deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 02:43:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into minusevents

Browse Source
This commit is contained in:
jaimeo
2017-10-16 11:56:12 -07:00
parent 45b4c3170b 4a84a6a5d1
commit eb3c3494d8
202 changed files with 3853 additions and 1365 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
windows/configuration/TOC.md
View File

@ -9,7 +9,10 @@
### [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)
### [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md)
### [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md)
### [Lock down Windows 10 to specific apps (AppLocker)](lock-down-windows-10-to-specific-apps.md)
### [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md)
#### [Troubleshoot multi-app kiosk](multi-app-kiosk-troubleshoot.md)
#### [Use AppLocker to create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-applocker.md)
#### [Multi-app kiosk XML reference](multi-app-kiosk-xml.md)
## [Configure Windows 10 Mobile devices](mobile-devices/configure-mobile.md)
### [Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise](mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md)
### [Use Windows Configuration Designer to configure Windows 10 Mobile devices](mobile-devices/provisioning-configure-mobile.md)
@ -48,7 +51,7 @@
### [Set up and test custom voice commands in Cortana for your organization](cortana-at-work/cortana-at-work-voice-commands.md)
### [Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization](cortana-at-work/cortana-at-work-policy-settings.md)
### [Send feedback about Cortana at work back to Microsoft](cortana-at-work/cortana-at-work-feedback.md)
## [Configure access to Microsoft Store](stop-employees-from-using-the-windows-store.md)
## [Configure access to Microsoft Store](stop-employees-from-using-microsoft-store.md)
## [Provisioning packages for Windows 10](provisioning-packages/provisioning-packages.md)
### [How provisioning works in Windows 10](provisioning-packages/provisioning-how-it-works.md)
### [Introduction to configuration service providers (CSPs)](provisioning-packages/how-it-pros-can-use-configuration-service-providers.md)
@ -70,6 +73,8 @@
#### [AutomaticTime](wcd/wcd-automatictime.md)
#### [Browser](wcd/wcd-browser.md)
#### [CallAndMessagingEnhancement](wcd/wcd-callandmessagingenhancement.md)
#### [Calling](wcd/wcd-calling.md)
#### [CellCore](wcd/wcd-cellcore.md)
#### [Cellular](wcd/wcd-cellular.md)
#### [Certificates](wcd/wcd-certificates.md)
#### [CleanPC](wcd/wcd-cleanpc.md)
@ -79,6 +84,7 @@
#### [DesktopBackgroundAndColors](wcd/wcd-desktopbackgroundandcolors.md)
#### [DeveloperSetup](wcd/wcd-developersetup.md)
#### [DeviceFormFactor](wcd/wcd-deviceformfactor.md)
#### [DeviceInfo](wcd/wcd-deviceinfo.md)
#### [DeviceManagement](wcd/wcd-devicemanagement.md)
#### [DMClient](wcd/wcd-dmclient.md)
#### [EditionUpgrade](wcd/wcd-editionupgrade.md)
@ -86,6 +92,7 @@
#### [FirewallConfiguration](wcd/wcd-firewallconfiguration.md)
#### [FirstExperience](wcd/wcd-firstexperience.md)
#### [Folders](wcd/wcd-folders.md)
#### [HotSpot](wcd/wcd-hotspot.md)
#### [InitialSetup](wcd/wcd-initialsetup.md)
#### [InternetExplorer](wcd/wcd-internetexplorer.md)
#### [Licensing](wcd/wcd-licensing.md)
@ -109,11 +116,13 @@
#### [StartupBackgroundTasks](wcd/wcd-startupbackgroundtasks.md)
#### [SurfaceHubManagement](wcd/wcd-surfacehubmanagement.md)
#### [TabletMode](wcd/wcd-tabletmode.md)
#### [TakeATest](wcd/wcd-takeatest.md)
#### [TakeATest](wcd/wcd-takeatest.md)
#### [TextInput](wcd/wcd-textinput.md)
#### [Theme](wcd/wcd-theme.md)
#### [UnifiedWriteFilter](wcd/wcd-unifiedwritefilter.md)
#### [UniversalAppInstall](wcd/wcd-universalappinstall.md)
#### [UniversalAppUninstall](wcd/wcd-universalappuninstall.md)
#### [UsbErrorsOEMOverride](wcd/wcd-usberrorsoemoverride.md)
#### [WeakCharger](wcd/wcd-weakcharger.md)
#### [WindowsTeamSettings](wcd/wcd-windowsteamsettings.md)
#### [WLAN](wcd/wcd-wlan.md)

11
windows/configuration/change-history-for-configure-windows-10.md
View File

@ -15,18 +15,29 @@ ms.date: 09/25/2017
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
## RELEASE: Windows 10, version 1709
The topics in this library have been updated for Windows 10, version 1709 (also known as the Fall Creators Update). The following new topics have been added:
- [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md)
- [Multi-app kiosk XML reference](multi-app-kiosk-xml.md)
## September 2017
|New or changed topic | Description|
|--- | ---|
|[Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)|New conceptual info about Windows 10 and the upcoming GDPR-compliance requirements.|
|[Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added that Windows Spotlight can be managed by the Experience/AllowWindowsSpotlight MDM policy. |
## August 2017
|New or changed topic | Description|
|--- | ---|
|[Windows Configuration Designer provisioning settings (reference)](wcd/wcd.md) | New section; reference content from [Windows Provisioning settings reference](https://msdn.microsoft.com/library/windows/hardware/dn965990.aspx) is being relocated here from MSDN. |
## July 2017
| New or changed topic | Description |
| --- | --- |

2
windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
View File

@ -8,6 +8,8 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.author: jdecker
ms.date: 10/05/2017
---
# Customize Windows 10 Start and taskbar with Group Policy

2
windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
View File

@ -100,7 +100,7 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
- **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
- **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package.
- **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
12. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.

BIN
windows/configuration/images/multiappassignedaccesssettings.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.0 KiB

BIN
windows/configuration/images/profile-config.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 38 KiB

BIN
windows/configuration/images/sample-start.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 92 KiB

2
windows/configuration/kiosk-shared-pc.md
View File

@ -20,4 +20,4 @@ Some desktop devices in an enterprise serve a special purpose, such as a common
| [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md) | Windows 10, version 1607, introduced *shared PC mode*, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. |
| [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | You can configure a device running Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education as a kiosk device, so that users can only interact with a single application that you select. |
| [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | You can choose almost any Windows app for assigned access; however, some apps may not provide a good user experience. This topic provides guidelines to help you choose an approprate app for a kiosk device. |
| [Lock down Windows 10 to specific apps (AppLocker)](lock-down-windows-10-to-specific-apps.md) | Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps. The result is similar to a kiosk device, but with multiple apps available. For example, you might set up a library computer so that users can search the catalog and browse the Internet, but can't run any other apps or change computer settings. |
| [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) | Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps. The result is similar to a kiosk device, but with multiple apps available. For example, you might set up a library computer so that users can search the catalog and browse the Internet, but can't run any other apps or change computer settings. |

121
windows/configuration/lock-down-windows-10-applocker.md Normal file
View File

@ -0,0 +1,121 @@
---
title: Use AppLocker to create a Windows 10 kiosk that runs multiple apps (Windows 10)
description: Learn how to use AppLocker to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps.
ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
keywords: ["lockdown", "app restrictions", "applocker"]
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: edu, security
author: jdeckerms
ms.localizationpriority: high
ms.date: 10/05/2017
ms.author: jdecker
---
# Use AppLocker to create a Windows 10 kiosk that runs multiple apps
**Applies to**
- Windows 10
Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education, version 1703 and earlier, so that users can only run a few specific apps. The result is similar to [a kiosk device](set-up-a-device-for-anyone-to-use.md), but with multiple apps available. For example, you might set up a library computer so that users can search the catalog and browse the Internet, but can't run any other apps or change computer settings.
>[!NOTE]
>For devices running Windows 10, version 1709, we recommend the [multi-app kiosk method](lock-down-windows-10-to-specific-apps.md).
You can restrict users to a specific set of apps on a device running Windows 10 Enterprise or Windows 10 Education by using [AppLocker](/windows/device-security/applocker/applocker-overview). AppLocker rules specify which apps are allowed to run on the device.
AppLocker rules are organized into collections based on file format. If no AppLocker rules for a specific rule collection exist, all files with that file format are allowed to run. However, when an AppLocker rule for a specific rule collection is created, only the files explicitly allowed in a rule are permitted to run. For more information, see [How AppLocker works](/windows/device-security/applocker/how-applocker-works-techref).
This topic describes how to lock down apps on a local device. You can also use AppLocker to set rules for applications in a domain by using Group Policy.
![install create lockdown customize](images/lockdownapps.png)
## Install apps
First, install the desired apps on the device for the target user account(s). This works for both Store and Win32. For Store apps, you must log on as that user for the app to install. For Win32 you can install an app for all users without logging on to the particular account.
## Use AppLocker to set rules for apps
After you install the desired apps, set up AppLocker rules to only allow specific apps, and block everything else.
1. Run Local Security Policy (secpol.msc) as an administrator.
2. Go to **Security Settings** > **Application Control Policies** > **AppLocker**, and select **Configure rule enforcement**.
![configure rule enforcement](images/apprule.png)
3. Check **Configured** under **Executable rules**, and then click **OK**.
4. Right-click **Executable Rules** and then click **Automatically generate rules**.
![automatically generate rules](images/genrule.png)
5. Select the folder that contains the apps that you want to permit, or select C:\\ to analyze all apps.
6. Type a name to identify this set of rules, and then click **Next**.
7. On the **Rule Preferences** page, click **Next**. Be patient, it might take awhile to generate the rules.
8. On the **Review Rules** page, click **Create**. The wizard will now create a set of rules allowing the installed set of apps.
9. Read the message and click **Yes**.
![default rules warning](images/appwarning.png)
10. (optional) If you want a rule to apply to a specific set of users, right-click on the rule and select **Properties**. Then use the dialog to choose a different user or group of users.
11. (optional) If rules were generated for apps that should not be run, you can delete them by right-clicking on the rule and selecting **Delete**.
12. Before AppLocker will enforce rules, the **Application Identity** service must be turned on. To force the Application Identity service to automatically start on reset, open a command prompt and run:
``` syntax
sc config appidsvc start=auto
```
13. Restart the device.
## Other settings to lock down
In addition to specifying the apps that users can run, you should also restrict some settings and functions on the device. For a more secure experience, we recommend that you make the following configuration changes to the device:
- Remove **All apps**.
Go to **Group Policy Editor** > **User Configuration** > **Administrative Templates\\Start Menu and Taskbar\\Remove All Programs list from the Start menu**.
- Hide **Ease of access** feature on the logon screen.
Go to **Control Panel** > **Ease of Access** > **Ease of Access Center**, and turn off all accessibility tools.
- Disable the hardware power button.
Go to **Power Options** > **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**.
- Disable the camera.
Go to **Settings** > **Privacy** > **Camera**, and turn off **Let apps use my camera**.
- Turn off app notifications on the lock screen.
Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**.
- Disable removable media.
Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation.
**Note**  
To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**.
 
To learn more about locking down features, see [Customizations for Windows 10 Enterprise](https://go.microsoft.com/fwlink/p/?LinkId=691442).
## Customize Start screen layout for the device (recommended)
Configure the Start menu on the device to only show tiles for the permitted apps. You will make the changes manually, export the layout to an .xml file, and then apply that file to devices to prevent users from making changes. For instructions, see [Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md).

609
windows/configuration/lock-down-windows-10-to-specific-apps.md
View File

@ -1,6 +1,6 @@
---
title: Lock down Windows 10 to specific apps (Windows 10)
description: Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps.
title: Create a Windows 10 kiosk that runs multiple apps (Windows 10)
description: Learn how to configure a kiosk device running Windows 10 so that users can only run a few specific apps.
ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
keywords: ["lockdown", "app restrictions", "applocker"]
ms.prod: w10
@ -9,120 +9,605 @@ ms.sitesec: library
ms.pagetype: edu, security
author: jdeckerms
ms.localizationpriority: high
ms.date: 10/05/2017
ms.author: jdecker
---
# Lock down Windows 10 to specific apps
# Create a Windows 10 kiosk that runs multiple apps
**Applies to**
- Windows 10
>For more info about the features and functionality that are supported in each edition of Windows, see [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package.
Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps. The result is similar to [a kiosk device](set-up-a-device-for-anyone-to-use.md), but with multiple apps available. For example, you might set up a library computer so that users can search the catalog and browse the Internet, but can't run any other apps or change computer settings.
>[!NOTE]
>For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk.
You can restrict users to a specific set of apps on a device running Windows 10 Enterprise or Windows 10 Education by using [AppLocker](/windows/device-security/applocker/applocker-overview). AppLocker rules specify which apps are allowed to run on the device.
The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they dont need to access.
AppLocker rules are organized into collections based on file format. If no AppLocker rules for a specific rule collection exist, all files with that file format are allowed to run. However, when an AppLocker rule for a specific rule collection is created, only the files explicitly allowed in a rule are permitted to run. For more information, see [How AppLocker works](/windows/device-security/applocker/how-applocker-works-techref).
This topic describes how to lock down apps on a local device. You can also use AppLocker to set rules for applications in a domain by using Group Policy.
![install create lockdown customize](images/lockdownapps.png)
## Install apps
>[!WARNING]
>The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.
First, install the desired apps on the device for the target user account(s). This works for both Store and Win32. For Store apps, you must log on as that user for the app to install. For Win32 you can install an app for all users without logging on to the particular account.
Process:
1. [Create XML file](#create-xml-file)
2. [Add XML file to provisioning package](#add-xml)
3. [Apply provisioning package to device](#apply-ppkg)
## Use AppLocker to set rules for apps
If you don't want to use a provisioning package, you can deploy the configuration XML file using [mobile device management (MDM)](#alternate-methods) or you can configure assigned access using the [MDM Bridge WMI Provider](#bridge).
## Prerequisites
- Windows Configuration Designer (Windows 10, version 1709)
- The kiosk device must be running Windows 10 (S, Pro, Enterprise, or Education), version 1709
After you install the desired apps, set up AppLocker rules to only allow specific apps, and block everything else.
## Create XML file
1. Run Local Security Policy (secpol.msc) as an administrator.
Let's start by looking at the basic structure of the XML file.
2. Go to **Security Settings** > **Application Control Policies** > **AppLocker**, and select **Configure rule enforcement**.
- A configuration xml can define multiple *profiles*. Each profile has a unique **Id** and defines a set of applications that are allowed to run, whether the taskbar is visible, and can include a custom Start layout.
![configure rule enforcement](images/apprule.png)
- A configuration xml can have multiple *config* sections. Each config section associates a non-admin user account to a default profile **Id**.
3. Check **Configured** under **Executable rules**, and then click **OK**.
- Multiple config sections can be associated to the same profile.
4. Right-click **Executable Rules** and then click **Automatically generate rules**.
- A profile has no effect if its not associated to a config section.
![automatically generate rules](images/genrule.png)
![profile = app and config = account](images/profile-config.png)
You can start your file by pasting the following XML (or any other examples in this topic) into a XML editor, and saving the file as *filename*.xml. Each section of this XML is explained in this topic.
5. Select the folder that contains the apps that you want to permit, or select C:\\ to analyze all apps.
```xml
<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
<Profiles>
<Profile Id="">
<AllAppsList>
<AllowedApps/>
</AllAppsList>
<StartLayout/>
<Taskbar/>
</Profile>
</Profiles>
<Configs>
<Config>
<Account/>
<DefaultProfile Id=""/>
</Config>
</Configs>
</AssignedAccessConfiguration>
```
6. Type a name to identify this set of rules, and then click **Next**.
### Profile
7. On the **Rule Preferences** page, click **Next**. Be patient, it might take awhile to generate the rules.
A profile section in the XML has the following entries:
8. On the **Review Rules** page, click **Create**. The wizard will now create a set of rules allowing the installed set of apps.
- [**Id**](#id)
9. Read the message and click **Yes**.
- [**AllowedApps**](#allowedapps)
![default rules warning](images/appwarning.png)
- [**StartLayout**](#startlayout)
10. (optional) If you want a rule to apply to a specific set of users, right-click on the rule and select **Properties**. Then use the dialog to choose a different user or group of users.
11. (optional) If rules were generated for apps that should not be run, you can delete them by right-clicking on the rule and selecting **Delete**.
12. Before AppLocker will enforce rules, the **Application Identity** service must be turned on. To force the Application Identity service to automatically start on reset, open a command prompt and run:
``` syntax
sc config appidsvc start=auto
```
13. Restart the device.
## Other settings to lock down
- [**Taskbar**](#taskbar)
In addition to specifying the apps that users can run, you should also restrict some settings and functions on the device. For a more secure experience, we recommend that you make the following configuration changes to the device:
#### Id
- Remove **All apps**.
The profile **Id** is a GUID attribute to uniquely identify the profile. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file.
Go to **Group Policy Editor** &gt; **User Configuration** &gt; **Administrative Templates\\Start Menu and Taskbar\\Remove All Programs list from the Start menu**.
```xml
<Profiles>
<Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"></Profile>
</Profiles>
```
- Hide **Ease of access** feature on the logon screen.
#### AllowedApps
Go to **Control Panel** &gt; **Ease of Access** &gt; **Ease of Access Center**, and turn off all accessibility tools.
**AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Classic Windows desktop apps.
- Disable the hardware power button.
Based on the purpose of the kiosk device, define the list of applications that are allowed to run. This list can contain both UWP apps and desktop apps. When the mult-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration.
Go to **Power Options** &gt; **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**.
>[!NOTE]
>You cannot manage AppLocker rules that are generated by the multi-app kiosk configuration in [MMC snap-ins](https://technet.microsoft.com/library/hh994629.aspx#BKMK_Using_Snapins). Avoid applying AppLocker rules to devices running the multi-app kiosk configuration.
- Disable the camera.
- For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867), or [get the AUMID from the Start Layout XML](#startlayout).
- For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of %variableName% (i.e. %systemroot%, %windir%).
Go to **Settings** &gt; **Privacy** &gt; **Camera**, and turn off **Let apps use my camera**.
Here are the predefined assigned access AppLocker rules for **UWP apps**:
- Turn off app notifications on the lock screen.
1. Default rule is to allow all users to launch the signed package apps.
2. The package app deny list is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the deny list. This list will exclude the default allowed inbox package apps which are critical for the system to function, and then exclude the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This deny list will be used to prevent the user from accessing the apps which are currently available for the user but not in the allowed list.
Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**.
>[!NOTE]
>Multi-app kiosk mode doesnt block the enterprise or the users from installing UWP apps. When a new UWP app is installed during the current assigned access user session, this app will not be in the deny list. When the user signs out and signs in again, the app will be included in the deny list. If this is an enterprise-deployed line-of-business app and you want to allow it to run, update the assigned access configuration to include it in the allowed app list.
- Disable removable media.
Here are the predefined assigned access AppLocker rules for **desktop apps**:
Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation.
1. Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. The rule also allows the admin user group to launch all desktop programs.
2. There is a predefined inbox desktop app deny list for the assigned access user account, and this deny list is adjusted based on the desktop app allow list that you defined in the multi-app configuration.
3. Enterprise-defined allowed desktop apps are added in the AppLocker allow list.
**Note**  
To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**.
The following example allows Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps to run on the device.
 
```xml
<AllAppsList>
<AllowedApps>
<App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
<App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
<App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
<App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
<App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
<App DesktopAppPath="%windir%\system32\mspaint.exe" />
<App DesktopAppPath="C:\Windows\System32\notepad.exe" />
</AllowedApps>
</AllAppsList>
```
To learn more about locking down features, see [Customizations for Windows 10 Enterprise](https://go.microsoft.com/fwlink/p/?LinkId=691442).
#### StartLayout
## Customize Start screen layout for the device (recommended)
After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen.
The easiest way to create a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test device and then export the layout. For detailed steps, see [Customize and export Start layout](customize-and-export-start-layout.md).
A few things to note here:
- The test device on which you customize the Start layout should have the same OS version that is installed on the device where you plan to deploy the multi-app assigned access configuration.
- Since the multi-app assigned access experience is intended for fixed-purpose devices, to ensure the device experiences are consistent and predictable, use the *full* Start layout option instead of the *partial* Start layout.
- There are no apps pinned on the taskbar in the multi-app mode, and it is not supported to configure Taskbar layout using the `<CustomTaskbarLayoutCollection>` tag in a layout modification XML as part of the assigned access configuration.
- The following example uses DesktopApplicationLinkPath to pin the desktop app to start. When the desktop app doesnt have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files).
This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps on Start.
```xml
<StartLayout>
<![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
<LayoutOptions StartTileGroupCellWidth="6" />
<DefaultLayoutOverride>
<StartLayoutCollection>
<defaultlayout:StartLayout GroupCellWidth="6">
<start:Group Name="Group1">
<start:Tile Size="4x4" Column="0" Row="0" AppUserModelID="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
<start:Tile Size="2x2" Column="4" Row="2" AppUserModelID="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
<start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
<start:Tile Size="2x2" Column="4" Row="4" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
<start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
</start:Group>
<start:Group Name="Group2">
<start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" />
<start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" />
</start:Group>
</defaultlayout:StartLayout>
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
]]>
</StartLayout>
```
>[!NOTE]
>If an app is not installed for the user but is included in the Start layout XML, the app will not be shown on the Start screen.
Configure the Start menu on the device to only show tiles for the permitted apps. You will make the changes manually, export the layout to an .xml file, and then apply that file to devices to prevent users from making changes. For instructions, see [Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md).
![What the Start screen looks like when the XML sample is applied](images/sample-start.png)
#### Taskbar
Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you dont attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want.
The following example exposes the taskbar to the end user:
```xml
<Taskbar ShowTaskbar="true"/>
```
The following example hides the taskbar:
```xml
<Taskbar ShowTaskbar="false"/>
```
>[!NOTE]
>This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden.
### Configs
Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, Start layout, and taskbar configuration, as well as other local group policies or mobile device management (MDM) policies set as part of the multi-app experience.
The full multi-app assigned access experience can only work for non-admin users. Its not supported to associate an admin user with the assigned access profile; doing this in the XML file will result in unexpected/unsupported experiences when this admin user signs in.
 
