diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md index a5e847a460..d1a9fd2e11 100644 --- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md +++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md @@ -34,38 +34,14 @@ manager: dansimp **WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index 1236c6edd8..2ec774f05e 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -96,38 +96,14 @@ manager: dansimp **WindowsDefenderSecurityCenter/CompanyName** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -164,38 +140,14 @@ ADMX Info: **WindowsDefenderSecurityCenter/DisableAccountProtectionUI** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -236,38 +188,14 @@ Valid values: **WindowsDefenderSecurityCenter/DisableAppBrowserUI** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -310,38 +238,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableClearTpmButton** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -398,38 +302,14 @@ ADMX Info: **WindowsDefenderSecurityCenter/DisableDeviceSecurityUI** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -470,38 +350,14 @@ Valid values: **WindowsDefenderSecurityCenter/DisableEnhancedNotifications** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -547,38 +403,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableFamilyUI** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -621,38 +453,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableHealthUI** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -695,38 +503,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableNetworkUI** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -769,38 +553,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableNotifications** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -843,38 +603,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -931,38 +667,14 @@ ADMX Info: **WindowsDefenderSecurityCenter/DisableVirusUI** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1005,38 +717,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1079,38 +767,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/Email** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1147,38 +811,14 @@ ADMX Info: **WindowsDefenderSecurityCenter/EnableCustomizedToasts** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1221,38 +861,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/EnableInAppCustomization** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1295,38 +911,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/HideRansomwareDataRecovery** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1367,38 +959,14 @@ Valid values: **WindowsDefenderSecurityCenter/HideSecureBoot** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1439,38 +1007,14 @@ Valid values: **WindowsDefenderSecurityCenter/HideTPMTroubleshooting** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1511,38 +1055,14 @@ Valid values: **WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1601,38 +1121,14 @@ ADMX Info: **WindowsDefenderSecurityCenter/Phone** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1669,38 +1165,14 @@ ADMX Info: **WindowsDefenderSecurityCenter/URL** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index f463131d83..b4216b2026 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -36,38 +36,14 @@ manager: dansimp **WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -108,38 +84,14 @@ The following list shows the supported values: **WindowsInkWorkspace/AllowWindowsInkWorkspace** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 94a49ce87c..b3254d5ac1 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -59,38 +59,14 @@ manager: dansimp **WindowsLogon/AllowAutomaticRestartSignOn** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -144,38 +120,14 @@ ADMX Info: **WindowsLogon/ConfigAutomaticRestartSignOn** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -229,38 +181,14 @@ ADMX Info: **WindowsLogon/DisableLockScreenAppNotifications** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -299,38 +227,14 @@ ADMX Info: **WindowsLogon/DontDisplayNetworkSelectionUI** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -394,38 +298,14 @@ ADMX Info: **WindowsLogon/EnableFirstLogonAnimation** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -479,38 +359,14 @@ Supported values: **WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -549,38 +405,14 @@ ADMX Info: **WindowsLogon/HideFastUserSwitching** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md index a67752e251..478a612256 100644 --- a/windows/client-management/mdm/policy-csp-windowspowershell.md +++ b/windows/client-management/mdm/policy-csp-windowspowershell.md @@ -34,38 +34,14 @@ manager: dansimp **WindowsPowerShell/TurnOnPowerShellScriptBlockLogging** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md index f3fd70ab14..c8066ba2b0 100644 --- a/windows/client-management/mdm/policy-csp-windowssandbox.md +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -48,38 +48,14 @@ ms.date: 10/14/2020 Available in the latest Windows 10 insider preview build. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -142,38 +118,14 @@ The following are the supported values: Available in the latest Windows 10 insider preview build. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -233,38 +185,14 @@ The following are the supported values: Available in the latest Windows 10 insider preview build. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -322,38 +250,14 @@ The following are the supported values: Available in the latest Windows 10 insider preview build. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -412,38 +316,14 @@ The following are the supported values: Available in the latest Windows 10 insider preview build. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -505,38 +385,14 @@ The following are the supported values: Available in the latest Windows 10 insider preview build. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 9d941ee024..008904439b 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -53,38 +53,14 @@ manager: dansimp **WirelessDisplay/AllowMdnsAdvertisement** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -117,38 +93,14 @@ The following list shows the supported values: **WirelessDisplay/AllowMdnsDiscovery** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -181,38 +133,14 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionFromPC** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -245,38 +173,14 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionFromPCOverInfrastructure** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -309,38 +213,14 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionToPC** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -385,38 +265,14 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionToPCOverInfrastructure** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -449,38 +305,14 @@ The following list shows the supported values: **WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -513,38 +345,14 @@ The following list shows the supported values: **WirelessDisplay/RequirePinForPairing** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/pxlogical-csp.md b/windows/client-management/mdm/pxlogical-csp.md index 1b7b94e690..d5e1de6271 100644 --- a/windows/client-management/mdm/pxlogical-csp.md +++ b/windows/client-management/mdm/pxlogical-csp.md @@ -151,36 +151,12 @@ The following table shows the Microsoft custom elements that this configuration These features are available only for the device technique. In addition, the parameter-query and characteristic-query features are not supported for all PXPHYSICAL proxy parameters for all PXADDR types. All parameters can be queried when the PXPHYSICAL proxy PXADDRType is IPv4. For example, if a mobile operator queries the TO-NAPID parameter of a PXPHYSICAL proxy and the PXADDR Type is E164, a noparm is returned. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
FeatureAvailable

