| Setting name | -Option | -
|---|---|
| Turn on Site Discovery WMI output | -Off | -
| Turn on Site Discovery XML output | -Blank | -
| Setting name | -Option | -
|---|---|
| Turn on Site Discovery WMI output | -On | -
| Turn on Site Discovery XML output | -Blank | -
| Setting name | -Option | -
|---|---|
| Turn on Site Discovery WMI output | -Off | -
| Turn on Site Discovery XML output | -XML file path | -
| Setting name | -Option | -
|---|---|
| Turn on Site Discovery WMI output | -On | -
| Turn on Site Discovery XML output | -XML file path | -
| Element | -Description | -Supported browser | -
|---|---|---|
| <rules> | -Root node for the schema.
- Example - -<rules version="205"> - <emie> - <domain>contoso.com</domain> - </emie> -</rules> |
-Internet Explorer 11 and Microsoft Edge | -
| <emie> | -The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied.
- Example - -<rules version="205"> - <emie> - <domain>contoso.com</domain> - </emie> -</rules>--or- - For IPv6 ranges: <rules version="205"> - <emie> - <domain>[10.122.34.99]:8080</domain> - </emie> - </rules>--or- - For IPv4 ranges: <rules version="205"> - <emie> - <domain>10.122.34.99:8080</domain> - </emie> - </rules> |
-Internet Explorer 11 and Microsoft Edge | -
| <docMode> | -The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the <docMode> section that uses the same value as a <domain> element in the <emie> section, the <emie> element is applied.
- Example - -<rules version="205"> - <docMode> - <domain docMode="7">contoso.com</domain> - </docMode> -</rules> |
-Internet Explorer 11 | -
| <domain> | -A unique entry added for each site you want to put on the Enterprise Mode site list. The first <domain> element will overrule any additional <domain> elements that use the same value for the section. You can use port numbers for this element.
- Example - -<emie> - <domain>contoso.com:8080</domain> -</emie> |
-Internet Explorer 11 and Microsoft Edge | -
| <path> | -A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The <path> element is a child of the <domain> element. Additionally, the first <path> element will overrule any additional <path> elements in the schema section.
- Example - -<emie> - <domain exclude="false">fabrikam.com - <path exclude="true">/products</path> - </domain> -</emie> -Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does. |
-Internet Explorer 11 and Microsoft Edge | -
<rules version="205">
<emie>
<domain>contoso.com</domain>
</emie>
</rules> |Internet Explorer 11 and Microsoft Edge | +|<emie> |The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied.
**Example**<rules version="205">
<emie>
<domain>contoso.com</domain>
</emie>
</rules>
**or**
For IPv6 ranges:
<rules version="205">
<emie>
<domain>[10.122.34.99]:8080</domain>
</emie>
</rules>
**or**
For IPv4 ranges:<rules version="205">
<emie>
<domain>[10.122.34.99]:8080</domain>
</emie>
</rules> | Internet Explorer 11 and Microsoft Edge | +|<docMode> |The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the docMode section that uses the same value as a <domain> element in the emie section, the emie element is applied.
**Example**
<rules version="205">
<docmode>
<domain docMode="7">contoso.com</domain>
</docmode>
</rules> |Internet Explorer 11 | +|<domain> |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <domain> element will overrule any additional <domain> elements that use the same value for the section. You can use port numbers for this element.
**Example**
<emie>
<domain>contoso.com:8080</domain>
</emie> |Internet Explorer 11 and Microsoft Edge | +|<path> |A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The <path> element is a child of the <domain> element. Additionally, the first <path> element will overrule any additional <path> elements in the schema section.
**Example**
<emie>
<domain exclude="false">fabrikam.com
<path exclude="true">/products</path>
</domain>
</emie>
Where [https://fabrikam.com](https://fabrikam.com) doesn't use IE8 Enterprise Mode, but [https://fabrikam.com/products](https://fabrikam.com/products) does. |Internet Explorer 11 and Microsoft Edge | ### Schema attributes This table includes the attributes used by the Enterprise Mode schema. - -
| Attribute | -Description | -Supported browser | -
|---|---|---|
| <version> | -Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element. | -Internet Explorer 11 and Microsoft Edge | -
| <exclude> | -Specifies the domain or path that is excluded from getting the behavior applied. This attribute is supported on the <domain> and <path> elements.
- Example - -<emie> - <domain exclude="false">fabrikam.com - <path exclude="true">/products</path> - </domain> -</emie> -Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does. |
-Internet Explorer 11 and Microsoft Edge | -
| <docMode> | -Specifies the document mode to apply. This attribute is only supported on <domain> or <path> elements in the <docMode> section.
- Example - -<docMode> - <domain exclude="false">fabrikam.com - <path docMode="7">/products</path> - </domain> -</docMode> |
-Internet Explorer 11 | -
<emie>
<domain exclude="false">fabrikam.com
<path exclude="true">/products</path>
</domain>
</emie>
Where [https://fabrikam.com](https://fabrikam.com) doesn't use IE8 Enterprise Mode, but [https://fabrikam.com/products](https://fabrikam.com/products) does.|Internet Explorer 11 and Microsoft Edge|
+|<docMode>|Specifies the document mode to apply. This attribute is only supported on <domain> or <path>elements in the <docMode> section.
**Example**
<docMode>
<domain exclude="false">fabrikam.com
<path docMode="7">/products</path>
</domain>
</docMode>|Internet Explorer 11| ### Using Enterprise Mode and document mode together If you want to use both Enterprise Mode and document mode together, you need to be aware that <emie> entries override <docMode> entries for the same domain. diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md index 70694a3df2..fcdaa18eee 100644 --- a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md +++ b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md @@ -92,194 +92,32 @@ Make sure that you don't specify a protocol when adding your URLs. Using a URL l ### Updated schema elements This table includes the elements used by the v.2 version of the Enterprise Mode schema. -
| Element | -Description | -Supported browser | -
|---|---|---|
| <site-list> | -A new root node with this text is using the updated v.2 version of the schema. It replaces <rules>.
- Example - -<site-list version="205"> - <site url="contoso.com"> - <compat-mode>IE8Enterprise</compat-mode> - <open-in>IE11</open-in> - </site> -</site-list> |
-Internet Explorer 11 and Microsoft Edge | -
| <site> | -A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element.
- Example - -<site url="contoso.com"> - <compat-mode>default</compat-mode> - <open-in>none</open-in> -</site>--or- - For IPv4 ranges: <site url="10.122.34.99:8080"> - <compat-mode>IE8Enterprise</compat-mode> -<site> --or- - For IPv6 ranges: <site url="[10.122.34.99]:8080"> - <compat-mode>IE8Enterprise</compat-mode> -<site> -You can also use the self-closing version, <url="contoso.com" />, which also sets: -
|
-Internet Explorer 11 and Microsoft Edge | -
| <compat-mode> | -A child element that controls what compatibility setting is used for specific sites or domains. This element is only supported in IE11.
- Example - -<site url="contoso.com"> - <compat-mode>IE8Enterprise</compat-mode> -</site>--or- - For IPv4 ranges: <site url="10.122.34.99:8080"> - <compat-mode>IE8Enterprise</compat-mode> -<site> --or- - For IPv6 ranges: <site url="[10.122.34.99]:8080"> - <compat-mode>IE8Enterprise</compat-mode> -<site> -Where: -
- - - |
-Internet Explorer 11 | -
| <open-in> | -A child element that controls what browser is used for sites. This element supports the Open in IE11 or Open in Microsoft Edge experiences, for devices running Windows 10.
- Example - -<site url="contoso.com"> - <open-in>none</open-in> -</site> -Where: -
- - |
-Internet Explorer 11 and Microsoft Edge | -
<site-list version="205">| Internet Explorer 11 and Microsoft Edge | +|<site> |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element.
<site url="contoso.com">
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
</site-list>
<site url="contoso.com">
<compat-mode>default</compat-mode>
<open-in>none</open-in>
</site>
<site url="10.122.34.99:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
**or** For IPv6 ranges:
<site url="[10.122.34.99]:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
You can also use the self-closing version, <url="contoso.com" />, which also sets:
**or**
<site url="contoso.com">
<compat-mode>IE8Enterprise</compat-mode>
</site>
<site url="10.122.34.99:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
**or** For IPv6 ranges:
<site url="[10.122.34.99]:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
Where
**Important**
This tag replaces the combination of the `"forceCompatView"="true"` attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
<site url="contoso.com">
<open-in>none</open-in>
</site>
Where
| Attribute | -Description | -Supported browser | -
|---|---|---|
| allow-redirect | -A boolean attribute of the <open-in> element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser).