 
The account can be local, domain, or Azure Active Directory (Azure AD). Groups are not supported.
- Local account can be entered as `machinename\account` or `.\account` or just `account`.
- Domain account should be entered as `domain\account`.
- Azure AD account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided AS IS (consider its a fixed domain name), then follow with the Azure AD email address, e.g. **AzureAD\someone@contoso.onmicrosoft.com**.
>[!WARNING]
>Assigned access can be configured via WMI or CSP to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so.
Before applying the multi-app configuration, make sure the specified user account is available on the device, otherwise it will fail.
>[!NOTE]
>For both domain and Azure AD accounts, its not required that target account is explicitly added to the device. As long as the device is AD-joined or Azure AD-joined, the account can be discovered in the domain forest or tenant that the device is joined to. For local accounts, it is required that the account exist before you configure the account for assigned access.
```xml
<Configs>
<Config>
<Account>MultiAppKioskUser</Account>
<DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
</Config>
</Configs>
```
<span id="add-xml" />
## Add XML file to provisioning package
Before you add the XML file to a provisioning package, you can [validate your configuration XML against the XSD](multi-app-kiosk-xml.md#xsd-for-assignedaccess-configuration-xml).
Use the Windows Configuration Designer tool to create a provisioning package. [Learn how to install Windows Configuration Designer.](provisioning-packages/provisioning-install-icd.md)
>[!IMPORTANT]
>When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
1. Open Windows Configuration Designer (by default, %systemdrive%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
2. Choose **Advanced provisioning**.
3. Name your project, and click **Next**.
4. Choose **All Windows desktop editions** and click **Next**.
5. On **New project**, click **Finish**. The workspace for your package opens.
6. Expand **Runtime settings** &gt; **AssignedAccess** &gt; **MultiAppAssignedAccessSettings**.
7. In the center pane, click **Browse** to locate and select the assigned access configuration XML file that you created.
![Screenshot of the MultiAppAssignedAccessSettings field in Windows Configuration Designer](images/multiappassignedaccesssettings.png)
8. (**Optional**: If you want to apply the provisioning package after device initial setup and there is an admin user already available on the kiosk device, skip this step.) Create an admin user account in **Runtime settings** &gt; **Accounts** &gt; **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed.
8. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** &gt; **Accounts** &gt; **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
8. On the **File** menu, select **Save.**
9. On the **Export** menu, select **Provisioning package**.
10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
- **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
- **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
12. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.
Optionally, you can click **Browse** to change the default output location.
13. Click **Next**.
14. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
15. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
- If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
- If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
15. Copy the provisioning package to the root directory of a USB drive.
<span id="apply-ppkg" />
## Apply provisioning package to device
Provisioning packages can be applied to a device during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
### During initial setup, from a USB drive
1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
![The first screen to set up a new PC](images/oobe.jpg)
2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
![Set up device?](images/setupmsg.jpg)
3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**.
![Provision this device](images/prov.jpg)
4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**.
![Choose a package](images/choose-package.png)
5. Select **Yes, add it**.
![Do you trust this package?](images/trust-package.png)
### After setup, from a USB drive, network folder, or SharePoint site
1. Sign in with an admin account.
2. Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install.
>[!NOTE]
>if your provisioning package doesnt include the assigned access user account creation, make sure the account you specified in the multi-app configuration XML exists on the device.
![add a package option](images/package.png)
### Validate provisioning
- Go to **Settings** > **Accounts** > **Access work or school**, and then click **Add or remove a provisioning package**. You should see a list of packages that were applied to the device, including the one you applied for the multi-app configuration.
- Optionally, run Event Viewer (eventvwr.exe) and look through logs under **Applications and Services Logs** > **Microsoft** > **Windows** > **Provisioning-Diagnostics-Provider** > **Admin**.
<span id="alternate-methods" />
## Use MDM to deploy the multi-app configuration
Multi-app kiosk mode is enabled by the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp). Your MDM policy can contain the assigned access configuration XML.
If your device is enrolled with a MDM server which supports applying the assigned access configuration, you can use it to apply the setting remotely.
The OMA-URI for multi-app policy is `./Device/Vendor/MSFT/AssignedAccess/Configuration`.
<span id="bridge" />
## Use MDM Bridge WMI Provider to configure assigned access
Environments that use WMI can use the [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224.aspx) to configure the MDM_AssignedAccess class. See [PowerShell Scripting with WMI Bridge Provider](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/using-powershell-scripting-with-the-wmi-bridge-provider) for more details about using a PowerShell script to configure AssignedAccess.
Heres an example to set AssignedAccess configuration:
1. Download the [psexec tool](https://technet.microsoft.com/sysinternals/bb897553.aspx).
2. Run `psexec.exe -i -s cmd.exe`.
3. In the command prompt launched by psexec.exe, enter `powershell.exe` to open PowerShell.
4. Execute the following script:
```ps
$nameSpaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.Configuration = @"
&lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot; ?&gt;
&lt;AssignedAccessConfiguration xmlns=&quot;http://schemas.microsoft.com/AssignedAccess/2017/config&quot;&gt;
&lt;Profiles&gt;
&lt;Profile Id=&quot;{9A2A490F-10F6-4764-974A-43B19E722C23}&quot;&gt;
&lt;AllAppsList&gt;
&lt;AllowedApps&gt;
&lt;App AppUserModelId=&quot;Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic&quot; /&gt;
&lt;App AppUserModelId=&quot;Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo&quot; /&gt;
&lt;App AppUserModelId=&quot;Microsoft.Windows.Photos_8wekyb3d8bbwe!App&quot; /&gt;
&lt;App AppUserModelId=&quot;Microsoft.BingWeather_8wekyb3d8bbwe!App&quot; /&gt;
&lt;App AppUserModelId=&quot;Microsoft.WindowsCalculator_8wekyb3d8bbwe!App&quot; /&gt;
&lt;App DesktopAppPath=&quot;%windir%\system32\mspaint.exe&quot; /&gt;
&lt;App DesktopAppPath=&quot;C:\Windows\System32\notepad.exe&quot; /&gt;
&lt;/AllowedApps&gt;
&lt;/AllAppsList&gt;
&lt;StartLayout&gt;
&lt;![CDATA[&lt;LayoutModificationTemplate xmlns:defaultlayout=&quot;http://schemas.microsoft.com/Start/2014/FullDefaultLayout&quot; xmlns:start=&quot;http://schemas.microsoft.com/Start/2014/StartLayout&quot; Version=&quot;1&quot; xmlns=&quot;http://schemas.microsoft.com/Start/2014/LayoutModification&quot;&gt;
&lt;LayoutOptions StartTileGroupCellWidth=&quot;6&quot; /&gt;
&lt;DefaultLayoutOverride&gt;
&lt;StartLayoutCollection&gt;
&lt;defaultlayout:StartLayout GroupCellWidth=&quot;6&quot;&gt;
&lt;start:Group Name=&quot;Group1&quot;&gt;
&lt;start:Tile Size=&quot;4x4&quot; Column=&quot;0&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic&quot; /&gt;
&lt;start:Tile Size=&quot;2x2&quot; Column=&quot;4&quot; Row=&quot;2&quot; AppUserModelID=&quot;Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo&quot; /&gt;
&lt;start:Tile Size=&quot;2x2&quot; Column=&quot;4&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.Windows.Photos_8wekyb3d8bbwe!App&quot; /&gt;
&lt;start:Tile Size=&quot;2x2&quot; Column=&quot;4&quot; Row=&quot;4&quot; AppUserModelID=&quot;Microsoft.BingWeather_8wekyb3d8bbwe!App&quot; /&gt;
&lt;start:Tile Size=&quot;4x2&quot; Column=&quot;0&quot; Row=&quot;4&quot; AppUserModelID=&quot;Microsoft.WindowsCalculator_8wekyb3d8bbwe!App&quot; /&gt;
&lt;/start:Group&gt;
&lt;start:Group Name=&quot;Group2&quot;&gt;
&lt;start:DesktopApplicationTile Size=&quot;2x2&quot; Column=&quot;2&quot; Row=&quot;0&quot; DesktopApplicationLinkPath=&quot;%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk&quot; /&gt;
&lt;start:DesktopApplicationTile Size=&quot;2x2&quot; Column=&quot;0&quot; Row=&quot;0&quot; DesktopApplicationLinkPath=&quot;%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk&quot; /&gt;
&lt;/start:Group&gt;
&lt;/defaultlayout:StartLayout&gt;
&lt;/StartLayoutCollection&gt;
&lt;/DefaultLayoutOverride&gt;
&lt;/LayoutModificationTemplate&gt;
]]&gt;
&lt;/StartLayout&gt;
&lt;Taskbar ShowTaskbar=&quot;true&quot;/&gt;
&lt;/Profile&gt;
&lt;/Profiles&gt;
&lt;Configs&gt;
&lt;Config&gt;
&lt;Account&gt;MultiAppKioskUser&lt;/Account&gt;
&lt;DefaultProfile Id=&quot;{9A2A490F-10F6-4764-974A-43B19E722C23}&quot;/&gt;
&lt;/Config&gt;
&lt;/Configs&gt;
&lt;/AssignedAccessConfiguration&gt;
"@
Set-CimInstance -CimInstance $obj
```
## Validate multi-app kiosk configuration
Sign in with the assigned access user account you specified in the configuration to check out the multi-app experience.
>[!NOTE]
>The setting will take effect the next time the assigned access user signs in. If that user account is signed in when you apply the configuration, make sure the user signs out and signs back in to validate the experience.
The following sections explain what to expect on a multi-app kiosk.
### App launching and switching experience
In the multi-app mode, to maximize the user productivity and streamline the experience, an app will be always launched in full screen when the users click the tile on the Start. The users can minimize and close the app, but cannot resize the app window.
The users can switch apps just as they do today in Windows. They can use the Task View button, Alt + Tab hotkey, and the swipe in from the left gesture to view all the open apps in task view. They can click the Windows button to show Start, from which they can open apps, and they can switch to an opened app by clicking it on the taskbar.
### Start changes
When the assigned access user signs in, you should see a restricted Start experience:
- Start gets launched in full screen and prevents the end user from accessing the desktop.
- Start shows the layout aligned with what you defined in the multi-app configuration XML.
- Start prevents the end user from changing the tile layout.
- The user cannot resize, reposition, and unpin the tiles.
- The user cannot pin additional tiles on the start.
- Start hides **All Apps** list.
- Start hides all the folders on Start (including File Explorer, Settings, Documents, Downloads, Music, Pictures, Videos, HomeGroup, Network, and Personal folders).
- Only **User** and **Power** buttons are available. (You can control whether to show the **User/Power** buttons using [existing policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start).)
- Start hides **Change account settings** option under **User** button.
### Taskbar changes
If the applied multi-app configuration enables taskbar, when the assigned access user signs in, you should see a restricted Taskbar experience:
- Disables context menu of Start button (Quick Link)
- Disables context menu of taskbar
- Prevents the end user from changing the taskbar
- Disables Cortana and Search Windows
- Hides notification icons and system icons, e.g. Action Center, People, Windows Ink Workspace
- Allows the end user to view the status of the network connection and power state, but disables the flyout of **Network/Power** to prevent end user from changing the settings
### Blocked hotkeys
The multi-app mode blocks the following hotkeys, which are not relevant for the lockdown experience.
| Hotkey | Action |
| --- | --- |
| Windows logo key + A | Open Action center |
| Windows logo key + Shift + C | Open Cortana in listening mode |
| Windows logo key + D | Display and hide the desktop |
| Windows logo key + Alt + D | Display and hide the date and time on the desktop |
| Windows logo key + E | Open File Explorer |
| Windows logo key + F | Open Feedback Hub |
| Windows logo key + G | Open Game bar when a game is open |
| Windows logo key + I | Open Settings |
| Windows logo key + J | Set focus to a Windows tip when one is available. |
| Windows logo key + O | Lock device orientation |
| Windows logo key + Q | Open search |
| Windows logo key + R | Open the Run dialog box |
| Windows logo key + S | Open search |
| Windows logo key + X | Open the Quick Link menu |
| Windows logo key + comma (,) | Temporarily peek at the desktop |
| Windows logo key + Ctrl + F | Search for PCs (if you're on a network) |
### Locked-down Ctrl+Alt+Del screen
The multi-app mode removes options (e.g. **Change a password**, **Task Manager**, **Network**) in the Ctrl+Alt+Del screen to ensure the users cannot access the functionalities that are not allowed in the lockdown experience.
### Auto-trigger touch keyboard
In the multi-app mode, the touch keyboard will be automatically triggered when there is an input needed and no physical keyboard is attached on touch-enabled devices. You dont need to configure any other setting to enforce this behavior.
## Considerations for Windows Mixed Reality immersive headsets
With the advent of [mixed reality devices (video link)](https://www.youtube.com/watch?v=u0jqNioU2Lo), you might want to create a kiosk that can run mixed reality apps.
To create a multi-app kiosk that can run mixed reality apps, you must include the following apps in the [AllowedApps list](#allowedapps):
```xml
<App AppUserModelId="MixedRealityLearning_cw5n1h2txyewy!MixedRealityLearning" />
<App AppUserModelId="HoloShell_cw5n1h2txyewy!HoloShell" />
<App AppUserModelId="Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy!App" />
```
These are in addition to any mixed reality apps that you allow.
**Before your kiosk user signs in:** An admin user must sign in to the PC, connect a mixed reality device, and complete the guided setup for the Mixed Reality Portal. The first time that the Mixed Reality Portal is set up, some files and content are downloaded. A kiosk user would not have permissions to download and so their setup of the Mixed Reality Portal would fail.
After the admin has completed setup, the kiosk account can sign in and repeat the setup. The admin user may want to complete the kiosk user setup before providing the PC to employees or customers.
There is a difference between the mixed reality experiences for a kiosk user and other users. Typically, when a user connects a mixed reality device, they begin in the [Mixed Reality home](https://developer.microsoft.com/windows/mixed-reality/navigating_the_windows_mixed_reality_home). The Mixed Reality home is a shell that runs in "silent" mode when the PC is configured as a kiosk. When a kiosk user connects a mixed reality device, they will see only a blank display in the device, and will not have access to the features and functionality available in the home. To run a mixed reality app, the kiosk user must launch the app from the PC Start screen.
## Policies set by multi-app kiosk configuration
It is not recommended to set policies enforced in assigned access multi-app mode to different values using other channels, as the multi-app mode has been optimized to provide a locked-down experience.
When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device.
### Group Policy
The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not. This includes local users, domain users, and Azure Active Directory users.
| Setting | Value |
| --- | --- |
Remove access to the context menus for the task bar | Enabled
Clear history of recently opened documents on exit | Enabled
Prevent users from customizing their Start Screen | Enabled
Prevent users from uninstalling applications from Start | Enabled
Remove All Programs list from the Start menu | Enabled
Remove Run menu from Start Menu | Enabled
Disable showing balloon notifications as toast | Enabled
Do not allow pinning items in Jump Lists | Enabled
Do not allow pinning programs to the Taskbar | Enabled
Do not display or track items in Jump Lists from remote locations | Enabled
Remove Notifications and Action Center | Enabled
Lock all taskbar settings | Enabled
Lock the Taskbar | Enabled
Prevent users from adding or removing toolbars | Enabled
Prevent users from resizing the taskbar | Enabled
Remove frequent programs list from the Start Menu | Enabled
Remove Pinned programs from the taskbar | Enabled
Remove the Security and Maintenance icon | Enabled
Turn off all balloon notifications | Enabled
Turn off feature advertisement balloon notifications | Enabled
Turn off toast notifications | Enabled
Remove Task Manager | Enabled
Remove Change Password option in Security Options UI | Enabled
Remove Sign Out option in Security Options UI | Enabled
Remove All Programs list from the Start Menu | Enabled Remove and disable setting
Prevent access to drives from My Computer | Enabled - Restrict all drivers</br></br>**Note:** Users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears expalining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
### MDM policy
Some of the MDM policies based on the [Policy configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) affect all users on the system (i.e. system-wide).
Setting | Value | System-wide
--- | --- | ---
[Experience/AllowCortana](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | 0 - Not allowed | Yes
[Start/AllowPinnedFolderSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes
Start/HidePeopleBar | 1 - True (hide) | No
[Start/HideChangeAccountSettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-start#start-hidechangeaccountsettings) | 1 - True (hide) | Yes
[WindowsInkWorkspace/AllowWindowsInkWorkspace](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowsinkworkspace#windowsinkworkspace-allowwindowsinkworkspace) | 0 - Access to ink workspace is disabled and the feature is turned off | Yes
[Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Configuration dependent | No
[WindowsLogon/DontDisplayNetworkSelectionUI](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-dontdisplaynetworkselectionui) | &lt;Enabled/&gt; | Yes
<span id="lnk-files" />
## Provision .lnk files using Windows Configuration Designer
First, create your desktop app's shortcut file by installing the app on a test device. Right-click the installed application, and choose **Send to** > **Desktop (create shortcut)**. Rename the shortcut to `<appName>.lnk`
Next, create a batch file with two commands. If the desktop app is already installed on the target device, skip the first command for MSI install.
```
msiexec /I "<appName>.msi" /qn /norestart
copy <appName>.lnk "%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\<appName>.lnk"
```
In Windows Configuration Designer, under **ProvisioningCommands** > **DeviceContext**:
- Under **CommandFiles**, upload your batch file, your .lnk file, and your desktop app installation file
- Under **CommandLine**, enter cmd /c *FileName*.bat

15
windows/configuration/lock-down-windows-10.md
View File

@ -1,15 +0,0 @@
---
title: Lock down Windows 10 (Windows 10)
description: Windows 10 provides a number of features and methods to help you lock down specific parts of a Windows 10 device.
ms.assetid: 955BCD92-0A1A-4C48-98A8-30D7FAF2067D
keywords: lockdown
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security, mobile
author: jdeckerms
ms.localizationpriority: high
---
# Lock down Windows 10

49
windows/configuration/multi-app-kiosk-troubleshoot.md Normal file
View File

@ -0,0 +1,49 @@
---
title: Troubleshoot multi-app kiosk (Windows 10)
description: Tips for troubleshooting multi-app kiosk configuration.
ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
keywords: ["lockdown", "app restrictions"]
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: edu, security
author: jdeckerms
ms.localizationpriority: medium
ms.date: 10/05/2017
ms.author: jdecker
---
# Troubleshoot multi-app kiosk
**Applies to**
- Windows 10
## Unexpected results
For example:
- Start is not launched in full-screen
- Blocked hotkeys are allowed
- Task Manager, Cortana, or Settings can be launched
- Start layout has more apps than expected
**Troubleshooting steps**
1. [Verify that the provisioning package is applied successfully](lock-down-windows-10-to-specific-apps.md#validate-provisioning).
2. Verify that the account (config) is mapped to a profile in the configuration XML file.
3. Verify that the configuration XML file is authored and formatted correctly. Correct any configuration errors, then create and apply a new provisioning package. Sign out and sign in again to check the new configuration.
## Apps configured in AllowedList are blocked
1. Ensure the account is mapped to the correct profile and that the apps are specific for that profile.
2. Check the EventViewer logs for Applocker and AppxDeployment (under **Application and Services Logs\Microsoft\Windows**).
## Start layout not as expected
- Make sure the Start layout is authored correctly. Ensure that the attributes **Size**, **Row**, and **Column** are specified for each application and are valid.
- Check if the apps included in the Start layout are installed for the assigned access user.
- Check if the shortcut exists on the target device, if a desktop app is missing on Start.

