| [Policy CSP](policy-configuration-service-provider.md) |
Added the following new policies for Windows 10, version 1803:
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 7ab9c9e7f4..42c5737c3e 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -4459,235 +4459,6 @@ The following diagram shows the Policy configuration service provider in tree fo
- [WirelessDisplay/AllowProjectionToPC](./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectiontopc)
- [WirelessDisplay/RequirePinForPairing](./policy-csp-wirelessdisplay.md#wirelessdisplay-requirepinforpairing)
-
-## Policies supported by IoT Core
-
-- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)
-- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)
-- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)
-- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)
-- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)
-- [Bluetooth/ServicesAllowedList](#bluetooth-servicesallowedlist)
-- [Browser/AllowAutofill](#browser-allowautofill)
-- [Browser/AllowBrowser](#browser-allowbrowser)
-- [Browser/AllowCookies](#browser-allowcookies)
-- [Browser/AllowDoNotTrack](#browser-allowdonottrack)
-- [Browser/AllowInPrivate](#browser-allowinprivate)
-- [Browser/AllowPasswordManager](#browser-allowpasswordmanager)
-- [Browser/AllowPopups](#browser-allowpopups)
-- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)
-- [Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist)
-- [Browser/EnterpriseSiteListServiceUrl](#browser-enterprisesitelistserviceurl)
-- [Browser/SendIntranetTraffictoInternetExplorer](#browser-sendintranettraffictointernetexplorer)
-- [Camera/AllowCamera](#camera-allowcamera)
-- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui)
-- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)
-- [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming)
-- [Connectivity/AllowNFC](#connectivity-allownfc)
-- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection)
-- [Connectivity/AllowVPNOverCellular](#connectivity-allowvpnovercellular)
-- [Connectivity/AllowVPNRoamingOverCellular](#connectivity-allowvpnroamingovercellular)
-- [Connectivity/DiablePrintingOverHTTP](#connectivity-diableprintingoverhttp)
-- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](#connectivity-disabledownloadingofprintdriversoverhttp)
-- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards)
-- [Connectivity/HardenedUNCPaths](#connectivity-hardeneduncpaths)
-- [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](#connectivity-prohibitinstallationandconfigurationofnetworkbridge)
-- [CredentialProviders/AllowPINLogon](#credentialproviders-allowpinlogon)
-- [CredentialProviders/BlockPicturePassword](#credentialproviders-blockpicturepassword)
-- [DataProtection/AllowDirectMemoryAccess](#dataprotection-allowdirectmemoryaccess)
-- [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)
-- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)
-- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)
-- [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps)
-- [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground)
-- [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps)
-- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)
-- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)
-- [Security/AllowAddProvisioningPackage](#security-allowaddprovisioningpackage)
-- [Security/AllowRemoveProvisioningPackage](#security-allowremoveprovisioningpackage)
-- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
-- [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature)
-- [System/AllowEmbeddedMode](#system-allowembeddedmode)
-- [System/AllowFontProviders](#system-allowfontproviders)
-- [System/AllowStorageCard](#system-allowstoragecard)
-- [System/TelemetryProxy](#system-telemetryproxy)
-- [Update/AllowNonMicrosoftSignedUpdate](#update-allownonmicrosoftsignedupdate)
-- [Update/AllowUpdateService](#update-allowupdateservice)
-- [Update/PauseDeferrals](#update-pausedeferrals)
-- [Update/RequireDeferUpgrade](#update-requiredeferupgrade)
-- [Update/RequireUpdateApproval](#update-requireupdateapproval)
-- [Update/ScheduledInstallDay](#update-scheduledinstallday)
-- [Update/ScheduledInstallTime](#update-scheduledinstalltime)
-- [Update/UpdateServiceUrl](#update-updateserviceurl)
-- [Wifi/AllowAutoConnectToWiFiSenseHotspots](#wifi-allowautoconnecttowifisensehotspots)
-- [Wifi/AllowInternetSharing](#wifi-allowinternetsharing)
-- [Wifi/AllowWiFi](#wifi-allowwifi)
-- [Wifi/WLANScanMode](#wifi-wlanscanmode)
-
-
-
-## Policies supported by Windows Holographic for Business
-
-- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection)
-- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)
-- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate)
-- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)
-- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)
-- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)
-- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)
-- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)
-- [Browser/AllowCookies](#browser-allowcookies)
-- [Browser/AllowDoNotTrack](#browser-allowdonottrack)
