deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

merge conflict with my own files

Browse Source
This commit is contained in:
Patti Short
2018-10-02 08:53:14 -07:00
parent 3bfddd7c90 951a08abdd
commit e3240d1e80
91 changed files with 1041 additions and 436 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/client-management/mdm/images/provisioning-csp-uefi.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 12 KiB

After

Width:  |  Height:  |  Size: 22 KiB

17
windows/client-management/mdm/index.md
View File

@ -25,6 +25,23 @@ There are two parts to the Windows 10 management component:
Third-party MDM servers can manage Windows 10 by using the MDM protocol. The built-in management client is able to communicate with a third-party server proxy that supports the protocols outlined in this document to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 10 users. MDM servers do not need to create or download a client to manage Windows 10. For details about the MDM protocols, see [\[MS-MDM\]: Mobile Device Management Protocol](https://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( http://go.microsoft.com/fwlink/p/?LinkId=619347).
## MDM security baseline
With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM security baseline that functions like the Microsoft GP-based security baseline. You can easily integrate this baseline into any MDM to support IT pros operational needs, addressing security concerns for modern cloud-managed devices.
The MDM security baseline includes policies that cover the following areas:
- Microsoft inbox security technology (not deprecated) such as Bitlocker, Smartscreen, and DeviceGuard (virtual-based security), ExploitGuard, Defender, and Firewall
- Restricting remote access to devices
- Setting credential requirements for passwords and PINs
- Restricting use of legacy technology
- Legacy technology policies that offer alternative solutions with modern technology
- And much more
For more details about the MDM policies defined in the MDM security baseline and what Microsofts recommended baseline policy values are, see [Security baseline (DRAFT) for Windows 10 v1809 and Windows Server 2019](https://blogs.technet.microsoft.com/secguide/2018/10/01/security-baseline-draft-for-windows-10-v1809-and-windows-server-2019/).
<span id="mmat" />
## Learn about migrating to MDM

6
windows/client-management/mdm/policy-csp-browser.md
View File

@ -875,7 +875,6 @@ Most restricted value: 1
<!--Description-->
[!INCLUDE [allow-fullscreen-mode-shortdesc](../../../browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md)]
<!--/Description-->
@ -1212,7 +1211,6 @@ To verify AllowPopups is set to 0 (not allowed):
[!INCLUDE [allow-prelaunch-shortdesc](../../../browsers/edge/shortdesc/allow-prelaunch-shortdesc.md)]
<!--/Description-->
@ -1282,7 +1280,6 @@ Most restricted value: 0
<!--Description-->
[!INCLUDE [allow-printing-shortdesc](../../../browsers/edge/shortdesc/allow-printing-shortdesc.md)]
<!--/Description-->
@ -1352,7 +1349,6 @@ Most restricted value: 0
<!--Description-->
[!INCLUDE [allow-saving-history-shortdesc](../../../browsers/edge/shortdesc/allow-saving-history-shortdesc.md)]
<!--/Description-->
@ -1551,7 +1547,6 @@ Most restricted value: 0
<!--Description-->
[!INCLUDE [allow-sideloading-of-extensions-shortdesc](../../../browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md)]
<!--/Description-->
@ -1690,7 +1685,6 @@ To verify AllowSmartScreen is set to 0 (not allowed):
<!--Description-->
[!INCLUDE [allow-tab-preloading-shortdesc](../../../browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md)]
<!--/Description-->