175
windows/configuration/multi-app-kiosk-xml.md Normal file
View File

@ -0,0 +1,175 @@
---
title: Multi-app kiosk XML reference (Windows 10)
description: XML and XSD for multi-app kiosk device configuration.
ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
keywords: ["lockdown", "app restrictions", "applocker"]
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: edu, security
author: jdeckerms
ms.localizationpriority: medium
ms.date: 10/05/2017
ms.author: jdecker
---
# Multi-app kiosk XML reference
**Applies to**
- Windows 10
## Full XML sample
```xml
<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
<Profiles>
<Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
<AllAppsList>
<AllowedApps>
<App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
<App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
<App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
<App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
<App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
<App DesktopAppPath="%windir%\system32\mspaint.exe" />
<App DesktopAppPath="C:\Windows\System32\notepad.exe" />
</AllowedApps>
</AllAppsList>
<StartLayout>
<![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
<LayoutOptions StartTileGroupCellWidth="6" />
<DefaultLayoutOverride>
<StartLayoutCollection>
<defaultlayout:StartLayout GroupCellWidth="6">
<start:Group Name="Group1">
<start:Tile Size="4x4" Column="0" Row="0" AppUserModelID="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
<start:Tile Size="2x2" Column="4" Row="2" AppUserModelID="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
<start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
<start:Tile Size="2x2" Column="4" Row="4" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
<start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
</start:Group>
<start:Group Name="Group2">
<start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" />
<start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" />
</start:Group>
</defaultlayout:StartLayout>
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
]]>
</StartLayout>
<Taskbar ShowTaskbar="true"/>
</Profile>
</Profiles>
<Configs>
<Config>
<Account>MultiAppKioskUser</Account>
<DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
</Config>
</Configs>
</AssignedAccessConfiguration>
```
## XSD for AssignedAccess configuration XML
```xml
<?xml version="1.0" encoding="utf-8"?>
<xs:schema
elementFormDefault="qualified"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
targetNamespace="http://schemas.microsoft.com/AssignedAccess/2017/config"
>
<xs:complexType name="profile_list_t">
<xs:sequence minOccurs="1" >
<xs:element name="Profile" type="profile_t" minOccurs="1" maxOccurs="unbounded">
<xs:unique name="duplicateRolesForbidden">
<xs:selector xpath="Profile"/>
<xs:field xpath="@Id"/>
</xs:unique>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="profile_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="AllAppsList" type="allappslist_t" minOccurs="1" maxOccurs="1">
<xs:unique name="ForbidDupApps">
<xs:selector xpath="App"/>
<xs:field xpath="@AppUserModelId"/>
<xs:field xpath="@DesktopAppPath"/>
</xs:unique>
</xs:element>
<xs:element name="StartLayout" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="Taskbar" type="taskbar_t" minOccurs="1" maxOccurs="1"/>
</xs:sequence>
<xs:attribute name="Id" type="guid_t" use="required"/>
<xs:attribute name="Name" type="xs:string" use="optional"/>
</xs:complexType>
<xs:complexType name="allappslist_t">
<xs:sequence minOccurs="1" >
<xs:element name="AllowedApps" type="allowedapps_t" minOccurs="1" maxOccurs="1">
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="allowedapps_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="App" type="app_t" minOccurs="1" maxOccurs="unbounded">
<xs:key name="mutexAumidOrDesktopApp">
<xs:selector xpath="."/>
<xs:field xpath="@AppUserModelId|@DesktopAppPath"/>
</xs:key>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="app_t">
<xs:attribute name="AppUserModelId" type="xs:string"/>
<xs:attribute name="DesktopAppPath" type="xs:string"/>
</xs:complexType>
<xs:complexType name="taskbar_t">
<xs:attribute name="ShowTaskbar" type="xs:boolean" use="required"/>
</xs:complexType>
<xs:complexType name="profileId_t">
<xs:attribute name="Id" type="guid_t" use="required"/>
</xs:complexType>
<xs:simpleType name="guid_t">
<xs:restriction base="xs:string">
<xs:pattern value="\{[0-9a-fA-F]{8}\-([0-9a-fA-F]{4}\-){3}[0-9a-fA-F]{12}\}"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="config_list_t">
<xs:sequence minOccurs="1" >
<xs:element name="Config" type="config_t" minOccurs="1" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="config_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="Account" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="DefaultProfile" type="profileId_t" minOccurs="1" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
<!--below is the definition of the config xml content-->
<xs:element name="AssignedAccessConfiguration">
<xs:complexType>
<xs:all minOccurs="1">
<xs:element name="Profiles" type="profile_list_t">
</xs:element>
<xs:element name="Configs" type="config_list_t"/>
</xs:all>
</xs:complexType>
</xs:element>
</xs:schema>
```

5
windows/configuration/provisioning-packages/provision-pcs-with-apps.md
View File

@ -7,6 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.author: jdecker
ms.date: 10/05/2017
---
# Provision PCs with apps
@ -21,6 +23,9 @@ In Windows 10, version 1703, you can install multiple Universal Windows Platform
When you add an app in a Windows Configuration Designer wizard, the appropriate settings are displayed based on the app that you select. For instructions on adding an app using the advanced editor in Windows Configuration Designer, see [Add an app using advanced editor](#adv).
>[!IMPORTANT]
>If you plan to use Intune to manage your devices, we recommend using Intune to install Office 365 ProPlus 2016 apps (Access, Excel, OneDrive for Business, OneNote, Outlook, PowerPoint, Publisher, Skype for Business, Word, Project Online Desktop Cilent, and Visio Pro for Office 365 ProPlus). Apps that are installed using a provisioning package cannot be managed or modified using Intune. [Learn how to assign Office 365 ProPlus 2016 apps using Microsoft Intune.](https://docs.microsoft.com/intune/apps-add-office365)
## Settings for UWP apps
- **License Path**: Specify the license file if it is an app from the Microsoft Store. This is optional if you have a certificate for the app.

3
windows/configuration/provisioning-packages/provisioning-apply-package.md
View File

@ -23,6 +23,9 @@ Provisioning packages can be applied to a device during the first-run experience
## Desktop editions
>[!NOTE]
>In Windows 10, version 1709, you can interrupt a long-running provisioning process by pressing ESC.
### During initial setup, from a USB drive
1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.

6
windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
View File

@ -21,7 +21,7 @@ ms.localizationpriority: high
A single-use or *kiosk* device is easy to set up in Windows 10 for desktop editions.
- Use the [Provision kiosk devices wizard](#wizard) in Windows Configuration Designer (Windows 10, version 1607 or later) to create a provisioning package that configures a kiosk device running either a Universal Windows app or a Classic Windows application (Windows 10 Enterprise or Education only).
- Use the [Provision kiosk devices wizard](#wizard) in Windows Configuration Designer (Windows 10, version 1607 or later) to create a provisioning package that configures a kiosk device running either a Universal Windows app or a Classic Windows application (Windows 10 Enterprise or Education only). In Windows 10, version 1709, you can use the [Provision kiosk devices wizard](#wizard) to configure a kiosk device running a Universal Windows app for Windows 10 Pro.
or
@ -85,8 +85,8 @@ Using assigned access, Windows 10 runs the designated Universal Windows app abo
| Method | Account type | Windows 10 edition |
| --- | --- | --- |
| [Use Settings on the PC](#set-up-assigned-access-in-pc-settings) | Local standard | Pro, Enterprise, Education |
| [Apply a mobile device management (MDM) policy](#set-up-assigned-access-in-mdm) | All (domain, local standard, local administrator, etc) | Enterprise, Education |
| [Create a provisioning package using Windows Configuration Designer](#wizard) | All (domain, local standard, local administrator, etc) | Enterprise, Education |
| [Apply a mobile device management (MDM) policy](#set-up-assigned-access-in-mdm) | All (domain, local standard, local administrator, etc) | Pro (1709 only), Enterprise, Education |
| [Create a provisioning package using Windows Configuration Designer](#wizard) | All (domain, local standard, local administrator, etc) | Pro (1709 only), Enterprise, Education |
| [Run a PowerShell script](#set-up-assigned-access-using-windows-powershell) | Local standard | Pro, Enterprise, Education |

0
windows/configuration/stop-employees-from-using-the-windows-store.md → windows/configuration/stop-employees-from-using-microsoft-store.md
View File

5
windows/configuration/wcd/wcd-applicationmanagement.md
View File

@ -7,13 +7,16 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 08/21/2017
ms.date: 10/17/2017
---
# ApplicationManagement (Windows Configuration Designer reference)
Use these settings to manage app installation and management.
>[!NOTE]
>ApplicationManagement settings are not available in Windows 10, version 1709.
## Applies to
| Settings | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |

15
windows/configuration/wcd/wcd-assignedaccess.md
View File

@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 08/21/2017
ms.date: 10/17/2017
---
# AssignedAccess (Windows Configuration Designer reference)
@ -19,6 +19,7 @@ Use this setting to configure single use (kiosk) devices.
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| [AssignedAccessSettings](#assignedaccesssettings) | X | | | X | |
| [MultiAppAssignedAccessSettings](#multiappassignedaccesssettings) | X | | | | |
## AssignedAccessSettings
@ -30,6 +31,18 @@ Enter the account and the application you want to use for Assigned access, using
```
"Account":"domain\user", "AUMID":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"
```
## MultiAppAssignedAccessSettings
>[!NOTE]
>MultiAppAssignedAccessSettings is supported on Windows 10, version 1709 only.
Use this setting to configure a kiosk device that runs more than one app.
1. [Create an assigned access configuration XML file for multiple apps.](../lock-down-windows-10-to-specific-apps.md)
2. In Windows Configuration Designer, select **MultiAppAssignedAccessSettings**.
3. Browse to and select the assigned access configuration XML file.
## Related topics
- [AssignedAccess configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/assignedaccess-csp)

5
windows/configuration/wcd/wcd-callandmessagingenhancement.md
View File

@ -7,13 +7,16 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 08/21/2017
ms.date: 10/17/2017
---
# CallAndMessagingEnhancement (Windows Configuration Designer reference)
Use to configure call origin and blocking apps.
>[!IMPORTANT]
>These settings are intended to be used only by manufacturers, mobile operators, and solution providers when configuring devices, and are not intended for use by administrators in the enterprise.
## Applies to
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |

146
windows/configuration/wcd/wcd-calling.md Normal file
View File

@ -0,0 +1,146 @@
---
title: Calling (Windows 10)
description: This section describes the Calling settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 10/17/2017
---
# Calling (Windows Configuration Designer reference)
Use to configure settings for Calling.
>[!IMPORTANT]
>These settings are intended to be used only by manufacturers, mobile operators, and solution providers when configuring devices, and are not intended for use by administrators in the enterprise.
## Applies to
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | | X | | | |
## Branding
See [Branding for phone calls](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/branding-for-phone-calls).
## PartnerAppSupport
See [Dialer codes to launch diagnostic applications](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/dialer-codes-to-launch-diagnostic-applications).
## PerSimSettings
Use to configure settings for each subscriber identification module (SIM) card. Enter the Integrated Circuit Card Identifier (ICCID) for the SIM card, click Add, and then configure the folowing settings.
### Critical
Setting | Description
--- | ---
MOSimFallbackVoicemailNumber | Partners who do not have the voicemail numbers on the device SIM can configure the voicemail number for their devices. If the voicemail number is not on the SIM and the registry key is not set, the default voicemail will not be set and the user will need to set the number. Set MOSimFallbackVoicemailNumber to the voicemail number that you want to use for the phone.
SimOverrideVoicemailNumber | Mobile operators can override the voicemail number on the UICC with a different voicemail number that is configured in the registry. Set SimOverrideVoicemailNumber to a string that contains the digits of the voicemail number to use instead of the voicemail number on the UICC.
### General
Setting | Description
--- | ---
AllowVideoConferencing | Set as **True** to enable the ability to conference video calls.
DefaultCallerIdSetting | Configure the default setting for caller ID. Select between `No one`, `Only contacts`, `Every one`, and `Network default`. If set to `Network default`, set `ShowCallerIdNetworkDefaultSetting` to **True**.
DefaultEnableVideoCalling | Set as **True** to enable LTE video calling as the default setting.
IgnoreMWINotifications | Set as **True** to configure the voicemail system so the phone ignores message waiting indicator (MWI) notifications.
IgnoreUssdExclusions | Set as **True** to ignore Unstructured Supplementary Service Data (USSD) exclusions.
ResetCallForwarding | When set to **True**, user is provided with an option to retry call forwarding settings query.
ShowCallerIdNetworkDefaultSetting | Indicates whether the network default setting can be allowed for outgoing caller ID.
ShowVideoCallingSwitch | Use to specify whether to show the video capability sharing switch on the mobile device's Settings screen.
SupressVideoCallingChargesDialog | Configure the phone settings CPL to supress the video calling charges dialog.
UssdExclusionList | List used to exclude predefined USSD entries, allowing the number to be sent as standard DTMF tones instead. Set UssdExclusionList to the list of desired exclusions, separated by semicolons. For example, setting the value to 66;330 will override 66 and 330. Leading zeros are specified by using F. For example, to override code 079, set the value to F79. If you set UssdExclusionList, you must set IgnoreUssdExclusions as well. Otherwise, the list will be ignored. See [List of USSD codes](#list-of-ussd-codes) for values.
WiFiCallingOperatorName | Enter the operator name to be shown when the phone is using WiFi calling. If you don't set a value for WiFiCallingOperatorName, the device will always display **SIMServiceProviderName Wi-Fi**, where *SIMServiceProviderName* is a string that corresponds to the SPN for the SIM on the device. If the service provider name in the SIM is not set, only **Wi-Fi** will be displayed.
## PhoneSettings
Setting | Description
--- | ---
AssistedDialSetting | Turn off the international assist feature that helps users with the country codes needed for dialing international phone numbers.
CallIDMatch | Sets the number of digits that the OS will try to match against contacts for Caller ID. For any country/region that doesn't exist in the default mapping table, mobile operators can use this legacy CallIDMatch setting to specify the minimum number of digits to use for matching caller ID.
ContinuousDTMFEnabled | Enable DTMF tone duration for as long as the user presses a dialpad key.
DisableVoicemailPhoneNumberDisplay | Disable the display of the voicemail phone number below the Voicemail label in call progress dialog.
HideCallForwarding | Partners can hide the user option to turn on call forwarding. By default, users can decide whether to turn on call forwarding. Partners can hide this user option so that call forwarding is permanently disabled.
ShowLongTones | Partners can make a user option visible that makes it possible to toggle between short and long DTMF tones, instead of the default continuous tones. By default, the phone supports Dual-Tone Multi-frequency (DTMF) with continuous tones. Partners can make a user option visible that makes it possible to toggle between short and long tones instead.
UseOKForUssdDialogs | OEMs can change the button label in USSD dialogs from **Close** (the default) to **OK**.
VoLTEAudioQualityString | Partners can add a string to the call progress screen to indicate if the active call is a high quality voice over LTE (VoLTE). Set the value of VoLTEAudioQualityString to the string that you want to display in the call progress screen to indicate that the call is a VoLTE call. This string is combined with the PLMN so if the string is "VoLTE", the resulting string is "PLMN_String VoLTE". For example, the string displayed in the call progress screen can be "Litware VoLTE" if the PLMN_String is "Litware". The value you specify for VoLTEAudioQualityString must exceed 10 characters.
## SupplementaryServiceCodeOverrides
See [Dialer codes for supplementary services](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/dialer-codes-for-supplementary-services).
## VoicemailRegistrationTable
Configure these settings to customize visual voicemail in the Windows 10 Mobile UI. For settings and values, see [Visual voicemail](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/visual-voicemail).
## List of USSD codes
Codes | Description | DWORD Value
--- | --- | ---
04 | CHANGEPIN | 000000F4
042 | CHANGEPIN2 | 00000F42
05 | UNBLOCKPIN | 000000F5
052 | UNBLOCKPIN2 | 00000F52
03 | SSCHANGEPASSWORD | 000000F3
75 | EMLPPBASE | 00000075
750 | EMLPPLEVEL0 | 00000750
751 | EMLPPLEVEL1 | 00000751
752 | EMLPPLEVEL2 | 00000752
753 | EMLPPLEVEL3 | 00000753
754 | EMLPPLEVEL4 | 00000754
66 | CALLDEFLECT | 00000066
30 | CALLIDCLIP | 00000030
31 | CALLIDCLIR | 00000031
76 | CALLIDCOLP | 00000076
77 | CALLIDCOLR | 00000077
21 | FWDUNCONDITIONAL | 00000021
67 | FWDBUSY | 00000067
61 | FWDNOREPLY | 00000061
62 | FWDNOTREACHABLE | 00000062
002 | FWDALL | 00000FF2
004 | FWDALLCONDITIONAL | 00000FF4
43 | CALLWAITING | 00000043
360 | UUSALL | 00000360
361 | UUSSERVICE1 | 00000361
362 | UUSSERVICE2 | 00000362
363 | UUSSERVICE3 | 00000363
33 | BARROUT | 00000033
331 | BARROUTINTL | 00000331
332 | BARROUTINTLEXTOHOME | 00000332
35 | BARRIN | 00000035
351 | BARRINROAM | 00000351
330 | BARRALL | 00000330
333 | BARRALLOUT | 00000333
353 | BARRALLIN | 00000353
354 | BARRINCOMINGINTERMEDIATE | 00000354
96 | CALLTRANSFER | 00000096
37 | CALLCOMPLETEBUSY | 00000037
070 | PNP0 | 00000F70
071 | PNP1 | 00000F71
072 | PNP2 | 00000F72
073 | PNP3 | 00000F73
074 | PNP4 | 00000F74
075 | PNP5 | 00000F75
076 | PNP6 | 00000F76
077 | PNP7 | 00000F77
078 | PNP8 | 00000F78
079 | PNP9 | 00000F79
300 | CALLCNAP | 00000300
591 | MSP1 | 00000591
592 | MSP2 | 00000592
593 | MSP3 | 00000593
594 | MSP4 | 00000594