parm-query

Yes

noparm

Yes

nocharacteristic

Yes

characteristic-query

Yes

+|Feature|Available| +|--- |--- | +|parm-query|Yes| +|noparm|Yes| +|nocharacteristic|Yes| +|characteristic-query|Yes|   diff --git a/windows/client-management/mdm/reclaim-seat-from-user.md b/windows/client-management/mdm/reclaim-seat-from-user.md index 3beb6993e3..90c3146f19 100644 --- a/windows/client-management/mdm/reclaim-seat-from-user.md +++ b/windows/client-management/mdm/reclaim-seat-from-user.md @@ -18,62 +18,20 @@ The **Reclaim seat from user** operation returns reclaimed seats for a user in t ## Request - ---- - - - - - - - - - - - - -
MethodRequest URI

DELETE

https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}

+|Method|Request URI| +|--- |--- | +|DELETE|`https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}`| ### URI parameters The following parameters may be specified in the request URI. - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterTypeDescription

productId

string

Required. Product identifier for an application that is used by the Store for Business.

skuId

string

Required. Product identifier that specifies a specific SKU of an application.

username

string

Requires UserPrincipalName (UPN). User name of the target user account.

- +|Parameter|Type|Description| +|--- |--- |--- | +|productId|string|Required. Product identifier for an application that is used by the Store for Business.| +|skuId|string|Required. Product identifier that specifies a specific SKU of an application.| +|username|string|Requires UserPrincipalName (UPN). User name of the target user account.|   ## Response @@ -81,57 +39,10 @@ The following parameters may be specified in the request URI. The response body contain [SeatDetails](data-structures-windows-store-for-business.md#seatdetails). - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Error codeDescriptionRetryData fieldDetails

400

Invalid parameters

No

Parameter name

-

Reason: Invalid parameter

-

Details: String

Invalid can include productId, skuId or userName

404

Not found

Item type: Inventory, User, Seat

-

Values: ProductId/SkuId, UserName, ProductId/SkuId/UserName

ItemType: Inventory, User, Seat

-

Values: ProductId/SkuId, UserName, ProductId/SkuId/UserName

409

Conflict

Reason: Not online

+|Error code|Description|Retry|Data field|Details| +|--- |--- |--- |--- |--- | +|400|Invalid parameters|No|Parameter name
Reason: Invalid parameter
Details: String|Invalid can include productId, skuId or userName| +|404|Not found||Item type: Inventory, User, Seat
Values: ProductId/SkuId, UserName,
ProductId/SkuId/UserName|ItemType: Inventory, User, Seat
Values: ProductId/SkuId, UserName, ProductId/SkuId/UserName| +|409|Conflict||Reason: Not online||   - -  - - - - - diff --git a/windows/client-management/mdm/registry-csp.md b/windows/client-management/mdm/registry-csp.md index 4978cc70e0..19677b94d4 100644 --- a/windows/client-management/mdm/registry-csp.md +++ b/windows/client-management/mdm/registry-csp.md @@ -41,38 +41,14 @@ The default security role maps to each subnode unless specific permission is gra The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ElementsAvailable