-- [Browser/AllowPasswordManager](#browser-allowpasswordmanager)
-- [Browser/AllowPopups](#browser-allowpopups)
-- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)
-- [Browser/AllowSmartScreen](#browser-allowsmartscreen)
-- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)
-- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)
-- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
-- [Experience/AllowCortana](#experience-allowcortana)
-- [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment)
-- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)
-- [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)
-- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)
-- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)
-- [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps)
-- [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground)
-- [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps)
-- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)
-- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)
-- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)
-- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
-- [Settings/AllowDateTime](#settings-allowdatetime)
-- [Settings/AllowVPN](#settings-allowvpn)
-- [System/AllowLocation](#system-allowlocation)
-- [System/AllowTelemetry](#system-allowtelemetry)
-- [Update/AllowAutoUpdate](#update-allowautoupdate)
-- [Update/AllowUpdateService](#update-allowupdateservice)
-- [Update/RequireDeferUpgrade](#update-requiredeferupgrade)
-- [Update/RequireUpdateApproval](#update-requireupdateapproval)
-- [Update/UpdateServiceUrl](#update-updateserviceurl)
-
-
-
-## Policies supported by Microsoft Surface Hub
-
-- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)
-- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)
-- [Bluetooth/AllowPrepairing](#bluetooth-allowprepairing)
-- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)
-- [Bluetooth/ServicesAllowedList](#bluetooth-servicesallowedlist)
-- [Browser/AllowAddressBarDropdown](#browser-allowaddressbardropdown)
-- [Browser/AllowCookies](#browser-allowcookies)
-- [Browser/AllowDeveloperTools](#browser-allowdevelopertools)
-- [Browser/AllowDoNotTrack](#browser-allowdonottrack)
-- [Browser/AllowMicrosoftCompatibilityList](#browser-allowmicrosoftcompatibilitylist)
-- [Browser/AllowPopups](#browser-allowpopups)
-- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)
-- [Browser/AllowSmartScreen](#browser-allowsmartscreen)
-- [Browser/ClearBrowsingDataOnExit](#browser-clearbrowsingdataonexit)
-- [Browser/ConfigureAdditionalSearchEngines](#browser-configureadditionalsearchengines)
-- [Browser/DisableLockdownOfStartPages](#browser-disablelockdownofstartpages)
-- [Browser/HomePages](#browser-homepages)
-- [Browser/PreventLiveTileDataCollection](#browser-preventlivetiledatacollection)
-- [Browser/PreventSmartScreenPromptOverride](#browser-preventsmartscreenpromptoverride)
-- [Browser/PreventSmartScreenPromptOverrideForFiles](#browser-preventsmartscreenpromptoverrideforfiles)
-- [Browser/SetDefaultSearchEngine](#browser-setdefaultsearchengine)
-- [Camera/AllowCamera](#camera-allowcamera)
-- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui)
-- [ConfigOperations/ADMXInstall](#configoperations-admxinstall)
-- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)
-- [Connectivity/AllowConnectedDevices](#connectivity-allowconnecteddevices)
-- [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy)
-- [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites)
-- [Defender/AllowArchiveScanning](#defender-allowarchivescanning)
-- [Defender/AllowBehaviorMonitoring](#defender-allowbehaviormonitoring)
-- [Defender/AllowCloudProtection](#defender-allowcloudprotection)
-- [Defender/AllowEmailScanning](#defender-allowemailscanning)
-- [Defender/AllowFullScanOnMappedNetworkDrives](#defender-allowfullscanonmappednetworkdrives)
-- [Defender/AllowFullScanRemovableDriveScanning](#defender-allowfullscanremovabledrivescanning)
-- [Defender/AllowIOAVProtection](#defender-allowioavprotection)
-- [Defender/AllowIntrusionPreventionSystem](#defender-allowintrusionpreventionsystem)
-- [Defender/AllowOnAccessProtection](#defender-allowonaccessprotection)
-- [Defender/AllowRealtimeMonitoring](#defender-allowrealtimemonitoring)
-- [Defender/AllowScanningNetworkFiles](#defender-allowscanningnetworkfiles)
-- [Defender/AllowScriptScanning](#defender-allowscriptscanning)
-- [Defender/AllowUserUIAccess](#defender-allowuseruiaccess)
-- [Defender/AvgCPULoadFactor](#defender-avgcpuloadfactor)
-- [Defender/DaysToRetainCleanedMalware](#defender-daystoretaincleanedmalware)
-- [Defender/ExcludedExtensions](#defender-excludedextensions)
-- [Defender/ExcludedPaths](#defender-excludedpaths)
-- [Defender/ExcludedProcesses](#defender-excludedprocesses)
-- [Defender/PUAProtection](#defender-puaprotection)
-- [Defender/RealTimeScanDirection](#defender-realtimescandirection)
-- [Defender/ScanParameter](#defender-scanparameter)
-- [Defender/ScheduleQuickScanTime](#defender-schedulequickscantime)
-- [Defender/ScheduleScanDay](#defender-schedulescanday)
