at-work-feedback.md
View File

@ -2,6 +2,7 @@
title: Send feedback about Cortana at work back to Microsoft
description: Learn how to send feedback to Microsoft about Cortana at work so you can provide more information to help diagnose reported issues.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-o365.md
View File

@ -2,6 +2,7 @@
title: Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
description: Learn how to connect Cortana to Office 365 so employees are notified about regular meetings and unusual events. You can even set an alarm for early meetings.
ms.prod: windows-client
ms.collection: tier3
ms.mktglfcycl: manage
ms.sitesec: library
author: aczechowski

1
windows/configuration/cortana-at-work/cortana-at-work-overview.md
View File

@ -4,6 +4,7 @@ ms.reviewer:
manager: dougeby
description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and for enterprise environments.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
View File

@ -2,6 +2,7 @@
title: Configure Cortana with Group Policy and MDM settings (Windows)
description: The list of Group Policy and mobile device management (MDM) policy settings that apply to Cortana at work.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
View File

@ -2,6 +2,7 @@
title: Sign into Azure AD, enable the wake word, and try a voice query
description: A test scenario walking you through signing in and managing the notebook.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
View File

@ -2,6 +2,7 @@
title: Perform a quick search with Cortana at work (Windows)
description: This scenario is a test scenario about how to perform a quick search with Cortana at work.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
View File

@ -2,6 +2,7 @@
title: Set a reminder for a location with Cortana at work (Windows)
description: A test scenario about how to set a location-based reminder using Cortana at work.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
View File

@ -2,6 +2,7 @@
title: Use Cortana at work to find your upcoming meetings (Windows)
description: A test scenario on how to use Cortana at work to find your upcoming meetings.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
View File

@ -2,6 +2,7 @@
title: Use Cortana to send email to a co-worker (Windows)
description: A test scenario about how to use Cortana at work to send email to a co-worker.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
View File

@ -2,6 +2,7 @@
title: Review a reminder suggested by Cortana (Windows)
description: A test scenario on how to use Cortana with the Suggested reminders feature.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
View File

@ -2,6 +2,7 @@
title: Help protect data with Cortana and WIP (Windows)
description: An optional test scenario about how to use Cortana at work with Windows Information Protection (WIP).
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
View File

@ -2,6 +2,7 @@
title: Cortana at work testing scenarios
description: Suggested testing scenarios that you can use to test Cortana in your organization.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
View File

@ -2,6 +2,7 @@
title: Set up and test custom voice commands in Cortana for your organization (Windows)
description: How to create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
View File

@ -4,6 +4,7 @@ ms.reviewer:
manager: dougeby
description: Cortana includes powerful configuration options specifically to optimize unique small to medium-sized business and enterprise environments.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/test-scenario-1.md
View File

@ -2,6 +2,7 @@
title: Test scenario 1 Sign in with your work or school account and use Cortana to manage the notebook
description: A test scenario about how to sign in with your work or school account and use Cortana to manage the notebook.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/test-scenario-2.md
View File

@ -2,6 +2,7 @@
title: Test scenario 2 - Perform a quick search with Cortana at work
description: A test scenario about how to perform a quick search with Cortana at work.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/test-scenario-3.md
View File

@ -2,6 +2,7 @@
title: Test scenario 3 - Set a reminder for a specific location using Cortana at work
description: A test scenario about how to set up, review, and edit a reminder based on a location.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/test-scenario-4.md
View File

@ -2,6 +2,7 @@
title: Use Cortana to find your upcoming meetings at work (Windows)
description: A test scenario about how to use Cortana at work to find your upcoming meetings.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/test-scenario-5.md
View File

@ -2,6 +2,7 @@
title: Use Cortana to send an email to co-worker (Windows)
description: A test scenario on how to use Cortana at work to send email to a co-worker.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/test-scenario-6.md
View File

@ -2,6 +2,7 @@
title: Test scenario 6 - Review a reminder suggested by Cortana based on what youve promised in email
description: A test scenario about how to use Cortana with the Suggested reminders feature.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
View File

@ -2,6 +2,7 @@
title: Testing scenarios using Cortana in your business or organization
description: A list of suggested testing scenarios that you can use to test Cortana in your organization.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