parm-query

Yes

noparm

Yes

nocharacteristic

Yes

characteristic-query

Yes

-

Recursive query: Yes

-

Top level query: No

+|Elements|Available| +|--- |--- | +|parm-query|Yes| +|noparm|Yes| +|nocharacteristic|Yes| +|characteristic-query|Yes +Recursive query: Yes +Top level query: No|   Use these elements to build standard OMA Client Provisioning configuration XML. For information about specific elements, see MSPROV DTD elements. @@ -82,66 +58,20 @@ Use these elements to build standard OMA Client Provisioning configuration XML. The following table shows the data types this configuration service provider supports. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
XML Data TypeNative Registry TypeXML Format

integer

REG_DWORD

Integer. A query of this parameter returns an integer type.

boolean

REG_DWORD

Integer value of 1 or 0. A query of this parameter returns an integer type.

float

REG_SZ

Float. A query of this parameter returns a string type.

string

REG_SZ

String. A query of this parameter returns a string type.

multiplestring

REG_MULTI_SZ

Multiple strings are separated by  and ended with two  - A query of this parameter returns a multistring type.

binary

REG_BINARY

Base64 encoded. A query of this parameter returns a binary type.

time

FILETIME in REG_BINARY

The time format conforms to the ISO8601 standard, with the date portion optional. If the date portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.

date

FILETIME in REG_BINARY

The date format conforms to the ISO8601 standard, with the time portion optional. If the time portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.

+|XML Data Type|Native Registry Type|XML Format| +|--- |--- |--- | +|integer|REG_DWORD|Integer. A query of this parameter returns an integer type.| +|boolean|REG_DWORD|Integer value of 1 or 0. A query of this parameter returns an integer type.| +|float|REG_SZ|Float. A query of this parameter returns a string type.| +|string|REG_SZ|String. A query of this parameter returns a string type.| +|multiplestring|REG_MULTI_SZ|Multiple strings are separated by **** and ended with two **** - A query of this parameter returns a multi-string type.| +|binary|REG_BINARY|Base64 encoded. A query of this parameter returns a binary type.| +|time|FILETIME in REG_BINARY|The time format conforms to the ISO8601 standard, with the date portion optional. If the date portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.| +|date|FILETIME in REG_BINARY|The date format conforms to the ISO8601 standard, with the time portion optional. If the time portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.|   -It is not possible to access registry keys nested under the current path by using the Registry configuration service provider. Instead, the values of the subkey must be accessed separately by using a new characteristic. +It is not possible to access registry keys nested under the current path by using the Registry configuration service provider. Instead, the values of the sub-key must be accessed separately by using a new characteristic. ## Related topics diff --git a/windows/client-management/mdm/remotelock-csp.md b/windows/client-management/mdm/remotelock-csp.md index 47ee3981e4..86f5a419c8 100644 --- a/windows/client-management/mdm/remotelock-csp.md +++ b/windows/client-management/mdm/remotelock-csp.md @@ -26,71 +26,21 @@ The RemoteLock CSP supports the ability to lock a device that has a PIN set on t **Lock** Required. The setting accepts requests to lock the device screen. The device screen will lock immediately if a PIN has been set. If no PIN is set, the lock request is ignored and the OMA DM (405) Forbidden error is returned over the management channel. All OMA DM errors are listed [here](https://go.microsoft.com/fwlink/p/?LinkId=522607) in the protocol specification. The supported operations are Get and Exec. - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
StatusDescriptionMeaning [Standard]

(200) OK

The device was successfully locked.

The command and the associated Alert action are completed successfully.

(405)

The device could not be locked because there is no PIN currently set on the device.

The requested command is not allowed on the target.

(500) Command failed

The device was not locked for some unknown reason.

Non-specific errors were created by the recipient while attempting to complete the command.

- -  +|Status|Description|Meaning [Standard]| +|--- |--- |--- | +|(200) OK|The device was successfully locked.|The command and the associated Alert action are completed successfully.| +|(405)|The device could not be locked because there is no PIN currently set on the device.|The requested command is not allowed on the target.| +|(500) Command failed|The device was not locked for some unknown reason.|Non-specific errors were created by the recipient while attempting to complete the command.| **LockAndResetPIN** This setting can be used to lock and reset the PIN on the device. It is used in conjunction with the NewPINValue node. After the **Exec** operation is called successfully on this node, the previous PIN will no longer work and cannot be recovered. The supported operation is Exec. This node will return the following status. All OMA DM errors are listed [here](https://go.microsoft.com/fwlink/p/?LinkId=522607) in the protocol specification. - ----- - - - - - - - - - - - - - - - - - - - -
StatusDescriptionMeaning

(200) OK

The device has been locked with a new password which has been reset.

