diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 4f5fc988ac..07dbd492dc 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -20,20 +20,20 @@ The VPNv2 configuration service provider allows the mobile device management (MD Here are the requirements for this CSP: - VPN configuration commands must be wrapped in an Atomic block in SyncML. -- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you are using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure WIP policies. +- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you're using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure WIP policies. - Instead of changing individual properties, follow these steps to make any changes: - Send a Delete command for the ProfileName to delete the entire profile. - Send the entire profile again with new values wrapped in an Atomic block. - In certain conditions you can change some properties directly, but we do not recommend it. + In certain conditions you can change some properties directly, but we don't recommend it. The XSDs for all EAP methods are shipped in the box and can be found at the following locations: - `C:\Windows\schemas\EAPHost` - `C:\Windows\schemas\EAPMethods` -The following shows the VPNv2 configuration service provider in tree format. +The following example shows the VPNv2 configuration service provider in tree format. ``` ./Vendor/MSFT @@ -332,7 +332,7 @@ Supported operations include Get, Add, and Delete. Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect. **VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId -A sequential integer identifier that allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you should not skip numbers. +A sequential integer identifier that allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you shouldn't skip numbers. Supported operations include Get, Add, Replace, and Delete. @@ -340,35 +340,35 @@ Supported operations include Get, Add, Replace, and Delete. App Node under the Row Id. **VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Id** -App identity, which is either an app’s package family name or file path. The type is inferred by the Id, and therefore cannot be specified in the get only App/Type field +App identity, which is either an app’s package family name or file path. The type is inferred by the Id, and therefore can't be specified in the get only App/Type field **VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Type** -Returns the type of **App/Id**. This value can be either of the following: +Returns the type of **App/Id**. This value can be either of the following values: -- PackageFamilyName - When this is returned, the App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of the Microsoft Store application. -- FilePath - When this is returned, the App/Id value represents the full file path of the app. For example, `C:\Windows\System\Notepad.exe`. +- PackageFamilyName - When this value is returned, the App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of the Microsoft Store application. +- FilePath - When this value is returned, the App/Id value represents the full file path of the app. For example, `C:\Windows\System\Notepad.exe`. Value type is chr. Supported operation is Get. **VPNv2/**ProfileName**/RouteList/** -Optional node. List of routes to be added to the routing table for the VPN interface. This is required for split tunneling case where the VPN server site has more subnets that the default subnet based on the IP assigned to the interface. +Optional node. List of routes to be added to the routing table for the VPN interface. This information is required for split tunneling case where the VPN server site has more subnets that the default subnet based on the IP assigned to the interface. Every computer that runs TCP/IP makes routing decisions. These decisions are controlled by the IP routing table. Adding values under this node updates the routing table with routes for the VPN interface post connection. The values under this node represent the destination prefix of IP routes. A destination prefix consists of an IP address prefix and a prefix length. -Adding a route here allows the networking stack to identify the traffic that needs to go over the VPN interface for split tunnel VPN. Some VPN servers can configure this during connect negotiation and do not need this information in the VPN Profile. Please check with your VPN server administrator to determine whether you need this information in the VPN profile. +Adding a route here allows the networking stack to identify the traffic that needs to go over the VPN interface for split tunnel VPN. Some VPN servers can configure this route during connect negotiation and don't need this information in the VPN Profile. Check with your VPN server administrator to determine whether you need this information in the VPN profile. **VPNv2/**ProfileName**/RouteList/**routeRowId -A sequential integer identifier for the RouteList. This is required if you are adding routes. Sequencing must start at 0. +A sequential integer identifier for the RouteList. This value is required if you're adding routes. Sequencing must start at 0. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/RouteList/**routeRowId**/Address** -Subnet address in IPv4/v6 address format which, along with the prefix will be used to determine the destination prefix to send via the VPN Interface. This is the IP address part of the destination prefix. +Subnet address in IPv4/v6 address format which, along with the prefix, will be used to determine the destination prefix to send via the VPN Interface. This subnet address is the IP address part of the destination prefix. Supported operations include Get, Add, Replace, and Delete. Value type is chr. Example, `192.168.0.0` **VPNv2/**ProfileName**/RouteList/**routeRowId**/PrefixSize** -The subnet prefix size part of the destination prefix for the route entry. This, along with the address will be used to determine the destination prefix to route through the VPN Interface. +The subnet prefix size part of the destination prefix for the route entry. This subnet prefix, along with the address, will be used to determine the destination prefix to route through the VPN Interface. Value type is int. Supported operations include Get, Add, Replace, and Delete. @@ -388,7 +388,7 @@ Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/DomainNameInformationList** Optional node. Name Resolution Policy Table (NRPT) rules for the VPN profile. -The Name Resolution Policy Table (NRPT) is a table of namespaces and corresponding settings stored in the Windows registry that determines the DNS client behavior when issuing queries and processing responses. Each row in the NRPT represents a rule for a portion of the namespace for which the DNS client issues queries. Before issuing name resolution queries, the DNS client consults the NRPT to determine if any additional flags must be set in the query. After receiving the response, the client again consults the NRPT to check for any special