19
windows/configuration/customize-and-export-start-layout.md
View File

@ -1,5 +1,5 @@
---
title: Customize and export Start layout (Windows 10)
title: Customize and export Start layout
description: The easiest method for creating a customized Start layout is to set up the Start screen and export the layout.
ms.reviewer:
manager: aaroncz
@ -9,20 +9,21 @@ ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/18/2018
ms.collection: highpri
ms.collection:
- highpri
- tier1
ms.technology: itpro-configure
---
# Customize and export Start layout
**Applies to**
- Windows 10
- Windows 10
>**Looking for consumer information?** See [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
The easiest method for creating a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test computer and then export the layout.
The easiest method for creating a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test computer and then export the layout.
After you export the layout, decide whether you want to apply a *full* Start layout or a *partial* Start layout.
@ -31,7 +32,7 @@ When a full Start layout is applied, the users cannot pin, unpin, or uninstall a
When [a partial Start layout](#configure-a-partial-start-layout) is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups.
>[!NOTE]
>Partial Start layout is only supported on Windows 10, version 1511 and later.
>Partial Start layout is only supported on Windows 10, version 1511 and later.
@ -49,7 +50,7 @@ To prepare a Start layout for export, you simply customize the Start layout on a
**To prepare a test computer**
1. Set up a test computer on which to customize the Start layout. Your test computer should have the operating system that is installed on the users computers (Windows 10 Pro, Enterprise, or Education). Install all apps and services that the Start layout should display.
1. Set up a test computer on which to customize the Start layout. Your test computer should have the operating system that is installed on the users' computers (Windows 10 Pro, Enterprise, or Education). Install all apps and services that the Start layout should display.
2. Create a new user account that you will use to customize the Start layout.
@ -63,7 +64,7 @@ To prepare a Start layout for export, you simply customize the Start layout on a
To view all apps, click **All apps** in the bottom-left corner of Start. Right-click any app, and pin or unpin it from Start.
- **Unpin apps** that you dont want to display. To unpin an app, right-click the app, and then click **Unpin from Start**.
- **Unpin apps** that you don't want to display. To unpin an app, right-click the app, and then click **Unpin from Start**.
- **Drag tiles** on Start to reorder or group apps.
@ -89,7 +90,7 @@ When you have the Start layout that you want your users to see, use the [Export-
2. On a device running Windows 10, version 1607, 1703, or 1803, at the Windows PowerShell command prompt, enter the following command:
`Export-StartLayout path <path><file name>.xml`
`Export-StartLayout -path <path><file name>.xml`
On a device running Windows 10, version 1809 or higher, run the **Export-StartLayout** with the switch **-UseDesktopApplicationID**. For example:

4
windows/configuration/customize-start-menu-layout-windows-11.md
View File

@ -7,7 +7,9 @@ ms.author: lizlong
ms.reviewer: ericpapa
ms.prod: windows-client
ms.localizationpriority: medium
ms.collection: highpri
ms.collection:
- highpri
- tier1
ms.technology: itpro-configure
ms.date: 01/10/2023
ms.topic: article

8
windows/configuration/customize-taskbar-windows-11.md
View File

@ -1,5 +1,5 @@
---
title: Configure and customize Windows 11 taskbar | Microsoft Docs
title: Configure and customize Windows 11 taskbar
description: On Windows 11 devices, pin and unpin default apps and organization apps on the taskbar using an XML file. Deploy the taskbar XML file using Group Policy or MDM and Microsoft Intune. See what happens to the taskbar when the Windows OS client is installed or upgraded.
manager: aaroncz
ms.author: lizlong
@ -7,7 +7,9 @@ ms.reviewer: chataylo
ms.prod: windows-client
author: lizgt2000
ms.localizationpriority: medium
ms.collection: highpri
ms.collection:
- highpri
- tier1
ms.technology: itpro-configure
ms.date: 12/31/2017
ms.topic: article
@ -27,7 +29,7 @@ For example, you can override the default set of apps with your own a set of pin
To add apps you want pinned to the taskbar, you use an XML file. You can use an existing XML file, or create a new file. If you have an XML file that's used on Windows 10 devices, you can also use it on Windows 11 devices. You may have to update the App IDs.
This article shows you how to create the XML file, add apps to the XML, and deploy the XML file.
This article shows you how to create the XML file, add apps to the XML, and deploy the XML file. To learn how to customize the taskbar buttons, see [CSP policies to customize Windows 11 taskbar buttons](supported-csp-taskbar-windows.md#csp-policies-to-customize-windows-11-taskbar-buttons).
## Before you begin