The command and the associated Alert action are completed successfully.

(500) Command failed

N/A

Non-specific errors were created by the recipient while attempting to complete the command.

+|Status|Description|Meaning| +|--- |--- |--- | +|(200) OK|The device has been locked with a new password which has been reset.|The command and the associated Alert action are completed successfully.| +|(500) Command failed|N/A|Non-specific errors were created by the recipient while attempting to complete the command.| **LockAndRecoverPIN** Added in Windows 10, version 1703. This setting performs a similar function to the LockAndResetPIN node. With LockAndResetPIN any Windows Hello keys associated with the PIN gets deleted, but with LockAndRecoverPIN those keys are saved. After the Exec operation is called successfully on this setting, the new PIN can be retrieved from the NewPINValue setting. The previous PIN will no longer work. diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md index fbc7a1ec31..890986d418 100644 --- a/windows/client-management/mdm/securitypolicy-csp.md +++ b/windows/client-management/mdm/securitypolicy-csp.md @@ -36,123 +36,20 @@ Defines the security policy identifier as a decimal value. The following security policies are supported. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PolicyIDPolicy namePolicy description

4104

-

Hex: 1008

TPS Policy

This setting indicates whether mobile operators can be assigned the Trusted Provisioning Server (TPS) SECROLE_OPERATOR_TPS role.

-

Default value: 1

-

Supported values:

-

0: The TPS role assignment is disabled.

-

1: The TPS role assignment is enabled, and can be assigned to mobile operators.

4105

-

Hex: 1009

Message Authentication Retry Policy

This setting specifies the maximum number of times the user is allowed to try authenticating a Wireless Application Protocol (WAP) PIN-signed message.

-

Default value: 3

-

Possible values: 0 through 256.

4108

-

Hex: 100c

Service Loading Policy

This setting indicates whether SL messages are accepted, by specifying the security roles that can accept SL messages. An SL message downloads new services or provisioning XML to the device.

-

Default value: 256 (SECROLE_KNOWN_PPG)

-

Supported values: SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG

-

4109

-

Hex:100d

Service Indication Policy

This setting indicates whether SI messages are accepted, by specifying the security roles that can accept SI messages. An SI message is sent to the device to notify users of new services, service updates, and provisioning services.

-

Default value: 256 (SECROLE_KNOWN_PPG)

-

Supported values: SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG

4111

-

Hex:100f

OTA Provisioning Policy

This setting determines whether PIN signed OMA Client Provisioning messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the following roles in the role mask, then the message is processed. To ensure properly signed OMA Client Provisioning messages are accepted by the configuration client, all of the roles that are set in 4141, 4142, and 4143 policies must also be set in this policy. For example, to ensure properly signed USERNETWPIN signed OMA Client Provisioning messages are accepted by the device, if policy 4143 is set to 4096 (SECROLE_ANY_PUSH_SOURCE) for an carrier-unlocked device, policy 4111 must also have the SECROLE_ANY_PUSH_SOURCE role set.

-

Default value: 384 (SECROLE_OPERATOR_TPS | SECROLE_KNOWN_PPG)

-

Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS

-

4113

-

Hex:1011

WSP Push Policy

This setting indicates whether Wireless Session Protocol (WSP) notifications from the WAP stack are routed.

-

Default value: 1

-

Supported values:

-

0: Routing of WSP notifications is not allowed.

-

1: Routing of WSP notifications is allowed.

4132

-

Hex:1024

Network PIN signed OTA Provision Message User Prompt Policy

This policy specifies whether the device will prompt a UI to get the user confirmation before processing a pure network pin signed OTA Provisioning message. If prompt, the user has the ability to discard the OTA provisioning message.

-

Default value: 0

-

Supported values:

-

0: The device prompts a UI to get user confirmation when the OTA WAP provisioning message is signed purely with network pin.

-

1: There is no user prompt.

4141

-

Hex:102d

OMA CP NETWPIN Policy

This setting determines whether the OMA network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.