-- [Defender/ScheduleScanTime](#defender-schedulescantime)
-- [Defender/SignatureUpdateInterval](#defender-signatureupdateinterval)
-- [Defender/SubmitSamplesConsent](#defender-submitsamplesconsent)
-- [Defender/ThreatSeverityDefaultAction](#defender-threatseveritydefaultaction)
-- [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize)
-- [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching)
-- [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode)
-- [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid)
-- [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage)
-- [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize)
-- [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth)
-- [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth)
-- [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos)
-- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer)
-- [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache)
-- [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer)
-- [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive)
-- [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap)
-- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth)
-- [Desktop/PreventUserRedirectionOfProfileFolders](#desktop-preventuserredirectionofprofilefolders)
-- [Privacy/EnableActivityFeed](#privacy-enableactivityfeed)
-- [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)
-- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)
-- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)
-- [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps)
-- [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground)
-- [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps)
-- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)
-- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)
-- [Privacy/PublishUserActivities](#privacy-publishuseractivities)
-- [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature)
-- [Security/RequireRetrieveHealthCertificateOnBoot](#security-requireretrievehealthcertificateonboot)
-- [Start/StartLayout](#start-startlayout)
-- [System/AllowFontProviders](#system-allowfontproviders)
-- [System/AllowLocation](#system-allowlocation)
-- [System/AllowTelemetry](#system-allowtelemetry)
-- [TextInput/AllowIMELogging](#textinput-allowimelogging)
-- [TextInput/AllowIMENetworkAccess](#textinput-allowimenetworkaccess)
-- [TextInput/AllowInputPanel](#textinput-allowinputpanel)
-- [TextInput/AllowJapaneseIMESurrogatePairCharacters](#textinput-allowjapaneseimesurrogatepaircharacters)
-- [TextInput/AllowJapaneseIVSCharacters](#textinput-allowjapaneseivscharacters)
-- [TextInput/AllowJapaneseNonPublishingStandardGlyph](#textinput-allowjapanesenonpublishingstandardglyph)
-- [TextInput/AllowJapaneseUserDictionary](#textinput-allowjapaneseuserdictionary)
-- [TextInput/AllowLanguageFeaturesUninstall](#textinput-allowlanguagefeaturesuninstall)
-- [TextInput/ExcludeJapaneseIMEExceptJIS0208](#textinput-excludejapaneseimeexceptjis0208)
-- [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](#textinput-excludejapaneseimeexceptjis0208andeudc)
-- [TextInput/ExcludeJapaneseIMEExceptShiftJIS](#textinput-excludejapaneseimeexceptshiftjis)
-- [Update/AllowAutoUpdate](#update-allowautoupdate)
-- [Update/AllowUpdateService](#update-allowupdateservice)
-- [Update/AutoRestartNotificationSchedule](#update-autorestartnotificationschedule)
-- [Update/AutoRestartRequiredNotificationDismissal](#update-autorestartrequirednotificationdismissal)
-- [Update/BranchReadinessLevel](#update-branchreadinesslevel)
-- [Update/DeferFeatureUpdatesPeriodInDays](#update-deferfeatureupdatesperiodindays)
-- [Update/DeferQualityUpdatesPeriodInDays](#update-deferqualityupdatesperiodindays)
-- [Update/DetectionFrequency](#update-detectionfrequency)
-- [Update/PauseFeatureUpdates](#update-pausefeatureupdates)
-- [Update/PauseQualityUpdates](#update-pausequalityupdates)
-- [Update/ScheduleImminentRestartWarning](#update-scheduleimminentrestartwarning)
-- [Update/ScheduleRestartWarning](#update-schedulerestartwarning)
-- [Update/SetAutoRestartNotificationDisable](#update-setautorestartnotificationdisable)
-- [Update/UpdateServiceUrl](#update-updateserviceurl)
-- [Update/UpdateServiceUrlAlternate](#update-updateserviceurlalternate)
-- [WiFi/AllowWiFiHotSpotReporting](#wifi-allowwifihotspotreporting)
-
-
## Policies that can be set using Exchange Active Sync (EAS)
@@ -4715,7 +4486,6 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Wifi/AllowWiFi](#wifi-allowwifi)
-
## Examples
Set the minimum password length to 4 characters.
diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md
index 8f5c11db9d..b7fa5a8362 100644
--- a/windows/client-management/mdm/rootcacertificates-csp.md
+++ b/windows/client-management/mdm/rootcacertificates-csp.md
@@ -7,11 +7,14 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 06/26/2017
+ms.date: 03/06/2018
---
# RootCATrustedCertificates CSP
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
The RootCATrustedCertificates configuration service provider enables the enterprise to set the Root Certificate Authority (CA) certificates.