6
windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
View File

@ -1,5 +1,5 @@
---
title: Customize Windows 10 Start and taskbar with Group Policy (Windows 10)
title: Customize Windows 10 Start and taskbar with group policy
description: In Windows 10, you can use a Group Policy Object (GPO) to deploy a customized Start layout to users in a domain.
ms.reviewer:
manager: aaroncz
@ -8,7 +8,9 @@ author: lizgt2000
ms.localizationpriority: medium
ms.author: lizlong
ms.topic: article
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-configure
ms.date: 12/31/2017
---

3
windows/configuration/docfx.json
View File

@ -34,6 +34,9 @@
"externalReference": [],
"globalMetadata": {
"recommendations": true,
"ms.collection": [
"tier2"
],
"breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
"uhfHeaderId": "MSDocsHeader-M365-IT",
"ms.technology": "itpro-configure",

13
windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
View File

@ -8,7 +8,9 @@ ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.prod: windows-client
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-configure
ms.date: 12/31/2017
---
@ -41,7 +43,7 @@ foreach ($app in $installedapps)
$aumidList
```
You can add the user &lt;username&gt; or the allusers parameters to the get-AppxPackage cmdlet to list AUMIDs for other users. You must use an elevated Windows PowerShell prompt to use the user or allusers parameters.
You can add the `-user <username>` or the `-allusers` parameters to the **Get-AppxPackage** cmdlet to list AUMIDs for other users. You must use an elevated Windows PowerShell prompt to use the `-user` or -`allusers` parameters.
## To find the AUMID by using File Explorer
@ -63,7 +65,7 @@ At a command prompt, type the following command:
`reg query HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package /s /f AppUserModelID | find "REG_SZ"`
## Example
### Example to get AUMIDs of the installed apps for the specified user
The following code sample creates a function in Windows PowerShell that returns an array of AUMIDs of the installed apps for the specified user.
@ -105,14 +107,14 @@ The following Windows PowerShell commands demonstrate how you can call the listA
# Get a list of AUMIDs for the current account:
listAumids
# Get a list of AUMIDs for an account named “CustomerAccount”:
# Get a list of AUMIDs for an account named "CustomerAccount":
listAumids("CustomerAccount")
# Get a list of AUMIDs for all accounts on the device:
listAumids("allusers")
```
## Example
### Example to get the AUMID of any application in the Start menu
The following code sample creates a function in Windows PowerShell that returns the AUMID of any application currently listed in the Start menu.
@ -148,4 +150,3 @@ Get-AppAUMID -AppName Word
# List all apps and their AUMID in the Start menu
Get-AppAUMID
```

13
windows/configuration/guidelines-for-assigned-access-app.md
View File

@ -1,17 +1,16 @@
---
title: Guidelines for choosing an app for assigned access (Windows 10/11)
title: Guidelines for choosing an app for assigned access
description: The following guidelines may help you choose an appropriate Windows app for your assigned access experience.
keywords: [kiosk, lockdown, assigned access]
ms.prod: windows-client
ms.mktglfcycl: manage
ms.sitesec: library
author: lizgt2000
ms.localizationpriority: medium
ms.author: lizlong
ms.topic: article
ms.reviewer: sybruckm
manager: aaroncz
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-configure
ms.date: 12/31/2017
---
@ -50,7 +49,7 @@ Avoid selecting Windows apps that are designed to launch other apps as part of t
Starting with Windows 10 version 1809+, Microsoft Edge includes support for kiosk mode. [Learn how to deploy Microsoft Edge kiosk mode.](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy)
In Windows client, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure more settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but arent allowed to go to a competitor's website.
In Windows client, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure more settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren't allowed to go to a competitor's website.
>[!NOTE]
>Kiosk Browser supports a single tab. If a website has links that open a new tab, those links will not work with Kiosk Browser. Kiosk Browser does not support .pdfs.
@ -155,7 +154,7 @@ You can create your own web browser Windows app by using the WebView class. Lear
## Secure your information
Avoid selecting Windows apps that may expose the information you dont want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.
Avoid selecting Windows apps that may expose the information you don't want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.