processing or policy requirements. In the absence of the NRPT, the client operates based on the DNS servers and suffixes set on the interface. +The Name Resolution Policy Table (NRPT) is a table of namespaces and corresponding settings stored in the Windows registry that determines the DNS client behavior when issuing queries and processing responses. Each row in the NRPT represents a rule for a portion of the namespace for which the DNS client issues queries. Before name resolution queries are issued, the DNS client consults the NRPT to determine if any extra flags must be set in the query. After the response is received, the client again consults the NRPT to check for any special processing or policy requirements. In the absence of the NRPT, the client operates based on the DNS servers and suffixes set on the interface. > [!NOTE] > Only applications using the [Windows DNS API](/windows/win32/dns/dns-reference) can make use of the NRPT and therefore all settings configured within the DomainNameInformationList section. Applications using their own DNS implementation bypass the Windows DNS API. One example of applications not using the Windows DNS API is nslookup, so always use the PowerShell CmdLet [Resolve-DNSName](/powershell/module/dnsclient/resolve-dnsname) to check the functionality of the NRPT. @@ -407,9 +407,9 @@ Used to indicate the namespace to which the policy applies. When a Name query is Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DomainNameType** -Returns the namespace type. This value can be one of the following: +Returns the namespace type. This value can be one of the following values: -- FQDN - If the DomainName was not prepended with a**.** and applies only to the fully qualified domain name (FQDN) of a specified host. +- FQDN - If the DomainName wasn't prepended with a**.** and applies only to the fully qualified domain name (FQDN) of a specified host. - Suffix - If the DomainName was prepended with a**.** and applies to the specified namespace, all records in that namespace, and all subdomains. Value type is chr. Supported operation is Get. @@ -420,7 +420,7 @@ List of comma-separated DNS Server IP addresses to use for the namespace. Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/WebProxyServers** -Optional. Web Proxy Server IP address if you are redirecting traffic through your intranet. +Optional. Web Proxy Server IP address if you're redirecting traffic through your intranet. > [!NOTE] > Currently only one web proxy server is supported. @@ -430,7 +430,7 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/AutoTrigger** Added in Windows 10, version 1607. Optional. Boolean to determine whether this domain name rule will trigger the VPN. -If set to False, this DomainName rule will not trigger the VPN. +If set to False, this DomainName rule won't trigger the VPN. If set to True, this DomainName rule will trigger the VPN @@ -439,7 +439,7 @@ By default, this value is false. Value type is bool. **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/Persistent** -Added in Windows 10, version 1607. A boolean value that specifies if the rule being added should persist even when the VPN is not connected. Value values: +Added in Windows 10, version 1607. A boolean value that specifies if the rule being added should persist even when the VPN isn't connected. Value values: - False (default) - This DomainName rule will only be applied when VPN is connected. - True - This DomainName rule will always be present and applied. @@ -452,18 +452,18 @@ An optional node that specifies a list of rules. Only traffic that matches these > [!NOTE] > Once a TrafficFilterList is added, all traffic are blocked other than the ones matching the rules. -When adding multiple rules, each rule operates based on an OR with the other rules. Within each rule, each property operates based on an AND with each other. +When multiple rules are being added, each rule operates based on an OR with the other rules. Within each rule, each property operates based on an AND with each other. **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId A sequential integer identifier for the Traffic Filter rules. Sequencing must start at 0. **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/App** -Per app VPN rule. This will allow only the apps specified to be allowed over the VPN interface. Value type is chr. +Per app VPN rule. This property will allow only the apps specified to be allowed over the VPN interface. Value type is chr. **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/App/Id** App identity for the app-based traffic filter. -The value for this node can be one of the following: +The value for this node can be one of the following values: - PackageFamilyName - This App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of a Microsoft Store application. - FilePath - This App/Id value represents the full file path of the app. For example, `C:\Windows\System\Notepad.exe`. @@ -511,17 +511,17 @@ A list of comma-separated values specifying remote IP address ranges to allow. Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RoutingPolicyType** -Specifies the routing policy if an App or Claims type is used in the traffic filter. The scope of this property is for this traffic filter rule alone. The value can be one of the following: +Specifies the routing policy if an App or Claims type is used in the traffic filter. The scope of this property is for this traffic filter rule alone. The value can be one of the following values: - SplitTunnel - For this traffic filter rule, only the traffic meant for the VPN interface (as determined by the networking stack) goes over the interface. Internet traffic can continue to go over the other interfaces. - ForceTunnel - For this traffic rule all IP traffic must go through the VPN Interface only. -This is only applicable for App ID-based Traffic Filter rules. +This property is only applicable for App ID-based Traffic Filter rules. Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/Direction** -Added in Windows 10, version 2004. Specifies the traffic direction to apply this policy to. Default is Outbound. The value can be one of the following: +Added in Windows 10, version 2004. Specifies the traffic direction to apply this policy to. Default is Outbound. The value can be one of the following values: - Outbound - The rule applies to all outbound traffic - Inbound - The rule applies to all inbound traffic @@ -531,27 +531,27 @@ If no inbound filter is provided, then by default all unsolicited inbound traffi Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/EdpModeId** -Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device. +Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this ID is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device. -Additionally when connecting with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection), the admin does not have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced config is needed) because the WIP policies and App lists automatically takes effect. +Additionally when a connection is being established with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection), the admin doesn't have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced config is needed) because the WIP policies and App lists automatically takes effect. Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/RememberCredentials** -Boolean value (true or false) for caching credentials. Default is false, which means do not cache credentials. If set to true, credentials are cached whenever possible. +Boolean value (true or false) for caching credentials. Default is false, which means don't cache credentials. If set to true, credentials are cached whenever possible. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/AlwaysOn** -An optional flag to enable Always On mode. This will automatically connect the VPN at sign-in and will stay connected until the user manually disconnects. +An optional flag to enable Always On mode. This flag will automatically connect the VPN at sign in and will stay connected until the user manually disconnects. > [!NOTE] > Always On only works for the active profile. The first profile provisioned that can be auto triggered will automatically be set as active. Preserving user Always On preference -Windows has a feature to preserve a user’s AlwaysOn preference. In the event that a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList. -Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows will not check the box if the profile name exists in the below registry value in order to preserve user preference. +Windows has a feature to preserve a user’s AlwaysOn preference. If a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList. +Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows won't check the box if the profile name exists in the below registry value in order to preserve user preference. Key: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config` Value: AutoTriggerDisabledProfilesList Type: REG_MULTI_SZ @@ -569,13 +569,13 @@ Device tunnel profile. Valid values: -- False (default) - this is not a device tunnel profile. -- True - this is a device tunnel profile. +- False (default) - this profile isn't a device tunnel profile. +- True - this profile is a device tunnel profile. When the DeviceTunnel profile is turned on, it does the following things: - First, it automatically becomes an "always on" profile. -- Second, it does not require the presence or logging in of any user to the machine in order for it to connect. +- Second, it doesn't require the presence or logging in of any user to the machine in order for it to connect. - Third, no other device tunnel profile maybe is present on the same machine.- A device tunnel profile must be deleted before another device tunnel profile can be added, removed, or connected. @@ -587,7 +587,7 @@ Allows registration of the connection's address in DNS. Valid values: -- False = Do not register the connection's address in DNS (default). +- False = Don't register the connection's address in DNS (default). - True = Register the connection's addresses in DNS. **VPNv2/**ProfileName**/DnsSuffix** @@ -599,7 +599,7 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete. Reserved for future use. **VPNv2/**ProfileName**/TrustedNetworkDetection** -Optional. Comma-separated string to identify the trusted network. VPN will not connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device. +Optional. Comma-separated string to identify the trusted network. VPN won't connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device. Value type is chr. Supported operations include Get, Add, Replace, and Delete. @@ -657,7 +657,7 @@ Added in Windows 10, version 1607. Enables the Device Compliance flow from the Value type is bool. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/DeviceCompliance/Sso** -Added in Windows 10, version 1607. Nodes under SSO can be used to choose a certificate different from the VPN Authentication cert for the Kerberos Authentication in the case of Device Compliance. +Added in Windows 10, version 1607. Nodes under SSO can be used to choose a certificate different from the VPN Authentication cert for the Kerberos Authentication if there's Device Compliance. **VPNv2/**ProfileName**/DeviceCompliance/Sso/Enabled** Added in Windows 10, version 1607. If this field is set to True, the VPN Client will look for a separate certificate for Kerberos Authentication. @@ -683,7 +683,7 @@ Required for plug-in profiles. Semicolon-separated list of servers in URL, hostn Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/PluginProfile/CustomConfiguration** -Optional. This is an HTML encoded XML blob for SSL-VPN plug-in specific configuration including authentication information that is deployed to the device to make it available for SSL-VPN plug-ins. Contact the plugin provider for format and other details. Most plugins can also configure values based on the server negotiations as well as defaults. +Optional. This property is an HTML encoded XML blob for SSL-VPN plug-in specific configuration including authentication information that is deployed to the device to make it available for SSL-VPN plug-ins. Contact the plugin provider for format and other details. Most plugins can also configure values based on the server negotiations and defaults. Value type is chr. Supported operations include Get, Add, Replace, and Delete. @@ -708,7 +708,7 @@ You can make a list of server by making a list of server names (with optional fr Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/NativeProfile/RoutingPolicyType** -Optional for native profiles. Type of routing policy. This value can be one of the following: +Optional for native profiles. Type of routing policy. This value can be one of the following values: - SplitTunnel - Traffic can go over any interface as determined by the networking stack. - ForceTunnel - All IP traffic must go over the VPN interface. @@ -716,7 +716,7 @@ Optional for native profiles. Type of routing policy. This value can be one of t Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/NativeProfile/NativeProtocolType** -Required for native profiles. Type of tunneling protocol used. This value can be one of the following: +Required for native profiles. Type of tunneling protocol used. This value can be one of the following values: - PPTP - L2TP @@ -726,7 +726,7 @@ Required for native profiles. Type of tunneling protocol used. This value can be Value type is chr. Supported operations include Get, Add, Replace, and Delete. > [!NOTE] -> The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. This order is not customizable. +> The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. This order isn't customizable. **VPNv2/**ProfileName**/NativeProfile/Authentication** Required node for native profile. It contains authentication information for the native VPN profile. @@ -735,14 +735,14 @@ Required node for native profile. It contains authentication information for the This