-

Default value: 0

-

Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE , SECROLE_OPERATOR_TPS

-

4142

-

Hex:102e

OMA CP USERPIN Policy

This setting determines whether the OMA user PIN or user MAC signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.

-

Default value: 256

-

Supported values: SECROLE_OPERATOR_TPS, SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG

4143

-

Hex:102f

OMA CP USERNETWPIN Policy

This setting determines whether the OMA user network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.

-

Default value: 256

-

Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS

-

4144

-

Hex:1030

MMS Message Policy

This setting determines whether MMS messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the roles in the role mask, then the message is processed.

-

Default value: 256 (SECROLE_KNOWN_PPG)

-

Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE

- +|PolicyID|Policy name|Policy description| +|--- |--- |--- | +|4104
Hex: 1008|TPS Policy|This setting indicates whether mobile operators can be assigned the Trusted Provisioning Server (TPS) SECROLE_OPERATOR_TPS role.

Default value: 1

Supported values:
0: The TPS role assignment is disabled.
1: The TPS role assignment is enabled, and can be assigned to mobile operators.| +|4105
Hex: 1009|Message Authentication Retry Policy|This setting specifies the maximum number of times the user is allowed to try authenticating a Wireless Application Protocol (WAP) PIN-signed message.

Default value: 3

Possible values: 0 through 256.| +|4108
Hex: 100c|Service Loading Policy|This setting indicates whether SL messages are accepted, by specifying the security roles that can accept SL messages. An SL message downloads new services or provisioning XML to the device.

Default value: 256 (SECROLE_KNOWN_PPG)

Supported values: SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG| +|4109
Hex:100d|Service Indication Policy|This setting indicates whether SI messages are accepted, by specifying the security roles that can accept SI messages. An SI message is sent to the device to notify users of new services, service updates, and provisioning services.

Default value: 256 (SECROLE_KNOWN_PPG)

Supported values: SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG| +|4111
Hex:100f|OTA Provisioning Policy|This setting determines whether PIN signed OMA Client Provisioning messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the following roles in the role mask, then the message is processed. To ensure properly signed OMA Client Provisioning messages are accepted by the configuration client, all of the roles that are set in 4141, 4142, and 4143 policies must also be set in this policy. For example, to ensure properly signed USERNETWPIN signed OMA Client
Provisioning messages are accepted by the device, if policy 4143 is set to 4096 (SECROLE_ANY_PUSH_SOURCE) for an carrier-unlocked device, policy 4111 must also have the SECROLE_ANY_PUSH_SOURCE role set.

Default value: 384 (SECROLE_OPERATOR_TPS | SECROLE_KNOWN_PPG)

Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS| +|4113
Hex:1011|WSP Push Policy|This setting indicates whether Wireless Session Protocol (WSP) notifications from the WAP stack are routed.

Default value: 1

Supported values:
0: Routing of WSP notifications is not allowed.
1: Routing of WSP notifications is allowed.| +|4132
Hex:1024|Network PIN signed OTA Provision Message User Prompt Policy|This policy specifies whether the device will prompt a UI to get the user confirmation before processing a pure network pin signed OTA Provisioning message. If prompt, the user has the ability to discard the OTA provisioning message.

Default value: 0

Supported values:
0: The device prompts a UI to get user confirmation when the OTA WAP provisioning message is signed purely with network pin.
1: There is no user prompt.| +|4141
Hex:102d|OMA CP NETWPIN Policy|This setting determines whether the OMA network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.

Default value: 0

Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE , SECROLE_OPERATOR_TPS| +|4142
Hex:102e|OMA CP USERPIN Policy|This setting determines whether the OMA user PIN or user MAC signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.

Default value: 256

Supported values: SECROLE_OPERATOR_TPS, SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG| +|4143
Hex:102f|OMA CP USERNETWPIN Policy|This setting determines whether the OMA user network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.

Default value: 256

Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS| +|4144
Hex:1030|MMS Message Policy|This setting determines whether MMS messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the roles in the role mask, then the message is processed.

Default value: 256 (SECROLE_KNOWN_PPG)

Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE|   - ## Remarks @@ -160,41 +57,11 @@ Security roles allow or restrict access to device resources. The security role i The following security roles are supported. - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Security roleDecimal valueDescription

SECROLE_OPERATOR_TPS

128

Trusted Provisioning Server.