## App configuration

3
windows/configuration/index.yml
View File

@ -1,7 +1,7 @@
### YamlMime:Landing
title: Configure Windows client # < 60 chars
summary: Find out how to apply custom configurations to Windows 10 and Windows 11 devices. Windows 10 provides many features and methods to help you configure or lock down specific parts of Windows client. # < 160 chars
summary: Find out how to apply custom configurations to Windows client devices. Windows provides many features and methods to help you configure or lock down specific parts of Windows client. # < 160 chars
metadata:
title: Configure Windows client # Required; page title displayed in search results. Include the brand. < 60 chars.
@ -10,6 +10,7 @@ metadata:
ms.prod: windows-client
ms.collection:
- highpri
- tier1
author: aczechowski
ms.author: aaroncz
manager: dougeby

8
windows/configuration/kiosk-single-app.md
View File

@ -1,6 +1,6 @@
---
title: Set up a single-app kiosk on Windows 10/11
description: A single-use device is easy to set up in Windows 10 and Windows 11 for desktop editions (Pro, Enterprise, and Education).
title: Set up a single-app kiosk on Windows
description: A single-use device is easy to set up in Windows Pro, Enterprise, and Education editions.
ms.reviewer: sybruckm
manager: aaroncz
ms.author: lizlong
@ -8,7 +8,9 @@ ms.prod: windows-client
author: lizgt2000
ms.localizationpriority: medium
ms.topic: article
ms.collection: highpri
ms.collection:
- highpri
- tier1
ms.technology: itpro-configure
ms.date: 12/31/2017
---

12
windows/configuration/lock-down-windows-10-to-specific-apps.md
View File

@ -9,7 +9,9 @@ manager: aaroncz
ms.reviewer: sybruckm
ms.localizationpriority: medium
ms.topic: how-to
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.date: 12/31/2017
---
@ -247,7 +249,7 @@ A few things to note here:
- The test device on which you customize the Start layout should have the same OS version that is installed on the device where you plan to deploy the multi-app assigned access configuration.
- Since the multi-app assigned access experience is intended for fixed-purpose devices, to ensure the device experiences are consistent and predictable, use the *full* Start layout option instead of the *partial* Start layout.
- There are no apps pinned on the taskbar in the multi-app mode, and it's not supported to configure Taskbar layout using the `<CustomTaskbarLayoutCollection>` tag in a layout modification XML as part of the assigned access configuration.
- The following example uses `DesktopApplicationLinkPath` to pin the desktop app to start. When the desktop app doesnt have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files).
- The following example uses `DesktopApplicationLinkPath` to pin the desktop app to start. When the desktop app doesn't have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files).
The following example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps on Start:
@ -284,7 +286,7 @@ The following example pins Groove Music, Movies & TV, Photos, Weather, Calculato
##### Taskbar
Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you dont attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want.
Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you don't attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want.
The following example exposes the taskbar to the end user:
@ -607,7 +609,7 @@ Lock the Taskbar | Enabled
Prevent users from adding or removing toolbars | Enabled
Prevent users from resizing the taskbar | Enabled
Remove frequent programs list from the Start Menu | Enabled
Remove Map Network Drive and Disconnect Network Drive | Enabled
Remove 'Map Network Drive' and 'Disconnect Network Drive' | Enabled
Remove the Security and Maintenance icon | Enabled
Turn off all balloon notifications | Enabled
Turn off feature advertisement balloon notifications | Enabled
@ -615,7 +617,7 @@ Turn off toast notifications | Enabled
Remove Task Manager | Enabled
Remove Change Password option in Security Options UI | Enabled
Remove Sign Out option in Security Options UI | Enabled
Remove All Programs list from the Start Menu | Enabled Remove and disable setting
Remove All Programs list from the Start Menu | Enabled - Remove and disable setting
Prevent access to drives from My Computer | Enabled - Restrict all drivers
>[!NOTE]

8
windows/configuration/provisioning-packages/provisioning-install-icd.md
View File

@ -1,14 +1,16 @@
---
title: Install Windows Configuration Designer (Windows 10/11)
title: Install Windows Configuration Designer
description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11.
ms.prod: windows-client
author: lizgt2000
ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
ms.reviewer: kevinsheehan