117
windows/client-management/mdm/uefi-csp.md
View File

@ -6,13 +6,16 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 02/01/2018
ms.date: 10/02/2018
---
# UEFI CSP
The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, version 1803.
The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, version 1809.
> [!Note]
> The UEFI CSP version published in Windows 10, version 1803 is replaced with this one (version 1809).
The following diagram shows the UEFI CSP in tree format.
@ -23,62 +26,102 @@ The following list describes the characteristics and parameters.
<a href="" id="uefi"></a>**./Vendor/MSFT/Uefi**
Root node.
<a href="" id="uefideviceidentifier"></a>**UefiDeviceIdentifier**
Retrieves XML from UEFI which describes the device identifier.
<a href="" id="deviceidentifier"></a>**DeviceIdentifier**
Retrieves XML from UEFI that describes the device identifier.
Supported operation is Get.
<a href="" id="identityinfo"></a>**IdentityInfo**
Node for provisioned signers operations.
<a href="" id="identityinfo-current"></a>**IdentityInfo/Current**
Retrieves XML from UEFI which describes the current UEFI identity information.
<a href="" id="identity"></a>**Identity**
Node for identity certificate operations.
Supported operation is Get.
<a href="" id="identityinfo-apply"></a>**IdentityInfo/Apply**
Apply an identity information package to UEFI. Input is the signed package in base64 encoded format.
Supported operation is Replace.
<a href="" id="identityinfo-applyresult"></a>**IdentityInfo/ApplyResult**
Retrieves XML describing the results of previous ApplyIdentityInfo operation.
<a href="" id="identity-current"></a>**Identity/Current**
Retrieves XML from UEFI that describes the current UEFI identity certificate information.
Supported operation is Get.
<a href="" id="authinfo"></a>**AuthInfo**
Node for permission information operations.
<a href="" id="identity-apply"></a>**Identity/Apply**
Applies an identity information package to UEFI. Input is the signed package in base64 encoded format.
<a href="" id="authinfo-current"></a>**AuthInfo/Current**
Retrieves XML from UEFI which describes the current UEFI permission/authentication information.
Value type is Base64. Supported operation is Replace.
<a href="" id="identity-result"></a>**Identity/Result**
Retrieves the binary result package of the previous Identity/Apply operation.
Supported operation is Get.
<a href="" id="authinfo-apply"></a>**AuthInfo/Apply**
Apply a permission/authentication information package to UEFI. Input is the signed package in base64 encoded format.
<a href="" id="permissions"></a>**Permissions**
Node for settings permission operations..
Supported operation is Replace.
<a href="" id="authinfo-applyresult"></a>**AuthInfo/ApplyResult**
Retrieves XML describing the results of previous ApplyAuthInfo operation.
<a href="" id="permissions-current"></a>**Permissions/Current**
Retrieves XML from UEFI that describes the current UEFI settings permissions.
Supported operation is Get.
<a href="" id="config"></a>**Config**
Node for device configuration
<a href="" id="permissions-apply"></a>**Permissions/Apply**
Apply a permissions information package to UEFI. Input is the signed package in base64 encoded format.
<a href="" id="config-current"></a>**Config/Current**
Retrieves XML from UEFI which describes the current UEFI configuration.
Value type is Base64. Supported operation is Replace.
<a href="" id="permissions-result"></a>**Permissions/Result**
Retrieves the binary result package of the previous Permissions/Apply operation. This binary package contains XML describing the action taken for each individual permission.
Supported operation is Get.
<a href="" id="config-apply"></a>**Config/Apply**
Apply a configuration package to UEFI. Input is the signed package in base64 encoded format.
<a href="" id="settings"></a>**Settings**
Node for device settings operations.
Supported operation is Replace.
<a href="" id="config-applyresult"></a>**Config/ApplyResult**
Retrieves XML describing the results of previous ApplyConfig operation.
<a href="" id="settings-current"></a>**Settings/Current**
Retrieves XML from UEFI that describes the current UEFI settings.
Supported operation is Get.
<a href="" id="settings-apply"></a>**Settings/Apply**
Apply a settings information package to UEFI. Input is the signed package in base64 encoded format.
Value type is Base64. Supported operation is Replace.
<a href="" id="settings-result"></a>**Settings/Result**
Retrieves the binary result package of the previous Settings/Apply operation. This binary package contains XML describing the action taken for each individual setting.
Supported operation is Get.
<a href="" id="identity2"></a>**Identity2**
Node for identity certificate operations. Alternate endpoint for sending a second identity package without an OS restart.
<a href="" id="identity2-apply"></a>**Identity2/Apply**
Apply an identity information package to UEFI. Input is the signed package in base64 encoded format. Alternate location for sending two identity packages in the same session.
Value type is Base64. Supported operation is Replace.
<a href="" id="identity2-result"></a>**Identity2/Result**
Retrieves the binary result package of the previous Identity2/Apply operation.
Supported operation is Get.
<a href="" id="permissions2"></a>**Permissions2**
Node for settings permission operations. Alternate endpoint for sending a second permission package without an OS restart.
<a href="" id="permissions2-apply"></a>**Permissions2/Apply**
Apply a permissions information package to UEFI. Input is the signed package in base64 encoded format. Alternate location for sending two permissions information packages in the same session.
Value type is Base64. Supported operation is Replace.
<a href="" id="permissions2-result"></a>**Permissions2/Result**
Retrieves the binary result package from the previous Permissions2/Apply operation. This binary package contains XML describing the action taken for each individual permission.
Supported operation is Get.
<a href="" id="settings2"></a>**Settings2**
Nodefor device settings operations. Alternate endpoint for sending a second settings package without an OS restart.
<a href="" id="settings2-apply"></a>**Settings2/Apply**
Apply a settings information package to UEFI. Input is the signed package in base64 encoded format. Alternate location for sending two settings information packages in the same session.
Value type is Base64. Supported operation is Replace.
<a href="" id="settings2-result"></a>**Settings2/Result**
Retrieves the binary result package of previous Settings2/Apply operation. This binary package contains XML describing the action taken for each individual setting.
Supported operation is Get.