436
windows/configuration/wcd/wcd-cellcore.md Normal file
View File

@ -0,0 +1,436 @@
---
title: CellCore (Windows 10)
description: This section describes the CellCore settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 10/17/2017
---
# CellCore (Windows Configuration Designer reference)
Use to configure settings for cellular data.
>[!IMPORTANT]
>These settings are intended to be used only by manufacturers, mobile operators, and solution providers when configuring devices, and are not intended for use by administrators in the enterprise.
## Applies to
Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core
--- | :---: | :---: | :---: | :---: | :---:
PerDevice: [CellConfigurations](#cellconfigurations) | | X | | |
PerDevice: [CellData](#celldata) CellularFailover | X | X | | |
PerDevice: [CellData](#celldata) MaxNumberOfPDPContexts | | X | | |
PerDevice: [CellData](#celldata) ModemProfiles | | X | | |
PerDevice: [CellData](#celldata) PersistAtImaging | | X | | |
PerDevice: [CellUX](#cellux) | | X | | |
PerDevice: [CGDual](#cgdual) | | X | | |
PerDevice: [eSim](#esim) | X | X | | |
PerDevice: [External](#external) | | X | | |
PerDevice: [General](#general) | | X | | |
PerDevice: [RCS](#rcs) | | X | | |
PerDevice: [SMS](#sms) | X | X | | |
PerDevice: [UIX](#uix) | | X | | |
PerDevice: [UTK](#utk) | | X | | |
PerlMSI: [CellData](#celldata2) | | X | | |
PerIMSI: [CellUX](#cellux2) | | X | | |
PerIMSI: [General](#general2) | | X | | |
PerIMSI: [RCS](#rcs2) | | X | | |
PerIMSI: [SMS](#sms2) | X | X | | |
PerIMSI: [UTK](#utk2) | | X | | |
PerIMSI: [VoLTE](#volte) | | X | | |
## PerDevice
### CellConfigurations
1. In **CellConfiguration** > **PropertyGroups**, enter a name for the property group.
2. Select the **PropertyGroups** you just created in the **Available customizations** pane and then enter a **PropertyName**.
3. Select the **PropertyName** you just created in the **Available customizations** pane, and then select one of the following data types for the property:
- Binary
- Boolean
- Integer
- String
4. The data type that you selected is added in **Available customizations**. Select it to enter a value for the property.
### CellData
Setting | Description
--- | ---
CellularFailover | Allow or disallow cellular data failover when in limited Wi-Fi connectivity. By default, if the phone is connected to a Wi-Fi network and the data connection to a site is unsuccessful due to limited Wi-Fi connectivity, the phone will complete the connection to the site using available cellular data networks (when possible) to provide an optimal user experience. When the customization is enabled, a user option to use or not use cellular data for limited Wi-Fi connectivity becomes visible in the **Settings** > **cellular+SIM** screen. This option is automatically set to **dont use cellular data** when the customization is enabled.
MaxNumberOfPDPContexts | Set a maximum value (1 through 4, inclusive, or 0x1 through 0x4 hexadecimal) for the number of simultaneous packet data protocol (PDP) contexts for 3GPP connections. By default, the OS enforces a maximum of four (4) simultaneous packet data protocol (PDP) contexts for 3GPP connections, and one (1) PDP context for 3GPP2 connections. You can set a different maximum value if required by their mobile operator. The same maximums apply for both roaming and non-roaming scenarios. This maximum does not include packet contexts used internally by the modem.
ModemProfiles > LTEAttachGuids | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.
PersistAtImaging > DisableAoAc | Enable or disable Always-on/Always-connected (AoAc) on the WWAN adapter.
### CellUX
Setting | Description
--- | ---
APNAuthTypeDefault | Select between **Pap** and **Chap** for default APN authentication type.
APNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default APN IP type.
Critical > ShowVoLTEToggle | Select **Yes** to show the VoLTE toggle in the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to hide the toggle.
Disable2GByDefault | Select **Yes** to disable 2G by default. Select **No** to enable 2G.
Disabled2GNoticeDescription | Enter text to customize the notification for disabled 2G.
GenericWifiCallingErrorMessage | Enter text to customize the generic error message when a Wi-Fi calling error occurs.
Hide3GPP2ModeSelection | Select **Yes** to hide the **CDMA** option in the network **Mode** selection drop-down menu. Select **No** to show the **CDMA** option.
Hide3GPP2Selection | For 3GPP2 or CDMA phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM** settings screen. Select **No** to show **Network Type**.
Hide3GPPNetworks | For 3GPP or GSM phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM settings** screen. Select **No** to show **Network Type**.
HideAPN | Select **Yes** to hide the **add internet APN** button in the **SIM settings** screen. Select **No** to show **add internet APN**.
HideAPNAuthType | Select **Yes** to hide the APN authentication selector. Select **No** to show the APN authentication selector.
HideAPNIPType | Select **Yes** to hide the **IP type** list in the **internet APN** settings screen. Select **No** to show **IP type**.
HideDisabled2GNotice | Select **Yes** to hide the notification for disabled 2G. Select **No** to show the notification for disabled 2G.
HideHighestSpeed | Select **Yes** to hide the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show **Highest connection speed**.
HideHighestSpeed2G | Select **Yes** to hide the 2G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 2G option.
HideHighestSpeed3GOnly | Select **Yes** to hide the 3G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 3G option.
HideHighestSpeed4G | Select **Yes** to hide the 4G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G option.
HideHighestSpeed4G3GOnly | Select **Yes** to hide the 4G or 3G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G or 3G Only option.
HideHighestSpeed4GOnly | Select **Yes** to hide the 4G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G Only option.
HideLTEAttachAPN | Select **Yes** to hide the **LTE attach APN** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **LTE attach APN** button.
HideMMSAPN | Select **Yes** to hide the **add mms apn** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **add mms apn** button.
HideMMSAPNAuthType | Select **Yes** to hide the APN authentication type selector on the MMS APN page. Select **No** to show APN authentication selector.
HideMMSAPNIPType | Select **Yes** to hide the APN IP type selector on the MMS APN page. Select **No** to show the APN IP type selector.
HideModeSelection | Select **Yes** to hide the **Network Mode selection** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **Network Mode selection**.
HidePersoUnlock | Select **Yes** to hide the Perso unlock UI. Select **No** to show the Perso unlock UI.
HighestSpeed2G | You can customize the listed names of the connection speeds with their own character codes. To modify "2G" to another character code, change the value of HighestSpeed2G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
HighestSpeed3G | You can customize the listed names of the connection speeds with their own character codes. To modify "3G" to another character code, change the value of HighestSpeed3G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
HighestSpeed3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Only" to another character code, change the value of HighestSpeed3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
HighestSpeed3GPreferred | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Preferred" to another character code, change the value of HighestSpeed3GPreferred. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
HighestSpeed4G | You can customize the listed names of the connection speeds with their own character codes. To modify "4G" to another character code, change the value of HighestSpeed4G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
HighestSpeed4G3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G or 3G Only" to another character code, change the value of HighestSpeed4G3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
HighestSpeed4GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G Only" to another character code, change the value of HighestSpeed4GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
HighestSpeedTitle | You can customize the **Highest connection speed** drop-down label in the **Settings** > **Cellular+SIM** > **SIM** settings page. To change the Highest connection speed drop-down label, set HighestSpeedTitle to another string. For example, you can set this to "Preferred connection speed".
IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Dont allow roaming to avoid international data roaming charges.*
LTEAttachGUID | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.
MMSAPNAuthTypeDefault | Select between **Pap** and **Chap** for default MMS APN authentication type.
MMSAPNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default MMS APN IP type.
ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operators network. The short versions of the extended reject message are shown in the following screens:</br></br>- Phone tile in Start</br></br>- Call History screen</br></br>- Dialer</br></br>- Call Progress screen</br></br>- Incoming Call screen</br></br>- As the status string under Settings > cellular+SIM</br></br></br>The long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message.
ShowHighestSpeed3GPreferred | Select **Yes** to show the **3G Preferred** option in the **Highest connection speed** drop-down menu. Select **No** to hide **3G Preferred**.
ShowManualAvoidance | Select **Yes** to show the **Switch to next network manually** button in SIM settings when Mode Selection is CDMA on a C+G dual SIM phone. Select **No** to hide the **Switch to next network manually** button
ShowPreferredPLMNPage | Select **Yes** to show the preferred public land mobile network (PLMN) page in SIM settings.
ShowSpecificWifiCallingError | Select **Yes** to show a specific error message based on operator requirements.
ShowViewAPN | Select **Yes** to show the **View Internet APN** button in **Settings** > **cellular+SIM**.
ShowWifiCallingEmergencyCallWarning | Select **Yes** to show Wi-Fi emergency call warning.
ShowWifiCallingError | Select **Yes** to show Wi-Fi calling error message.
SuppressDePersoUI | Select **Yes** to hide the perso unlock UI.
### CGDual
Use **CGDual** > **RestrictToGlobalMode** to configure settings for global mode on C+G Dual SIM phones. When the device registration changes, if the value for this setting is set, the OS changes the preferred system type to the default preferred system type for world mode. If the phone is not camped on any network, the OS assumes the phone is on the home network and changes the network registration preference to default mode.
Select from the following:
- RestrictToGlobalMode_Disabled: the phone is not restricted to global mode.
- RestrictToGlobalMobe_Home: when a slot is registered at home and supports global mode, the mode selection is restricted to global mode.
- RestrictToGlobalMode_Always: if a slot supports global mode and this value is selected, the mode selection is restricted to global mode.
### eSim
Configure **FwUpdate** > **AllowedAppIdList** to whitelist apps that are allowed to update the firmware. Obtain the app IDs from the card vendor.
### External
Setting | Description
--- | ---
CallSupplementaryService > OTASPNonStandardDialString | Enter a list of all desired non-standard OTASP dial strings.
CarrierSpecific > FallBackMode | Select between **GWCSFB** and **1xCSFB** for fallback mode.
CarrierSpecific > VZW > ActSeq | Enables activation for 4G VZW card. Do not configure this setting for non-VZW devices.
EnableLTESnrReporting | Select between **Use only RSRP** and **Use both RSRP and ECNO** to check if SNR needs to be used for LTE Signal Quality calculations.
EnableUMTSEcnoReporting | Select between **Use only RSSI** and **Use both RSSI and SNR** to check if SNR needs to be used for UMTS Signal Quality calculations.
ImageOnly > ERI > AlgorithmMBB0 | Select between **Sprint** and **Verizon** to specify the ERI algorithm in MBB for subscription 0.
ImageOnly > ERI > AlgorithmMBB1 | Select between **Sprint** and **Verizon** to specify the ERI algorithm in MBB for subscription 1.
ImageOnly > ERI > AlgorithmWmRil | Select between **Sprint** and **Verizon** to specify the ERI-based notification algorithm.
ImageOnly > ERI > DataFileNameWmRil | Specify the location of the ERI file on the device; for example, `C:\Windows\System32\SPCS_en.eri`. *SPCS_en.eri* is a placeholder. Obtain the ERI file name from the mobile operator and replace this filename with it.
ImageOnly > ERI > EnabledWmRil | Enable or disable ERI-based notifications.
ImageOnly > ERI > ERIDataFileNameMBB0 | Specify the ERI data file name with international roaming list for Verizon in MBB for subscription 0.
ImageOnly > ERI > ERIDataFileNameMBB1 | Specify the ERI data file name with international roaming list for Verizon in MBB for subscription 1.
ImageOnly > ERI > ERISprintIntlRoamDataFileNameMBB0 | Specify the ERI data file name with international roaming list for Sprint in MBB for subscription 0.
ImageOnly > ERI > ERISprintIntlRoamDataFileNameMBB1 | Specify the ERI data file name with international roaming list for Sprint in MBB for subscription 1.
ImageOnly > ERI > SprintInternationalERIValuesWmRil | Specify the international ERI values for Sprint as `to 4A,7C,7D,7E,9D,9E,9F,C1,C2,C3,C4,C5,C6,E4,E5,E6,E7,E8.`.
ImageOnly > MTU > DormancyTimeout0 | Enter the number of milliseconds to wait after dormancy hint before telling the modem to make the air interface dormant for subscription 0. Minimum value is 1703, and maximum value is 5000.
ImageOnly > MTU > DormancyTimeout1 | Enter the number of milliseconds to wait after dormancy hint before telling the modem to make the air interface dormant for subscription 1. Minimum value is 1703, and maximum value is 5000.
ImageOnly > MTU > MTUDataSize | Customize the TCP maximum segment size (MSS) by setting the maximum transmission unit (MTU) data size if the MSS does not meet the requirements of the mobile operator network. For TCP, the default maximum transmission unit (MTU) is set to 1500 bytes, which makes the maximum segment size (MSS) 1460 bytes. In general, this value should not be changed, as the user experience will degrade if low values are set. However, if the MSS does not meet the requirements of the mobile operator network, OEMs can customize it by setting the MTU data size. This customization configures the MTU, so the size should be set to the required MSS size plus 40 bytes.
ImageOnly > MTU > RoamingMTUDataSize | Customize the TCP maximum segment size (MSS) for roaming by setting the maximum transmission unit (MTU) data size if the MSS does not meet the requirements of the mobile operator network. For TCP, the default maximum transmission unit (MTU) is set to 1500 bytes, which makes the maximum segment size (MSS) 1460 bytes. In general, this value should not be changed, as the user experience will degrade if low values are set. However, if the MSS does not meet the requirements of the mobile operator network, OEMs can customize it for roaming by setting the MTU data size. This customization configures the MTU, so the size should be set to the required MSS size plus 40 bytes.
ImageOnly > SuppressNwPSDetach | Configure whether to suppress reporting of network-initiated PS detach (appear attached to OS) until deregistered.
SignalBarMapping Table | You can modify the percentage values used for the signal strength in the status bar per filter. For details, see [Custom percentages for signal strength bars](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/custom-percentages-for-signal-strength-bars).
SRVCCAutoToggleWmRil | Configure whether to link SRVCC to VOLTE on/off.
### General
Setting | Description
--- | ---
atomicRoamingTableSettings3GPP | If you enable 3GPP roaming, configure the following settings:</br></br>- **Exceptions** maps the SerialNumber key to the Exceptions value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Exceptions" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Exceptions). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.</br>- **HomePLMN** maps the SerialNumber key to the HomePLMN value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "HomePLMN" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (HomePLMN). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.</br>- **TargetImsi** maps the SerialNubmer key to the TargetIMSI value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "TargetImsi" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (TargetImsi). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.
atomicRoamingTableSettings3GPP2 | If you enable 3GPP2 roaming, configure the following settings:</br></br>- **Home** maps the SerialNumber key to the Home value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Home" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Home). The data in the regvalue is a DWORD representing the Roaming Indicator. </br>- **Roaming** maps the SerialNumber key to the Roaming value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Roaming" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Roaming). The data in the regvalue is a DWORD representing the Roaming Indicator.
AvoidStayingInManualSelection | You can enable permanent automatic mode for mobile networks that require the cellular settings to revert to automatic network selection after the user has manually selected another network when roaming or out of range of the home network.
CardAllowList | Define the list of SIM cards allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards allowed in the first slot, set the value for CardAllowList to a comma-separated MCC:MNC list. You can also use wild cards, represented by an asterisk, to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`.
CardBlockList | Define the list of SIM cards that are not allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards that are not allowed in the first slot, set the value for CardBlockList to a comma separated MCC:MNC list. You can also use wild cards, represented by an asterisk, to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`.
CardLock | Used to enforce either the card allow list or both the card allow and block lists on a C+G dual SIM phone.
DefaultSlotAffinity | Set the data connection preference for:</br></br>- **SlotAffinityForInternetData_Automatic**: data connection preference is automatically set</br>- **SlotAffinityForInternetData_Slot0**: sets the data connection preference to Slot 0. The data connection cannot be edited by the user.</br>- **SlotAffinityForInternetData_Slot1**: Sets the data connection preference to Slot 1. The data connection cannot be edited by the user.
DisableLTESupportWhenRoaming | Set to **Yes** to disable LTE support when roaming.
DisableSystemTypeSupport | Enter the system types to be removed.
DTMFOffTime | Sets the length of time, in milliseconds (between 64 and 1000 inclusive), of the pause between DTMF digits. For example, a value of 120 specifies 0.12 seconds.
DTMFOnTime | Sets the length of time, in milliseconds (between 64 and 1000 inclusive), to generate the DTMF tone when a key is pressed. For example, a value of 120 specifies 0.12 seconds.
ExcludedSystemTypesByDefault | Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`).
ExcludedSystemTypesPerOperator | Exclude specified system types from SIM cards that match the MCC:MNC pairs listed in **OperatorListForExcludedSystemTypes**. This setting is used only for China. Set the value to match the system type to be excluded. For more information about the RIL system types, see [RILSYSTEMTYPE](https://msdn.microsoft.com/library/windows/hardware/dn931143.aspx). For example, a value of 0x8 specifies RIL_SYSTEMTYPE_UMTS (3G) while 0x10 specifies RIL_SYSTEMTYPE_LTE (4G). To exclude more than one system type, perform a bitwise OR operation on the radio technologies you want to exclude. For example, a bitwise OR operation on RIL_SYSTEMTYPE_LTE (4G) and RIL_SYSTEMTYPE_UMTS (3G) results in the value 11000 (binary) or 0x18 (hexadecimal). In this case, the ExcludedSystemTypesPerOperator value must be set to 0x18 to limit the matching MCC:MNC pairs to 2G.
LTEEnabled | Select **Yes** to enable LTE, and **No** to disable LTE.
LTEForced | Select **Yes** to force LTE.
ManualNetworkSelectionTimeout | Set the default network selection timeout value, in a range of 1-600 seconds. By default, the OS allows the phone to attempt registration on the manually selected network for 60 seconds (or 1 minute) before it switches back to automatic mode. This value is the amount of time that the OS will wait for the modem to register on the manually selected network. If the time lapses and the modem was not able to register on the network that was manually selected by the user, the OS will either switch back to the automatic network selection mode if Permanent automatic mode is enabled, and the user has manually selected a network or the modem was turned on, or display a dialog that notifies the user that the phone was unable to connect to the manually selected network after the phone was turned on or after airplane mode was turned off.
NetworkSuffix | To meet branding requirements for some mobile operators, you can add a suffix to the network name that is displayed on the phone. For example, you can change from ABC to ABC 3G when under 3G coverage. This feature can be applied for any radio access technology (RAT). For TD-SCDMA RAT, a 3G suffix is always appended by default, but partners can also customize this the same way as with any other RAT. In the setting name, set SYSTEMTYPE to the network type that you want to append the network name to and click **Add**:</br></br>- system type 4: 2G (GSM)</br>- system type 8: 3G (UMTS)</br>- system type 16: LTE</br>- system type 32: 3G (TS-SCDMA)</br></br>Select the system type that you added, and enter the network name and suffix that you want displayed.
NitzFiltering | For mobile networks that can receive Network Identity and Time Zone (NITZ) information from multiple sources, partners can set the phone to ignore the time received from an LTE network. Time received from a CDMA network is not affected. Set the value of NitzFiltering to `0x10`.
OperatorListForExcludedSystemTypes | Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030.
OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator.
PreferredDataProviderList | OEMs can set a list of MCC/MNC pairs for the purchase order (PO) carrier or primary operator. For mobile operators that require it, OEMs can set a list of MCC/MNC pairs for the purchase order (PO) carrier or primary operator so that it can be set as the default data line for phones that have a dual SIM. When the PO SIM is inserted into the phone, the OS picks the PO SIM as the data line and shows a notification to the user that the SIM has been selected for Internet data. If two PO SIMs are inserted, the OS will choose the first PO SIM that was detected as the default data line and the mobile operator action required dialogue (ARD) is shown. If two non-PO SIMs are inserted, the user is prompted to choose the SIM to use as the default data line. Note OEMs should not set this customization unless required by the mobile operator. To enumerate the MCC/MNC value pairs to use for data connections, set the value for **PreferredDataProviderList**. The value must be a comma-separated list of preferred MCC:MNC values. For example, the value can be 301:026,310:030 and so on.
Slot2DisableAppsList | Disable specified apps from slot 2 on a C+G dual SIM phone. To disable a list of specified apps from Slot 2, set Slot2DisableAppsList to a comma-separated list of values representing the apps. For example, `4,6`.
Slot2ExcludedSystemTypes | Exclude specified system types from SIM cards inserted in Slot 2. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can restrict the second slot in a dual-SIM phone regardless of what apps or executor mapping the second slot is associated with. Note This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To allow an operator to simply restrict the second slot in a dual SIM phone regardless of what apps or executor mapping the second slot is associated with, set the value of Slot2ExcludedSystemTypes to the system types to be excluded from the SIM cards inserted in Slot 2. For example, a value of 0x8 specifies RIL_SYSTEMTYPE_UMTS (3G) while 0x10 specifies RIL_SYSTEMTYPE_LTE (4G). To exclude more than one system type, perform a bitwise OR operation on the radio technologies you want to exclude. For example, a bitwise OR operation on RIL_SYSTEMTYPE_LTE (4G) and RIL_SYSTEMTYPE_UMTS (3G) results in the value 11000 (binary) or 0x18 (hexadecimal). In this case, any SIM inserted in Slot 2 will be limited to 2G. For more information about the RIL system types, see [RILSYSTEMTYPE](https://msdn.microsoft.com/library/windows/hardware/dn931143.aspx).