manager: aaroncz
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-configure
ms.date: 12/31/2017
---

8
windows/configuration/provisioning-packages/provisioning-packages.md
View File

@ -1,14 +1,16 @@
---
title: Provisioning packages overview on Windows 10/11
title: Provisioning packages overview
description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
ms.reviewer: gkomatsu
ms.reviewer: kevinsheehan
manager: aaroncz
ms.prod: windows-client
author: lizgt2000
ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-configure
ms.date: 12/31/2017
---

2
windows/configuration/set-up-shared-or-guest-pc.md
View File

@ -10,7 +10,7 @@ author: paolomatarazzo
ms.author: paoloma
ms.reviewer:
manager: aaroncz
ms.collection:
ms.collection: tier2
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>

2
windows/configuration/shared-devices-concepts.md
View File

@ -10,7 +10,7 @@ author: paolomatarazzo
ms.author: paoloma
ms.reviewer:
manager: aaroncz
ms.collection:
ms.collection: tier2
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>

2
windows/configuration/shared-pc-technical.md
View File

@ -10,7 +10,7 @@ author: paolomatarazzo
ms.author: paoloma
ms.reviewer:
manager: aaroncz
ms.collection:
ms.collection: tier2
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>

6
windows/configuration/stop-employees-from-using-microsoft-store.md
View File

@ -1,5 +1,5 @@
---
title: Configure access to Microsoft Store (Windows 10)
title: Configure access to Microsoft Store
description: Learn how to configure access to Microsoft Store for client computers and mobile devices in your organization.
ms.reviewer:
manager: aaroncz
@ -9,7 +9,9 @@ ms.author: lizlong
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 11/29/2022
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-configure
---

52
windows/configuration/supported-csp-taskbar-windows.md
View File

@ -18,53 +18,65 @@ ms.topic: article
- Windows 11
The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Intune](/mem/intune/fundamentals/what-is-intune). In an MDM policy, these CSPs are settings that you configure. When the policy is ready, you deploy the policy to your devices.
This article lists the CSPs that are available to customize the Taskbar for Windows 11 devices. Windows 11 uses the [Policy CSP - Start](/windows/client-management/mdm/policy-csp-start).
The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Intune](/mem/intune/fundamentals/what-is-intune). In an MDM policy, these CSPs are settings that you configure. When the policy is ready, you deploy the policy to your devices. This article lists the CSPs that are available to customize the Taskbar for Windows 11 devices.
For more general information, see [Configuration service provider (CSP) reference](/windows/client-management/mdm/configuration-service-provider-reference).
## CSP policies to customize Windows 11 taskbar buttons
- [Search/ConfigureSearchOnTaskbarMode](/windows/client-management/mdm/policy-csp-search#configuresearchontaskbarmode)
- Group policy: `Computer Configuration\Administrative Templates\Windows Components\Search\Configures search on the taskbar`
- Local setting: Settings > Personalization > Taskbar > Search
- [Start/HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton)
- Group policy: `Computer and User Configuration\Administrative Templates\Start Menu and Taskbar\Hide the TaskView button`
- Local setting: Settings > Personalization > Taskbar > Task view
- [NewsAndInterests/AllowNewsAndInterests](/windows/client-management/mdm/policy-csp-newsandinterests#allownewsandinterests)
- Group policy: `Computer Configuration\Administrative Templates\Windows Components\Widgets\Allow widgets`
- Local setting: Settings > Personalization > Taskbar > Widgets
- [Experience/ConfigureChatIcon](/windows/client-management/mdm/policy-csp-experience#configurechaticonvisibilityonthetaskbar)
- Group policy: `Computer Configuration\Administrative Templates\Windows Components\Chat\Configure the Chat icon setting`
- Local setting: Settings > Personalization > Taskbar > Chat
## Existing CSP policies that Windows 11 taskbar supports
- [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists)
- [Start/HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists)
- Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Do not keep history of recently opened documents`
- Local setting: Settings > Personalization > Start > Show recently opened items in Jump Lists on Start or the taskbar
- [Start/NoPinningToTaskbar](/windows/client-management/mdm/policy-csp-start#start-nopinningtotaskbar)
- [Start/NoPinningToTaskbar](/windows/client-management/mdm/policy-csp-start#nopinningtotaskbar)
- Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Do not allow pinning programs to the Taskbar`