247
windows/client-management/mdm/uefi-ddf.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 02/01/2018
ms.date: 10/02/2018
---
# UEFI DDF file
@ -16,7 +16,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Uefi**
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
The XML below is the current version for this CSP.
The XML below is for Windows 10, version 1809.
``` syntax
<?xml version="1.0" encoding="UTF-8"?>
@ -32,6 +32,7 @@ The XML below is the current version for this CSP.
<AccessType>
<Get />
</AccessType>
<Description>UEFI Firmware Configuration Service Provider.</Description>
<DFFormat>
<node />
</DFFormat>
@ -46,12 +47,12 @@ The XML below is the current version for this CSP.
</DFType>
</DFProperties>
<Node>
<NodeName>UefiDeviceIdentifier</NodeName>
<NodeName>DeviceIdentifier</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Retrieves XML from UEFI which describes the device identifier.</Description>
<Description>Retrieves XML from UEFI which contains the device identifier.</Description>
<DFFormat>
<xml />
</DFFormat>
@ -61,21 +62,18 @@ The XML below is the current version for this CSP.
<Scope>
<Permanent />
</Scope>
<CaseSense>
<CIS />
</CaseSense>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>IdentityInfo</NodeName>
<NodeName>Identity</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Provisioned signers</Description>
<Description>Identity certificate operations.</Description>
<DFFormat>
<node />
</DFFormat>
@ -95,7 +93,7 @@ The XML below is the current version for this CSP.
<AccessType>
<Get />
</AccessType>
<Description>Retrieves XML from UEFI which describes the current UEFI identity information</Description>
<Description>Retrieves XML from UEFI which describes the current UEFI identity certificate information.</Description>
<DFFormat>
<xml />
</DFFormat>
@ -132,14 +130,14 @@ The XML below is the current version for this CSP.
</DFProperties>
</Node>
<Node>
<NodeName>ApplyResult</NodeName>
<NodeName>Result</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Retrieves XML describing the results of previous ApplyIdentityInfo operation.</Description>
<Description>Retrieves the binary result package of the previous Identity/Apply operation.</Description>
<DFFormat>
<xml />
<b64 />
</DFFormat>
<Occurrence>
<One />
@ -148,18 +146,18 @@ The XML below is the current version for this CSP.
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
<DDFName></DDFName>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>AuthInfo</NodeName>
<NodeName>Permissions</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Permission Information</Description>
<Description>Settings permission operations.</Description>
<DFFormat>
<node />
</DFFormat>
@ -179,7 +177,7 @@ The XML below is the current version for this CSP.
<AccessType>
<Get />
</AccessType>
<Description>Retrieves XML from UEFI which describes the current UEFI permission/authentication information.</Description>
<Description>Retrieves XML from UEFI which describes the current UEFI settings permissions.</Description>
<DFFormat>
<xml />
</DFFormat>
@ -200,7 +198,7 @@ The XML below is the current version for this CSP.
<AccessType>
<Replace />
</AccessType>
<Description>Apply a permission/authentication information package to UEFI. Input is the signed package in base64 encoded format.</Description>
<Description>Apply a permissions information package to UEFI. Input is the signed package in base64 encoded format.</Description>
<DFFormat>
<b64 />
</DFFormat>
@ -216,14 +214,14 @@ The XML below is the current version for this CSP.
</DFProperties>
</Node>
<Node>
<NodeName>ApplyResult</NodeName>
<NodeName>Result</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Retrieves XML describing the results of previous ApplyAuthInfo operation.</Description>
<Description>Retrieves the binary result package of the previous Permissions/Apply operation. This binary package contains XML describing the action taken for each individual permission.</Description>
<DFFormat>
<xml />
<b64 />
</DFFormat>
<Occurrence>
<One />
@ -232,18 +230,18 @@ The XML below is the current version for this CSP.
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
<DDFName></DDFName>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Config</NodeName>