-

Assigned to WAP messages that come from a Push Initiator that is authenticated (SECROLE_PPG_AUTH) by a trusted Push Proxy Gateway (SECROLE_TRUSTED_PPG), and where the Uniform Resource Identifier (URI) of the Push Initiator corresponds to the URI of the Trusted Provisioning Server (TPS) on the device.

-

The mobile operator can determine whether this role and the SECROLE_OPERATOR role require the same permissions.

SECROLE_KNOWN_PPG

256

Known Push Proxy Gateway.

-

Messages assigned this role indicate that the device knows the address to the Push Proxy Gateway.

SECROLE_ANY_PUSH_SOURCE

4096

Push Router.

-

Messages received by the push router will be assigned to this role.

+|Security role|Decimal value|Description| +|--- |--- |--- | +|SECROLE_OPERATOR_TPS|128|Trusted Provisioning Server.
Assigned to WAP messages that come from a Push Initiator that is authenticated (SECROLE_PPG_AUTH) by a trusted Push Proxy Gateway (SECROLE_TRUSTED_PPG), and where the Uniform Resource Identifier (URI) of the Push Initiator corresponds to the URI of the Trusted Provisioning Server (TPS) on the device.
The mobile operator can determine whether this role and the SECROLE_OPERATOR role require the same permissions.| +|SECROLE_KNOWN_PPG|256|Known Push Proxy Gateway.
Messages assigned this role indicate that the device knows the address to the Push Proxy Gateway.| +|SECROLE_ANY_PUSH_SOURCE|4096|Push Router.
Messages received by the push router will be assigned to this role.|   @@ -271,28 +138,10 @@ Querying a security policy: The following table shows the Microsoft custom elements that this Configuration Service Provider supports for OMA Client Provisioning. - ---- - - - - - - - - - - - - - - - - -
ElementsAvailable

parm-query

Yes

noparm

Yes. If this is used, then the policy is set to 0 by default (corresponding to the most restrictive of policy values).

+|Elements|Available| +|--- |--- | +|parm-query|Yes| +|noparm|Yes. If this is used, then the policy is set to 0 by default (corresponding to the most restrictive of policy values).|   diff --git a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md index 2b482383bd..3533bdee35 100644 --- a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md +++ b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md @@ -22,32 +22,10 @@ Each message is composed of a header, specified by the SyncHdr element, and a me The following table shows the OMA DM versions that are supported. - ---- - - - - - - - - - - - - - - - - -
VersionFormat

OMA DM version 1.1.2

<SyncML xmlns='SYNCML:SYNCML1.1'>

-

</SyncML>

OMA DM version 1.2

<SyncML xmlns='SYNCML:SYNCML1.2'>

-

</SyncML>

- -  +|Version|Format| +|--- |--- | +|OMA DM version 1.1.2|<SyncML xmlns='SYNCML:SYNCML1.1'>

</SyncML>| +|OMA DM version 1.2|<SyncML xmlns='SYNCML:SYNCML1.2'>

</SyncML>| ## File format diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index e41a8c2374..f9d75a8612 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -16,45 +16,10 @@ ms.date: 09/12/2019 The SUPL configuration service provider is used to configure the location client, as shown in the following table: - ----- - - - - - - - - - - - - - - - - - - - -
Location ServiceSUPLV2 UPL

Connection type

All connections other than CDMA

CDMA

Configuration

    -

  • Settings that need to get pushed to the GNSS driver to configure the SUPL behavior:

    -
      -

    • Address of the Home SUPL (H-SLP) server.

      • -

    • H-SLP server certificate.

      • -

    • Positioning method.

      • -

    • Version of the protocol to use by default.

      • -
    • -

  • MCC/MNC value pairs which are used to specify which networks' UUIC the SUPL account matches.

    • -
    -

  • Address of the server — a mobile positioning center for non-trusted mode.

    • -

  • The positioning method used by the MPC for non-trusted mode.