SuggestDataRoamingARD | Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming.
SuggestGlobalModeARD | Define whether Global Mode is suggested on a C+G dual SIM phone.
SuggestGlobalModeTimeout | To specify the number of seconds to wait for network registration before suggesting global mode, set SuggestGlobalModeTimeout to a value between 1 and 600, inclusive. For example, to set the timeout to 60 seconds, set the value to 60 (decimal) or 0x3C (hexadecimal).
### RCS
Setting | Description
--- | ---
SystemEnabled | Select **Yes** to specify that the system is RCS-enabled.
UserEnabled | Select **Yes** to show the user setting if RCS is enabled on the device.
### SMS
Setting | Description
--- | ---
AckExpirySeconds | Set the value, in seconds, for how long to wait for a client ACK before trying to deliver.
DefaultMCC | Set the default mobile country code (MCC).
Encodings > GSM7BitEncodingPage | Enter the code page value for the 7-bit GSM default alphabet encoding. Values:</br></br>- Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)</br>- Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction)
Encodings > GSM8BitEncodingPage | Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 5505055099. For more information, see [Add encoding extension tables for SMS]https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/add-encoding-extension-tables-for-sms).
Encodings > OctetEncodingPage | Set the octet (binary) encoding.
Encodings > SendUDHNLSS | Set the 7 bit GSM shift table encoding.
Encodings > UseASCII | Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding.
Encodings > UseKeyboardLangague | Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language).
IncompleteMsgDeliverySeconds | Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation.
MessageExpirySeconds | Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds.
SmsFragmentLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message.
SmsPageLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message.
SprintFragmentInfoInBody | Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message.
Type3GPP > ErrorHandling > ErrorType | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**.
Type3GPP > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recepient address**, or **network connectivity trouble**.
Type3GPP > IMS > SmsUse16BitReferenceNumbers | Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH.
Type3GPP2 > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recepient address**, or **network connectivity trouble**.
Type3GPP2 > ErrorHandling > UseReservedAsPermanent | Set the 3GPP2 permanent error type.
### UIX
Setting | Description
--- | ---
SIM1ToUIM1 | Used to show UIM1 as an alternate string instead of SIM1 for the first SIM on C+G dual SIM phones.
SIMToSIMUIM | Partners can change the string "SIM" to "SIM/UIM" to accommodate scenarios such as Dual Mode cards of SIM cards on the phone. This can provide a better user experience for users in some markets. Enabling this customization changes all "SIM" strings to "SIM/UIM".
### UTK
Setting | Description
--- | ---
UIDefaultDuration | Specifies the default time, in milliseconds, that the DISPLAY TEXT, GET INKEY, PLAY TONE, or SELECT ITEM dialog should be displayed. The default value is 60000 milliseconds (60 seconds). The valid value range is 1-120000.
UIGetInputDuration | Specifies the default time, in milliseconds, that the GET INPUT dialog should be displayed. The default value is 120000 milliseconds (120 seconds). The valid value range is 1-120000.
## PerlMSI
Enter an IMSI, click **Add**, and then select the IMSI that you added to configure the following settings.
<span id="celldata2" />
### CellData
Setting | Description
--- | ---
MaxNumberOfPDPContexts | OEMs can set a maximum value for the number of simultaneous packet data protocol (PDP) contexts for 3GPP connections. By default, the OS enforces a maximum of four (4) simultaneous packet data protocol (PDP) contexts for 3GPP connections, and one (1) PDP context for 3GPP2 connections. OEMs can set a different maximum value if required by their mobile operator. The same maximums apply for both roaming and non-roaming scenarios. This maximum does not include packet contexts used internally by the modem.
<span id="cellux2" />
### CellUX
Setting | Description
--- | ---
APNIPTypeIfHidden | Used to set the default IP type shown in the **IP type** listbox on the **internet APN** settings screen.
Critical > ShowVoLTERoaming | Use to show the IMS roaming control in the cellular settings page
Critical > ShowVoLTEToggle | Show or hide VoLTE toggle.
Critical > SwitchIMS | Switch IMS on or off with a toggle. OEMs can configure the default settings and toggle for IMS services to meet mobile operator requirements. Users can later manually change the default values for these settings if they choose to do so.
Critical > SwitchSMSOverIMS | Switch SMS over IMS on or off when VoLTE is toggled.
Critical > SwitchVideoOverIMS | Use to switch video over IMS when VoLTE is switched.
Critical > SwitchVoiceOverIMS | Switch voice over IMS when VoLTE is toggled.
Critical > SwitchXCAP | Use to switch the XML Configuration Access Protocol (XCAP) when VoLTE is enabled.
Critical > VoLTERoamingOffDescription | Use to customize the description string that appears under IMS roaming control when IMS roaming is turned off. The string must not be longer than 127 characters.
Critical > VoLTERoamingOnDescription | Use to customize the description string that appears under IMS roaming control when IMS roaming is turned on. The string must not be longer than 127 characters.
Critical > VoLTERoamingSettingDisableDuringCall | Use to specify whether to grey out VoLTE roaming settings during an active VoLTE call.
Critical > VoLTERoamingTitle | Use to customize the description string for the IMS roaming control. The string must not be longer than 127 characters.
Critical > VoLTESectionTitle | Use to customize the section title for the IMS settings. he string must not be longer than 127 characters.
Critical > VoLTESettingDisableDuringCall | Use to specify whether to grey out VoLTE-related settings during an active VoLTE call.
Critical > VoLTEToggleDescription | Use to customize the VoLTE toggle description. To customize the VoLTE toggle description, set VoLTEToggleDescription to the name of the resource-only .dll file, specifying the string offset. For example: @DisplayStrings.dll,-101.
Critical > VoLTEToggleSettingDisableDuringCall | Use to specify whether to grey out the VoLTE toggle during an active VoLTE call.
Critical > VoLTEToggleTitle | Use to customize the VoLTE toggle label. To customize the VoLTE toggle label, set VoLTEToggleTitle to the name of the resource-only .dll file, specifying the string offset. For example: @DisplayStrings.dll,-102.
Critical > WFCSettingDisableDuringCall | Use to specify whether to grey out the Wi-Fi calling settings during an active VoLTE call.
Disable2GByDefault | Select **Yes** to disable 2G by default. Select **No** to enable 2G.
Disabled2GNoticeDescription | Enter text to customize the notification for disabled 2G.
GenericWifiCallingErrorMessage | Enter text to customize the generic error message when a Wi-Fi calling error occurs.
Hide3GPP2ModeSelection | Select **Yes** to hide the **CDMA** option in the network **Mode** selection drop-down menu. Select **No** to show the **CDMA** option.
Hide3GPP2Selection | For 3GPP2 or CDMA phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM** settings screen. Select **No** to show **Network Type**.
Hide3GPPNetworks | For 3GPP or GSM phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM settings** screen. Select **No** to show **Network Type**.
HideAPN | Select **Yes** to hide the **add internet APN** button in the **SIM settings** screen. Select **No** to show **add internet APN**.
HideAPNIPType | Select **Yes** to hide the **IP type** list in the **internet APN** settings screen. Select **No** to show **IP type**.
HideDisabled2GNotice | Select **Yes** to hide the notification for disabled 2G. Select **No** to show the notification for disabled 2G.
HideHighestSpeed | Select **Yes** to hide the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show **Highest connection speed**.
HideHighestSpeed2G | Select **Yes** to hide the 2G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 2G option.
HideHighestSpeed3GOnly | Select **Yes** to hide the 3G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 3G option.
HideHighestSpeed4G | Select **Yes** to hide the 4G option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G option.
HideHighestSpeed4G3GOnly | Select **Yes** to hide the 4G or 3G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G or 3G Only option.
HideHighestSpeed4GOnly | Select **Yes** to hide the 4G Only option on the **Highest connection speed** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the 4G Only option.
HideLTEAttachAPN | Select **Yes** to hide the **LTE attach APN** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **LTE attach APN** button.
HideMMSAPN | Select **Yes** to hide the **add mms apn** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **add mms apn** button.
HideMMSAPNIPType | Select **Yes** to hide the APN IP type selector on the MMS APN page. Select **No** to show the APN IP type selector.
HideModeSelection | Select **Yes** to hide the **Network Mode selection** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **Network Mode selection**.
HidePersoUnlock | Select **Yes** to hide the Perso unlock UI. Select **No** to show the Perso unlock UI.
HighestSpeed2G | You can customize the listed names of the connection speeds with their own character codes. To modify "2G" to another character code, change the value of HighestSpeed2G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
HighestSpeed3G | You can customize the listed names of the connection speeds with their own character codes. To modify "3G" to another character code, change the value of HighestSpeed3G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
HighestSpeed3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Only" to another character code, change the value of HighestSpeed3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
HighestSpeed3GPreferred | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Preferred" to another character code, change the value of HighestSpeed3GPreferred. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
HighestSpeed4G | You can customize the listed names of the connection speeds with their own character codes. To modify "4G" to another character code, change the value of HighestSpeed4G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
HighestSpeed4G3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G or 3G Only" to another character code, change the value of HighestSpeed4G3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
HighestSpeed4GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G Only" to another character code, change the value of HighestSpeed4GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
HighestSpeedTitle | You can customize the **Highest connection speed** drop-down label in the **Settings** > **Cellular+SIM** > **SIM** settings page. To change the Highest connection speed drop-down label, set HighestSpeedTitle to another string. For example, you can set this to "Preferred connection speed".
IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Dont allow roaming to avoid international data roaming charges.*
LTEAttachGUID | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.
MMSAPNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default MMS APN IP type.
ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operators network. The short versions of the extended reject message are shown in the following screens:</br></br>- Phone tile in Start</br></br>- Call History screen</br></br>- Dialer</br></br>- Call Progress screen</br></br>- Incoming Call screen</br></br>- As the status string under Settings > cellular+SIM</br></br></br>The long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message.
ShowHighestSpeed3GPreferred | Select **Yes** to show the **3G Preferred** option in the **Highest connection speed** drop-down menu. Select **No** to hide **3G Preferred**.
ShowManualAvoidance | Select **Yes** to show the **Switch to next network manually** button in SIM settings when Mode Selection is CDMA on a C+G dual SIM phone. Select **No** to hide the **Switch to next network manually** button
ShowPreferredPLMNPage | Select **Yes** to show the preferred public land mobile network (PLMN) page in SIM settings.
ShowSpecificWifiCallingError | Select **Yes** to show a specific error message based on operator requirements.
ShowViewAPN | Select **Yes** to show the **View Internet APN** button in **Settings** > **cellular+SIM**.
ShowWifiCallingEmergencyCallWarning | Select **Yes** to show Wi-Fi emergency call warning.
ShowWifiCallingError | Select **Yes** to show Wi-Fi calling error message.
<span id="general2" />
### General
Setting | Description
--- | ---
atomicRoamingTableSettings3GPP | If you enable 3GPP roaming, configure the following settings:</br></br>- **Exceptions** maps the SerialNumber key to the Exceptions value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Exceptions" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Exceptions). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.</br>- **HomePLMN** maps the SerialNumber key to the HomePLMN value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "HomePLMN" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (HomePLMN). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.</br>- **TargetImsi** maps the SerialNubmer key to the TargetIMSI value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "TargetImsi" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (TargetImsi). The data in the regvalue is a string representing an MCC-MNC pair, such as "410510" where 410 is the MCC and 510 is the MNC.
atomicRoamingTableSettings3GPP2 | If you enable 3GPP2 roaming, configure the following settings:</br></br>- **Home** maps the SerialNumber key to the Home value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Home" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Home). The data in the regvalue is a DWORD representing the Roaming Indicator. </br>- **Roaming** maps the SerialNumber key to the Roaming value. The wildcard, $(SerialNumber), is a 3-digit decimal serial number (000 through 999) represented as a string. The wildcard is used as a regvalue under the "Roaming" subkey. Multiple reg values in this form may be configured or customized by the OEM, all placed under the same subkey (Roaming). The data in the regvalue is a DWORD representing the Roaming Indicator.
AvoidStayingInManualSelection | You can enable permanent automatic mode for mobile networks that require the cellular settings to revert to automatic network selection after the user has manually selected another network when roaming or out of range of the home network.
CardAllowList | Define the list of SIM cards allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards allowed in the first slot, set the value for CardAllowList to a comma-separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`.
CardBlockList | Define the list of SIM cards that are not allowed in the first slot of a C+G dual SIM phone. This setting is used only if **CardLock** is set to allow it. If **CardLock** is not set, this list is ignored. To configure the list of SIM cards that are not allowed in the first slot, set the value for CardBlockList to a comma separated MCC:MNC list. You can also use wild cards, represented by an asterisk (*), to accept any value. For example, you can set the value to `310:410,311:*,404:012,310:70`.
CardLock | Used to enforce either the card allow list or both the card allow and block lists on a C+G dual SIM phone.
Critical > MultivariantProvisionedSPN | Used to change the default friendly SIM names in dual SIM phones. By default, the OS displays SIM 1 or SIM 2 as the default friendly name for the SIM in slot 1 or slot 2 if the service provider name (SPN) or mobile operator name has not been set. Partners can use this setting to change the default name read from the SIM to define the SPN for SIM cards that do not contain this information or to generate the default friendly name for the SIM. The OS uses the default value as the display name for the SIM or SPN in the Start screen and other parts of the UI including the SIM settings screen. For dual SIM phones that contain SIMs from the same mobile operator, the names that appear in the UI may be similar. See [Values for MultivariantProvisionedSPN](#spn).
Critical > SimNameWithoutMSISDNENabled | Use this setting to remove the trailing MSISDN digits from the service provider name (SPN) in the phone UI. By default, the OS appends the trailing MSISDN digits to the service provider name (SPN) in the phone UI, including on the phone and messaging apps. If required by mobile operators, OEMs can use the SimNameWithoutMSISDNEnabled setting to remove the trailing MSISDN digits. However, you must use this setting together with **MultivariantProvisionedSPN** to suppress the MSISDN digits.
DisableLTESupportWhenRoaming | Set to **Yes** to disable LTE support when roaming.
ExcludedSystemTypesByDefault | Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`).
LTEEnabled | Select **Yes** to enable LTE, and **No** to disable LTE.
LTEForced | Select **Yes** to force LTE.
NetworkSuffix | To meet branding requirements for some mobile operators, you can add a suffix to the network name that is displayed on the phone. For example, you can change from ABC to ABC 3G when under 3G coverage. This feature can be applied for any radio access technology (RAT). For TD-SCDMA RAT, a 3G suffix is always appended by default, but partners can also customize this the same way as with any other RAT. In the setting name, set SYSTEMTYPE to the network type that you want to append the network name to and click **Add**:</br></br>- system type 4: 2G (GSM)</br>- system type 8: 3G (UMTS)</br>- system type 16: LTE</br>- system type 32: 3G (TS-SCDMA)</br></br>Select the system type that you added, and enter the network name and suffix that you want displayed.
NitzFiltering | For mobile networks that can receive Network Identity and Time Zone (NITZ) information from multiple sources, partners can set the phone to ignore the time received from an LTE network. Time received from a CDMA network is not affected. Set the value of NitzFiltering to `0x10`.
OperatorListForExcludedSystemTypes | Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030.
OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator.
SuggestDataRoamingARD | Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming.
<span id="rcs2" />
### RCS
See descriptions in Windows Configuration Designer.
<!---Table in temp folder CELLCORE--->
<span id="sms2" />
### SMS
Setting | Description
--- | ---
AckExpirySeconds | Set the value, in seconds, for how long to wait for a client ACK before trying to deliver.
DefaultMCC | Set the default mobile country code (MCC).
Encodings > GSM7BitEncodingPage | Enter the code page value for the 7-bit GSM default alphabet encoding. Values:</br></br>- Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)</br>- Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction)
Encodings > GSM8BitEncodingPage | Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 5505055099. For more information, see [Add encoding extension tables for SMS]https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/add-encoding-extension-tables-for-sms).
Encodings > OctetEncodingPage | Set the octet (binary) encoding.
Encodings > SendUDHNLSS | Set the 7 bit GSM shift table encoding.
Encodings > UseASCII | Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding.
Encodings > UseKeyboardLangague | Set whether to use the keyboard language (Portuguese, Spanish, or Turkish) based encoding (set shift table based on keyboard language).
IncompleteMsgDeliverySeconds | Set the value, in seconds, for long to wait for all parts of multisegment Sprint messages for concatenation.
MessageExpirySeconds | Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds.
SmsFragmentLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message.
SmsPageLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message.
SprintFragmentInfoInBody | Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message.
Type3GPP > ErrorHandling > ErrorType | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**.
Type3GPP > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recepient address**, or **network connectivity trouble**.
Type3GPP > IMS > SmsUse16BitReferenceNumbers | Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH.
Type3GPP2 > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recepient address**, or **network connectivity trouble**.
Type3GPP2 > ErrorHandling > UseReservedAsPermanent | Set the 3GPP2 permanent error type.
<span id="utk2" />
### UTK
Setting | Description
--- | ---
UIDefaultDuration | Specifies the default time, in milliseconds, that the DISPLAY TEXT, GET INKEY, PLAY TONE, or SELECT ITEM dialog should be displayed. The default value is 60000 milliseconds (60 seconds). The valid value range is 1-120000.
UIGetInputDuration | Specifies the default time, in milliseconds, that the GET INPUT dialog should be displayed. The default value is 120000 milliseconds (120 seconds). The valid value range is 1-120000.
### VoLTE
Setting | Description
--- | ---
IMSOMADMServices | Allows configuration of OMA DM Services Mask. The value is mapped directly to RIL_IMS_NW_ENABLED_FLAGS on the modem side. To configure the OMA DM services mask, set the IMSOMADMServices setting to one of the following values:</br></br>- None, Flag: 0, Bitmask: 00000</br>- OMA DM, Flag: 1, Bitmask: 00001</br>- Voice, Flag: 2, Bitmask: 00010</br>- Video, Flag: 4, Bitmask: 00100</br>- EAB presence, Flag: 8, Bitmask: 01000</br>- Enable all services, Flag: 15, Bitmask: 10000
IMSServices | Identifies which IMS services are enabled (if any). The value is any combination of flags 1 (IMS), 2 (SMS over IMS), 4 (Voice over IMS) and 8 (Video Over IMS). Set the value for the IMSServices setting to any combination of the following flags or bitmasks:</br></br>- IMS, Flag: 1, Bitmask: 0001</br>- SMS over IMS, Flag: 2, Bitmask: 0010</br>- Voice over IMS, Flag: 4, Bitmask: 0100</br>Video over IMS, Flag: 8, Bitmask: 1000
<span id="errorreject" />
## Error messages for reject codes
Reject code | Extended error message | Short error message
--- | --- | ---
2 (The SIM card hasn't been activated or has been deactivated) | SIM not set up MM#2 | Invalid SIM
3 (The SIM card fails authentication or one of the identity check procedures. This can also happen due to a duplication of the TMSI across different MSCs.) | Can't verify SIM MM#3 | Invalid SIM
6 (The device has been put on a block list, such as when the phone has been stolen or the IMEI is restricted.) | Phone not allowed MM#6 | No service
<span id="spn" />
## Values for MultivariantProvisionedSPN
Set the MultivariantProvisionedSPN value to the name of the SPN or mobile operator.
The following table shows the scenarios supported by this customization:
>[!NOTE]
>In the Default SIM name column:
>
>- The " " in MultivariantProvisionedSPN" "1234 means that there is a space between the mobile operator name or SPN and the last 4 digits of the MSISDN.
>- MultivariantProvisionedSPN means the value that you set for the MultivariantProvisionedSPN setting.
>- SIM 1 or SIM 2 is the default friendly name for the SIM in slot 1 or slot 2.
Multivariant setting set?|SPN provisioned?|MSISDN (last 4 digits: 1234, for example) provisioned?|Default SIM name
Yes|Yes|Yes|*MultivariantProvisionedSPN*1234 or *MultivariantProvisionedSPN*" "1234
Yes|No|No|*MultivariantProvisionedSPN* (up to 16 characters)
Yes|Yes|No|*MultivariantProvisionedSPN* (up to 16 characters)
Yes|No|Yes|*MultivariantProvisionedSPN*1234 or *MultivariantProvisionedSPN*" "1234
No|Yes|Yes|If SPN string >= 12: *SPN*1234</br></br>If SPN string < 12: *SPN*" "1234
No|No|No|*SIM 1* or *SIM 2*
No|Yes|No|SPN (up to 16 characters)
No|No|Yes|*SIM 1* or *SIM 2*