- Example - -<site url="contoso.com/travel"> - <open-in allow-redirect="true">IE11</open-in> -</site>-In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer. |
-Internet Explorer 11 and Microsoft Edge | -
| version | -Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element. | -Internet Explorer 11 and Microsoft Edge | -
| url | -Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
- Note -Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both https://contoso.com and https://contoso.com. - Example - -<site url="contoso.com:8080"> - <compat-mode>IE8Enterprise</compat-mode> - <open-in>IE11</open-in> -</site>-In this example, going to https://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode. |
-Internet Explorer 11 and Microsoft Edge | -
<site url="contoso.com/travel">In this example, if [https://contoso.com/travel](https://contoso.com/travel) is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.| Internet Explorer 11 and Microsoft Edge| +|version |Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element. | Internet Explorer 11 and Microsoft Edge| +|url|Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
<open-in allow-redirect="true">IE11 </open-in>
</site>
<site url="contoso.com:8080">In this example, going to [https://contoso.com:8080](https://contoso.com:8080) using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode. | Internet Explorer 11 and Microsoft Edge| ### Deprecated attributes These v.1 version schema attributes have been deprecated in the v.2 version of the schema: -
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
| Deprecated attribute | -New attribute | -Replacement example | -
|---|---|---|
| <forceCompatView> | -<compat-mode> | -Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode> | -
| <docMode> | -<compat-mode> | -Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode> | -
| <doNotTransition> | -<open-in> | -Replace <doNotTransition="true"> with <open-in>none</open-in> | -
| <domain> and <path> | -<site> | -Replace:
--<emie> - <domain exclude="false">contoso.com</domain> -</emie>-With: - -<site url="contoso.com"/> - <compat-mode>IE8Enterprise</compat-mode> -</site>--AND- -Replace: - -<emie> - <domain exclude="true">contoso.com - <path exclude="false" forceCompatView="true">/about</path> - </domain> -</emie>-With: - -<site url="contoso.com/about"> - <compat-mode>IE7Enterprise</compat-mode> -</site> |
-
<emie>With:
<domain exclude="false">contoso.com</domain>
</emie>
<site url="contoso.com"/>**-AND-**
<compat-mode>IE8Enterprise</compat-mode>
</site>
<emie>
<domain exclude="true">contoso.com
<path exclude="false" forceCompatView="true">/about</path>
</domain>
</emie>
<site url="contoso.com/about">
<compat-mode>IE7Enterprise</compat-mode>
</site>| While the old, replaced attributes aren't supported in the v.2 version of the schema, they'll continue to work in the v.1 version of the schema. If, however, you're using the v.2 version of the schema and these attributes are still there, the v.2 version schema takes precedence. We don’t recommend combining the two schemas, and instead recommend that you move to the v.2 version of the schema to take advantage of the new features. diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md index 65fbb8eaaf..8cef068687 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md +++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md @@ -63,17 +63,17 @@ Data is collected on the configuration characteristics of IE and the sites it br |Data point |IE11 |IE10 |IE9 |IE8 |Description | |------------------------|-----|-----|-----|-----|------------------------------------------------------------------------| -|URL | X | X | X | X |URL of the browsed site, including any parameters included in the URL. | -|Domain | X | X | X | X |Top-level domain of the browsed site. | -|ActiveX GUID | X | X | X | X |GUID of the ActiveX controls loaded by the site. | -|Document mode | X | X | X | X |Document mode used by IE for a site, based on page characteristics. | -|Document mode reason | X | X | | |The reason why a document mode was set by IE. | -|Browser state reason | X | X | | |Additional information about why the browser is in its current state. Also called, browser mode. | -|Hang count | X | X | X | X |Number of visits to the URL when the browser hung. | -|Crash count | X | X | X | X |Number of visits to the URL when the browser crashed. | -|Most recent navigation failure (and count) | X | X | X | X |Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened. | -|Number of visits | X | X | X | X |Number of times a site has been visited. | -|Zone | X | X | X | X |Zone used by IE to browse sites, based on browser settings. | +|URL | ✔️ | ✔️ | ✔️ | ✔️ |URL of the browsed site, including any parameters included in the URL. | +|Domain | ✔️ | ✔️ | ✔️ | ✔️ |Top-level domain of the browsed site. | +|ActiveX GUID | ✔️ | ✔️ | ✔️ | ✔️ |GUID of the ActiveX controls loaded by the site. | +|Document mode | ✔️ | ✔️ | ✔️ | ✔️ |Document mode used by IE for a site, based on page characteristics. | +|Document mode reason | ✔️ | ✔️ | | |The reason why a document mode was set by IE. | +|Browser state reason | ✔️ | ✔️ | | |Additional information about why the browser is in its current state. Also called, browser mode. | +|Hang count | ✔️ | ✔️ | ✔️ | ✔️ |Number of visits to the URL when the browser hung. | +|Crash count | ✔️ | ✔️ | ✔️ | ✔️ |Number of visits to the URL when the browser crashed. | +|Most recent navigation failure (and count) | ✔️ | ✔️ | ✔️ | ✔️ |Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened. | +|Number of visits | ✔️ | ✔️ | ✔️ | ✔️ |Number of times a site has been visited. | +|Zone | ✔️ | ✔️ | ✔️ | ✔️ |Zone used by IE to browse sites, based on browser settings. | >**Important**
By default, IE doesn’t collect this data; you have to turn this feature on if you want to use it. After you turn on this feature, data is collected on all sites visited by IE, except during InPrivate sessions. Additionally, the data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements. @@ -205,68 +205,32 @@ You can use Group Policy to finish setting up Enterprise Site Discovery. If you You can use both the WMI and XML settings individually or together: **To turn off Enterprise Site Discovery** -
| Setting name | -Option | -
|---|---|
| Turn on Site Discovery WMI output | -Off | -
| Turn on Site Discovery XML output | -Blank | -
| Setting name | -Option | -
|---|---|
| Turn on Site Discovery WMI output | -On | -
| Turn on Site Discovery XML output | -Blank | -
| Setting name | -Option | -
|---|---|
| Turn on Site Discovery WMI output | -Off | -
| Turn on Site Discovery XML output | -XML file path | -
| Setting name | -Option | -
|---|---|
| Turn on Site Discovery WMI output | -On | -
| Turn on Site Discovery XML output | -XML file path | -
| Element | -Description | -Supported browser | -
|---|---|---|
| <rules> | -Root node for the schema.
- Example - -<rules version="205"> - <emie> - <domain>contoso.com</domain> - </emie> -</rules> |
-Internet Explorer 11 and Microsoft Edge | -
| <emie> | -The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied.
- Example - -<rules version="205"> - <emie> - <domain>contoso.com</domain> - </emie> -</rules>--or- - For IPv6 ranges: <rules version="205"> - <emie> - <domain>[10.122.34.99]:8080</domain> - </emie> - </rules>--or- - For IPv4 ranges: <rules version="205"> - <emie> - <domain>10.122.34.99:8080</domain> - </emie> - </rules> |
-Internet Explorer 11 and Microsoft Edge | -
| <docMode> | -The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the <docMode> section that uses the same value as a <domain> element in the <emie> section, the <emie> element is applied.
- Example - -<rules version="205"> - <docMode> - <domain docMode="7">contoso.com</domain> - </docMode> -</rules> |
-Internet Explorer 11 | -
| <domain> | -A unique entry added for each site you want to put on the Enterprise Mode site list. The first <domain> element will overrule any additional <domain> elements that use the same value for the section. You can use port numbers for this element.
- Example - -<emie> - <domain>contoso.com:8080</domain> -</emie> |
-Internet Explorer 11 and Microsoft Edge | -
| <path> | -A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The <path> element is a child of the <domain> element. Additionally, the first <path> element will overrule any additional <path> elements in the schema section.
- Example - -<emie> - <domain exclude="true">fabrikam.com - <path exclude="false">/products</path> - </domain> -</emie> -Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does. |
-Internet Explorer 11 and Microsoft Edge | -
<rules version="205">
<emie>
<domain>contoso.com</domain>
</emie>
</rules> |Internet Explorer 11 and Microsoft Edge | +|<emie> |The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied.
**Example**<rules version="205">
<emie>
<domain>contoso.com</domain>
</emie>
</rules>
**or**
For IPv6 ranges:
<rules version="205">
<emie>
<domain>[10.122.34.99]:8080</domain>
</emie>
</rules>
**or**
For IPv4 ranges:<rules version="205">
<emie>
<domain>[10.122.34.99]:8080</domain>
</emie>
</rules> | Internet Explorer 11 and Microsoft Edge | +|<docMode> |The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the docMode section that uses the same value as a <domain> element in the emie section, the emie element is applied.
**Example**
<rules version="205">
<docmode>
<domain docMode="7">contoso.com</domain>
</docmode>
</rules> |Internet Explorer 11 | +|<domain> |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <domain> element will overrule any additional <domain> elements that use the same value for the section. You can use port numbers for this element.
**Example**
<emie>
<domain>contoso.com:8080</domain>
</emie> |Internet Explorer 11 and Microsoft Edge | +|<path> |A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The <path> element is a child of the <domain> element. Additionally, the first <path> element will overrule any additional <path> elements in the schema section.
**Example**
<emie>
<domain exclude="true">fabrikam.com
<path exclude="false">/products</path>
</domain>
</emie>
Where [https://fabrikam.com](https://fabrikam.com) doesn't use IE8 Enterprise Mode, but [https://fabrikam.com/products](https://fabrikam.com/products) does. |Internet Explorer 11 and Microsoft Edge | ### Schema attributes This table includes the attributes used by the Enterprise Mode schema. -
| Attribute | -Description | -Supported browser | -
|---|---|---|
| version | -Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element. | -Internet Explorer 11 and Microsoft Edge | -
| exclude | -Specifies the domain or path excluded from applying Enterprise Mode. This attribute is only supported on the <domain> and <path> elements in the <emie> section. If this attribute is absent, it defaults to false.
- - Example: --<emie> - <domain exclude="false">fabrikam.com - <path exclude="true">/products</path> - </domain> -</emie> -Where https://fabrikam.com uses IE8 Enterprise Mode, but https://fabrikam.com/products does not. |
-Internet Explorer 11 | -
| docMode | -Specifies the document mode to apply. This attribute is only supported on <domain> or <path> elements in the <docMode> section.
- - Example: --<docMode> - <domain>fabrikam.com - <path docMode="9">/products</path> - </domain> -</docMode> -Where https://fabrikam.com loads in IE11 document mode, but https://fabrikam.com/products uses IE9 document mode. |
-Internet Explorer 11 | -
| doNotTransition | -Specifies that the page should load in the current browser, otherwise it will open in IE11. This attribute is supported on all <domain> or <path> elements. If this attribute is absent, it defaults to false.
- - Example: --<emie> - <domain doNotTransition="false">fabrikam.com - <path doNotTransition="true">/products</path> - </domain> -</emie> -Where https://fabrikam.com opens in the IE11 browser, but https://fabrikam.com/products loads in the current browser (eg. Microsoft Edge). |
-Internet Explorer 11 and Microsoft Edge | -
| forceCompatView | -Specifies that the page should load in IE7 document mode (Compat View). This attribute is only supported on <domain> or <path> elements in the <emie> section. If the page is also configured to load in Enterprise Mode, it will load in IE7 Enterprise Mode. Otherwise (exclude="true"), it will load in IE11's IE7 document mode. If this attribute is absent, it defaults to false.
- - Example: --<emie> - <domain exclude="true">fabrikam.com - <path forceCompatView="true">/products</path> - </domain> -</emie> -Where https://fabrikam.com does not use Enterprise Mode, but https://fabrikam.com/products uses IE7 Enterprise Mode. |
-Internet Explorer 11 | -
<emie>
<domain exclude="false">fabrikam.com
<path exclude="true">/products</path>
</domain>
</emie>
Where [https://fabrikam.com](https://fabrikam.com) doesn't use IE8 Enterprise Mode, but [https://fabrikam.com/products](https://fabrikam.com/products) does.|Internet Explorer 11 and Microsoft Edge|
+|docMode|Specifies the document mode to apply. This attribute is only supported on <domain> or <path>elements in the <docMode> section.
**Example**
<docMode>
<domain exclude="false">fabrikam.com
<path docMode="9">/products</path>
</domain>
</docMode>|Internet Explorer 11| +|doNotTransition| Specifies that the page should load in the current browser, otherwise it will open in IE11. This attribute is supported on all <domain> or <path> elements. If this attribute is absent, it defaults to false.
**Example**<emie>
<domain doNotTransition="false">fabrikam.com
<path doNotTransition="true">/products</path>
</domain>
</emie>Where [https://fabrikam.com](https://fabrikam.com) opens in the IE11 browser, but [https://fabrikam.com/products](https://fabrikam.com/products) loads in the current browser (eg. Microsoft Edge)|Internet Explorer 11 and Microsoft Edge| +|forceCompatView|Specifies that the page should load in IE7 document mode (Compat View). This attribute is only supported on <domain> or <path> elements in the <emie> section. If the page is also configured to load in Enterprise Mode, it will load in IE7 Enterprise Mode. Otherwise (exclude="true"), it will load in IE11's IE7 document mode. If this attribute is absent, it defaults to false.