<NodeName>Settings</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Device Configuration</Description>
<Description>Device settings operations.</Description>
<DFFormat>
<node />
</DFFormat>
@ -263,7 +261,7 @@ The XML below is the current version for this CSP.
<AccessType>
<Get />
</AccessType>
<Description>Retrieves XML from UEFI which describes the current UEFI configuration.</Description>
<Description>Retrieves XML from UEFI which describes the current UEFI settings.</Description>
<DFFormat>
<xml />
</DFFormat>
@ -284,7 +282,7 @@ The XML below is the current version for this CSP.
<AccessType>
<Replace />
</AccessType>
<Description>Apply a configuration package to UEFI. Input is the signed package in base64 encoded format.</Description>
<Description>Apply a settings information package to UEFI. Input is the signed package in base64 encoded format.</Description>
<DFFormat>
<b64 />
</DFFormat>
@ -300,14 +298,14 @@ The XML below is the current version for this CSP.
</DFProperties>
</Node>
<Node>
<NodeName>ApplyResult</NodeName>
<NodeName>Result</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Retrieves XML describing the results of previous ApplyConfig operation.</Description>
<Description>Retrieves the binary result package of the previous Settings/Apply operation. This binary package contains XML describing the action taken for each individual setting.</Description>
<DFFormat>
<xml />
<b64 />
</DFFormat>
<Occurrence>
<One />
@ -316,7 +314,196 @@ The XML below is the current version for this CSP.
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
<DDFName></DDFName>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Identity2</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Identity certificate operations. Alternate endpoint for sending a second identity package without an OS restart.</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Apply</NodeName>
<DFProperties>
<AccessType>
<Replace />
</AccessType>
<Description>Apply an identity information package to UEFI. Input is the signed package in base64 encoded format. Alternate location for sending two identity packages in the same session.</Description>
<DFFormat>
<b64 />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Result</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Retrieves the binary result package of the previous Identity2/Apply operation.</Description>
<DFFormat>
<b64 />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Permissions2</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Settings permission operations. Alternate endpoint for sending a second permission package without an OS restart.</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Apply</NodeName>
<DFProperties>
<AccessType>
<Replace />
</AccessType>
<Description>Apply a permissions information package to UEFI. Input is the signed package in base64 encoded format. Alternate location for sending two permissions information packages in the same session.</Description>
<DFFormat>
<b64 />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Result</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Retrieves the binary result package from the previous Permissions2/Apply operation. This binary package contains XML describing the action taken for each individual permission.</Description>
<DFFormat>
<b64 />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Settings2</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Device settings operations. Alternate endpoint for sending a second settings package without an OS restart.</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Apply</NodeName>
<DFProperties>
<AccessType>
<Replace />
</AccessType>
<Description>Apply a settings information package to UEFI. Input is the signed package in base64 encoded format. Alternate location for sending two settings information packages in the same session.</Description>
<DFFormat>
<b64 />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Result</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Retrieves the binary result package of previous Settings2/Apply operation. This binary package contains XML describing the action taken for each individual setting.</Description>
<DFFormat>
<b64 />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
</Node>