- Local setting: None
- [Experience/ConfigureChatIcon](/windows/client-management/mdm/policy-csp-experience#experience-configurechaticonvisibilityonthetaskbar)
- Group policy: `Computer Configuration\Administrative Templates\Windows Components\Chat`
- Local setting: Settings > Personalization > Taskbar > Chat
## Existing CSP policies that Windows 11 doesn't support
The following list includes some of the CSP policies that aren't supported on Windows 11:
- [TaskbarLockAll CSP](/windows/client-management/mdm/policy-csp-admx-taskbar#admx-taskbar-taskbarlockall)
- [ADMX_Taskbar/TaskbarLockAll](/windows/client-management/mdm/policy-csp-admx-taskbar#taskbarlockall)
- Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Lock all taskbar settings`
- [TaskbarNoAddRemoveToolbar CSP](/windows/client-management/mdm/policy-csp-admx-taskbar#admx-taskbar-taskbarnoaddremovetoolbar)
- [ADMX_Taskbar/TaskbarNoAddRemoveToolbar](/windows/client-management/mdm/policy-csp-admx-taskbar#taskbarnoaddremovetoolbar)
- Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from adding or removing toolbars`
- [TaskbarNoDragToolbar CSP](/windows/client-management/mdm/policy-csp-admx-taskbar#admx-taskbar-taskbarnodragtoolbar)
- [ADMX_Taskbar/TaskbarNoDragToolbar](/windows/client-management/mdm/policy-csp-admx-taskbar#taskbarnodragtoolbar)
- Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from rearranging toolbars`
- [TaskbarNoRedock CSP](/windows/client-management/mdm/policy-csp-admx-taskbar#admx-taskbar-taskbarnoredock)
- [ADMX_Taskbar/TaskbarNoRedock](/windows/client-management/mdm/policy-csp-admx-taskbar#taskbarnoredock)
- Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from moving taskbar to another screen dock location`
- [TaskbarNoResize CSP](/windows/client-management/mdm/policy-csp-admx-taskbar#admx-taskbar-taskbarnoresize)
- [ADMX_Taskbar/TaskbarNoResize](/windows/client-management/mdm/policy-csp-admx-taskbar#taskbarnoresize)
- Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from resizing the taskbar`
- [NoToolbarsOnTaskbar CSP](/windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-notoolbarsontaskbar)
- [ADMX_StartMenu/NoToolbarsOnTaskbar](/windows/client-management/mdm/policy-csp-admx-startmenu#notoolbarsontaskbar)
- Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Do not display any custom toolbars in the taskbar`
- [NoTaskGrouping CSP](/windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-notaskgrouping)
- [ADMX_StartMenu/NoTaskGrouping](/windows/client-management/mdm/policy-csp-admx-startmenu#notaskgrouping)
- Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent grouping of taskbar items`
- [HidePeopleBar CSP](/windows/client-management/mdm/policy-csp-start#start-hidepeoplebar)
- Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Remove the People Bar from the taskbar`
- [QuickLaunchEnabled CSP](/windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-quicklaunchenabled)
- [ADMX_StartMenu/QuickLaunchEnabled](/windows/client-management/mdm/policy-csp-admx-startmenu#quicklaunchenabled)
- Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Show QuickLaunch on Taskbar`
- [Start/HidePeopleBar](/windows/client-management/mdm/policy-csp-start#hidepeoplebar)
- Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Remove the People Bar from the taskbar`

1
windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
View File

@ -3,6 +3,7 @@ title: Administering UE-V with Windows PowerShell and WMI
description: Learn how User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets to help administrators perform various UE-V tasks.
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby

1
windows/configuration/ue-v/uev-administering-uev.md
View File

@ -3,6 +3,7 @@ title: Administering UE-V
description: Learn how to perform administrative tasks for User Experience Virtualization (UE-V). These tasks include configuring the UE-V service and recovering lost settings.
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby

1
windows/configuration/ue-v/uev-application-template-schema-reference.md
View File

@ -3,6 +3,7 @@ title: Application Template Schema Reference for UE-V
description: Learn details about the XML structure of the UE-V settings location templates and learn how to edit these files.
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby

1
windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
View File

@ -3,6 +3,7 @@ title: Changing the Frequency of UE-V Scheduled Tasks
description: Learn how to create a script that uses the Schtasks.exe command-line options so you can change the frequency of UE-V scheduled tasks.
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby

1
windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
View File

@ -3,6 +3,7 @@ title: Configuring UE-V with Group Policy Objects
description: In this article, learn how to configure User Experience Virtualization (UE-V) with Group Policy objects.
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby

1
windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
View File

@ -3,6 +3,7 @@ title: Configuring UE-V with Microsoft Configuration Manager
description: Learn how to configure User Experience Virtualization (UE-V) with Microsoft Configuration Manager.
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby

1
windows/configuration/ue-v/uev-deploy-required-features.md
View File

@ -3,6 +3,7 @@ title: Deploy required UE-V features
description: Learn how to install and configure User Experience Virtualization (UE-V) features, for example, a network share that stores and retrieves user settings.
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby

1
windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
View File

@ -3,6 +3,7 @@ title: Use UE-V with custom applications
description: Use User Experience Virtualization (UE-V) to create your own custom settings location templates with the UE-V template generator.
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby

1
windows/configuration/ue-v/uev-for-windows.md
View File

@ -3,6 +3,7 @@ title: User Experience Virtualization for Windows 10, version 1607
description: Overview of User Experience Virtualization for Windows 10, version 1607
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 05/02/2017
ms.reviewer:
manager: dougeby

1
windows/configuration/ue-v/uev-getting-started.md
View File

@ -3,6 +3,7 @@ title: Get Started with UE-V
description: Use the steps in this article to deploy User Experience Virtualization (UE-V) for the first time in a test environment.
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 03/08/2018
ms.reviewer:
manager: dougeby

1
windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
View File

@ -3,6 +3,7 @@ title: Manage Administrative Backup and Restore in UE-V
description: Learn how an administrator of User Experience Virtualization (UE-V) can back up and restore application and Windows settings to their original state.
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby

1
windows/configuration/ue-v/uev-manage-configurations.md
View File

@ -3,6 +3,7 @@ title: Manage Configurations for UE-V
description: Learn to manage the configuration of the User Experience Virtualization (UE-V) service and also learn to manage storage locations for UE-V resources.
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby

1
windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
View File

@ -3,6 +3,7 @@ title: Managing UE-V Settings Location Templates Using Windows PowerShell and WM
description: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby

1
windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
View File

@ -3,6 +3,7 @@ title: Manage UE-V Service and Packages with Windows PowerShell and WMI
description: Managing the UE-V service and packages with Windows PowerShell and WMI
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby

1
windows/configuration/ue-v/uev-migrating-settings-packages.md
View File

@ -3,6 +3,7 @@ title: Migrating UE-V settings packages
description: Learn to relocate User Experience Virtualization (UE-V) user settings packages either when you migrate to a new server or when you perform backups.
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby

1
windows/configuration/ue-v/uev-prepare-for-deployment.md
View File

@ -3,6 +3,7 @@ title: Prepare a UE-V Deployment
description: Learn about the types of User Experience Virtualization (UE-V) deployment you can execute and what preparations you can make beforehand to be successful.
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby

1
windows/configuration/ue-v/uev-release-notes-1607.md
View File

@ -3,6 +3,7 @@ title: User Experience Virtualization (UE-V) Release Notes
description: Read the latest information required to successfully install and use User Experience Virtualization (UE-V) that isn't included in the UE-V documentation.
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby

1
windows/configuration/ue-v/uev-security-considerations.md
View File

@ -3,6 +3,7 @@ title: Security Considerations for UE-V
description: Learn about accounts and groups, log files, and other security-related considerations for User Experience Virtualization (UE-V).
author: aczechowski
ms.prod: windows-client
ms.collection: tier3
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby

Some files were not shown because too many files have changed in this diff Show More