**Example**<emie>
<domain exclude="true">fabrikam.com
<path forcecompatview="true">/products</path>
</domain>
</emie>Where [https://fabrikam.com](https://fabrikam.com) does not use Enterprise Mode, but [https://fabrikam.com/products](https://fabrikam.com/products) uses IE7 Enterprise Mode.|Internet Explorer 11| ### Using Enterprise Mode and document mode together If you want to use both Enterprise Mode and document mode together, you need to be aware that <emie> entries override <docMode> entries for the same domain. diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md index 299c6c093f..825646b237 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md @@ -97,197 +97,31 @@ The following is an example of the v.2 version of the Enterprise Mode schema. ### Updated schema elements This table includes the elements used by the v.2 version of the Enterprise Mode schema. -
| Element | -Description | -Supported browser | -
|---|---|---|
| <site-list> | -A new root node with this text is using the updated v.2 version of the schema. It replaces <rules>.
- Example - -<site-list version="205"> - <site url="contoso.com"> - <compat-mode>IE8Enterprise</compat-mode> - <open-in>IE11</open-in> - </site> -</site-list> |
-Internet Explorer 11 and Microsoft Edge | -
| <site> | -A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element.
- Example - -<site url="contoso.com"> - <compat-mode>default</compat-mode> - <open-in>none</open-in> -</site>--or- - For IPv4 ranges: <site url="10.122.34.99:8080"> - <compat-mode>IE8Enterprise</compat-mode> -<site> --or- - For IPv6 ranges: <site url="[10.122.34.99]:8080"> - <compat-mode>IE8Enterprise</compat-mode> -<site> -You can also use the self-closing version, <url="contoso.com" />, which also sets: -
|
-Internet Explorer 11 and Microsoft Edge | -
| <compat-mode> | -A child element that controls what compatibility setting is used for specific sites or domains. This element is only supported in IE11.
- Example - -<site url="contoso.com"> - <compat-mode>IE8Enterprise</compat-mode> -</site>--or- - For IPv4 ranges: <site url="10.122.34.99:8080"> - <compat-mode>IE8Enterprise</compat-mode> -<site> --or- - For IPv6 ranges: <site url="[10.122.34.99]:8080"> - <compat-mode>IE8Enterprise</compat-mode> -<site> -Where: -
- - - |
-Internet Explorer 11 | -
| <open-in> | -A child element that controls what browser is used for sites. This element supports the Open in IE11 or Open in Microsoft Edge experiences, for devices running Windows 10.
- Example - -<site url="contoso.com"> - <open-in>none</open-in> -</site> -Where: -
- - |
-Internet Explorer 11 and Microsoft Edge | -
<site-list version="205">| Internet Explorer 11 and Microsoft Edge | +|<site> |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element.
<site url="contoso.com">
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
</site-list>
<site url="contoso.com">
<compat-mode>default</compat-mode>
<open-in>none</open-in>
</site>
<site url="10.122.34.99:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
**or** For IPv6 ranges:
<site url="[10.122.34.99]:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
You can also use the self-closing version, <url="contoso.com" />, which also sets:
**or**
<site url="contoso.com">
<compat-mode>IE8Enterprise</compat-mode>
</site>
<site url="10.122.34.99:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
**or** For IPv6 ranges:
<site url="[10.122.34.99]:8080">
<compat-mode>IE8Enterprise</compat-mode>
<site>
Where
**Important**
This tag replaces the combination of the `"forceCompatView"="true"` attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
<site url="contoso.com">
<open-in>none</open-in>
</site>
Where
| Attribute | -Description | -Supported browser | -
|---|---|---|
| allow-redirect | -A boolean attribute of the <open-in> element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser).
- Example - -<site url="contoso.com/travel"> - <open-in allow-redirect="true">IE11</open-in> -</site>-In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer. |
-Internet Explorer 11 and Microsoft Edge | -
| version | -Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element. | -Internet Explorer 11 and Microsoft Edge | -
| url | -Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
- Note -Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both http://contoso.com and https://contoso.com. - Example - -<site url="contoso.com:8080"> - <compat-mode>IE8Enterprise</compat-mode> - <open-in>IE11</open-in> -</site>-In this example, going to https://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode. |
-Internet Explorer 11 and Microsoft Edge | -
<site url="contoso.com/travel">In this example, if [https://contoso.com/travel](https://contoso.com/travel) is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.
<open-in allow-redirect="true">IE11 </open-in>
</site>
<site url="contoso.com:8080">In this example, going to [https://contoso.com:8080](https://contoso.com:8080) using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode. | Internet Explorer 11 and Microsoft Edge| ### Deprecated attributes These v.1 version schema attributes have been deprecated in the v.2 version of the schema: -
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
| Deprecated element/attribute | -New element | -Replacement example | -
|---|---|---|
| forceCompatView | -<compat-mode> | -Replace forceCompatView="true" with <compat-mode>IE7Enterprise</compat-mode> | -
| docMode | -<compat-mode> | -Replace docMode="IE5" with <compat-mode>IE5</compat-mode> | -
| doNotTransition | -<open-in> | -Replace doNotTransition="true" with <open-in>none</open-in> | -
| <domain> and <path> | -<site> | -Replace:
--<emie> - <domain>contoso.com</domain> -</emie>-With: - -<site url="contoso.com"/> - <compat-mode>IE8Enterprise</compat-mode> - <open-in>IE11</open-in> -</site>--AND- -Replace: - -<emie> - <domain exclude="true" doNotTransition="true"> - contoso.com - <path forceCompatView="true">/about</path> - </domain> -</emie>-With: - -<site url="contoso.com/about"> - <compat-mode>IE7Enterprise</compat-mode> - <open-in>IE11</open-in> -</site> |
-
<emie>With:
<domain>contoso.com</domain>
</emie>
<site url="contoso.com"/>**-AND-**
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
<emie>
<domain exclude="true" donotTransition="true">contoso.com
<path forceCompatView="true">/about</path>
</domain>
</emie>
<site url="contoso.com/about">
<compat-mode>IE7Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>| While the old, replaced attributes aren't supported in the v.2 version of the schema, they'll continue to work in the v.1 version of the schema. If, however, you're using the v.2 version of the schema and these attributes are still there, the v.2 version schema takes precedence. We don’t recommend combining the two schemas, and instead recommend that you move to the v.2 version of the schema to take advantage of the new features. diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md index 2fb2324ddc..66569c4674 100644 --- a/education/windows/chromebook-migration-guide.md +++ b/education/windows/chromebook-migration-guide.md @@ -126,96 +126,23 @@ Table 2 lists the settings in the Device Management node in the Google Admin Con Table 2. Settings in the Device Management node in the Google Admin Console -
| Section | -Settings | -
|---|---|
| Network | -These settings configure the network connections for Chromebook devices and include the following settings categories: -
|
-
| Mobile | -These settings configure and manage companion devices (such as smartphones or tablets) that are used in conjunction with the Chromebook devices and include the following settings categories: -
|
-
| Chrome management | -These settings configure and manage companion devices (such as smartphones or tablets) that are used in conjunction with the Chromebook devices and include the following settings categories: -
|
-
These settings configure the network connections for Chromebook devices and include the following settings categories:
| Section | -Settings | -
|---|---|
Basic settings |
-These settings configure password management and whether or not two-factor authentication (2FA) is configured. You can set the minimum password length, the maximum password length, if non-admin users can recover their own passwords, and enable 2FA. -Record these settings and use them to help configure your on-premises Active Directory or Azure Active Directory (Azure AD) to mirror the current behavior of your Chromebook environment. |
-
Password monitoring |
-This section is used to monitor the strength of user passwords. You don’t need to migrate any settings in this section. |
-
API reference |
-This section is used to enable access to various Google Apps Administrative APIs. You don’t need to migrate any settings in this section. |
-
Set up single sign-on (SSO) |
-This section is used to configure SSO for Google web-based apps (such as Google Apps Gmail or Google Apps Calendar). While you don’t need to migrate any settings in this section, you probably will want to configure Azure Active Directory synchronization to replace Google-based SSO. |
-
Advanced settings |
-This section is used to configure administrative access to user data and to configure the Google Secure Data Connector (which allows Google Apps to access data on your local network). You don’t need to migrate any settings in this section. |
-
| If you plan to... | -On-premises AD DS | -Azure AD | -Hybrid | -
|---|---|---|---|
| Use Office 365 | -- | X | -X | -
| Use Intune for management | -- | X | -X | -
| Use Microsoft Endpoint Manager for management | -X | -- | X | -
| Use Group Policy for management | -X | -- | X | -
| Have devices that are domain-joined | -X | -- | X | -
| Allow faculty and students to Bring Your Own Device (BYOD) which are not domain-joined | -- | X | -X | -
| Desired feature | -Windows provisioning packages | -Group Policy | -Configuration Manager | -Intune | -MDT | -Windows Software Update Services | -
|---|---|---|---|---|---|---|
| Deploy operating system images | -X | -- | X | -- | X | -- |
| Deploy apps during operating system deployment | -X | -- | X | -- | X | -- |
| Deploy apps after operating system deployment | -X | -X | -X | -- | - | - |
| Deploy software updates during operating system deployment | -- | - | X | -- | X | -- |
| Deploy software updates after operating system deployment | -X | -X | -X | -X | -- | X | -
| Support devices that are domain-joined | -X | -X | -X | -X | -X | -- |
| Support devices that are not domain-joined | -X | -- | - | X | -X | -- |
| Use on-premises resources | -X | -X | -X | -- | X | -- |
| Use cloud-based services | -- | - | - | X | -- | - |
| Product or technology | -Resources | -
|---|---|
| DHCP | -- |
| DNS | -- |
| Product or technology | -Resources | -
|---|---|
| AD DS | -- |
| Azure AD | -- |
| Management system | -Resources | -
|---|---|
| Windows provisioning packages | -- |
| Group Policy | -- |
| Configuration Manager | -- |
| Intune | -- |
| MDT | -- |
| Management system | -Resources | -
|---|---|
| Group Policy | -- |
| Configuration Manager | -- |
| Intune | -- |
| Method | -Description | -
|---|---|
| MDT | -MDT is an on-premises solution that supports initial operating system deployment and upgrade. You can use MDT to deploy and upgrade Windows 10. In addition, you can initially deploy Windows desktop and Microsoft Store apps and software updates.