    • -
- +|Location Service|SUPL|V2 UPL| +|--- |--- |--- | +|Connection type|All connections other than CDMA|CDMA| +|Configuration|

  • Settings that need to get pushed to the GNSS driver to configure the SUPL behavior
  • MCC/MNC value pairs which are used to specify which networks' UUIC the SUPL account matches.|
  • Address of the server — a mobile positioning center for non-trusted mode.
  • The positioning method used by the MPC for non-trusted mode.|   The SUPL or V2 UPL connection will be reconfigured every time the device is rebooted, a new UICC is inserted, or new settings are provisioned by using OMA Client Provisioning, OMA DM, or test tools. When the device is in roaming mode, it reverts to Mobile Station Standalone mode, in which only the built–in Microsoft location components are used. @@ -126,44 +91,14 @@ For OMA DM, if the format for this node is incorrect the entry will be ignored a **HighAccPositioningMethod** Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The value can be one of the following integers: - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ValueDescription

    0

    None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection and ephemeris data) from the Microsoft Positioning Service.

    1

    Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device.

    2

    Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device.

    3

    Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services.

    4

    OTDOA

    5

    AFLT

    +|Value|Description| +|--- |--- | +|0|None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection and ephemeris data) from the Microsoft Positioning Service.| +|1|Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device.| +|2|Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device.| +|3|Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services.| +|4|OTDOA| +|5|AFLT|   @@ -180,44 +115,13 @@ Optional. Boolean. Specifies whether the location toggle on the **location** scr This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Location toggle settingLocMasterSwitchDependencyNII settingNI request processing allowed

    On

    0

    Yes

    On

    1

    Yes

    Off

    0

    Yes

    Off

    1

    No (unless privacyOverride is set)

    +|Location toggle setting|LocMasterSwitchDependencyNII setting|NI request processing allowed| +|--- |--- |--- | +|On|0|Yes| +|On|1|Yes| +|Off|0|Yes| +|Off|1|No (unless privacyOverride is set)| -  When the location toggle is set to Off and this value is set to 1, the following application requests will fail: @@ -309,42 +213,13 @@ Optional. The address of the Position Determination Entity (PDE), in the format **PositioningMethod\_MR** Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The value can be one of the following integers: - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ValueDescription

    0

    None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection, and ephemeris data) from the Microsoft Positioning Service.

    1

    Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device.

    2

    Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device.

    3

    Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services.

    4

    AFLT

    - -  +|Value|Description| +|--- |--- | +|0|None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection, and ephemeris data) from the Microsoft Positioning Service.| +|1|Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device.| +|2|Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device.| +|3|Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services.| +|4|AFLT| The default is 0. The default method provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator’s network or location services. @@ -359,44 +234,12 @@ Optional. Boolean. Specifies whether the location toggle on the **location** scr This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Location toggle settingLocMasterSwitchDependencyNII settingNI request processing allowed

    On

    0

    Yes

    On

    1

    Yes

    Off

    0

    Yes

    Off

    1

    No (unless privacyOverride is set)

    - -  +|Location toggle setting|LocMasterSwitchDependencyNII setting|NI request processing allowed| +|--- |--- |--- | +|On|0|Yes| +|On|1|Yes| +|Off|0|Yes| +|Off|1|No (unless privacyOverride is set)| When the location toggle is set to Off and this value is set to 1, the following application requests will fail: @@ -584,30 +427,12 @@ Adding a SUPL account to a device. Values in italic must be replaced with correc The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning. - ---- - - - - - - - - - - - - - - - - -
    ElementsAvailable

    parm-query

    Yes

    characteristic-query

    Yes

    -

    Recursive query: No

    -

    Top level query: No

    +|Elements|Available| +|--- |--- | +|parm-query|Yes| +|characteristic-query|Yes +Recursive query: No +Top level query: No|   ## Related topics diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index 147c460f3b..a5282427d8 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -208,57 +208,14 @@ SurfaceHub **DeviceAccount/ErrorContext**

    If there is an error calling ValidateAndCommit, there is additional context for that error in this node. Here are the possible error values: - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ErrorContext valueStage where error occurredDescription and suggestions

    1

    Unknown

    2

    Populating account

    Unable to retrieve account details using the username and password you provided.

    -
      -
    • For Azure AD accounts, ensure that UserPrincipalName and Password are valid.
      • -
    • For AD accounts, ensure that DomainName, UserName, and Password are valid.
      • -
    • Ensure that the specified account has an Exchange server mailbox.
      • -

    3

    Populating Exchange server address

    Unable to auto-discover your Exchange server address. Try to manually specify the Exchange server address using the ExchangeServer field.

    4

    Validating Exchange server address

    Unable to validate the Exchange server address. Ensure that the ExchangeServer field is valid.