value can be one of the following: - EAP -- MSChapv2 (This is not supported for IKEv2) +- MSChapv2 (This method isn't supported for IKEv2) Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/NativeProfile/Authentication/MachineMethod** This is only supported in IKEv2. -This value can be one of the following: +This value can be one of the following values: - Certificate diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md index 026dcfb003..fca8b3674b 100644 --- a/windows/client-management/mdm/w4-application-csp.md +++ b/windows/client-management/mdm/w4-application-csp.md @@ -54,12 +54,12 @@ If no value is specified, the registry location will default to ``. If `Name` is greater than 40 characters, it will be truncated to 40 characters. **TO-PROXY** -Required. Specifies one logical proxy with a matching PROXY-ID. It is only possible to refer to proxies defined within the same provisioning file. Only one proxy can be listed. +Required. Specifies one logical proxy with a matching PROXY-ID. It's only possible to refer to proxies defined within the same provisioning file. Only one proxy can be listed. The TO-PROXY value must be set to the value of the PROXY ID in PXLOGICAL that defines the MMS specific-proxy. **TO-NAPID** -Required. Specifies the network access point identification name (NAPID) defined in the provisioning file. This parameter takes a string value. It is only possible to refer to network access points defined within the same provisioning file (except if the INTERNET attribute is set in the NAPDEF characteristic). For more information about the NAPDEF characteristic, see [NAPDEF configuration service provider](napdef-csp.md). +Required. Specifies the network access point identification name (NAPID) defined in the provisioning file. This parameter takes a string value. It's only possible to refer to network access points defined within the same provisioning file (except if the INTERNET attribute is set in the NAPDEF characteristic). For more information about the NAPDEF characteristic, see [NAPDEF configuration service provider](napdef-csp.md). **ADDR** Required. Specifies the address of the MMS application server, as a string. The possible values to configure the ADDR parameter are: @@ -71,7 +71,7 @@ Required. Specifies the address of the MMS application server, as a string. The - A fully qualified Internet domain name **MS** -Optional. The maximum authorized size, in KB, for multimedia content. This parameter takes a numeric value in string format. If the value is not a number, or is less than or equal to 10, it will be ignored and outgoing MMS will not be resized. +Optional. The maximum authorized size, in KB, for multimedia content. This parameter takes a numeric value in string format. If the value isn't a number, or is less than or equal to 10, it will be ignored and outgoing MMS won't be resized. ## Related topics diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md index c69b5612ca..139c2e3cfd 100644 --- a/windows/client-management/mdm/w7-application-csp.md +++ b/windows/client-management/mdm/w7-application-csp.md @@ -15,7 +15,7 @@ ms.date: 06/26/2017 # w7 APPLICATION CSP -The APPLICATION configuration service provider that has an APPID of w7 is used for bootstrapping a device with an OMA DM account. Although this configuration service provider is used to set up an OMA DM account, it is managed over OMA Client Provisioning. +The APPLICATION configuration service provider that has an APPID of w7 is used for bootstrapping a device with an OMA DM account. Although this configuration service provider is used to set up an OMA DM account, it's managed over OMA Client Provisioning. > **Note**  This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application. @@ -77,7 +77,7 @@ Required. The PORTNBR parameter is used in the PORT characteristic to get or set This characteristic is used in the w7 APPLICATION characteristic to specify authentication information. **APPAUTH/AAUTHDATA** -Optional. The AAUTHDATA parameter is used in the APPAUTH characteristic to get or set additional data used in authentication. This parameter is used to convey the nonce for digest authentication type. This parameter takes a string value. The value of this parameter is a base64-encoded in the form of a series of bytes. Note that if the AAUTHTYPE is DIGEST, this is used as a nonce value in the MD5 hash calculation, and the octal form of the binary data should be used when calculating the hash at the server side and device side. +Optional. The AAUTHDATA parameter is used in the APPAUTH characteristic to get or set more data used in authentication. This parameter is used to convey the nonce for digest authentication type. This parameter takes a string value. The value of this parameter is a base64-encoded in the form of a series of bytes. If the AAUTHTYPE is DIGEST, this value is used as a nonce value in the MD5 hash calculation, and the octal form of the binary data should be used when calculating the hash at the server side and device side. **APPAUTH/AAUTHLEVEL** Required. The AAUTHLEVEL parameter is used in the APPAUTH characteristic to indicate whether credentials are for server authentication or client authentication. This parameter takes a string value. You can set this value. @@ -111,7 +111,7 @@ Required. The APPID parameter is used in the APPLICATION characteristic to diffe **BACKCOMPATRETRYDISABLED** Optional. The BACKCOMPATRETRYDISABLED parameter is used in the APPLICATION characteristic to specify whether to retry resending a package with an older protocol version (for example, 1.1) in the SyncHdr (not including the first time). -> **Note**   This parameter does not contain a value. The existence of this parameter means backward compatibility retry is disabled. If the parameter is missing, it means backward compatibility retry is enabled. +> **Note**   This parameter doesn't contain a value. The existence of this parameter means backward compatibility retry is disabled. If the parameter is missing, it means backward compatibility retry is enabled.   @@ -130,8 +130,8 @@ The valid values are: **INIT** Optional. The INIT parameter is used in the APPLICATION characteristic to indicate that the management server wants the client to initiate a management session immediately after settings approval. If the current w7 APPLICATION document will be put in ROM, the INIT parameter must not be present. -> **Note**   This node is only for mobile operators and MDM servers that try to use this will fail. This node is not supported in the enterprise MDM enrollment scenario. -This parameter forces the device to attempt to connect with the OMA DM server. The connection attempt fails if the XML is set during the coldinit phase. A common cause of this failure is that immediately after coldinit is finished the radio is not yet ready. +> **Note**   This node is only for mobile operators and MDM servers that try to use this will fail. This node isn't supported in the enterprise MDM enrollment scenario. +This parameter forces the device to attempt to connect with the OMA DM server. The connection attempt fails if the XML is set during the coldinit phase. A common cause of this failure is that immediately after coldinit is finished the radio isn't yet ready.   @@ -147,7 +147,7 @@ Optional. The NAME parameter is used in the APPLICATION characteristic to specif The NAME parameter can be a string or null (no value). If no value is specified, the registry location will default to <unnamed>. **PROTOVER** -Optional. The PROTOVER parameter is used in the APPLICATION characteristic to specify the OMA DM Protocol version the server supports. No default value is assumed. The protocol version set by this node will match the protocol version that the DM client reports to the server in SyncHdr in package 1. If this node is not specified when adding a DM server account, the latest DM protocol version that the client supports is used. In Windows Phone this is 1.2. This is a Microsoft custom parameter. You can set this parameter. +Optional. The PROTOVER parameter is used in the APPLICATION characteristic to specify the OMA DM Protocol version the server supports. No default value is assumed. The protocol version set by this node will match the protocol version that the DM client reports to the server in SyncHdr in package 1. If this node isn't specified when adding a DM server account, the latest DM protocol version that the client supports is used. In Windows Phone, this version is 1.2. This parameter is a Microsoft custom parameter. You can set this parameter. Possible values: @@ -159,32 +159,32 @@ Possible values: Optional. The PROVIDER-ID parameter is used in the APPLICATION characteristic to differentiate OMA DM servers. It specifies the server identifier for a management server used in the current management session. This parameter takes a string value. You can set this parameter. **ROLE** -Optional. The ROLE parameter is used in the APPLICATION characteristic to specify the security application chamber that the DM session should run with when communicating with the DM server. The only supported roles are 8 (mobile operator) and 32 (enterprise). If this parameter is not present, the mobile operator role is assumed. The enterprise role can only be set by the enterprise enrollment client. The enterprise client cannot set the mobile operator role. This is a Microsoft custom parameter. This parameter takes a numeric value in string format. You can get or set this parameter. +Optional. The ROLE parameter is used in the APPLICATION characteristic to specify the security application chamber that the DM session should run with when communicating with the DM server. The only supported roles are 8 (mobile operator) and 32 (enterprise). If this parameter isn't present, the mobile operator role is assumed. The enterprise role can only be set by the enterprise enrollment client. The enterprise client can't set the mobile operator role. This parameter is a Microsoft custom parameter. This parameter takes a numeric value in string format. You can get or set this parameter. **TO-NAPID** Optional. The TO-NAPID parameter is used in the APPLICATION characteristic to specify the Network Access Point the client will use to connect to the OMA DM server. If multiple TO-NAPID parameters are specified, only the first TO-NAPID value will be stored. This parameter takes a string value. You can set this parameter. **USEHWDEVID** -Optional. The USEHWDEVID parameter is used in the APPLICATION characteristic to specify use of device hardware identification. It does not have a value. +Optional. The USEHWDEVID parameter is used in the APPLICATION characteristic to specify use of device hardware identification. It doesn't have a value. -- If the parameter is not present, the default behavior is to use an application-specific GUID used rather than the hardware device ID. +- If the parameter isn't present, the default behavior is to use an application-specific GUID used rather than the hardware device ID. - If the parameter is present, the hardware device ID will be provided at the **./DevInfo/DevID** node and in the Source LocURI for the DM package sent to the server. International Mobile Subscriber Identity (IMEI) is returned for a GSM device. **SSLCLIENTCERTSEARCHCRITERIA** -Optional. The SSLCLIENTCERTSEARCHCRITERIA parameter is used in the APPLICATION characteristic to specify the client certificate search criteria. This parameter supports search by subject attribute and certificate stores. If any other criteria are provided, it is ignored. +Optional. The SSLCLIENTCERTSEARCHCRITERIA parameter is used in the APPLICATION characteristic to specify the client certificate search criteria. This parameter supports search by subject attribute and certificate stores. If any other criteria are provided, it's ignored. The string is a concatenation of name/value pairs, each member of the pair delimited by the "&" character. The name and values are delimited by the "=" character. If there are multiple values, each value is delimited by the Unicode character "U+F000". If the name or value contains characters not in the UNRESERVED set (as specified in RFC2396), then those characters are URI-escaped per the RFC. -The supported names are Subject and Stores; wildcard certificate search is not supported. +The supported names are Subject and Stores; wildcard certificate search isn't supported. -Stores specifies which certificate stores the DM client will search to find the SSL client certificate. The valid store value is My%5CUser. The store name is not case sensitive. +Stores specifies which certificate stores the DM client will search to find the SSL client certificate. The valid store value is My%5CUser. The store name isn't case sensitive. > **Note**   %EF%80%80 is the UTF8-encoded character U+F000.   -Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following: +Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following syntax: ```xml [!WARNING] > Some information relates to pre-released products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -The WiFi configuration service provider provides the functionality to add or delete Wi-Fi networks on a Windows device. The configuration service provider accepts SyncML input and converts it to a network profile that is installed on the device. This profile enables the device to connect to the Wi-Fi network when it is in range. +The WiFi configuration service provider provides the functionality to add or delete Wi-Fi networks on a Windows device. The configuration service provider accepts SyncML input and converts it to a network profile that is installed on the device. This profile enables the device to connect to the Wi-Fi network when it's in range. Programming considerations: -- If the authentication method needs a certificate, for example, EAP-TLS requires client certificates, you must configure it through the CertificateStore configuration service provider. The WiFi configuration service provider does not provide that functionality; instead, the