The advantages of this method are that: -
The disadvantages of this method are that it: - -
|
-
| Microsoft Endpoint Configuration Manager | -Configuration Manager is an on-premises solution that supports operating system management throughout the entire operating system life cycle. You can use Configuration Manager to deploy and upgrade Windows 10. In addition, you can manage Windows desktop and Microsoft Store apps and software updates as well as provide antivirus and antimalware protection.
The advantages of this method are that: -
The disadvantages of this method are that it: -
|
-
| Method | -Description | -
|---|---|
| Group Policy | -Group Policy is an integral part of AD DS and allows you to specify configuration settings for Windows 10 and previous versions of Windows.
The advantages of this method include: -
The disadvantages of this method are that it: -
|
-
| Intune | -Intune is a cloud-based management system that allows you to specify configuration settings for Windows 10, previous versions of Windows, and other operating systems (such as iOS or Android). Intune is a subscription-based cloud service that integrates with Office 365 and Azure AD.
The advantages of this method are that: -
The disadvantages of this method are that it: -
|
-
| Selection | -Management method | -
|---|---|
| Microsoft Endpoint Configuration Manager | -Configuration Manager is an on-premises solution that allows you to specify configuration settings for Windows 10; previous versions of Windows; and other operating systems, such as iOS or Android, through integration with Intune.
The advantages of this method are that: -
The disadvantages of this method are that it: -
|
-
| Intune | -Intune is a cloud-based solution that allows you to manage apps and software updates for Windows 10, previous versions of Windows, and other operating systems (such as iOS or Android). Intune is a subscription-based cloud service that integrates with Office 365 and Azure AD.
The advantages of this method are that: -
The disadvantages of this method are that it: -
|
-
| Microsoft Endpoint Manager and Intune (hybrid) | -Configuration Manager and Intune together extend Configuration Manager from an on-premises management system for domain-joined devices to a solution that can manage devices regardless of their location and connectivity options. This hybrid option provides the benefits of both Configuration Manager and Intune.
The advantages of this method are that: -
The disadvantages of this method are that it: -
|
-
| Method | -Description and reason to select this method | - -
|---|---|
| Windows Deployment Services | -This method: -
Select this method when you want to deploy Windows over-the-network and perform diskless booting. The advantage of this method is that the diskless media are generic and typically don’t require updates after you create them (LTI and ZTI access the centrally located deployment content over the network). The disadvantage of this method is that over-the-network deployments are slower than deployments from local media, and you must deploy a Windows Deployment Services server. - |
-
| Bootable media | -This method: -
Select this method when you want to deploy Windows over the network and are willing to boot the target device from local media. The advantage of this method is that the media are generic and typically don’t require updates after you create them (LTI and ZTI access the centrally located deployment content over the network). The disadvantage of this method is that over-the-network deployments are slower than deployment from local media. - |
-
| Deployment media | -This method: -
Select this method when you want to perform local deployments and are willing to boot the target device from a local USB hard disk. The advantage of this method is that local deployments are faster than over-the-network deployments. The disadvantage of this method is that each time you change the deployment share or distribution point content, you must regenerate the deployment media and update the USB hard disk. - |
-
| Task | -Description | - -
|---|---|
| 1. Import operating systems | -Import the operating systems that you selected in the Select the operating systems section into the deployment share. For more information about how to import operating systems, see Import an Operating System into the Deployment Workbench. | -
| 2. Import device drivers | -Device drivers allow Windows 10 to know a device’s hardware resources and connected hardware accessories. Without the proper device drivers, certain features may be unavailable. For example, without the proper audio driver, a device cannot play sounds; without the proper camera driver, the device cannot take photos or use video chat. -Import device drivers for each device in your institution. For more information about how to import device drivers, see Import Device Drivers into the Deployment Workbench. - |
-
| 3. Create MDT applications for Microsoft Store apps | -Create an MDT application for each Microsoft Store app you want to deploy. You can deploy Microsoft Store apps by using sideloading, which allows you to use the Add-AppxPackage Windows PowerShell cmdlet to deploy the .appx files associated with the app (called provisioned apps). Use this method to deploy up to 24 apps to Windows 10. - Prior to sideloading the .appx files, obtain the Microsoft Store .appx files that you will use to deploy (sideload) the apps in your provisioning package. For apps in Microsoft Store, you will need to obtain the .appx files by performing one of the following tasks: -
If you are unable to obtain the .appx files from the app software vendor, then you or the students will need to install the apps on the student devices directly from Microsoft Store or Microsoft Store for Business. -If you have Intune or Microsoft Endpoint Configuration Manager, you can deploy Microsoft Store apps after you deploy Windows 10, as described in the Deploy and manage apps by using Intune and Deploy and manage apps by using Microsoft Endpoint Configuration Manager sections. This method provides granular deployment of Microsoft Store apps, and you can use it for ongoing management of Microsoft Store apps. This is the preferred method of deploying and managing Microsoft Store apps. -In addition, you must prepare your environment for sideloading Microsoft Store apps. For more information about how to: -
|
-
| 4. Create MDT applications for Windows desktop apps | -You need to create an MDT application for each Windows desktop app you want to deploy. You can obtain the Windows desktop apps from any source, but ensure that you have sufficient licenses for them. -To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool. -If you have Intune, you can deploy Windows desktop apps after you deploy Windows 10, as described in the Deploy and manage apps by using Intune section. This method provides granular deployment of Windows desktop apps, and you can use it for ongoing management of the apps. This is the preferred method for deploying and managing Windows desktop apps. - -Note You can also deploy Windows desktop apps after you deploy Windows 10, as described in the Deploy and manage apps by using Intune section. - -For more information about how to create an MDT application for Window desktop apps, see [Create a New Application in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt). - - |
-
| 5. Create task sequences | -You must create separate task sequences for each Windows 10 edition, processor architecture, operating system upgrade process, and new operating system deployment process. Minimally, create a task sequence for each Windows 10 operating system you imported in step 1—for example, (1) if you want to deploy Windows 10 Education to new devices or refresh existing devices with a new deployment of Windows 10 Education, (2) if you want to upgrade existing devices running Windows 8.1 or Windows 7 to Windows 10 Education, or (3) if you want to run deployments and upgrades for both 32-bit and 64-bit versions of Windows 10. To do so, you must create task sequences that will: -
Again, you will create the task sequences based on the operating systems that you imported in step 1. For more information about how to create a task sequence, see Create a New Task Sequence in the Deployment Workbench. - - |
-
| 6. Update the deployment share | -Updating a deployment share generates the MDT boot images you use to initiate the Windows 10 deployment process. You can configure the process to create 32-bit and 64-bit versions of the .iso and .wim files you can use to create bootable media or in Windows Deployment Services. -For more information about how to update a deployment share, see Update a Deployment Share in the Deployment Workbench. - - |
-
| Recommendation | -Description | - -
|---|---|
| Use of Microsoft accounts | -You want faculty and students to use only Azure AD accounts for institution-owned devices. For these devices, do not use Microsoft accounts or associate a Microsoft account with the Azure AD accounts. - -**Note** Personal devices typically use Microsoft accounts. Faculty and students can associate their Microsoft account with their Azure AD account on these devices. -**Group Policy.** Configure the [Accounts: Block Microsoft accounts](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj966262(v=ws.11)) Group Policy setting to use the **Users can’t add Microsoft accounts** setting option. -**Intune.** To enable or disable the use of Microsoft accounts, use the **Allow Microsoft account**, **Allow adding non-Microsoft accounts manually**, and **Allow settings synchronization for Microsoft accounts** policy settings under the **Accounts and Synchronization** section of a **Windows 10 General Configuration** policy. - - |
-
| Restrict the local administrator accounts on the devices | -Ensure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices. -Group Policy. Create a Local Group Group Policy preference to limit the local administrators group membership. Select the Delete all member users and Delete all member groups check boxes to remove any existing members. For more information about how to configure Local Group preferences, see Configure a Local Group Item. -Intune. Not available. - - |
-
| Manage the built-in administrator account created during device deployment | -When you use MDT to deploy Windows 10, the MDT deployment process automatically creates a local Administrator account with the password you specified. As a security best practice, rename the built-in Administrator account and (optionally) disable it. -Group Policy. To rename the built-in Administrator account, use the Accounts: Rename administrator account Group Policy setting. For more information about how to rename the built-in Administrator account, see To rename the Administrator account using the Group Policy Management Console. You specify the new name for the Administrator account. To disable the built-in Administrator account, use the Accounts: Administrator account status Group Policy setting. For more information about how to disable the built-in Administrator account, see Accounts: Administrator account status. -Intune. Not available. - - |
-
| Control Microsoft Store access | -You can control access to Microsoft Store and whether existing Microsoft Store apps receive updates. You can only disable the Microsoft Store app in Windows 10 Education and Windows 10 Enterprise. -Group Policy. To disable the Microsoft Store app, use the Turn off the Store Application group policy setting. To prevent Microsoft Store apps from receiving updates, use the Turn off Automatic Download and Install of updates Group Policy setting. For more information about configuring these settings, see Can I use Group Policy to control the Microsoft Store in my enterprise environment?. -Intune. To enable or disable Microsoft Store access, use the Allow application store policy setting in the Apps section of a Windows 10 General Configuration policy. - - |
