From a7fe5dc5142478e23c41c6791d5e22c7cf9f2f5a Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Thu, 9 Dec 2021 16:38:48 +0100
Subject: [PATCH 1/7] Update policy-csp-networklistmanager.md

Additional information on how to use and configure AllowedTlsAuthenticationEndpoints and ConfiguredTLSAuthenticationNetworkName
---
 .../mdm/policy-csp-networklistmanager.md            | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index ced9fe042a..686aaecb14 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -58,7 +58,16 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated.
+This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated.  
+When entering a list of TLS Endpoints in MEM (Microsoft Endpoint Management), you must follow this format even in the UI:  
+```<![CDATA[https://nls.corp.contoso.com&#xF000;https://nls.corp.fabricam.com]]>```  
+- The HTTPS endpoint must not have any additional authentication checks such as login or multi-factor authentication.
+- The HTTPS endpoint must be an internal address not accessible from outside the corporate network.
+- The client must trust the server certificate, so the CA cert the HTTPS server cert chains to must be present in the client machines root certificate store.
+- A certificate should not be a public certificate.
+
+
+
 
 <hr/>
 
@@ -91,7 +100,7 @@ This policy setting provides the list of URLs (separated by Unicode character 0x
 
 <!--/Scope-->
 <!--Description-->
-This policy setting provides the string to be used to name the network authenticated against one of the endpoints listed in NetworkListManager/AllowedTlsAuthenticationEndpoints policy.
+This policy setting provides the string to be used to name the network authenticated against one of the endpoints listed in NetworkListManager/AllowedTlsAuthenticationEndpoints policy. If this setting is used for Trusted Network Detection in an Always On VPN profile, it must be the DNS suffix configured in the TrustedNetworkDetection attribute.
 
 <hr/>
 

From 1a41dd2059c10e60ec6c7e519cf22b418c6126b4 Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy <v-nsatapathy@microsoft.com>
Date: Fri, 10 Dec 2021 11:04:29 +0530
Subject: [PATCH 2/7] Update
 windows/client-management/mdm/policy-csp-networklistmanager.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/client-management/mdm/policy-csp-networklistmanager.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index 686aaecb14..e1d8281bb6 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -61,7 +61,7 @@ manager: dansimp
 This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated.  
 When entering a list of TLS Endpoints in MEM (Microsoft Endpoint Management), you must follow this format even in the UI:  
 ```<![CDATA[https://nls.corp.contoso.com&#xF000;https://nls.corp.fabricam.com]]>```  
-- The HTTPS endpoint must not have any additional authentication checks such as login or multi-factor authentication.
+- The HTTPS endpoint must not have any additional authentication checks, such as login or multifactor authentication.
 - The HTTPS endpoint must be an internal address not accessible from outside the corporate network.
 - The client must trust the server certificate, so the CA cert the HTTPS server cert chains to must be present in the client machines root certificate store.
 - A certificate should not be a public certificate.

From dff2610703e38f778819aff3e9a85e24b39ed63e Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy <v-nsatapathy@microsoft.com>
Date: Fri, 10 Dec 2021 11:04:55 +0530
Subject: [PATCH 3/7] Update
 windows/client-management/mdm/policy-csp-networklistmanager.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/client-management/mdm/policy-csp-networklistmanager.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index e1d8281bb6..21039fb51c 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -59,7 +59,8 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
 This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated.  
-When entering a list of TLS Endpoints in MEM (Microsoft Endpoint Management), you must follow this format even in the UI:  
+
+When entering a list of TLS endpoints in Microsoft Endpoint Manager, you should follow this format, even in the UI:  
 ```<![CDATA[https://nls.corp.contoso.com&#xF000;https://nls.corp.fabricam.com]]>```  
 - The HTTPS endpoint must not have any additional authentication checks, such as login or multifactor authentication.
 - The HTTPS endpoint must be an internal address not accessible from outside the corporate network.

From c798567889191eedab6c0c7fb6895246c7e6dec2 Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy <v-nsatapathy@microsoft.com>
Date: Fri, 10 Dec 2021 11:05:05 +0530
Subject: [PATCH 4/7] Update
 windows/client-management/mdm/policy-csp-networklistmanager.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/client-management/mdm/policy-csp-networklistmanager.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index 21039fb51c..5c296ad42b 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -64,7 +64,7 @@ When entering a list of TLS endpoints in Microsoft Endpoint Manager, you should
 ```<![CDATA[https://nls.corp.contoso.com&#xF000;https://nls.corp.fabricam.com]]>```  
 - The HTTPS endpoint must not have any additional authentication checks, such as login or multifactor authentication.
 - The HTTPS endpoint must be an internal address not accessible from outside the corporate network.
-- The client must trust the server certificate, so the CA cert the HTTPS server cert chains to must be present in the client machines root certificate store.
+- The client must trust the server certificate, so the CA certificate that the HTTPS server certificate chains to must be present in the client machine's root certificate store.
 - A certificate should not be a public certificate.
 
 

From 726dd867bef292d80a0d43eb27b886a9ae0344fc Mon Sep 17 00:00:00 2001
From: Nimisha Satapathy <v-nsatapathy@microsoft.com>
Date: Fri, 10 Dec 2021 11:05:15 +0530
Subject: [PATCH 5/7] Update
 windows/client-management/mdm/policy-csp-networklistmanager.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/client-management/mdm/policy-csp-networklistmanager.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index 5c296ad42b..ffd0fbfd0b 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -68,8 +68,6 @@ When entering a list of TLS endpoints in Microsoft Endpoint Manager, you should
 - A certificate should not be a public certificate.
 
 
-
-
 <hr/>
 
 

From 77c6b849d4942f7e39442f4b4c5e9d6344afa250 Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Fri, 10 Dec 2021 09:01:04 +0100
Subject: [PATCH 6/7] Update
 windows/client-management/mdm/policy-csp-networklistmanager.md

Using this format is not a 'should' but a 'must', otherwise it just doesn't work.
---
 windows/client-management/mdm/policy-csp-networklistmanager.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index ffd0fbfd0b..37197c7b20 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -60,7 +60,7 @@ manager: dansimp
 <!--Description-->
 This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated.  
 
-When entering a list of TLS endpoints in Microsoft Endpoint Manager, you should follow this format, even in the UI:  
+When entering a list of TLS endpoints in Microsoft Endpoint Manager, you must follow this format, even in the UI:  
 ```<![CDATA[https://nls.corp.contoso.com&#xF000;https://nls.corp.fabricam.com]]>```  
 - The HTTPS endpoint must not have any additional authentication checks, such as login or multifactor authentication.
 - The HTTPS endpoint must be an internal address not accessible from outside the corporate network.

From e89fcd498e8171268c12860a1ce3941d0d986376 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 16 Dec 2021 11:16:31 -0800
Subject: [PATCH 7/7] Update policy-csp-networklistmanager.md

---
 windows/client-management/mdm/policy-csp-networklistmanager.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index 37197c7b20..227d198378 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.technology: windows
 author: nimishasatapathy
 ms.localizationpriority: medium
-ms.date: 7/10/2021
+ms.date: 12/16/2021
 ms.reviewer: 
 manager: dansimp
 ---