Wi-Fi profile can specify characteristics of the certificate to be used for choosing the right certificate for that network. The server must successfully enroll the certificate first before deploying the Wi-Fi network configuration. For example, for an EAP-TLS profile, the server must successfully configure and enroll the required client certificate before deploying the Wi-Fi profile. Self-signed certificate works for EAP-TLS/PEAP-MSCHAPv2, but it is not supported in EAP-TLS. -- For WEP, WPA, and WPA2-based networks, include the passkey in the network configuration in plaintext. The passkey is encrypted automatically when it is stored on the device. -- The SSID of the Wi-Fi network part of the LocURI node must be a valid URI based on RFC 2396. This requires that all non-ASCII characters must be escaped using a %-character. Unicode characters without the necessary escaping are not supported. +- If the authentication method needs a certificate, for example, EAP-TLS requires client certificates, you must configure it through the CertificateStore configuration service provider. The WiFi configuration service provider doesn't provide that functionality; instead, the Wi-Fi profile can specify characteristics of the certificate to be used for choosing the right certificate for that network. The server must successfully enroll the certificate first before deploying the Wi-Fi network configuration. For example, for an EAP-TLS profile, the server must successfully configure and enroll the required client certificate before deploying the Wi-Fi profile. Self-signed certificate works for EAP-TLS/PEAP-MSCHAPv2, but it isn't supported in EAP-TLS. +- For WEP, WPA, and WPA2-based networks, include the passkey in the network configuration in plaintext. The passkey is encrypted automatically when it's stored on the device. +- The SSID of the Wi-Fi network part of the LocURI node must be a valid URI based on RFC 2396. This condition requires that all non-ASCII characters must be escaped using a %-character. Unicode characters without the necessary escaping aren't supported. - The \*name\_goes\_here*\\ must match \\ *name\_goes\_here*\\. -- For the WiFi CSP, you cannot use the Replace command unless the node already exists. +- For the WiFi CSP, you can't use the Replace command unless the node already exists. - Using Proxyis in Windows 10 client editions (Home, Pro, Enterprise, and Education) will result in failure. -The following shows the WiFi configuration service provider in tree format. +The following example shows the WiFi configuration service provider in tree format. ```console ./Device/Vendor/MSFT @@ -48,14 +48,14 @@ The following list shows the characteristics and parameters. For user profile, use ./User/Vendor/MSFT/Wifi path and for device profile, use ./Device/Vendor/MSFT/Wifi path. **Profile** -Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is represented by a profile object. This network profile includes all the information required for the device to connect to that network – for example, the SSID, authentication and encryption methods and passphrase in case of WEP or WPA2 networks. +Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is represented by a profile object. This network profile includes all the information required for the device to connect to that network – for example, the SSID, authentication and encryption methods and passphrase if there's WEP or WPA2 networks. Supported operation is Get. **\** Specifies the name of the Wi-Fi network (32 bytes maximum) to create, configure, query, or delete. The name is case sensitive and can be represented in ASCII. The SSID is added when the WlanXML node is added. When the SSID node is deleted, then all the subnodes are also deleted. -SSID is the name of network you are connecting to, while Profile name is the name of the Profile which contains the WiFi settings information. If the Profile name is not set right in the MDM SyncML, as per the information in the WiFi settings XML, it could lead to some unexpected errors. For example, \./Vendor/MSFT/WiFi/Profile/<*MUST BE NAME OF PROFILE AS PER WIFI XML*>/WlanXml\. +SSID is the name of network you're connecting to, while Profile name is the name of the Profile that contains the WiFi settings information. If the Profile name isn't set right in the MDM SyncML, as per the information in the WiFi settings XML, it could lead to some unexpected errors. For example, \./Vendor/MSFT/WiFi/Profile/<*MUST BE NAME OF PROFILE AS PER WIFI XML*>/WlanXml\. The supported operations are Add, Get, Delete, and Replace. @@ -88,7 +88,7 @@ The format is *host:port*, where host can be one of the following: - IPV4 address - IPv6/IPvFuture address. -If it is an IPvFuture address, then it must be specified as an IP literal as "\[" (IP v6 address / IPvFuture ) "\]", such as "\[2441:4880:28:3:204:76ff:f43f:6eb\]:8080". +If it's an IPvFuture address, then it must be specified as an IP literal as "\[" (IP v6 address / IPvFuture ) "\]", such as "\[2441:4880:28:3:204:76ff:f43f:6eb\]:8080". Supported operations are Get, Add, Delete, and Replace. --> diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md index 428ed3f3cf..a537048478 100644 --- a/windows/client-management/mdm/win32appinventory-csp.md +++ b/windows/client-management/mdm/win32appinventory-csp.md @@ -17,7 +17,7 @@ ms.date: 06/26/2017 The Win32AppInventory configuration service provider is used to provide an inventory of installed applications on a device. -The following shows the Win32AppInventory configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM. +The following example shows the Win32AppInventory configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM. ``` ./Vendor/MSFT/Win32AppInventory @@ -69,9 +69,9 @@ The supported operation is Get. **Win32InstalledProgram/_InstalledProgram_/RegKey** A string that specifies product code or registry subkey. -For MSI-based applications this is the product code. +For MSI-based applications, this string is the product code. -For applications found in Add/Remove Programs, this is the registry subkey. +For applications found in Add/Remove Programs, this string is the registry subkey. The supported operation is Get. diff --git a/windows/client-management/mdm/windows-mdm-enterprise-settings.md b/windows/client-management/mdm/windows-mdm-enterprise-settings.md index 579d50e4c2..ccd2424347 100644 --- a/windows/client-management/mdm/windows-mdm-enterprise-settings.md +++ b/windows/client-management/mdm/windows-mdm-enterprise-settings.md @@ -36,12 +36,12 @@ To facilitate security-enhanced communication with the remote server for enterpr The DM client configuration, company policy enforcement, business application management, and device inventory are all exposed or expressed via configuration service providers (CSPs). CSPs are the Windows term for managed objects. The DM client communicates with the server and sends configuration request to CSPs. The server only needs to know the logical local URIs defined by those CSP nodes in order