-
| Use of Remote Desktop connections to devices | -Remote Desktop connections could allow unauthorized access to the device. Depending on your institution’s policies, you may want to disable Remote Desktop connections on your devices. -Group Policy. To enable or disable Remote Desktop connections to devices, use the Allow Users to connect remotely using Remote Desktop setting in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections. -Intune. Not available. - - |
-
| Use of camera | -A device’s camera can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the camera on your devices. -Group Policy. Not available. -Intune. To enable or disable the camera, use the Allow camera policy setting in the Hardware section of a Windows 10 General Configuration policy. - - |
-
| Use of audio recording | -Audio recording (by using the Sound Recorder app) can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the Sound Recorder app on your devices. -Group Policy. To disable the Sound Recorder app, use the Do not allow Sound Recorder to run Group Policy setting. You can disable other audio recording apps by using AppLocker policies. To create AppLocker policies, use the information in Editing an AppLocker Policy and Create Your AppLocker Policies. -Intune. To enable or disable audio recording, use the Allow voice recording policy setting in the Features section of a Windows 10 General Configuration policy. - - |
-
| Use of screen capture | -Screen captures can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the ability to perform screen captures on your devices. -Group Policy. Not available. -Intune. To enable or disable screen capture, use the Allow screen capture policy setting in the System section of a Windows 10 General Configuration policy. - - |
-
| Use of location services | -Providing a device’s location can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the location service on your devices. -Group Policy. To enable or disable location services, use the Turn off location group policy setting in User Configuration\Windows Components\Location and Sensors. -Intune. To enable or disable location services, use the Allow geolocation policy setting in the Hardware section of a Windows 10 General Configuration policy. - - |
-
| Changing wallpaper | -Custom wallpapers can be a source of disclosure or privacy issues in an education environment (if the wallpaper displays information about the user or device). Depending on your institution’s policies, you may want to prevent users from changing the wallpaper on institution-owned devices. -Group Policy. To configure the wallpaper, use the Desktop WallPaper setting in User Configuration\Administrative Templates\Desktop\Desktop. -Intune. Not available. - - |
-
| Task and resources | -Monthly | -New semester or academic year | -As required | -
|---|---|---|---|
| Verify that Windows Update is active and current with operating system and software updates. -For more information about completing this task when you have: -
|
-x | -x | -x | -
| Verify that Windows Defender is active and current with malware Security intelligence. -For more information about completing this task, see Turn Windows Defender on or off and Updating Windows Defender. - |
-x | -x | -x | -
| Verify that Windows Defender has run a scan in the past week and that no viruses or malware were found. -For more information about completing this task, see the “How do I find and remove a virus?” topic in Protect my PC from viruses. - |
-x | -x | -x | -
| Download and approve updates for Windows 10, apps, device driver, and other software. -For more information, see: - - |
-x | -x | -x | -
| Verify that you’re using the appropriate Windows 10 servicing options for updates and upgrades (such as selecting whether you want to use Current Branch or Current Branch for Business). -For more information about Windows 10 servicing options for updates and upgrades, see Windows 10 servicing options. - |
-- | x | -x | -
| Refresh the operating system and apps on devices. -For more information about completing this task, see the following resources: - - |
-- | x | -x | -
| Install any new Windows desktop apps, or update any Windows desktop apps used in the curriculum. -For more information, see: - - |
-- | x | -x | -
| Install new or update existing Microsoft Store apps used in the curriculum. -Microsoft Store apps are automatically updated from Microsoft Store. The menu bar in the Microsoft Store app shows whether any Microsoft Store app updates are available for download. -You can also deploy Microsoft Store apps directly to devices by using Intune, Microsoft Endpoint Configuration Manager, or both in a hybrid configuration. For more information, see: - - |
-- | x | -x | -
| Remove unnecessary user accounts (and corresponding licenses) from AD DS and Office 365 (if you have an on-premises AD DS infrastructure). -For more information about how to: -
|
-- | x | -x | -
| Add new accounts (and corresponding licenses) to AD DS (if you have an on-premises AD DS infrastructure). -For more information about how to: -
|
-- | x | -x | -
| Remove unnecessary user accounts (and corresponding licenses) from Office 365 (if you do not have an on-premises AD DS infrastructure). -For more information about how to: -
|
-- | x | -x | -
| Add new accounts (and corresponding licenses) to Office 365 (if you don’t have an on-premises AD DS infrastructure). -For more information about how to: -
|
-- | x | -x | -
| Create or modify security groups, and manage group membership in Office 365. -For more information about how to: -
|
-- | x | -x | -
| Create or modify Exchange Online or Microsoft Exchange Server distribution lists in Office 365. -For more information about how to create or modify Exchange Online or Exchange Server distribution lists in Office 365, see Create and manage distribution groups and Create, edit, or delete a security group. - |
-- | x | -x | -
| Install new student devices. -Follow the same steps you followed in the Deploy Windows 10 to devices section. - |
-- | - | x | -
| Supports all free and paid products | -|||
|---|---|---|---|
-
|
-
-
|
-
-
|
-
-
|
-
| Setting | -Description | -
|---|---|
ReportingEnabled |
- Enables the client to return information to a reporting server. This setting is required for the client to collect the reporting data on the client. |
-
ReportingServerURL |
- Specifies the location on the reporting server where client information is saved. For example, https://<reportingservername>:<reportingportnumber>. -
- Note
- This is the port number that was assigned during the Reporting Server setup -
-
- |
-
Reporting Start Time |
- This is set to schedule the client to automatically send the data to the server. This setting will indicate the hour at which the reporting data will start to send. It is in the 24 hour format and will take a number between 0-23. |
-
ReportingRandomDelay |
- Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and ReportingRandomDelay and will wait the specified duration before sending data. |
-
ReportingInterval |
- Specifies the retry interval that the client will use to resend data to the reporting server. |
-
ReportingDataCacheLimit |
- Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. |
-
ReportingDataBlockSize |
- Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. |
-
| Cmdlet | -Examples | -
|---|---|
Enable-AppVClientConnectionGroup |
- Enable-AppVClientConnectionGroup "ConnectionGroupA" -UserSID S-1-2-34-56789012-3456789012-345678901-2345 |
-
Disable-AppVClientConnectionGroup |
- Disable-AppVClientConnectionGroup "ConnectionGroupA" -UserSID S-1-2-34-56789012-3456789012-345678901-2345 |
-
| Cmdlet | -Parameter and values | -Example | -
|---|---|---|
Set-AppvClientConfiguration |
- -RequirePublishAsAdmin -
|
- Set-AppvClientConfiguration -RequirePublishAsAdmin 1 |
-
| - | Describes the connection group virtual environment. |
-
| - | Describes the connection group file. |
-
| - | Explains how to create a new connection group. |
-
How to Create a Connection Group with User-Published and Globally Published Packages |
-Explains how to create a new connection group that contains a mix of packages that are published to the user and published globally. |
-
| - | Explains how to delete a connection group. |
-
| - | Explains how to publish a connection group. |
-
| - | Explains how to configure a connection group to accept any version of a package, which simplifies package upgrades and reduces the number of connection groups you need to create. |
-
How to Allow Only Administrators to Enable Connection Groups |
-Explains how to configure the App-V client so that only administrators (not end users) can enable or disable connection groups. |
-
| New in App-V for Windows client | -Prior to App-V for Windows 10 | -
|---|---|
New .xml files are created corresponding to the .osd files associated with a package; these files include the following information: -
You can now choose to add information from a subset of the .osd files in the source directory to the package using the |
-Registry information and scripts included in .osd files associated with a package were not included in package converter output. -The package converter would populate the new package with information from all of the .osd files in the source directory. |
-
| These Source directory files… | -…are converted to these Destination directory files… | -…and will contain these items | -Description | -
|---|---|---|---|
|
-
|
-
|
-Each .osd file is converted to a separate, corresponding .xml file that contains the items listed here in App-V deployment configuration format. These items can then be copied from these .xml files and placed in the deployment configuration or user configuration files as desired. -In this example, there are three .xml files, corresponding with the three .osd files in the source directory. Each .xml file contains the environment variables, shortcuts, file type associations, registry information, and scripts in its corresponding .osd file. |
-
|
-
|
-
|
-The information from the .osd files specified in the In this example, environment variables, shortcuts, and file type associations included in X.osd and Y.osd were converted and placed in the App-V package, and some of this information was also included in the deployment configuration and user configuration files. X.osd and Y.osd were used because they were included as arguments to the |
-
| Issue | -Workaround | -
|---|---|
Virtual packages using DSC are not linked after conversion. |
-Link the packages using connection groups. See Managing Connection Groups. |
-
Environment variable conflicts are detected during conversion. |
-Resolve any conflicts in the associated .osd file. |
-
Hard-coded paths are detected during conversion. |
-Hard-coded paths are difficult to convert correctly. The package converter will detect and return packages with files that contain hard-coded paths. View the file with the hard-coded path, and determine whether the package requires the file. If so, it is recommended to re-sequence the package. |
-
| Task | -More Information | -
|---|---|
Review prerequisites. |
-- |
Enable the App-V client. |
-- |
Install App-V Server. |
-- |
Migrate existing packages. |
-See Converting packages created using a prior version of App-V earlier in this topic. |
-
The data type is boolean. Supported operation is Get and Replace. **InBoxApps/Welcome/CurrentBackgroundPath** -
Download location for image to be used as the background during user sessions and on the welcome screen. To set this, specify an https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image. +
Download location for image to be used as the background during user sessions and on the welcome screen. To set this, specify an https URL to a 32-bit PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.