30
windows/configuration/wcd/wcd-cellular.md
View File

@ -7,21 +7,22 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 08/21/2017
ms.date: 10/17/2017
---
# Cellular (Windows Configuration Designer reference)
Use to configure settings for cellular connections.
>[!IMPORTANT]
>These settings are intended to be used only by manufacturers, mobile operators, and solution providers when configuring devices, and are not intended for use by administrators in the enterprise.
## Applies to
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| [AccountExperienceURL](#accountexperienceurl) | X | | | | |
| [AppID](#appid) | X | | | | |
| [NetworkBlockList](#networkblocklist) | X | | | | |
| [SIMBlockList](#simblocklist) | X | | | | |
| All settings | X | | | | |
To begin, enter a SIM integrated circuit card identifier (**SimIccid**), and click **Add**. In the **Customizations** pane, select the SimIccid that you just entered and configure the following settings for it.
@ -34,10 +35,27 @@ Enter the URL for the mobile operator's web page.
Enter the AppID for the mobile operator's app in Microsoft Store.
## BrandingIcon
Browse to and select an .ico file.
## BrandingIconPath
Enter the destination path for the BrandingIcon .ico file.
## BrandingName
Enter the service provider name for the mobile operator.
## NetworkBlockList
Enter a comma-separated list of mobile country code (MCC) and mobile network code (MCC) pairs (MCC:MNC).
## SIMBlockList
Enter a comma-separated list of mobile country code (MCC) and mobile network code (MCC) pairs (MCC:MNC).
Enter a comma-separated list of mobile country code (MCC) and mobile network code (MCC) pairs (MCC:MNC).
## UseBrandingNameOnRoaming
Select an option for displaying the BrandingName when the device is roaming.

12
windows/configuration/wcd/wcd-connections.md
View File

@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 08/21/2017
ms.date: 10/17/2017
---
# Connections (Windows Configuration Designer reference)
@ -18,10 +18,8 @@ Use to configure settings related to various types of phone connections.
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| [Cellular](#cellular) | X | X | X | X | |
| [EnterpriseAPN](#enterpriseapn) | X | X | X | X | |
| [Policies](#policies) | X | X | X | X | |
| [Proxies](#proxies) | X | X | X | X | |
| All settings | X | X | X | X | |
For each setting group:
1. In **Available customizations**, select the setting group (such as **Cellular**), enter a friendly name for the connection, and then click **Add**.
@ -36,6 +34,10 @@ See [CM_CellularEntries configuration service provider (CSP)](https://msdn.micro
See [Configure cellular settings for tablets and PCs](https://docs.microsoft.com/windows/configuration/provisioning-apn) and
[EnterpriseAPN CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterpriseapn-csp) for settings and values.
## General
Use **General > DataRoam** to set the default value for the **Default roaming options** option in the **Settings > cellular + SIM** area on the device. Select between **DoNotRoam**, **DomesticRoaming**, or **InternationalRoaming**.
## Policies
See [CMPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/cmpolicy-csp) for settings and values.

4
windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
View File

@ -1,5 +1,5 @@
---
title: DesktopBackgrounAndColors (Windows 10)
title: DesktopBackgroundAndColors (Windows 10)
description: This section describes the DesktopBackgrounAndColors settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
@ -10,7 +10,7 @@ ms.author: jdecker
ms.date: 08/21/2017
---
# DesktopBackgrounAndColors (Windows Configuration Designer reference)
# DesktopBackgroundAndColors (Windows Configuration Designer reference)
Do not use. Instead, use the [Personalization settings](wcd-personalization.md).

64
windows/configuration/wcd/wcd-deviceinfo.md Normal file
View File

@ -0,0 +1,64 @@
---
title: DeviceInfo (Windows 10)
description: This section describes the DeviceInfo settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 10/17/2017
---
# DeviceInfo (Windows Configuration Designer reference)
Use to configure settings for DeviceInfo.
>[!IMPORTANT]
>These settings are intended to be used only by manufacturers, mobile operators, and solution providers when configuring devices, and are not intended for use by administrators in the enterprise.
## Applies to
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | | X | | | |
## PhoneMobileOperatorDisplayName
Enter a friendly name for the mobile operator. This string is displayed in the support section of the **Settings > About** screen and in the ringtone list.
## PhoneMobileOperatorName
This setting is used for targeting phone updates. It must contain a code specified by Microsoft that corresponds to the mobile operator. These codes are provided in [Registry values for mobile operator IDs](https://msdn.microsoft.com/library/windows/hardware/dn772250.aspx). For open market phones, in which the mobile operator is not known, use the codes in [Registry values for carrier-unlocked phones](https://msdn.microsoft.com/library/windows/hardware/dn772248.aspx) instead.
This string is not visible to the user.
This setting must not be changed over time even if the user switches SIMs or mobile operators, as updates are always targeted based on the first mobile operator associated with the phone.
The [PhoneManufacturer](https://msdn.microsoft.com/library/windows/hardware/mt138328.aspx), [PhoneManufacturerModelName](https://msdn.microsoft.com/library/windows/hardware/mt138336.aspx), and PhoneMobileOperatorName should create a unique Phone-Operator-Pairing (POP).
## PhoneOEMSupportLink
This should be a functional link that starts with http://. The link should be a URL that redirects to the mobile version of the web page. The content in the webpage should reflow to the screen width. This can be achieved by adding the CSS Tag `"@-ms-viewport { width: device-width; }"`.
The default is an empty string (""), which means that a support link will not be displayed to the user.
This setting varies by OEM.
## PhoneSupportLink
This should be a functional link that starts with http://. The link should be a URL that redirects to the mobile version of the web page. The content in the webpage should reflow to the screen width. This can be achieved by adding the CSS Tag `"@-ms-viewport { width: device-width; }"`.
The default is an empty string (""), which means that a support link will not be displayed to the user.
This setting varies by OEM.
## PhoneSupportPhoneNumber
Use to specify the OEM or mobile operator's support contact phone number. The country code is not required. This string is displayed in the About screen in Settings. This setting also corresponds to the Genuine Windows Phone Certificates (GWPC) support number.

2
windows/configuration/wcd/wcd-devicemanagement.md
View File

@ -12,7 +12,7 @@ ms.date: 08/21/2017
# DeviceManagement (Windows Configuration Designer reference)
Use to...
Use to configure device management settings.
## Applies to

116
windows/configuration/wcd/wcd-hotspot.md Normal file
View File

@ -0,0 +1,116 @@
---
title: HotSpot (Windows 10)
description: This section describes the HotSpot settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 10/17/2017
---
# HotSpot (Windows Configuration Designer reference)
Use HotSpot settings to configure Internet sharing.
## Applies to
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | | X | | | |
>[!NOTE]
>Although the HotSpot settings are available in advanced editing for multiple editions, the settings are only supported on devices running Windows 10 Mobile.
## DedicatedConnections
(Optional) Set DedicatedConnections to a semicolon-separated list of connections.
Specifies the list of Connection Manager cellular connections that Internet sharing will use as public connections.
By default, any available connection will be used as a public connection. However, this node allows a mobile operator to specify one or more connection names to use as public connections.
Specified connections will be mapped, by policy, to the Internet sharing service. All attempts to enumerate Connection Manager connections for the Internet sharing service will return only the mapped connections.
The mapping policy will also include the connection specified in the TetheringNAIConnection value as well.
If the specified connections do not exist, Internet sharing will not start because it will not have any cellular connections available to share.
## Enabled
Specify **True** to enable Internet sharing on the device or **False** to disable Internet sharing.
If Enabled is initially set to **True**, the feature is turned off and the internet sharing screen is removed from Settings so that the user cannot access it. Configuration changes or connection sharing state changes will not be possible.
When Enabled is set to **False**, the internet sharing screen is added to Settings, although sharing is turned off by default until the user turns it on.
## MaxBluetoothUsers
(Optional) Specify the maximum number of simultaneous Bluetooth users that can be connected to a device while sharing over Bluetooth. Set MaxBluetoothUsers to an integer value between 1 and 7 inclusive. The default value is 7.
## MaxUsers
(Optional) Specify the maximum number of simultaneous users that can be connected to a device while sharing. Set MaxUsers to an integer value between 1 and 8 inclusive. The default value is 5.
## MOAppLink
(Optional) Enter an application link that points to a pre-installed application, provided by the mobile operator. that will help a user to subscribe to the mobile operator's Internet sharing service when Internet sharing is not provisioned or entitlement fails.
Set MOAppLink to a valid app ID. The general format for the link is *app://MOappGUID*. For example, if your app ID is `12345678-9012-3456-7890-123456789012`, you must set the value to `app://12345678-9012-3456-7890-123456789012`.
## MOHelpMessage
(Optional) Enter a reference to a localized string, provided by the mobile operator, that is displayed when Internet sharing is not enabled due to entitlement failure. The node takes a language-neutral registry value string, which has the following form:
```
@<res_dll>,-<str_id>
```
Where `<res_dll>` is the resource dll that contains the string and `<str_id>` is the string identifier. For more information on language-neutral string resource registry values, see [Using Registry String Redirection](https://msdn.microsoft.com/library/windows/desktop/dd374120.aspx).
## MOHelpNumber
(Optional) Enter a mobile operatorspecified phone number that is displayed to the user when the Internet sharing service fails to start. The user interface displays a message informing the user that they can call the specified number for help.
## MOInfoLink
(Optional) Enter a mobile operatorspecified HTTP link that is displayed to the user when Internet sharing is disabled or the device is not entitled. The user interface displays a message informing the user that they can visit the specified link for more information about how to enable the feature.
## PeerlessTimeout
(Optional) Enter the time-out period, in minutes, after which Internet sharing should automatically turn off if there are no active clients.
Set PeerlessTimeout to any value between 1 and 120 inclusive. A value of 0 is not supported. The default value is 5 minutes.
## PublicConnectionTimeout
(Optional) Enter the time-out value, in minutes, after which Internet sharing is automatically turned off if a cellular connection is not available.
Set PublicConnectionTimeout to any value between 1 and 60 inclusive. The default value is 20 minutes. A value of 0 is not supported.
## TetheringNAIConnection
(Optional) Specify the CDMA TetheringNAI Connection Manager cellular connection that Internet sharing will use as a public connection. Set TetheringNAIConnection to the CDMA TetheringNAI Connection Manager cellular connection.
If a CDMA mobile operator requires using a Tethering NAI during Internet sharing, they must configure a TetheringNAI connection and then specify the connection in this node.
Specified connections will be mapped, by policy, to the Internet sharing service. All attempts to enumerate Connection Manager connections for the Internet sharing service will return only the mapped connections.The mapping policy will also include the connection specified in the TetheringNAIConnection value as well.
If the specified connections do not exist, Internet sharing will not start because it will not have any cellular connections available to share.
>[!NOTE]
>CDMA phones are limited to one active data connection at a time. This means any application or service (such as e-mail or MMS) that is bound to another connection may not work while Internet sharing is turned on.