to use the DM protocol XML to manage the device. -Here is a summary of the DM tasks supported for enterprise management: +Here's a summary of the DM tasks supported for enterprise management: - Company policy management: Company policies are supported via the Policy CSP allows the enterprise to manage various settings. It enables the management service to configure device lock related policies, disable/enable the storage card, and query the device encryption status. The RemoteWipe CSP allows IT pros to remotely fully wipe the internal user data storage. -- Enterprise application management: This is addressed via the Enterprise ModernApp Management CSP and several ApplicationManagement-related policies. It is used to install the enterprise token, query installed business application names and versions, etc. This CSP is only accessible by the enterprise service. +- Enterprise application management: This task is addressed via the Enterprise ModernApp Management CSP and several ApplicationManagement-related policies. It's used to install the enterprise token, query installed business application names and versions, etc. This CSP is only accessible by the enterprise service. - Certificate management: CertificateStore CSP, RootCACertificate CSP, and ClientCertificateInstall CSP are used to install certificates. -- Basic device inventory and asset management: Some basic device information can be retrieved via the DevInfo CSP, DevDetail CSPs and the DeviceStatus CSP. These provide basic device information such as OEM name, device model, hardware version, OS version, processor types, etc. This is for asset management and device targeting. The NodeCache CSP enables the device to only send out delta inventory settings to the server to reduce over-the-air data usage. The NodeCache CSP is only accessible by the enterprise service. +- Basic device inventory and asset management: Some basic device information can be retrieved via the DevInfo CSP, DevDetail CSPs and the DeviceStatus CSP. These provide basic device information such as OEM name, device model, hardware version, OS version, processor types, etc. This information is for asset management and device targeting. The NodeCache CSP enables the device to only send out delta inventory settings to the server to reduce over-the-air data usage. The NodeCache CSP is only accessible by the enterprise service.   diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md index c8bd5266d0..2d7afd2ff5 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md @@ -17,7 +17,7 @@ ms.date: 11/01/2017 The Windows Defender Advanced Threat Protection (WDATP) configuration service provider (CSP) allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP. -The following shows the WDATP configuration service provider in tree format as used by the Open Mobile Alliance (OMA) Device Management (DM). +The following example shows the WDATP configuration service provider in tree format as used by the Open Mobile Alliance (OMA) Device Management (DM). ```console ./Device/Vendor/MSFT @@ -114,7 +114,7 @@ The following list describes the characteristics and parameters. **DeviceTagging**

Added in Windows 10, version 1709. Represents Windows Defender Advanced Threat Protection configuration for managing role based access and device tagging. -

Supported operations is Get. +

Supported operation is Get. **DeviceTagging/Group**

Added in Windows 10, version 1709. Device group identifiers. diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index e489b9b6cd..febc8bed02 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -15,7 +15,7 @@ manager: dansimp The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in Microsoft Defender Application Guard. This CSP was added in Windows 10, version 1709. -The following shows the WindowsDefenderApplicationGuard configuration service provider in tree format. +The following example shows the WindowsDefenderApplicationGuard configuration service provider in tree format. ``` ./Device/Vendor/MSFT WindowsDefenderApplicationGuard @@ -139,7 +139,7 @@ This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or W The following list shows the supported values: - 0 (default) - Non-enterprise content embedded in enterprise sites is allowed to open outside of the Microsoft Defender Application Guard container, directly in Internet Explorer and Microsoft Edge. -- 1 - Non-enterprise content embedded on enterprise sites are stopped from opening in Internet Explorer or Microsoft Edge outside of Microsoft Defender Application Guard. +- 1 - Non-enterprise content embedded on enterprise sites is stopped from opening in Internet Explorer or Microsoft Edge outside of Microsoft Defender Application Guard. > [!NOTE] > This policy setting is no longer supported in the new Microsoft Edge browser. The policy will be deprecated and removed in a future release. Webpages that contain mixed content, both enterprise and non-enterprise, may load incorrectly or fail completely if this feature is enabled. @@ -160,7 +160,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode. The following list shows the supported values: -- 0 - Application Guard discards user-downloaded files and other items (such as, cookies, Favorites, and so on) during machine restart or user log-off. +- 0 - Application Guard discards user-downloaded files and other items (such as, cookies, Favorites, and so on) during machine restart or user sign out. - 1 - Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions. @@ -181,8 +181,8 @@ This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or W If you enable this setting, Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If you enable this setting without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering. The following list shows the supported values: -- 0 (default) - Cannot access the vGPU and uses the CPU to support rendering graphics. When the policy is not configured, it is the same as disabled (0). -- 1 - Turns on the functionality to access the vGPU offloading graphics rendering from the CPU. This can create a faster experience when working with graphics intense websites or watching video within the container. +- 0 (default) - Can't access the vGPU and uses the CPU to support rendering graphics. When the policy isn't configured, it's the same as disabled (0). +- 1 - Turns on the functionality to access the vGPU offloading graphics rendering from the CPU. This functionality can create a faster experience when working with graphics intense websites or watching video within the container. > [!WARNING] > Enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device. @@ -196,14 +196,14 @@ ADMX Info: **Settings/SaveFilesToHost** -Added in Windows 10, version 1803. This policy setting allows you to determine whether users can elect to download files from Edge in the container and persist files them from container to the host operating system. This also enables users to elect files on the host operating system and upload it through Edge in the container. +Added in Windows 