> [!Note]
@@ -44,6 +47,9 @@ Node for trusted publisher certificates.
**RootCATrustedCertificates/TrustedPeople**
Node for trusted people certificates.
+**RootCATrustedCertificates/UntrustedCertificates**
+Addeded in Windows 10, version 1803. Node for certificates that are not trusted. IT admin can use this node to immediately flag certificates that have been compromised and no longer usable.
+
**_CertHash_**
Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value.
diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md
index 6e6492a240..03c352d150 100644
--- a/windows/client-management/mdm/rootcacertificates-ddf-file.md
+++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md
@@ -7,17 +7,19 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 12/05/2017
+ms.date: 03/07/2018
---
# RootCATrustedCertificates DDF file
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic shows the OMA DM device description framework (DDF) for the **RootCACertificates** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-The XML below is the current version for this CSP.
+The XML below is for Windows 10, version 1803.
``` syntax
@@ -28,7 +30,7 @@ The XML below is the current version for this CSP.
1.2
RootCATrustedCertificates
- ./Vendor/MSFT
+ ./User/Vendor/MSFT
@@ -43,7 +45,7 @@ The XML below is the current version for this CSP.
-
+ com.microsoft/1.1/MDM/RootCATrustedCertificates
@@ -74,8 +76,6 @@ The XML below is the current version for this CSP.
-
-
Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
@@ -100,12 +100,12 @@ The XML below is the current version for this CSP.
-
+
Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
-
+
@@ -117,7 +117,7 @@ The XML below is the current version for this CSP.
- text/plain
+
@@ -271,8 +271,6 @@ The XML below is the current version for this CSP.
-
-
Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
@@ -297,12 +295,12 @@ The XML below is the current version for this CSP.
-
+
Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
-
+
@@ -311,7 +309,7 @@ The XML below is the current version for this CSP.
- text/plain
+
@@ -363,7 +361,7 @@ The XML below is the current version for this CSP.
- Returns the starting date of the certificate's validity. This is equivalent to the NotBefore member in the CERT_INFO structure.
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
@@ -384,7 +382,7 @@ The XML below is the current version for this CSP.
- Returns the expiration date of the certificate. This is equivalent to the NotAfter member in the CERT_INFO structure
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
@@ -405,7 +403,7 @@ The XML below is the current version for this CSP.
- Returns the certificate template name.
+ Returns the certificate template name. Supported operation is Get.
@@ -450,8 +448,6 @@ The XML below is the current version for this CSP.
-
-
Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
@@ -476,12 +472,12 @@ The XML below is the current version for this CSP.
-
+
Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
-
+
@@ -493,7 +489,7 @@ The XML below is the current version for this CSP.
- text/plain
+
@@ -551,7 +547,7 @@ The XML below is the current version for this CSP.
- Returns the starting date of the certificate's validity. This is equivalent to the NotBefore member in the CERT_INFO structure.
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
@@ -575,7 +571,7 @@ The XML below is the current version for this CSP.
- Returns the expiration date of the certificate. This is equivalent to the NotAfter member in the CERT_INFO structure
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
@@ -599,7 +595,7 @@ The XML below is the current version for this CSP.
- Returns the certificate template name.
+ Returns the certificate template name. Supported operation is Get.
@@ -647,8 +643,6 @@ The XML below is the current version for this CSP.
-
-
Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
@@ -673,12 +667,12 @@ The XML below is the current version for this CSP.
-
+
Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
-
+
@@ -690,7 +684,7 @@ The XML below is the current version for this CSP.
- text/plain
+
@@ -748,7 +742,7 @@ The XML below is the current version for this CSP.
- Returns the starting date of the certificate's validity. This is equivalent to the NotBefore member in the CERT_INFO structure.
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
@@ -772,7 +766,7 @@ The XML below is the current version for this CSP.
- Returns the expiration date of the certificate. This is equivalent to the NotAfter member in the CERT_INFO structure
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
@@ -796,7 +790,1180 @@ The XML below is the current version for this CSP.
- Returns the certificate template name.