176
windows/configuration/wcd/wcd-messaging.md
View File

@ -7,12 +7,18 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 08/21/2017
ms.date: 10/17/2017
---
# Messaging (Windows Configuration Designer reference)
Use for settings related to Messaging.
Use for settings related to Messaging and Commercial Mobile Alert System (CMAS).
>[!IMPORTANT]
>These settings are intended to be used only by manufacturers, mobile operators, and solution providers when configuring devices, and are not intended for use by administrators in the enterprise.
>[!NOTE]
>CMAS is now known as Wireless Emergency Alerts (WEA).
## Applies to
@ -20,16 +26,70 @@ Use for settings related to Messaging.
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | | X | | | |
## GlobalSettings > ShowSendingStatus
## GlobalSettings
### DisplayCmasLifo
Use this setting to change the order in which CMAS alert messages are displayed, from the default first in/first out (FIFO) message order to last in/first out (LIFO) message order.
If the phone receives at least one CMAS alert message which has not been acknowledged by the user, and another CMAS alert message arrives on the phone, partners can configure the order in which the newly received alert messages are displayed on the phone regardless of the service category of the alert. Users will not be able to change the message order once it has been set.
If partners do not specify a value for this customization, the default FIFO display order is used. Users will be able to acknowledge the messages in the reverse order they were received.
When configured as **True**, you set a LIFO message order. When configured as **False**, you set a FIFO message order.
### EnableCustomLineSetupDialog
Enable this setting to allow custom line setup dialogs in the Messaging app.
### ShowSendingStatus
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
Set **ShowSendingStatus** to **True** to display the sending status for SMS/MMS messages.
## PerSimSettings > _ICCID
### VoicemailIntercept
Use to configure settings for each subscriber identification module (SIM) card.
Partners can define a filter that intercepts an incoming SMS message and triggers visual voicemail synchronization. The filtered message does not appear in the users conversation list.
A visual voicemail sync is triggered by an incoming SMS message if the following conditions are met:
- The message sender value starts with the string specified in the SyncSender setting. The length of the specified values must be greater than 3 characters but less than 75 characters.
- The body of the message starts with the string specified in the SyncPrefix setting. The length of the specified values must be greater than 3 characters but less than 75 characters.
- Visual voicemail is configured and enabled. For more information, see [Visual voicemail](https://msdn.microsoft.com/library/windows/hardware/dn790032.aspx).
>[!NOTE]
>These settings are atomic, so both SyncSender and SyncPrefix must be set.
>
>The SyncSender and SyncPrefix values vary for each mobile operator, so you must work with your mobile operators to obtain the correct or required values.
Setting | Description
--- | ---
SyncPrefix | Specify a value for SyncPrefix that is greater than 3 characters but less than 75 characters in length. For networks that support it, this value can be the keyword for the SMS notification.
SyncSender | Specify a value for SyncSender that is greater than 3 characters but less than 75 characters in length. For networks that support it, this value can be a short code of the mailbox server that sends a standard SMS notification.
## PerSimSettings
Use to configure settings for each subscriber identification module (SIM) card. Enter the Integrated Circuit Card Identifier (ICCID) for the SIM card, click **Add**, and then configure the folowing settings.
### AllowMmsIfDataIsOff
Setting | Description
--- | ---
AllowMmsIfDataIsOff | **True** allows MMS if data is off
AllowMmsIfDataIsOffSupported | **True** shows the toggle for allowing MMS if data is turned off
AllowMmsIfDataIsOffWhileRoaming | **True** allows MMS if data is off while roaming
### AllowSelectAllContacts
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
Set to **True** to show the select all contacts/unselect all menu option to allow users to easily select multiple recipients for an SMS or MMS message. This menu option provides users with an easier way to add multiple recipients and may also meet a mandatory requirement for some mobile operator networks.
Windows 10 Mobile supports the following select multiple recipients features:
@ -55,31 +115,106 @@ Specify whether MMS messages are automatically downloaded.
| AutomaticallyDownload | **True** sets the **Automatically download MMS** toggle to **On** |
| ShowAutomaticallyDownloadMMSToggle | **True** shows the **Automatically download MMS** toggle, and **False** hides the toggle |
### DefaultContentLocationUrl
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
For networks that require it, you can specify the default GET path within the MMSC to use when the GET URL is missing from the WAP push MMS notification.
Set **DefaultContentLocationUrl** to specify the default GET path within the MMSC.
### ErrorCodeEnabled
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
You can choose to display additional content in the conversation view when an SMS or MMS message fails to send. This content includes a specific error code in decimal format that the user can report to technical support. Common errors also include a friendly string to help the user self-diagnose and fix the problem.
Set to **True** to display the error message with an explanation of the problem and the decimal-format error codes. When set to **False**, the full error message is not displayed.
### EmergencyAlertOptions
### ImsiAuthenticationToken
Configure settings for CMAS alerts.
Setting | Description
--- | ---
CmasAMBERAlertEnabled | **True** enables the device to receive AMBER alerts
CmasExtremeAlertEnabled | **True** enables the device to receive extreme alerts
CmasSevereAlertEnabled | **True** enables the device to receive severe alerts
EmOperatorEnabled | Select which Emergency Alerts Settings page is displayed from dropdown menu
SevereAlertDependentOnExtremeAlert | When set as **True**, the CMAS-Extreme alert option must be on to modify CMAS-Severe alert option
### General
Setting | Description
--- | ---
AllowSelectAllContacts | Set to **True** to show the **select all contacts/unselect all** menu option to allow users to easily select multiple recipients for an SMS or MMS message. This menu option provides users with an easier way to add multiple recipients and may also meet a mandatory requirement for some mobile operator networks. Windows 10 Mobile supports the following select multiple recipients features:</br></br>- A multi-select chooser, which enables users to choose multiple contacts.</br>- A **select all contacts/unselect all** menu option, which enables users to select or unselect all their contacts. This option is not shown by default and must be enabled by the OEM.
AllowSMStoSMTPAddress | Allow SMS to SMTP address.
AssistedDialingMcc | By setting AssistedDialingMcc and AssistedDialingMnc, international assisted dialing will be enabled for SMS if the user setting for international assisted dialing is enabled. Enter the Mobile Country Code (MCC) to use for sending SMS.
AssistedDialingMnc | By setting AssistedDialingMcc and AssistedDialingMnc, international assisted dialing will be enabled for SMS if the user setting for international assisted dialing is enabled. Enter the Mobile Network Code (MNC) to use for sending SMS.
AssistedDialingPlusCodeSupportOverride | For devices that support IMS over SMS, you can override support for the assisted dialing plus (+) code for SMS by setting AssistedDialingPlusCodeSupportOverride. If enabled, the OS will not convert the plus (+) code to the proper assisted number when the user turns on the dialing assist option.
AutoRetryDownload | You can configure the messaging app to automatically retry downloading an MMS message if the initial download attempt fails. When this customization is enabled, the download is retried 3 times at 20-, 40-, and 60-second intervals.
BroadcastChannels | You can specify one or more ports from which the device will accept cellular broadcast messages. Set the BroadcastChannels value to the port number(s) that can accept cellular broadcast messages. If you specify the same port that Windows 10 Mobile already recognizes as an Emergency Alert port (a CMAS or ETWS port number) and a cell broadcast message is received on that port, the user will only receive the message once. The message that is received will be displayed as an Emergency Alert message.
ConvertLongSMStoMMS | For networks that do support MMS and do not support segmentation of SMS messages, you can specify an automatic switch from SMS to MMS for long messages.
DefaultContentLocationUrl | For networks that require it, you can specify the default GET path within the MMSC to use when the GET URL is missing from the WAP push MMS notification. Set DefaultContentLocationUrl to specify the default GET path within the MMSC.
ErrorCodeEnabled | You can choose to display additional content in the conversation view when an SMS or MMS message fails to send. This content includes a specific error code in decimal format that the user can report to technical support. Common errors also include a friendly string to help the user self-diagnose and fix the problem. Set to **True** to display the error message with an explanation of the problem and the decimal-format error codes. When set to **False**, the full error message is not displayed.
HideMediumSIPopups | By default, when a service indication message is received with a signal-medium or signal-high setting, the phone interrupts and shows the user prompt for these messages. However, you can hide the user prompts for signal-medium messages.
ImsiAuthenticationToken | Configure whether MMS messages include the IMSI in the GET and POST header. Set ImsiAuthenticationToken to the token used as the header for authentication. The string value should match the IMSI provided by the UICC.
LimitRecipients | Set the maximum number of recipients to which a single SMS or MMS message can be sent. Enter a number between 1 and 500 to limit the maximum number of recipients.
MaxRetryCount | You can specify the number of times that the phone can retry sending the failed MMS message and photo before the user receives a notification that the photo could not be sent. Specify MaxRetryCount to specify the number of times the MMS transport will attempt resending the MMS message. This value has a maximum limit of 3.
MMSLimitAttachments | You can specify the maximum number of attachments for MMS messages, from 1 to 20. The default is 5.
RetrySize | For MMS messages that have photo attachments and that fail to send, you can choose to automatically resize the photo and attempt to resend the message. Specify the maximum size to use to resize the photo in KB. Minimum is 0xA (10 KB).
SetCacheControlNoTransform | When set, proxies and transcoders are instructed not to change the HTTP header and the content should not be modified. A value of 1 or 0x1 adds support for the HTTP header Cache-Control No-Transform directive. When the SetCacheControlNoTransform``Value is set to 0 or 0x0 or when the setting is not set, the default HTTP header Cache-Control No-Cache directive is used.
ShowRequiredMonthlyTest | **True** enables devices to receive CMAS Required Monthly Test (RMT) messages and have these show up on the device. **False** disables devices from receiving CMAS RMT messages.
SmscPanelDisabled | **True** disables the short message service center (SMSC) panel.
SMStoSMTPShortCode | Use to configure SMS messages to be sent to email addresses and phone numbers. `0` disables sending SMS messages to SMTP addresses. `1` enables sending SMS messages to SMTP addresses.
TargetVideoFormat | You can specify the transcoding to use for video files sent as attachments in MMS messages. Set TargetVideoFormat to one of the following values to configure the default transcoding for video files sent as attachments in MMS messages:</br></br>- 0 or 0x0 Sets the transcoding to H.264 + AAC + MP4. This is the default set by the OS.</br>- 1 or 0x1 Sets the transcoding to H.264 + AAC + 3GP.</br>- 2 or 0x2 Sets the transcoding to H.263 + AMR.NB + 3GP.</br>- 3 or 0x3 Sets the transcoding to MPEG4 + AMR.NB + 3GP.
UAProf | You can specify a user agent profile to use on the phone for MMS messages. The user agent profile XML file details a phones hardware specifications and media capabilities so that an MMS application server (MMSC) can return supported optimized media content to the phone. The user agent profile XML file is generally stored on the MMSC. There are two ways to correlate a user agent profile with a given phone:</br></br>- You can take the user agent string of the phone that is sent with MMS requests and use it as a hash to map to the user agent profile on the MMSC. The user agent string cannot be modified.</br>- Alternatively, you can directly set the URI of the user agent profile on the phone.</br></br>Set UAProf to the full URI of your user agent profile file. Optionally, you can also specify the custom user agent property name for MMS that is sent in the header by setting UAProfToken to either `x-wap-profile` or `profile`.
UAProfToken | You can specify a user agent profile to use on the phone for MMS messages. The user agent profile XML file details a phones hardware specifications and media capabilities so that an MMS application server (MMSC) can return supported optimized media content to the phone. The user agent profile XML file is generally stored on the MMSC.
UseDefaultAddress | By default, the MMS transport sends an acknowledgement to the provisioned MMS application server (MMSC). However, on some networks, the correct server to use is sent as a URL in the MMS message. In that case, a registry key must be set, or else the acknowledgement will not be received and the server will continue to send duplicate messages. **True** enables some networks to correctly acknowledge MMS messages. **False** disables the feature.
UserAgentString | Set UserAgentString to the new user agent string for MMS in its entirely. By default, this string has the format WindowsPhoneMMS/MicrosoftMMSVersionNumber WindowsPhoneOS/OSVersion-buildNumber OEM-deviceName, in which the italicized text is replaced with the appropriate values for the phone.
UseUTF8ForUnspecifiedCharset | Some incoming MMS messages may not specify a character encoding. To properly decode MMS messages that do not specify a character encoding, you can set UTF-8 to decode the message.
WapPushTechnology | For networks that require non-standard handling of single-segment incoming MMS WAP Push notifications, you can specify that MMS messages may have some of their content truncated and that they may require special handling to reconstruct truncated field values. `1` or `0x1` enables MMS messages to have some of their content truncated. `0` or `0x0` disables MMS messages from being truncated
## ImsiAuthenticationToken
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
Configure whether MMS messages include the IMSI in the GET and POST header.
Set **ImsiAuthenticationToken** to the token used as the header for authentication. The string value should match the IMSI provided by the UICC.
### LatAlertOptions
Enable `LatLocalAlertEnabled` to enable support for LAT-Alert Local Alerts for devices sold in Chile. For more information, see [Emergency notifications](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/emergency-notifications).
### MaxRetryCount
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
You can specify the number of times that the phone can retry sending the failed MMS message and photo before the user receives a notification that the photo could not be sent.
Specify MaxRetryCount to specify the number of times the MMS transport will attempt resending the MMS message. This value has a maximum limit of 3.
### MMSGroupText
Set options for group messages sent to multiple people.
Setting | Description
--- | ---
MMSGroupText | **True** enables group messages to multiple people sent as MMS.
ShowMMSGroupTextUI | **True** shows the toggle for group text in messaging settings.
ShowMmsGroupTextWarning | **True** shows the warning that alerts users of possible additional charges before sending a group text as MMS.
### NIAlertOptions
Enable `NI2AlertEnabled` to enable support for the Netherlands Announcements for devices sold in the Netherlands. For more information, see [Emergency notifications](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/emergency-notifications).
### RcsOptions
@ -103,8 +238,18 @@ Set options related to MMS message notifications. You can specify whether users
| RequestDeliveryReportIsSupported | **True** shows the toggle for MMS delivery confirmation, and **False** hides the toggle. |
### SMSDeliveryNotify
Setting | Description
--- | ---
DeliveryNotifySupported | Set to **True** to enable SMS delivery confirmation.
SMSDeliveryNotify | Set to **True** to toggle SMS delivery confirmation.
### TargetVideoFormat
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
You can specify the transcoding to use for video files sent as attachments in MMS messages.
Set TargetVideoFormat to one of the following values to configure the default transcoding for video files sent as attachments in MMS messages:
@ -119,6 +264,9 @@ Set TargetVideoFormat to one of the following values to configure the default tr
### UAProf
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
You can specify a user agent profile to use on the phone for MMS messages. The user agent profile XML file details a phones hardware specifications and media capabilities so that an MMS application server (MMSC) can return supported optimized media content to the phone. The user agent profile XML file is generally stored on the MMSC.
There are two ways to correlate a user agent profile with a given phone:
@ -130,6 +278,9 @@ Set **UAProf** to the full URI of your user agent profile file. Optionally, you
### UAProfToken
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
You can specify a user agent profile to use on the phone for MMS messages. The user agent profile XML file details a phones hardware specifications and media capabilities so that an MMS application server (MMSC) can return supported optimized media content to the phone. The user agent profile XML file is generally stored on the MMSC.
Optionally, in addition to specifying **UAProf**, you can also specify the custom user agent property name for MMS that is sent in the header by setting **UAProfToken** to either `x-wap-profile` or `profile`.
@ -137,6 +288,9 @@ Optionally, in addition to specifying **UAProf**, you can also specify the custo
### UserAgentString
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
Set **UserAgentString** to the new user agent string for MMS in its entirely.
By default, this string has the format WindowsPhoneMMS/MicrosoftMMSVersionNumber WindowsPhoneOS/OSVersion-buildNumber OEM-deviceName, in which the italicized text is replaced with the appropriate values for the phone.
@ -147,16 +301,17 @@ By default, this string has the format WindowsPhoneMMS/MicrosoftMMSVersionNumber
| Setting | Description |
| --- | --- |
| ADDR | Specify the absolute MMSC URL. The possible values to configure the ADDR parameter are:</br></br>- A Uniform Resource Identifier (URI)</br>- An IPv4 address represented in decimal format with dots as delimiters</br>- A fully qualified Internet domain name |
| APPID | Set to `w4` |
| APPID | Set to `w4`. |
| MS | (optional) Specify the maximum size of MMS, in KB. If the value is not a number, or is less than or equal to 10, it will be ignored and outgoing MMS will not be resized. |
| NAME | (optional) Enter userreadable application identity. This parameter is also used to define part of the registry path for the APPLICATION parameters. The possible values to configure the **NAME** parameter are:</br></br>- Character string containing the name</br>- no value specified</br></br>If no value is specified, the registry location will default to <unnamed>. If **NAME** is greater than 40 characters, it will be truncated to 40 characters. |
| TONAPID | Specify the network access point identification name (NAPID) defined in the provisioning file. This parameter takes a string value. It is only possible to refer to network access points defined within the same provisioning file (except if the INTERNET attribute is set in the NAPDEF characteristic). For more information about the NAPDEF characteristic, see [NAPDEF configuration service provider](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/napdef-csp). |
| TOPROXY | Specify one logical proxy with a matching PROXY-ID. It is only possible to refer to proxies defined within the same provisioning file. Only one proxy can be listed. The TO-PROXY value must be set to the value of the PROXY ID in PXLOGICAL that defines the MMS specific-proxy. |
### WapPushTechnology
>[!NOTE]
>These settings are removed in Windows 10, version 1709.
For networks that require non-standard handling of single-segment incoming MMS WAP Push notifications, you can specify that MMS messages may have some of their content truncated and that they may require special handling to reconstruct truncated field values.
| Value | Description |
@ -167,5 +322,4 @@ For networks that require non-standard handling of single-segment incoming MMS W
## Related topics
- [w4 APPLICATION CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/w4-application-csp)
- [Customizations for SMS and MMS](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/customizations-for-sms-and-mms)

4
windows/configuration/wcd/wcd-modemconfigurations.md
View File

@ -7,12 +7,12 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 08/21/2017
ms.date: 10/17/2017
---
# ModemConfiguration (Windows Configuration Designer reference)
Documentation not available at this time.
ModemConfiguration settings are removed in Windows 10, version 1709.
## Applies to

76
windows/configuration/wcd/wcd-policies.md
View File

@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 08/21/2017
ms.date: 10/17/2017
---
# Policies (Windows Configuration Designer reference)
@ -43,8 +43,8 @@ This section describes the **Policies** settings that you can configure in [prov
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
| [AllowAllTrustedApps](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Windows Store apps are allowed | X | X | | | |
| [AllowAppStoreAutoUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate) | Whether automatic update of apps from Windows Store is allowed | X | X | | | |
| [AllowAllTrustedApps](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | X | X | | | |
| [AllowAppStoreAutoUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate) | Whether automatic update of apps from Microsoft Store is allowed | X | X | | | |
| [AllowDeveloperUnlock](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | X | X | X | X | X |
| [AllowGameDVR](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) |Whether DVR and broadcasting is allowed | X | | | | |
| [AllowSharedUserAppData](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | X | X | | | |
@ -76,9 +76,9 @@ This section describes the **Policies** settings that you can configure in [prov
| --- | --- | :---: | :---: | :---: | :---: | :---: |
| [AllowAdvertising](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-allowadvertising) | Whether the device can send out Bluetooth advertisements | X | X | X | X | X |
| [AllowDiscoverableMode](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-allowdiscoverablemode) | Whether other Bluetooth-enabled devices can discover the device | X | X | X | X | X |
| [AllowPrepairing](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-allowprepairing) | Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device | X | X | X | X | X |
| [LocalDeviceName](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-localdevicename) | Set the local Bluetooth device name | X | X | X | X | X |
| [ServicesAllowedList](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist) | Set a list of allowable services and profiles | X | X | | | |
| [AllowPrepairing](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-allowprepairing) | Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device | X | X | X | | X |
| [LocalDeviceName](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-localdevicename) | Set the local Bluetooth device name | X | X | X | | X |
| [ServicesAllowedList](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist) | Set a list of allowable services and profiles | X | X | | X | |
## Browser
@ -104,7 +104,7 @@ This section describes the **Policies** settings that you can configure in [prov
| [ConfigureAdditionalSearchEngines](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to 5 addtional search engines for MDM-enrolled devices. | X | X | X | | |
| [DisableLockdownOfStartPages](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | X | | | | |
| [EnterpriseModeSiteList](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist) | Allow the user to specify a URL of an enterprise site list. | X | | | | |
| EnterpriseSiteListServiceUrl | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | X | | | | |
| [EnterpriseSiteListServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | X | | | | |
| [FirstRunURL](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it is opened for the first time. | | X | | | |
| [HomePages](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | X | | | | |
| [PreventAccessToAboutFlagsInMicrosoftEdge](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge) | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features. | X | X | X | | |
@ -130,7 +130,7 @@ This section describes the **Policies** settings that you can configure in [prov
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
| [AllowBluetooth](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#connectivity-allowbluetooth) | Allow the user to enable Bluetooth or restrict access. | X | X | X | | |
| [AllowBluetooth](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#connectivity-allowbluetooth) | Allow the user to enable Bluetooth or restrict access. | X | X | X | X | |
| [AllowCellularData](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#connectivity-allowcellulardata) | Allow the cellular data channel on the device. | X | X | X | | |
| [AllowCellularDataRoaming](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#connectivity-allowcellulardataroaming) | Allow or disallow cellular data roaming on the device. | X | X | X | | |
| [AllowConnectedDevices](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#connectivity-allowconnecteddevices) | Allows IT admins the ability to disable the Connected Devices Platform component. | X | X | X | | |
@ -141,6 +141,12 @@ This section describes the **Policies** settings that you can configure in [prov
| HideCellularConnectionMode | Hide the checkbox that lets the user change the connection mode. | X | X | X | | |
| HideCellularRoamingOption | Hide the dropdown menu that lets the user change the roaming preferences. | X | X | X | | |
## CredentialProviders
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
[DisableAutomaticReDeploymentCredentials](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-credentialproviders) | This setting disables the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Automatic ReDeployment feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered the devices are for ready for use by information workers or students. | X | | | | |
## Cryptography
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
@ -200,6 +206,11 @@ This section describes the **Policies** settings that you can configure in [prov
| [DOMonthlyUploadDataCap](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-domonthlyuploaddatacap) | Specify the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. | X | | | | |
| [DOPercentageMaxDownloadBandwidth](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxdownloadbandwidth) | Specify the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | X | | | | |
## DeviceGuard
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
[EnableVirtualizationBasedSecurity](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceguard) | Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. | X | | | | |
## DeviceLock
@ -238,18 +249,24 @@ This section describes the **Policies** settings that you can configure in [prov
| [AllowManualMDMUnenrollment](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowmanualmdmunenrollment) | Specify whether the user is allowed to delete the workplace account. | X | X | | | |
| [AllowScreenCapture](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowscreencapture) | Specify whether screen capture is allowed. | | X | | | |
| [AllowSIMErrorDialogPromptWhenNoSIM](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowsimerrordialogpromptwhennosim) | Specify whether to display a dialog prompt when no SIM card is detected. | | X | | | |
| [AllowSyncMySettings](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowsyncmysettings) | Allow or disallow all Windows sync settings on the device. | X | | | | |
| [AllowSyncMySettings](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowsyncmysettings) | Allow or disallow all Windows sync settings on the device. | X | X | | | |
| [AllowTailoredExperiencesWithDiagnosticData](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowtailoredexperienceswithdiagnosticdata) | Prevent Windows from using diagnostic data to provide customized experiences to the user. | X | | | | |
| [AllowTaskSwitcher](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowtaskswitcher) | Allow or disallow task switching on the device. | | X | | | |
| [AllowThirdPartySuggestionsInWindowsSpotlight](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowthirdpartysuggestionsinwindowsspotlight) | Specify whether to allow app and content suggestions from third-party software publishers in Windows Spotlight. | X | | | | |
| [AllowVoiceRecording](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowvoicerecording) | Specify whether voice recording is allowed for apps. | | X | | | |
| [AllowWindowsConsumerFeatures](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowwindowsconsumerfeatures) | Turn on experiences that are typically for consumers only, such as Start suggetions, membership notifications, post-OOBE app install, and redirect tiles. | X | | | | |
| [AllowWindowsConsumerFeatures](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) | Turn on experiences that are typically for consumers only, such as Start suggetions, membership notifications, post-OOBE app install, and redirect tiles. | X | | | | |
| [AllowWindowsSpotlight](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowwindowsspotlight) |Specify whether to turn off all Windows Spotlight features at once. | X | | | | |
| [AllowWindowsSpotlightOnActionCenter](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightonactioncenter) | Prevent Windows Spotlight notifications from being displayed in the Action Center. | X | | | | |
| [AllowWindowsSpotlightWindowsWelcomeExperience](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightwindowswelcomeexperience) | Turn off the Windows Spotlight Windows welcome experience feature. | X | | | | |
| [AllowWindowsTips](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowwindowstips) | Enable or disable Windows Tips. | X | | | | |
| [ConfigureWindowsSpotlightOnLockScreen](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-configurewindowsspotlightonlockscreen) | Specify whether Spotlight should be used on the user's lock screen. | X | | | | |
## ExploitGuard
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
| [ExploitProtectionSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) | See the [explanation of ExploitProtectionSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) in the Policy CSP for instructions. In the **ExploitProtectionSettings** field, you can enter a path (local, UNC, or URI) to the mitigation options config, or you can enter the XML for the config. | X | X | | | |
## Games
@ -310,27 +327,29 @@ This section describes the **Policies** settings that you can configure in [prov
| [AllowDataSense](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#settings-allowdatasense) | Allow the user to change Data Sense settings. | | X | | | |
| [AllowVPN](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. | | X | | | |
| [ConfigureTaskbarCalendar](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | X | | | | |
[PageVisiblityList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) | Allows IT admins to prevent specific pages in the System Settings app from being visible or accessible. Pages are identified by a shortened version of their already [published URIs](https://docs.microsoft.com/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference), which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. | X | | | | |
## Start
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
| AllowPinnedFolderDocuments | Control the visibility of the Documents shortcut on the Start menu. | X | | | | |
| AllowPinnedFolderDownloads | Control the visibility of the Downloadds shortcut on the Start menu. | X | | | | |
| AllowPinnedFolderFileExplorer | Control the visibility of the File Explorer shortcut on the Start menu. | X | | | | |
| AllowPinnedFolderHomeGroup | Control the visibility of the Home Group shortcut on the Start menu. | X | | | | |
| AllowPinnedFolderMusic | Control the visibility of the Music shortcut on the Start menu. | X | | | | |
| AllowPinnedFolderNetwork | Control the visibility of the Network shortcut on the Start menu. | X | | | | |
| AllowPinnedFolderPersonalFolder | Control the visibility of the Personal Folder shortcut on the Start menu. | X | | | | |
| AllowPinnedFolderPictures | Control the visibility of the Pictures shortcut on the Start menu. | X | | | | |
| AllowPinnedFolderSettings | Control the visibility of the Settings shortcut on the Start menu. | X | | | | |
| AllowPinnedFolderVideos |Control the visibility of the Videos shortcut on the Start menu. | X | | | | |
| [AllowPinnedFolderDocuments](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments) | Control the visibility of the Documents shortcut on the Start menu. | X | | | | |
| [AllowPinnedFolderDownloads](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | Control the visibility of the Downloadds shortcut on the Start menu. | X | | | | |
| [AllowPinnedFolderFileExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer) | Control the visibility of the File Explorer shortcut on the Start menu. | X | | | | |
| [AllowPinnedFolderHomeGroup](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | Control the visibility of the Home Group shortcut on the Start menu. | X | | | | |
| [AllowPinnedFolderMusic](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | Control the visibility of the Music shortcut on the Start menu. | X | | | | |
| [AllowPinnedFolderNetwork](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork) | Control the visibility of the Network shortcut on the Start menu. | X | | | | |
| [AllowPinnedFolderPersonalFolder](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder) | Control the visibility of the Personal Folder shortcut on the Start menu. | X | | | | |
| [AllowPinnedFolderPictures](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | Control the visibility of the Pictures shortcut on the Start menu. | X | | | | |
| [AllowPinnedFolderSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | Control the visibility of the Settings shortcut on the Start menu. | X | | | | |
| [AllowPinnedFolderVideos](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos) |Control the visibility of the Videos shortcut on the Start menu. | X | | | | |
| [ForceStartSize](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-forcestartsize) | Force the size of the Start screen. | X | | | | |
| [HideAppList](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hideapplist) | Collapse or remove the all apps list. | X | | | | |
| [HideChangeAccountSettings](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) | Hide **Change account settings** from appearing in the user tile. | X | | | | |
| [HideFrequentlyUsedApps](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps) | Hide **Most used** section of Start. | X | | | | |
| [HideHibernate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidehibernate) | Prevent **Hibernate** option from appearing in the Power button. | X | | | | |
| [HideLock](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidelock) | Prevent **Lock** from appearing in the user tile. | X | | | | |
| HidePeopleBar | Remove the people icon from the taskbar, as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | X | | | | |
| [HidePowerButton](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidepowerbutton) | Hide the **Power** button. | X | | | | |
| [HideRecentJumplists](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hiderecentjumplists) | Hide jumplists of recently opened items. | X | | | | |
| [HideRecentlyAddedApps](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps) | Hide **Recently added** section of Start. | X | | | | |
@ -356,6 +375,7 @@ This section describes the **Policies** settings that you can configure in [prov
| [AllowTelemetry](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and useage telemetry data. | X | X | | | |
| [AllowUserToResetPhone](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | X | X | | | |
| [DisableOneDriveFileSync](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | X | | | | |
| [LimitEnhancedDiagnosticDataWindowsAnalytics](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://go.microsoft.com/fwlink/?linkid=847594). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | X | X | | | |
## TextInput
@ -390,25 +410,35 @@ This section describes the **Policies** settings that you can configure in [prov
| --- | --- | :---: | :---: | :---: | :---: | :---: |
| [ActiveHoursEnd](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update rboots are not scheduled. | X | X | X | X | X |
| [ActiveHoursMaxRange](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | X | X | X | X | X |
| [ActiveHoursStart](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update rboots are not scheduled. | X | X | X | X | X |
| [ActiveHoursStart](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | X | X | X | X | X |
| [AllowautoUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | X | X | X | X | X |
| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork)| Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | X | X | X | X | X |
| [AllowMUUpdateService](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | X | X | X | X | X |
| [AllowNonMicrosoftSignedUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | X | X | X | X | X |
| [AllowUpdateService](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Windows Store. | X | X | X | X | X |
| AutoRestartDeadlinePeriodInDays | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | X | X | X | X | X |
| [AllowUpdateService](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | X | X | X | X | X |
| [AutoRestartDeadlinePeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | X | X | X | X | X |
| [AutoRestartNotificationSchedule](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | X | X | X | X | X |
| [AutoRestartRequiredNotificationDismissal](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | X | X | X | X | X |
| [BranchReadinessLevel](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | X | X | X | X | X |
| [DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | X | X | X | X | X |
| [DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | X | X | X | X | X |
| [DeferUpdatePeriod](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | X | X | X | X | X |
| [DeferUpgradePeriod](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) |Specify upgrade delays for up to 8 months. | X | X | X | X | X |
| [DetectionFrequency](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | X | X | X | X | X |
| [DisableDualScan](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Do not allow update deferral policies to cause scans against Windows Update. | X | X | X | X | X |
| [EngagedRestartDeadline](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | X | X | X | X | X |
| [EngagedRestartSnoozeSchedule](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | X | X | X | X | X |
| [EngagedRestartTransitionSchedule](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | X | X | X | X | X |
| [FillEmptyContentUrls](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it is missing from the metadata. | X | X | X | X | X |
| ManagePreviewBuilds | Use to enable or disable preview builds. | X | X | X | X | X |
| PhoneUpdateRestrictions | Deprecated | | X | | | |
| [RequireDeferUpgrade](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | X | X | X | X | X |
| [ScheduledInstallDay](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | X | X | X | X | X |
| [ScheduledInstallEveryWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) | To schedule update installation every week, set the value as `1`. | X | X | X | X | X |
| [ScheduledInstallFirstWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) | To schedule update installation the first week of the month, see the value as `1`. | X | X | X | X | X |
| [ScheduledInstallFourthWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) | To schedule update installation the fourth week of the month, see the value as `1`. | X | X | X | X | X |
| [ScheduledInstallSecondWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | X | X | X | X | X |
| [ScheduledInstallThirdWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | X | X | X | X | X |
| [ScheduledInstallTime](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | X | X | X | X | X |
| [ScheduleImminentRestartWarning](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | X | X | X | X | X ||
| [ScheduleRestartWarning](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | X | X | X | X | X |