10, version 1803. This policy setting allows you to determine whether users can elect to download files from Edge in the container and persist files them from container to the host operating system. This policy setting also enables users to elect files on the host operating system and upload it through Edge in the container. Value type is integer. Supported operations are Add, Get, Replace, and Delete. This policy setting is supported on Microsoft Edge on Windows 10 Enterprise or Windows 10 Education with Microsoft Defender Application Guard in Enterprise mode. The following list shows the supported values: -- 0 (default) - The user cannot download files from Edge in the container to the host file system, or upload files from host file system to Edge in the container. When the policy is not configured, it is the same as disabled (0). +- 0 (default) - The user can't download files from Edge in the container to the host file system, or upload files from host file system to Edge in the container. When the policy isn't configured, it's the same as disabled (0). - 1 - Turns on the functionality to allow users to download files from Edge in the container to the host file system. @@ -226,7 +226,7 @@ If you enable this setting, certificates with a thumbprint matching the ones spe Here's an example: b4e72779a8a362c860c36a6461f31e3aa7e58c14,1b1d49f06d2a697a544a1059bd59a7b058cda924 -If you disable or don’t configure this setting, certificates are not shared with the Microsoft Defender Application Guard container. +If you disable or don’t configure this setting, certificates aren't shared with the Microsoft Defender Application Guard container. ADMX Info: @@ -251,7 +251,7 @@ If you enable this policy setting, applications inside Microsoft Defender Applic If you disable or don't configure this policy setting, applications inside Microsoft Defender Application Guard will be unable to access the camera and microphone on the user’s device. The following list shows the supported values: -- 0 (default) - Microsoft Defender Application Guard cannot access the device’s camera and microphone. When the policy is not configured, it is the same as disabled (0). +- 0 (default) - Microsoft Defender Application Guard can't access the device’s camera and microphone. When the policy isn't configured, it's the same as disabled (0). - 1 - Turns on the functionality to allow Microsoft Defender Application Guard to access the device’s camera and microphone. > [!IMPORTANT] diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md index 20530b3267..0789764ab1 100644 --- a/windows/client-management/mdm/windowslicensing-csp.md +++ b/windows/client-management/mdm/windowslicensing-csp.md @@ -19,7 +19,7 @@ ms.date: 08/15/2018 The WindowsLicensing configuration service provider is designed for licensing related management scenarios. Currently the scope is limited to edition upgrades of Windows 10 client devices, such as Windows 10 Pro to Windows 10 Enterprise. In addition, this CSP provides the capability to activate or change the product key of Windows 10 client devices. -The following shows the WindowsLicensing configuration service provider in tree format. +The following example shows the WindowsLicensing configuration service provider in tree format. ```console ./Vendor/MSFT @@ -41,7 +41,7 @@ WindowsLicensing --------Status (Added in Windows 10, version 1809) ``` **./Device/Vendor/MSFT/WindowsLicensing** -This is the root node for the WindowsLicensing configuration service provider. +This node is the root node for the WindowsLicensing configuration service provider. The supported operation is Get. @@ -70,7 +70,7 @@ If a product key is entered in a provisioning package and the user begins instal After the device restarts, the edition upgrade process completes. The user will receive a notification of the successful upgrade. -This node can also be used to activate or change a product key on a particular edition of Windows 10 desktop device by entering a product key. Activation or changing a product key does not require a reboot and is a silent process for the user. +This node can also be used to activate or change a product key on a particular edition of Windows 10 desktop device by entering a product key. Activation or changing a product key doesn't require a reboot and is a silent process for the user. > [!IMPORTANT] > The product key entered must be 29 characters (that is, it should include dashes), otherwise the activation, edition upgrade, or product key change on Windows 10 desktop devices will fail. The product key is acquired from Microsoft Volume Licensing Service Center. Your organization must have a Volume Licensing contract with Microsoft to access the portal. @@ -117,7 +117,7 @@ The supported operation is Get. Provides a license for an edition upgrade of Windows 10 devices. > [!NOTE] -> This upgrade process does not require a system restart. +> This upgrade process doesn't require a system restart. The date type is XML. @@ -152,7 +152,7 @@ The data type is a chr. The supported operation is Exec. **ChangeProductKey** -Added in Windows 10, version 1703. Installs a product key for Windows 10 desktop devices. Does not reboot. +Added in Windows 10, version 1703. Installs a product key for Windows 10 desktop devices. Doesn't reboot. The data type is a chr. @@ -191,7 +191,7 @@ Supported values: - 1 - User Blocked: The admin has blocked the user from switching their device out of S mode. Only the admin can switch the device out of S mode through the SMode/SwitchFromSMode node. **SMode/SwitchFromSMode** -Added in Windows 10, version 1809. Switches a device out of S mode if possible. Does not reboot. For an example, see [Execute SwitchFromSMode](#smode-switchfromsmode-execute) +Added in Windows 10, version 1809. Switches a device out of S mode if possible. Doesn't reboot. For an example, see [Execute SwitchFromSMode](#smode-switchfromsmode-execute) Supported operation is Execute. diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md index fc6a7c7176..62808bc9bb 100644 --- a/windows/client-management/mdm/wirednetwork-csp.md +++ b/windows/client-management/mdm/wirednetwork-csp.md @@ -1,6 +1,6 @@ --- title: WiredNetwork CSP -description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP. Learn how it works. +description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that don't have GP. Learn how it works. ms.author: dansimp ms.topic: article ms.prod: w10 @@ -16,9 +16,9 @@ manager: dansimp > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP to enable them to access corporate Internet over ethernet. This CSP was added in Windows 10, version 1809. +The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that don't have GP to enable them to access corporate Internet over ethernet. This CSP was added in Windows 10, version 1809. -The following shows the WiredNetwork configuration service provider in tree format. +The following example shows the WiredNetwork configuration service provider in tree format. ``` ./User/Vendor/MSFT WiredNetwork