From 386b947fb9a405594a65bea781f44119715ae9ec Mon Sep 17 00:00:00 2001
From: Andrew Cannon <105466496+ancannon@users.noreply.github.com>
Date: Thu, 19 May 2022 18:18:23 -0700
Subject: [PATCH] Add RestrictToEnterpriseDeviceAuthenticationOnly policy
documentation
Add documentation for new MDM policy RestrictToEnterpriseDeviceAuthenticationOnly to "Policy CSP - Accounts" page.
---
.../mdm/policy-csp-accounts.md | 45 +++++++++++++++++++
1 file changed, 45 insertions(+)
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index 6f8a2bbec0..0bcf356196 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -34,6 +34,9 @@ manager: dansimp
Accounts/DomainNamesForEmailSync
+
+ Accounts/RestrictToEnterpriseDeviceAuthenticationOnly
+
@@ -207,6 +210,48 @@ The following list shows the supported values:
+
+
+**Accounts/RestrictToEnterpriseDeviceAuthenticationOnly**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 11, version 22H2. This setting determines whether to only allow enterprise device authentication for the Microsoft Account Sign-in Assistant service (wlidsvc). By default, this setting is disabled and allows both user and device authentication. When the value is set to 1, we only allow device authentication and block user authentication.
+
+Most restricted value is 1.
+
+
+
+The following list shows the supported values:
+
+- 0 (default) - Allow both device and user authentication.
+- 1 - Only allow device authentication. Block user authentication.
+
+
+
+
+