+ Returns the certificate template name. Supported operation is Get.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+ UntrustedCertificates
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+
+
+
+
+
+
+
+
+
+
+
+
+ CertHash
+
+
+
+
+
+ EncodedCertificate
+
+
+
+
+
+
+ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IssuedBy
+
+
+
+
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IssuedTo
+
+
+
+
+ Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidFrom
+
+
+
+
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidTo
+
+
+
+
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TemplateName
+
+
+
+
+ Returns the certificate template name. Supported operation is Get.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+
+ RootCATrustedCertificates
+ ./Device/Vendor/MSFT
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ com.microsoft/1.1/MDM/RootCATrustedCertificates
+
+
+
+ Root
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+
+
+
+
+
+
+
+
+
+
+
+
+ CertHash
+
+
+
+
+
+ EncodedCertificate
+
+
+
+
+
+
+ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IssuedBy
+
+
+
+
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IssuedTo
+
+
+
+
+ Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidFrom
+
+
+
+
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidTo
+
+
+
+
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TemplateName
+
+
+
+
+ Returns the certificate template name. Supported operation is Get.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+ CA
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+
+
+
+
+
+
+
+
+
+
+
+
+ CertHash
+
+
+
+
+
+ EncodedCertificate
+
+
+
+
+
+
+ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IssuedBy
+
+
+
+
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IssuedTo
+
+
+
+
+ Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidFrom
+
+
+
+
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidTo
+
+
+
+
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TemplateName
+
+
+
+
+ Returns the certificate template name. Supported operation is Get.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+ TrustedPublisher
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+
+
+
+
+
+
+
+
+
+
+
+
+ CertHash
+
+
+
+
+
+ EncodedCertificate
+
+
+
+
+
+
+ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IssuedBy
+
+
+
+
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IssuedTo
+
+
+
+
+ Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidFrom
+
+
+
+
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidTo
+
+
+
+
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TemplateName
+
+
+
+
+ Returns the certificate template name. Supported operation is Get.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+ TrustedPeople
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+
+
+
+
+
+
+
+
+
+
+
+
+ CertHash
+
+
+
+
+
+ EncodedCertificate
+
+
+
+
+
+
+ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IssuedBy
+
+
+
+
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IssuedTo
+
+
+
+
+ Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidFrom
+
+
+
+
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidTo
+
+
+
+
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TemplateName
+
+
+
+
+ Returns the certificate template name. Supported operation is Get.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+ UntrustedCertificates
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+
+
+
+
+
+
+
+
+
+
+
+
+ CertHash
+
+
+
+
+
+ EncodedCertificate
+
+
+
+
+
+
+ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IssuedBy
+
+
+
+
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IssuedTo
+
+
+
+
+ Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidFrom
+
+
+
+
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidTo
+
+
+
+
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TemplateName
+
+
+
+
+ Returns the certificate template name. Supported operation is Get.
@@ -818,14 +1985,4 @@ The XML below is the current version for this CSP.
-```
-
-
-
-
-
-
-
-
-
-
+```
\ No newline at end of file
diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
index 9e780394d7..94f1153940 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
@@ -24,15 +24,6 @@ This article assumes that you understand how to set up AD DS to back up BitLock
This article does not detail how to configure AD DS to store the BitLocker recovery information.
-This article contains the following topics:
-
-- [What Is BitLocker Recovery?](#bkmk-whatisrecovery)
-- [Testing Recovery](#bkmk-testingrecovery)
-- [Planning Your Recovery Process](#bkmk-planningrecovery)
-- [Using Additional Recovery Information](#bkmk-usingaddrecovery)
-- [Resetting Recovery Passwords](#bkmk-appendixb)
-- [Retrieving the BitLocker Key Package](#bkmk-appendixc)
-
## What is BitLocker recovery?
BitLocker recovery is the process by which you can restore access to a BitLocker-protected drive in the event that you cannot unlock the drive normally. In a recovery scenario you have the following options to restore access to the drive:
@@ -109,7 +100,7 @@ Before you create a thorough BitLocker recovery process, we recommend that you t
2. At the command prompt, type the following command and then press ENTER:
`manage-bde. -ComputerName -forcerecovery `
-> **Note:** Recovery triggered by `-forcerecovery` persists for multiple restarts until a TPM protector is added or protection is suspended by the user.
+> **Note:** Recovery triggered by `-forcerecovery` persists for multiple restarts until a TPM protector is added or protection is suspended by the user. When using Modern Standby devices (such as Surface devices), the `-forcerecovery` option is not recommended because the OS will not boot after the recovery key is entered. Instead, the BitLocker recovery screen reappears until BitLocker protection is suspended or the OS drive is decrypted.
## Planning your recovery process
|