206
windows/configuration/wcd/wcd-textinput.md Normal file
View File

@ -0,0 +1,206 @@
---
title: TextInput (Windows 10)
description: This section describes the TextInput settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 10/17/2017
---
# TextInput (Windows Configuration Designer reference)
Use TextInput settings to configure text intelligence and keyboard for mobile devices.
## Applies to
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| Intelligence > DisablePredictions | | X | | | |
| PreEnabledKeyboard | | X | | | |
## Intelligence
Set **DisablePredictions** to the locale or alternative input language that must have the text intelligence features disabled. For example, to disable text correction and suggestions for English (UK), set the value of **DisablePredictions** to `en-gb`.
## PreEnabledKeyboard
In addition to the automatically-enabled default keyboard, OEMs may choose to pre-enable more keyboards for a particular market.
During phone bring-up, OEMs must set the boot locale, or default locale, for the phone. During first boot, Windows Phone reads the locale setting and automatically enables a default keyboard based on the locale to keyboard mapping table in Set languages and locales.
The mapping works for almost all regions and additional customizations are not needed unless specified in the pre-enabled keyboard column in Set languages and locales. If an OEM chooses to pre-enable more keyboards for a particular market, they can do so by specifying the setting. Pre-enabled keyboards will automatically be enabled during boot. Microsoft recommends that partners limit the number of pre-enabled keyboards to those languages that correspond to the languages spoken within the market.
PreEnabledKeyboard must be entered once for each keyboard you want to pre-enable. As shown below, the format to specify a particular keyboard must be: Locale code.Locale value. See the following table for more information on the locale codes and values that you can use. The setting Value must be set to 1 to enable the keyboard.
The following table shows the values that you can use for the Locale code.Locale value part of the setting name.
>[!NOTE]
>The keyboards for some locales require additional language model files: am-ET, bn-IN, gu-IN, hi-IN, ja-JP, kn-IN, ko-KR, ml-IN, mr-IN, my-MM, or-IN, pa-IN, si-LK, ta-IN, te-IN, zh-TW, zh-CN, and zh-HK.
Name | Locale code | Keyboard layout value
--- | --- | ---
Afrikaans (South Africa) | af-ZA | 1
Albanian | sq-AL | 1
Amharic | am-ET | 1
Arabic | ar-SA | 1
Armenian | hy-AM | 1
Assamese - INSCRIPT | as-IN | 1
Azerbaijani (Cyrillic) | az-Cyrl-AZ | 1
Azerbaijani (Latin) | az-Latn-AZ | 1
Bangla (Bangladesh) - 49 key | bn-BD | 1
Bangla (India) - INSCRIPT |bn-IN|1
Bangla (India) - Phonetic|bn-IN|2
Bashkir|ba-RU|1
Basque|eu-ES|1
Belarusian|be-BY|1
Bosnian (Cyrillic)|bs-Cyrl-BA|1
Bosnian (Latin)|bs-Latn-BA|1
Bulgarian|bg-BG|1
Catalan|ca-ES|1
Central Kurdish|ku-Arab-IQ|1
Cherokee|chr-Cher-US|1
Chinese Simplified QWERTY|zh-CN|1
Chinese Simplified - 12-key|zh-CN|2
Chinese Simplified - Handwriting|zh-CN|3
Chinese Simplified - Stroke|zh-CN|4
Chinese Traditional (Hong Kong SAR) - Cangjie|zh-HK|1
Chinese Traditional (Hong Kong SAR) - Quick|zh-HK|2
Chinese Traditional (Hong Kong SAR) - Stroke|zh-HK|3
Chinese Traditional (Taiwan) - BoPoMoFo|zh-TW|1
Chinese Traditional (Taiwan) - Handwriting|zh-TW|2
Croatian|hr-HR|1
Czech|cs-CZ|1
Danish|da-DK|1
Divehi|dv-MV|1
Dutch (Belgium)|nl-BE|1
Dutch (Netherlands)|nl-NL|1
Dzongkha|dz-BT|1
English (Australia)|en-AU|1
English (Canada)|en-CA|1
English (India)|en-IN|1
English (Ireland)|en-IE|1
English (United Kingdom)|en-GB|1
English (United States)|en-US|1
Estonian|et-EE|1
Faroese|fo-FO|1
Filipino|fil-PH|1
Finnish|fi-FI|1
French (Belgium)|fr-BE|1
French (Canada)|fr-CA|1
French (France)|fr-FR|1
French (Switzerland)|fr-CH|1
Galician|gl-ES|1
Georgian|ka-GE|1
German (Germany)|de-DE|1
German (Switzerland)|de-CH|1
Greek|el-GR|1
Greenlandic|kl-GL|1
Guarani|gn-PY|1
Gujarati - INSCRIPT|gu-IN|1
Gujarati - Phonetic|gu-IN|2
Hausa|ha-Latn-NG|1
Hebrew|he-IL|1
Hindi - 37-key|hi-IN|1
Hindi - INSCRIPT|hi-IN|3
Hindi - Phonetic|hi-IN|2
Hinglish|hi-Latn|1
Hungarian|hu-HU|1
Icelandic|is-IS|1
Igbo|ig-NG|1
Indonesian|id-ID|1
Inuktitut - Latin|iu-Latn-CA|1
Irish|ga-IE|1
Italian|it-IT|1
Japanese - 12-key|ja-JP|1
Japanese - QWERTY|ja-JP|2
Kannada - INSCRIPT|kn-IN|1
Kannada - Phonetic|kn-IN|2
Kazakh|kk-KZ|1
Khmer|km-KH|1
Kinyarwanda|rw-RW|1
Kiswahili|sw-KE|1
Konkani|kok-IN|1
Korean - 12-key Chunjiin|ko-KR|2
Korean - 12-key Naratgeul|ko-KR|3
Korean - 12-key Sky|ko-KR|4
Korean - QWERTY|ko-KR|1
Kyrgyz|ky-KG|1
Lao|lo-LA|1
Latvian|lv-LV|1
Lithuanian|lt-LT|1
Luxembourgish|lb-LU|1
Macedonian|mk-MK|1
Malay (Brunei Darussalam)|ms-BN|1
Malay (Malaysia)|ms-MY|1
Malayalam - INSCRIPT|ml-IN|1
Malayalam - Phonetic|ml-IN|2
Maltese|mt-MT|1
Maori|mi-NZ|1
Marathi - INSCRIPT|mr-IN|1
Marathi - Phonetic|mr-IN|2
Mongolian - Cyrillic|mn-MN|1
Mongolian - Traditional Mongolian|mn-Mong-CN|1
Myanmar|my-MM|1
Nepali|ne-NP|1
Norwegian - Bokmal|nb-NO|1
Norwegian - Nynorsk|ny-NO|1
Odia - INSCRIPT|or-IN|1
Odia - Phonetic|or-IN|2
Pashto|ps-AF|1
Persian|fa-IR|1
Polish|pl-PL|1
Portuguese (Brazil)|pt-BR|1
Portuguese (Portugal)|pt-PT|1
Punjabi - INSCRIPT|pa-IN|1
Punjabi - Phonetic|pa-IN|2
Romanian|ro-RO|1
Romansh|rm-CH|1
Russian|ru-RU|1
Sakha|sah-RU|1
Sami, Northern (Norway)|se-NO|1
Sami, Northern (Sweden)|se-NO|1
Scottish Gaelic|gd-GB|1
Serbian - Cyrillic|sr-Cyrl-RS|1
Serbian - Latin|sr-Latn-RS|1
Sesotho sa Leboa|nso-ZA|1
Setswana|tn-ZA|1
Sinhala|si-LK|1
Slovak|sk-SK|1
Slovenian|sl-SI|1
Sorbian, Upper|hsb-DE|1
Spanish (Mexico)|es-MX|1
Spanish (Spain)|es-ES|1
Swedish|sv-SE|1
Syriac|syr-SY|1
Tajik|tg-Cyrl-TJ|1
Tamazight (Central Atlas) - Tifinagh|tzm-Tfng-MA|1
Tamazight (Central Atlas) - Latin|tzm-Latn-DZ|1
Tamil - INSCRIPT|ta-IN|1
Tamil - Phonetic|ta-IN|2
Tatar|tt-RU|1
Telugu - INSCRIPT|te-IN|1
Telugu - Phonetic|te-IN|2
Thai|th-TH|1
Tibetan|bo-CN|1
Turkish|tr-TR|1
Turkmen|tk-TM|1
Ukrainian|uk-UA|1
Urdu|ur-PK|1
Uyghur|ug-CN|1
Uzbek - Cyrillic|uz-Cyrl-UZ|1
Uzbek - Latin|uz-Latn-UZ|1
Valencian|ca-ES-valencia|1
Vietnamese - QWERTY|vi-VN|1
Vietnamese - TELEX|vi-VN|2
Vietnamese - VNI|vi-VN|3
Welsh|cy-GB|1
Wolof|N/A|1
Xhosa|xh-ZA|1
Yoruba|yo-NG|1
Zulu|zu-ZA|1

16
windows/configuration/wcd/wcd-universalappinstall.md
View File

@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 08/21/2017
ms.date: 10/17/2017
---
# UniversalAppInstall (reference)
@ -24,6 +24,7 @@ Use UniversalAppInstall settings to install Windows apps from the Microsoft Stor
| --- | :---: | :---: | :---: | :---: | :---: |
| [DeviceContextApp](#devicecontextapp) | X | | X | | |
| [DeviceContextAppLicense](#devicecontextapplicense) | X | | X | | |
| [StoreInstall](#storeinstall) | X | X | X | X | X |
| [UserContextApp](#usercontextapp) | X | X | X | X | X |
| [UserContextAppLicense](#usercontextapplicense) | X | X | X | X | X |
@ -55,6 +56,19 @@ Use to specify the license file for the provisioned app.
2. Select the LicenseProductId in the Available Customizations pane, and then browse to and select the app license file.
## StoreInstall
Use to install an app from the Microsoft Store for Business.
1. Enter a package family name, and then click **Add**.
2. Configure the following required settings for the app package.
Setting | Description
--- | ---
Flags | Description not available at this time.
ProductID | Enter the product ID. [Learn how to find the product ID.](https://docs.microsoft.com/microsoft-store/microsoft-store-for-business-education-powershell-module#view-items-in-products-and-services)
SkuID | Enter the SKU ID. [Learn how to find the SKU ID.](https://docs.microsoft.com/microsoft-store/microsoft-store-for-business-education-powershell-module#view-items-in-products-and-services)
## UserContextApp
Use to add a new user context app.

2
windows/configuration/wcd/wcd-universalappuninstall.md
View File

@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 08/21/2017
ms.date: 10/17/2017
---
# UniversalAppUninstall (reference)

11
windows/configuration/wcd/wcd.md
View File

@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 08/21/2017
ms.date: 10/17/2017
---
# Windows Configuration Designer provisioning settings (reference)
@ -20,11 +20,13 @@ This section describes the settings that you can configure in [provisioning pack
| --- | :---: | :---: | :---: | :---: | :---: |
| [Accounts](wcd-accounts.md) | X | X | X | X | X |
| [ADMXIngestion](wcd-admxingestion.md) | X | | | | |
| [ApplicationManagement](wcd-applicationmanagement.md) | X | X | X | X | X |
| [AssignedAccess](wcd-assignedaccess.md) | X | X | | X | |
| [ApplicationManagement](wcd-applicationmanagement.md) | | | | | X |
| [AssignedAccess](wcd-assignedaccess.md) | X | | | X | |
| [AutomaticTime](wcd-automatictime.md) | | X | | | |
| [Browser](wcd-browser.md) | X | X | X | X | |
| [CallAndMessagingEnhancement](wcd-callandmessagingenhancement.md) | | X | | | |
| [Calling](wcd-calling.md) | | X | | | |
| [CellCore](wcd-cellcore.md) | X | X | | | |
| [Cellular](wcd-cellular.md) | X | | | | |
| [Certificates](wcd-certificates.md) | X | X | X | X | X |
| [CleanPC](wcd-cleanpc.md) | X | | | | |
@ -34,6 +36,7 @@ This section describes the settings that you can configure in [provisioning pack
| [DesktopBackgroundAndColors](wcd-desktopbackgroundandcolors.md) | X | | | | |
| [DeveloperSetup](wcd-developersetup.md) | | | | X | |
| [DeviceFormFactor](wcd-deviceformfactor.md) | X | X | X | X | |
| [DeviceInfo](wcd-deviceinfo.md) | | X | | | |
| [DeviceManagement](wcd-devicemanagement.md) | X | X | X | X | |
| [DMClient](wcd-dmclient.md) | X | X | X | X | X |
| [EditionUpgrade](wcd-editionupgrade.md) | X | X | X | X | |
@ -41,6 +44,7 @@ This section describes the settings that you can configure in [provisioning pack
| [FirewallConfiguration](wcd-firewallconfiguration.md) | | | | | X |
| [FirstExperience](wcd-firstexperience.md) | | | | X | |
| [Folders](wcd-folders.md) |X | X | X | X | |
| [HotSpot](wcd-hotspot.md) | X | X | X | X | X |
| [InitialSetup](wcd-initialsetup.md) | | X | | | |
| [InternetExplorer](wcd-internetexplorer.md) | | X | | | |
| [Licensing](wcd-licensing.md) | X | | | | |
@ -65,6 +69,7 @@ This section describes the settings that you can configure in [provisioning pack
| [SurfaceHubManagement](wcd-surfacehubmanagement.md) | | | X | | |
| [TabletMode](wcd-tabletmode.md) |X | X | X | X | |
| [TakeATest](wcd-takeatest.md) | X | | | | |
| [TextInput](wcd-textinput.md) | | X | | | |
| [Theme](wcd-theme.md) | | X | | | |
| [UnifiedWriteFilter](wcd-unifiedwritefilter.md) | X | | | | |
| [UniversalAppInstall](wcd-universalappinstall.md) | X | X | X | X | X |