    5

    Saving account information

    Unable to save account details to the system.

    6

    Validating EAS policies

    The device account uses an unsupported EAS policy. Make sure the EAS policy is configured correctly according to the admin guide.

    +|ErrorContext value|Stage where error occurred|Description and suggestions| +|--- |--- |--- | +|1|Unknown|| +|2|Populating account|Unable to retrieve account details using the username and password you provided.

  • For Azure AD accounts, ensure that UserPrincipalName and Password are valid.
  • For AD accounts, ensure that DomainName, UserName, and Password are valid.
  • Ensure that the specified account has an Exchange server mailbox.| +|3|Populating Exchange server address|Unable to auto-discover your Exchange server address. Try to manually specify the Exchange server address using the ExchangeServer field.| +|4|Validating Exchange server address|Unable to validate the Exchange server address. Ensure that the ExchangeServer field is valid.| +|5|Saving account information|Unable to save account details to the system.| +|6|Validating EAS policies|The device account uses an unsupported EAS policy. Make sure the EAS policy is configured correctly according to the admin guide.|  

    The data type is integer. Supported operation is Get. @@ -343,26 +300,11 @@ SurfaceHub **InBoxApps/WirelessProjection/Channel**

    Wireless channel to use for Miracast operation. The supported channels are defined by the Wi-Fi Alliance Wi-Fi Direct specification. - ---- - - - - - - - - - - - - - - -

    Works with all Miracast senders in all regions

    1, 3, 4, 5, 6, 7, 8, 9, 10, 11

    Works with all 5ghz band Miracast senders in all regions

    36, 40, 44, 48

    Works with all 5ghz band Miracast senders in all regions except Japan

    149, 153, 157, 161, 165

    +|Compatibility|Values| +|--- |--- | +|Works with all Miracast senders in all regions|1, 3, 4, 5, 6, 7, 8, 9, 10, 11| +|Works with all 5ghz band Miracast senders in all regions|36, 40, 44, 48| +|Works with all 5ghz band Miracast senders in all regions except Japan|149, 153, 157, 161, 165|

    The default value is 255. Outside of regulatory concerns, if the channel is configured incorrectly the driver will either not boot, or will broadcast on the wrong channel (which senders won't be looking for). @@ -397,50 +339,19 @@ SurfaceHub

    The following table shows the permitted values. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ValueDescription
    0Never time out
    11 minute
    22 minutes
    33 minutes
    55 minutes (default)
    1010 minutes
    1515 minutes
    3030 minutes
    601 hour
    1202 hours
    2404 hours
    +|Value|Description| +|--- |--- | +|0|Never time out| +|1|1 minute| +|2|2 minutes| +|3|3 minutes| +|5|5 minutes (default)| +|10|10 minutes| +|15|15 minutes| +|30|30 minutes| +|60|1 hour| +|120|2 hours| +|240|4 hours|

    The data type is integer. Supported operation is Get and Replace. @@ -449,50 +360,19 @@ SurfaceHub

    The following table shows the permitted values. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ValueDescription
    0Never time out
    11 minute (default)
    22 minutes
    33 minutes
    55 minutes
    1010 minutes
    1515 minutes
    3030 minutes
    601 hour
    1202 hours
    2404 hours
    +|Value|Description| +|--- |--- | +|0|Never time out| +|1|1 minute (default)| +|2|2 minutes| +|3|3 minutes| +|5|5 minutes| +|10|10 minutes| +|15|15 minutes| +|30|30 minutes| +|60|1 hour| +|120|2 hours| +|240|4 hours|

    The data type is integer. Supported operation is Get and Replace. @@ -501,50 +381,19 @@ SurfaceHub

    The following table shows the permitted values. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ValueDescription
    0Never time out
    11 minute
    22 minutes
    33 minutes
    55 minutes (default)
    1010 minutes
    1515 minutes
    3030 minutes
    601 hour
    1202 hours
    2404 hours
    +|Value|Description| +|--- |--- | +|0|Never time out| +|1|1 minute| +|2|2 minutes| +|3|3 minutes| +|5|5 minutes (default)| +|10|10 minutes| +|15|15 minutes| +|30|30 minutes| +|60|1 hour| +|120|2 hours| +|240|4 hours|

    The data type is integer. Supported operation is Get and Replace.