The data type is string. Supported operation is Get and Replace. diff --git a/windows/configuration/wcd/wcd-accountmanagement.md b/windows/configuration/wcd/wcd-accountmanagement.md index b565989431..8d4bfbfc06 100644 --- a/windows/configuration/wcd/wcd-accountmanagement.md +++ b/windows/configuration/wcd/wcd-accountmanagement.md @@ -19,13 +19,13 @@ Use these settings to configure the Account Manager service. ## Applies to -| Settings | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [DeletionPolicy](#deletionpolicy) | | | | ✔️ | | -| [EnableProfileManager](#enableprofilemanager) | | | | ✔️ | | -| [ProfileInactivityThreshold](#profileinactivitythreshold) | | | | ✔️ | | -| [StorageCapacityStartDeletion](#storagecapacitystartdeletion) | | | | ✔️ | | -| [StorageCapacityStopDeletion](#storagecapacitystopdeletion) | | | | ✔️ | | +| Settings | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [DeletionPolicy](#deletionpolicy) | | | ✔️ | | +| [EnableProfileManager](#enableprofilemanager) | | | ✔️ | | +| [ProfileInactivityThreshold](#profileinactivitythreshold) | | | ✔️ | | +| [StorageCapacityStartDeletion](#storagecapacitystartdeletion) | | | ✔️ | | +| [StorageCapacityStopDeletion](#storagecapacitystopdeletion) | | | ✔️ | | >[!NOTE] >Although the AccountManagement settings are available in advanced provisioning for other editions, you should only use them for HoloLens devices. diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md index f5ef92247d..a6462788e1 100644 --- a/windows/configuration/wcd/wcd-accounts.md +++ b/windows/configuration/wcd/wcd-accounts.md @@ -19,7 +19,7 @@ Use these settings to join a device to an Active Directory domain or an Azure Ac ## Applies to -| Setting groups | Desktop editions | Surface Hub | HoloLens | IoT Core | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | | --- | :---: | :---: | :---: | :---: | | [Azure](#azure) | ✔️ | ✔️ | ✔️ | | | [ComputerAccount](#computeraccount) | ✔️ | ✔️ | | ✔️ | diff --git a/windows/configuration/wcd/wcd-admxingestion.md b/windows/configuration/wcd/wcd-admxingestion.md index 4f78a97183..1116a54650 100644 --- a/windows/configuration/wcd/wcd-admxingestion.md +++ b/windows/configuration/wcd/wcd-admxingestion.md @@ -26,10 +26,10 @@ Starting in Windows 10, version 1703, you can import (*ingest*) select Group Pol ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [ConfigADMXInstalledPolicy](#configadmxinstalledpolicy) | ✔️ | | | | | -| [ConfigOperations](#configoperations) | ✔️ | | | | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [ConfigADMXInstalledPolicy](#configadmxinstalledpolicy) | ✔️ | | | | +| [ConfigOperations](#configoperations) | ✔️ | | | | ## ConfigADMXInstalledPolicy diff --git a/windows/configuration/wcd/wcd-assignedaccess.md b/windows/configuration/wcd/wcd-assignedaccess.md index af094faef4..36eb055038 100644 --- a/windows/configuration/wcd/wcd-assignedaccess.md +++ b/windows/configuration/wcd/wcd-assignedaccess.md @@ -19,10 +19,10 @@ Use this setting to configure single use (kiosk) devices. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [AssignedAccessSettings](#assignedaccesssettings) | ✔️ | | | ✔️ | | -| [MultiAppAssignedAccessSettings](#multiappassignedaccesssettings) | ✔️ | | | ✔️ | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [AssignedAccessSettings](#assignedaccesssettings) | ✔️ | | ✔️ | | +| [MultiAppAssignedAccessSettings](#multiappassignedaccesssettings) | ✔️ | | ✔️ | | ## AssignedAccessSettings diff --git a/windows/configuration/wcd/wcd-browser.md b/windows/configuration/wcd/wcd-browser.md index f9b61ff048..3b57376dae 100644 --- a/windows/configuration/wcd/wcd-browser.md +++ b/windows/configuration/wcd/wcd-browser.md @@ -19,13 +19,13 @@ Use to configure browser settings that should only be set by OEMs who are part o ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [AllowPrelaunch](#allowprelaunch) | | | ✔️ | | | -| [FavoriteBarItems](#favoritebaritems) | ✔️ | | | | | -| [Favorites](#favorites) | | ✔️ | | | | -| [PartnerSearchCode](#partnersearchcode) | ✔️ | ✔️ | ✔️ | | | -| [SearchProviders](#searchproviders) | | ✔️ | | | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [AllowPrelaunch](#allowprelaunch) | | ✔️ | | | +| [FavoriteBarItems](#favoritebaritems) | ✔️ | | | | +| [Favorites](#favorites) | | | | | +| [PartnerSearchCode](#partnersearchcode) | ✔️ | ✔️ | | | +| [SearchProviders](#searchproviders) | | | | | ## AllowPrelaunch diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md index e7c8301aa9..56d5c63695 100644 --- a/windows/configuration/wcd/wcd-cellcore.md +++ b/windows/configuration/wcd/wcd-cellcore.md @@ -24,26 +24,26 @@ Use to configure settings for cellular data. ## Applies to - Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core - --- | :---: | :---: | :---: | :---: | :---: - PerDevice: [CellConfigurations](#cellconfigurations) | | ✔️ | | | | - PerDevice: [CellData](#celldata) | ✔️ | ✔️ | ✔️ | | - PerDevice: [CellUX](#cellux) | ✔️ | ✔️ | ✔️ | | - PerDevice: [CGDual](#cgdual) | | ✔️ | | | - PerDevice: [eSim](#esim) | ✔️ | ✔️ | ✔️ | | - PerDevice: [External](#external) | | ✔️ | | | - PerDevice: [General](#general) | | ✔️ | | | - PerDevice: [RCS](#rcs) | | ✔️ | | | - PerDevice: [SMS](#sms) | ✔️ | ✔️ | ✔️ | | - PerDevice: [UIX](#uix) | | ✔️ | | | - PerDevice: [UTK](#utk) | | ✔️ | | | - PerlMSI: [CellData](#celldata2) | | ✔️ | | | - PerIMSI: [CellUX](#cellux2) | | ✔️ | | | - PerIMSI: [General](#general2) | | ✔️ | | | - PerIMSI: [RCS](#rcs2) | | ✔️ | | | - PerIMSI: [SMS](#sms2) | ✔️ | ✔️ | ✔️ | | - PerIMSI: [UTK](#utk2) | | ✔️ | | | - PerIMSI: [VoLTE](#volte) | | ✔️ | | | + Setting groups | Windows client | Surface Hub | HoloLens | IoT Core + --- | :---: | :---: | :---: | :---: + PerDevice: [CellConfigurations](#cellconfigurations) | | | | | + PerDevice: [CellData](#celldata) | ✔️ | ✔️ | | + PerDevice: [CellUX](#cellux) | ✔️ | ✔️ | | + PerDevice: [CGDual](#cgdual) | | | | + PerDevice: [eSim](#esim) | ✔️ | ✔️ | | + PerDevice: [External](#external) | | | | + PerDevice: [General](#general) | | | | + PerDevice: [RCS](#rcs) | | | | + PerDevice: [SMS](#sms) | ✔️ | ✔️ | | + PerDevice: [UIX](#uix) | | | | + PerDevice: [UTK](#utk) | | | | + PerlMSI: [CellData](#celldata2) | | | | + PerIMSI: [CellUX](#cellux2) | | | | + PerIMSI: [General](#general2) | | | | + PerIMSI: [RCS](#rcs2) | | | | + PerIMSI: [SMS](#sms2) | ✔️ | ✔️ | | + PerIMSI: [UTK](#utk2) | | | | + PerIMSI: [VoLTE](#volte) | | | | ## PerDevice diff --git a/windows/configuration/wcd/wcd-cellular.md b/windows/configuration/wcd/wcd-cellular.md index 323e7faf03..825f43c4c2 100644 --- a/windows/configuration/wcd/wcd-cellular.md +++ b/windows/configuration/wcd/wcd-cellular.md @@ -21,9 +21,9 @@ Use to configure settings for cellular connections. ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | | | | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | | | | ## PerDevice diff --git a/windows/configuration/wcd/wcd-certificates.md b/windows/configuration/wcd/wcd-certificates.md index a30bcdeadc..ca41ffe27e 100644 --- a/windows/configuration/wcd/wcd-certificates.md +++ b/windows/configuration/wcd/wcd-certificates.md @@ -25,9 +25,9 @@ Use to deploy Root Certificate Authority (CA) certificates to devices. The follo ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All setting groups | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All setting groups | ✔️ | ✔️ | ✔️ | ✔️ | ## CACertificates diff --git a/windows/configuration/wcd/wcd-cleanpc.md b/windows/configuration/wcd/wcd-cleanpc.md index 0f31ecac6f..32bdc154b2 100644 --- a/windows/configuration/wcd/wcd-cleanpc.md +++ b/windows/configuration/wcd/wcd-cleanpc.md @@ -19,10 +19,10 @@ Use to remove user-installed and pre-installed applications, with the option to ## Applies to -| Settings | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| CleanPCRetainingUserData | ✔️ | | | | | -| CleanPCWithoutRetainingUserData | ✔️ | | | | | +| Settings | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| CleanPCRetainingUserData | ✔️ | | | | +| CleanPCWithoutRetainingUserData | ✔️ | | | | For each setting, the options are **Enable** and **Not configured**. diff --git a/windows/configuration/wcd/wcd-connections.md b/windows/configuration/wcd/wcd-connections.md index 8dc2911a9b..5c59173b68 100644 --- a/windows/configuration/wcd/wcd-connections.md +++ b/windows/configuration/wcd/wcd-connections.md @@ -19,9 +19,9 @@ Use to configure settings related to various types of phone connections. ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | ✔️ | ✔️ | | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | ✔️ | | | For each setting group: diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md index 2fdfe8372f..33b7de451b 100644 --- a/windows/configuration/wcd/wcd-connectivityprofiles.md +++ b/windows/configuration/wcd/wcd-connectivityprofiles.md @@ -19,14 +19,14 @@ Use to configure profiles that a user will connect with, such as an email accoun ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [Email](#email) | ✔️ | ✔️ | ✔️ | | | -| [Exchange](#exchange) | ✔️ | ✔️ | ✔️ | | | -| [KnownAccounts](#knownaccounts) | ✔️ | ✔️ | ✔️ | | | -| [VPN](#vpn) | ✔️ | ✔️ | ✔️ | ✔️ | | -| [WiFiSense](#wifisense) | ✔️ | ✔️ | ✔️ | | | -| [WLAN](#wlan) | ✔️ | ✔️ | ✔️ | ✔️ | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [Email](#email) | ✔️ | ✔️ | | | +| [Exchange](#exchange) | ✔️ | ✔️ | | | +| [KnownAccounts](#knownaccounts) | ✔️ | ✔️ | | | +| [VPN](#vpn) | ✔️ | ✔️ | ✔️ | | +| [WiFiSense](#wifisense) | ✔️ | ✔️ | | | +| [WLAN](#wlan) | ✔️ | ✔️ | ✔️ | | ## Email diff --git a/windows/configuration/wcd/wcd-countryandregion.md b/windows/configuration/wcd/wcd-countryandregion.md index e8cf5a0b37..81597e49d4 100644 --- a/windows/configuration/wcd/wcd-countryandregion.md +++ b/windows/configuration/wcd/wcd-countryandregion.md @@ -19,8 +19,8 @@ Use to configure a setting that partners must customize to ship Windows devices ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| CountryCodeForExtendedCapabilityPrompts | ✔️ | ✔️ | ✔️ | | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| CountryCodeForExtendedCapabilityPrompts | ✔️ | ✔️ | | | You can set the **CountryCodeForExtendedCapabilityPrompts** setting for **China** to enable additional capability prompts when apps use privacy-sensitive features (such as Contacts or Microphone). diff --git a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md index 464d3c8163..e18abe6ad1 100644 --- a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md +++ b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md @@ -19,7 +19,7 @@ Do not use. Instead, use the [Personalization settings](wcd-personalization.md). ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | | | | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | | | | diff --git a/windows/configuration/wcd/wcd-developersetup.md b/windows/configuration/wcd/wcd-developersetup.md index 666109a375..eee860859f 100644 --- a/windows/configuration/wcd/wcd-developersetup.md +++ b/windows/configuration/wcd/wcd-developersetup.md @@ -19,22 +19,20 @@ Use to unlock developer mode on HoloLens devices and configure authentication to ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [EnableDeveloperMode](#enabledevelopermode) | | | | ✔️ | | -| [AuthenticationMode](#authenticationmode) | | | | ✔️ | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [EnableDeveloperMode](#developersetupsettings-enabledevelopermode) | | | ✔️ | | +| [AuthenticationMode](#windowsdeviceportalsettings-authentication-mode) | | | ✔️ | | - ## DeveloperSetupSettings: EnableDeveloperMode When this setting is configured as **True**, the device is unlocked for developer functionality. - ## WindowsDevicePortalSettings: Authentication Mode When AuthenticationMode is set to **Basic Auth**, enter a user name and password to enable the device to connect to and authenticate with the Windows Device Portal. ## Related topics -- [Device Portal for HoloLens](/windows/uwp/debug-test-perf/device-portal-hololens) \ No newline at end of file +- [Device Portal for HoloLens](/windows/uwp/debug-test-perf/device-portal-hololens) diff --git a/windows/configuration/wcd/wcd-deviceformfactor.md b/windows/configuration/wcd/wcd-deviceformfactor.md index fc86909bc1..b233406d79 100644 --- a/windows/configuration/wcd/wcd-deviceformfactor.md +++ b/windows/configuration/wcd/wcd-deviceformfactor.md @@ -19,9 +19,9 @@ Use to identify the form factor of the device. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| DeviceForm | ✔️ | ✔️ | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| DeviceForm | ✔️ | ✔️ | | | Specifies the device form factor running Windows 10. Generally, the device form is set by the original equipment manufacturer (OEM), however you might want to change the device form based on its usage in your organization. diff --git a/windows/configuration/wcd/wcd-devicemanagement.md b/windows/configuration/wcd/wcd-devicemanagement.md index 236416cf96..bb1692d17e 100644 --- a/windows/configuration/wcd/wcd-devicemanagement.md +++ b/windows/configuration/wcd/wcd-devicemanagement.md @@ -19,12 +19,12 @@ Use to configure device management settings. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [Accounts](#accounts) | ✔️ | ✔️ | ✔️ | | | -| [PGList](#pglist) | ✔️ | ✔️ | ✔️ | | | -| [Policies](#policies) | ✔️ | ✔️ | ✔️ | | | -| [TrustedProvisioningSource](#trustedprovisioningsource) | ✔️ | ✔️ | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [Accounts](#accounts) | ✔️ | ✔️ | | | +| [PGList](#pglist) | ✔️ | ✔️ | | | +| [Policies](#policies) | ✔️ | ✔️ | | | +| [TrustedProvisioningSource](#trustedprovisioningsource) | ✔️ | ✔️ | | | ## Accounts diff --git a/windows/configuration/wcd/wcd-deviceupdatecenter.md b/windows/configuration/wcd/wcd-deviceupdatecenter.md index 3dfa2d7fe2..e72df83e2d 100644 --- a/windows/configuration/wcd/wcd-deviceupdatecenter.md +++ b/windows/configuration/wcd/wcd-deviceupdatecenter.md @@ -17,7 +17,7 @@ Do not use **DeviceUpdateCenter** settings at this time. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | | | | diff --git a/windows/configuration/wcd/wcd-dmclient.md b/windows/configuration/wcd/wcd-dmclient.md index 39949ed4c4..31d0ed7b8c 100644 --- a/windows/configuration/wcd/wcd-dmclient.md +++ b/windows/configuration/wcd/wcd-dmclient.md @@ -19,9 +19,9 @@ Use to specify enterprise-specific mobile device management configuration settin ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| UpdateManagementServiceAddress | ✔️ | ✔️ | ✔️ | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| UpdateManagementServiceAddress | ✔️ | ✔️ | | ✔️ | For the **UpdateManagementServiceAddress** setting, enter a list of servers. The first server in the semi-colon delimited list is the server that will be used to instantiate MDM sessions. diff --git a/windows/configuration/wcd/wcd-editionupgrade.md b/windows/configuration/wcd/wcd-editionupgrade.md index 79e2667cb2..aaa3c9a10e 100644 --- a/windows/configuration/wcd/wcd-editionupgrade.md +++ b/windows/configuration/wcd/wcd-editionupgrade.md @@ -19,11 +19,11 @@ Use to upgrade the edition of Windows 10 on the device. [Learn about Windows 10 ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [ChangeProductKey](#changeproductkey) | ✔️ | ✔️ | | | | -| [UpgradeEditionWithLicense](#upgradeeditionwithlicense) | ✔️ | ✔️ | | ✔️ | | -| [UpgradeEditionWithProductKey](#upgradeeditionwithproductkey) | ✔️ | ✔️ | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [ChangeProductKey](#changeproductkey) | ✔️ | | | | +| [UpgradeEditionWithLicense](#upgradeeditionwithlicense) | ✔️ | | ✔️ | | +| [UpgradeEditionWithProductKey](#upgradeeditionwithproductkey) | ✔️ | | | | ## ChangeProductKey diff --git a/windows/configuration/wcd/wcd-firewallconfiguration.md b/windows/configuration/wcd/wcd-firewallconfiguration.md index 4bc834f3ac..cd505cda87 100644 --- a/windows/configuration/wcd/wcd-firewallconfiguration.md +++ b/windows/configuration/wcd/wcd-firewallconfiguration.md @@ -19,9 +19,9 @@ Use to enable AllJoyn router to work on public networks. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| EnableAllJoynOnPublicNetwork | | | | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| EnableAllJoynOnPublicNetwork | | | | ✔️ | Set to **True** or **False**. diff --git a/windows/configuration/wcd/wcd-firstexperience.md b/windows/configuration/wcd/wcd-firstexperience.md index 0561b8d3f4..a854a53a49 100644 --- a/windows/configuration/wcd/wcd-firstexperience.md +++ b/windows/configuration/wcd/wcd-firstexperience.md @@ -19,9 +19,9 @@ Use these settings to configure the out-of-box experience (OOBE) to set up HoloL ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | | | | ✔️ | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | | | ✔️ | | Setting | Description --- | --- diff --git a/windows/configuration/wcd/wcd-folders.md b/windows/configuration/wcd/wcd-folders.md index cc594611bc..1eab5f086b 100644 --- a/windows/configuration/wcd/wcd-folders.md +++ b/windows/configuration/wcd/wcd-folders.md @@ -19,8 +19,8 @@ Use to add files to the device. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| PublicDocuments | ✔️ | ✔️ | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| PublicDocuments | ✔️ | ✔️ | | | Browse to and select a file or files that will be included in the provisioning package and added to the public profile documents folder on the target device. You can use the **Relative path to directory on target device** field to create a new folder within the public profile documents folder. diff --git a/windows/configuration/wcd/wcd-kioskbrowser.md b/windows/configuration/wcd/wcd-kioskbrowser.md index 0db1c60a59..b8dc34d1e1 100644 --- a/windows/configuration/wcd/wcd-kioskbrowser.md +++ b/windows/configuration/wcd/wcd-kioskbrowser.md @@ -19,12 +19,12 @@ Use KioskBrowser settings to configure Internet sharing. ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | | | | | ✔️ | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | | | | ✔️ | >[!NOTE] ->To configure Kiosk Browser settings for desktop editions, go to [Policies > KioskBrowser](wcd-policies.md#kioskbrowser). +>To configure Kiosk Browser settings for Windows client, go to [Policies > KioskBrowser](wcd-policies.md#kioskbrowser). Kiosk Browser settings | Use this setting to --- | --- diff --git a/windows/configuration/wcd/wcd-licensing.md b/windows/configuration/wcd/wcd-licensing.md index 98ebd963b2..82adee0181 100644 --- a/windows/configuration/wcd/wcd-licensing.md +++ b/windows/configuration/wcd/wcd-licensing.md @@ -19,10 +19,10 @@ Use for settings related to Microsoft licensing programs. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [AllowWindowsEntitlementReactivation](#allowwindowsentitlementreactivation) | ✔️ | | | | | -| [DisallowKMSClientOnlineAVSValidation](#disallowkmsclientonlineavsvalidation) | ✔️ | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [AllowWindowsEntitlementReactivation](#allowwindowsentitlementreactivation) | ✔️ | | | | +| [DisallowKMSClientOnlineAVSValidation](#disallowkmsclientonlineavsvalidation) | ✔️ | | | | ## AllowWindowsEntitlementReactivation diff --git a/windows/configuration/wcd/wcd-location.md b/windows/configuration/wcd/wcd-location.md index c0617f9b4a..a2989cead5 100644 --- a/windows/configuration/wcd/wcd-location.md +++ b/windows/configuration/wcd/wcd-location.md @@ -18,9 +18,9 @@ Use Location settings to configure location services. ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [EnableLocation](#enablelocation) | | | | | ✔️ | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [EnableLocation](#enablelocation) | | | | ✔️ | ## EnableLocation diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md index b92e27c14e..51aacf0da3 100644 --- a/windows/configuration/wcd/wcd-maps.md +++ b/windows/configuration/wcd/wcd-maps.md @@ -18,11 +18,11 @@ Use for settings related to Maps. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [ChinaVariantWin10](#chinavariantwin10) | ✔️ | ✔️ | ✔️ | | | -| [UseExternalStorage](#useexternalstorage) | ✔️ | ✔️ | ✔️ | | | -| [UseSmallerCache](#usesmallercache) | ✔️ | ✔️ | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [ChinaVariantWin10](#chinavariantwin10) | ✔️ | ✔️ | | | +| [UseExternalStorage](#useexternalstorage) | ✔️ | ✔️ | | | +| [UseSmallerCache](#usesmallercache) | ✔️ | ✔️ | | | ## ChinaVariantWin10 diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md index e19c13f19c..957bc2abd1 100644 --- a/windows/configuration/wcd/wcd-networkproxy.md +++ b/windows/configuration/wcd/wcd-networkproxy.md @@ -18,9 +18,9 @@ Use for settings related to NetworkProxy. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | | | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | | ✔️ | | | ## AutoDetect diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md index 80e515c380..177a49d274 100644 --- a/windows/configuration/wcd/wcd-networkqospolicy.md +++ b/windows/configuration/wcd/wcd-networkqospolicy.md @@ -18,9 +18,9 @@ Use to create network Quality of Service (QoS) policies. A QoS policy performs a ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | | | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | | ✔️ | | | 1. In **Available customizations**, select **NetworkQ0SPolicy**, enter a friendly name for the account, and then click **Add**. 2. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure. diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md index 4245590994..9110aeec1d 100644 --- a/windows/configuration/wcd/wcd-oobe.md +++ b/windows/configuration/wcd/wcd-oobe.md @@ -18,35 +18,21 @@ Use to configure settings for the [Out Of Box Experience (OOBE)](/windows-hardwa ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [Desktop > EnableCortanaVoice](#enablecortanavoice) | ✔️ | | | | | -| [Desktop > HideOobe](#hided) | ✔️ | | | | | -| [Mobile > EnforceEnterpriseProvisioning](#nforce) | | ✔️ | | | | -| [Mobile > HideOobe](#hidem) | | ✔️ | | | | - - - +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [Desktop > EnableCortanaVoice](#enablecortanavoice) | ✔️ | | | | +| [Desktop > HideOobe](#hideoobe-for-desktop) | ✔️ | | | | ## EnableCortanaVoice Use this setting to control whether Cortana voice-over is enabled during OOBE. The voice-over is disabled by default on Windows 10 Pro, Education, and Enterprise. The voice-over is enabled by default on Windows 10 Home. Select **True** to enable voice-over during OOBE, or **False** to disable voice-over during OOBE. - ## HideOobe for desktop When set to **True**, it hides the interactive OOBE flow for Windows 10. ->[!NOTE] ->You must create a user account if you set the value to true or the device will not be usable. +> [!NOTE] +> You must create a user account if you set the value to true or the device will not be usable. When set to **False**, the OOBE screens are displayed. - -## EnforceEnterpriseProvisioning - -When set to **True**, it forces the OOBE flow into using the enterprise provisioning page without making the user interact with the Windows button. This is the default setting. - -When set to **False**, it does not force the OOBE flow to the enterprise provisioning page. - - diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md index 08af869bd0..18b6259bdc 100644 --- a/windows/configuration/wcd/wcd-personalization.md +++ b/windows/configuration/wcd/wcd-personalization.md @@ -18,12 +18,12 @@ Use to configure settings to personalize a PC. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [DeployDesktopImage](#deploydesktopimage) | ✔️ | | | | | -| [DeployLockScreenImage](#deploylockscreenimage) | ✔️ | | | | | -| [DesktopImageUrl](#desktopimageurl) | ✔️ | | | | | -| [LockScreenImageUrl](#lockscreenimageurl) | ✔️ | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [DeployDesktopImage](#deploydesktopimage) | ✔️ | | | | +| [DeployLockScreenImage](#deploylockscreenimage) | ✔️ | | | | +| [DesktopImageUrl](#desktopimageurl) | ✔️ | | | | +| [LockScreenImageUrl](#lockscreenimageurl) | ✔️ | | | | ## DeployDesktopImage diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md index 1d9c4d1eee..f7629487bb 100644 --- a/windows/configuration/wcd/wcd-policies.md +++ b/windows/configuration/wcd/wcd-policies.md @@ -18,315 +18,316 @@ This section describes the **Policies** settings that you can configure in [prov ## AboveLock -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowActionCenterNotifications](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowactioncenternotifications) | Allow Action Center notifications above the device lock screen. | | ✔️ | | | | -| [AllowToasts](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowtoasts) | Allow toast notifications above the device lock screen. | ✔️ | ✔️ | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowActionCenterNotifications](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowactioncenternotifications) | Allow Action Center notifications above the device lock screen. | | | | | +| [AllowToasts](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowtoasts) | Allow toast notifications above the device lock screen. | ✔️ | | | | ## Accounts -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAddingNonMicrosoftAccountManually](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowaddingnonmicrosoftaccountsmanually) | Whether users can add non-Microsoft email accounts | ✔️ | ✔️ | | | | -| [AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountconnection) | Whether users can use a Microsoft account for non-email-related connection authentication and services | ✔️ | ✔️ | | ✔️ | | -| [AllowMicrosoftAccountSigninAssistant](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountsigninassistant) | Disable the **Microsoft Account Sign-In Assistant** (wlidsvc) NT service | ✔️ | ✔️ | | | | -| [DomainNamesForEmailSync](/windows/client-management/mdm/policy-configuration-service-provider#accounts-domainnamesforemailsync) | List of domains that are allowed to sync email on the devices | ✔️ | ✔️ | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowAddingNonMicrosoftAccountManually](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowaddingnonmicrosoftaccountsmanually) | Whether users can add non-Microsoft email accounts | ✔️ | | | | +| [AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountconnection) | Whether users can use a Microsoft account for non-email-related connection authentication and services | ✔️ | | ✔️ | | +| [AllowMicrosoftAccountSigninAssistant](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountsigninassistant) | Disable the **Microsoft Account Sign-In Assistant** (wlidsvc) NT service | ✔️ | | | | +| [DomainNamesForEmailSync](/windows/client-management/mdm/policy-configuration-service-provider#accounts-domainnamesforemailsync) | List of domains that are allowed to sync email on the devices | ✔️ | | | | ## ApplicationDefaults -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [DefaultAssociationsConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#applicationdefaults-defaultassociationsconfiguration) | Set default file type and protocol associations | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [DefaultAssociationsConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#applicationdefaults-defaultassociationsconfiguration) | Set default file type and protocol associations | ✔️ | | | | ## ApplicationManagement -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAllTrustedApps](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | ✔️ | ✔️ | | | ✔️ | -| [AllowAppStoreAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate) | Whether automatic update of apps from Microsoft Store is allowed | ✔️ | ✔️ | | | ✔️ | -| [AllowDeveloperUnlock](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowGameDVR](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) |Whether DVR and broadcasting is allowed | ✔️ | | | | | -| [AllowSharedUserAppData](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | ✔️ | ✔️ | | | | -| [AllowStore](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device | | ✔️ | | | | -| [ApplicationRestrictions](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allow list, disallow list, etc. | | ✔️ | | | | -| [LaunchAppAfterLogOn](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-launchappafterlogon) |Whether to launch an app or apps when the user signs in. | ✔️ | | | | | -| [RestrictAppDataToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume) | Whether app data is restricted to the system drive | ✔️ | ✔️ | | | ✔️ | -| [RestrictAppToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume) | Whether the installation of apps is restricted to the system drive | ✔️ | ✔️ | | | ✔️ | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowAllTrustedApps](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | ✔️ | | | ✔️ | +| [AllowAppStoreAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate) | Whether automatic update of apps from Microsoft Store is allowed | ✔️ | | | ✔️ | +| [AllowDeveloperUnlock](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowGameDVR](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) |Whether DVR and broadcasting is allowed | ✔️ | | | | +| [AllowSharedUserAppData](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | ✔️ | | | | +| [AllowStore](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device | | | | | +| [ApplicationRestrictions](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allow list, disallow list, etc. | | | | | +| [LaunchAppAfterLogOn](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-launchappafterlogon) |Whether to launch an app or apps when the user signs in. | ✔️ | | | | +| [RestrictAppDataToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume) | Whether app data is restricted to the system drive | ✔️ | | | ✔️ | +| [RestrictAppToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume) | Whether the installation of apps is restricted to the system drive | ✔️ | | | ✔️ | ## Authentication -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowFastReconnect](/windows/client-management/mdm/policy-csp-authentication#authentication-allowfastreconnect) | Allows EAP Fast Reconnect from being attempted for EAP Method TLS. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [EnableFastFirstSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablefastfirstsignin) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [EnableWebSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) | Enables Windows logon support for non-ADFS federated providers (e.g. SAML). | ✔️ | ✔️ | ✔️ | | ✔️ | -| [PreferredAadTenantDomainName](/windows/client-management/mdm/policy-csp-authentication#authentication-preferredaadtenantdomainname) | Specifies the preferred domain among available domains in the Azure AD tenant. | ✔️ | ✔️ | ✔️ | | ✔️ | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowFastReconnect](/windows/client-management/mdm/policy-csp-authentication#authentication-allowfastreconnect) | Allows EAP Fast Reconnect from being attempted for EAP Method TLS. | ✔️ | ✔️ | ✔️ | ✔️ | +| [EnableFastFirstSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablefastfirstsignin) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts. | ✔️ | ✔️ | | ✔️ | +| [EnableWebSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) | Enables Windows logon support for non-ADFS federated providers (e.g. SAML). | ✔️ | ✔️ | | ✔️ | +| [PreferredAadTenantDomainName](/windows/client-management/mdm/policy-csp-authentication#authentication-preferredaadtenantdomainname) | Specifies the preferred domain among available domains in the Azure AD tenant. | ✔️ | ✔️ | | ✔️ | ## BitLocker -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [EncryptionMethod](/windows/client-management/mdm/policy-configuration-service-provider#bitlocker-encryptionmethod) | Specify BitLocker drive encryption method and cipher strength | ✔️ | ✔️ | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [EncryptionMethod](/windows/client-management/mdm/policy-configuration-service-provider#bitlocker-encryptionmethod) | Specify BitLocker drive encryption method and cipher strength | ✔️ | | | | ## Bluetooth -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAdvertising](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowadvertising) | Whether the device can send out Bluetooth advertisements | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowDiscoverableMode](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowdiscoverablemode) | Whether other Bluetooth-enabled devices can discover the device | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowPrepairing](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowprepairing) | Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| AllowPromptedProximalConnections | Whether Windows will prompt users when Bluetooth devices that are connectable are in range of the user's device | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [LocalDeviceName](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-localdevicename) | Set the local Bluetooth device name | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ServicesAllowedList](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist) | Set a list of allowable services and profiles | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowAdvertising](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowadvertising) | Whether the device can send out Bluetooth advertisements | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowDiscoverableMode](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowdiscoverablemode) | Whether other Bluetooth-enabled devices can discover the device | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowPrepairing](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowprepairing) | Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device | ✔️ | ✔️ | ✔️ | ✔️ | +| AllowPromptedProximalConnections | Whether Windows will prompt users when Bluetooth devices that are connectable are in range of the user's device | ✔️ | ✔️ | ✔️ | ✔️ | +| [LocalDeviceName](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-localdevicename) | Set the local Bluetooth device name | ✔️ | ✔️ | ✔️ | ✔️ | +| [ServicesAllowedList](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist) | Set a list of allowable services and profiles | ✔️ | ✔️ | ✔️ | ✔️ | ## Browser -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAddressBarDropdown](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowaddressbardropdown) | Specify whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. | ✔️ | | | | | -| [AllowAutofill](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowautofill) | Specify whether autofill on websites is allowed. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowBrowser](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowbrowser) | Specify whether the browser is allowed on the device (for Windows 10, version 1803 and earlier only). | ✔️ | ✔️ | | | | -[AllowConfigurationUpdateForBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | Specify whether Microsoft Edge can automatically update the configuration data for the Books Library. | ✔️ | ✔️ | | | | -| [AllowCookies](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowcookies) | Specify whether cookies are allowed. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowDeveloperTools](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdevelopertools) | Specify whether employees can use F12 Developer Tools on Microsoft Edge. | ✔️ | | | | | -| [AllowDoNotTrack](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do Not Track headers are allowed. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowextensions) | Specify whether Microsoft Edge extensions are allowed. | ✔️ | | | | | -| [AllowFlash](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflash) | Specify whether Adobe Flash can run in Microsoft Edge. | ✔️ | | | | | -| [AllowFlashClickToRun](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflashclicktorun) | Specify whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | ✔️ | | | | | -| [AllowFullScreenMode](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowfullscreenmode) | Specify whether full-screen mode is allowed. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowInPrivate](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowinprivate) | Specify whether InPrivate browsing is allowed on corporate networks. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowMicrosoftCompatibilityList](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowmicrosoftcompatibilitylist) | Specify whether to use the Microsoft compatibility list in Microsoft Edge. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowPasswordManager](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpasswordmanager) | Specify whether saving and managing passwords locally on the device is allowed. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowPopups](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpopups) | Specify whether pop-up blocker is allowed or enabled. | ✔️ | | | ✔️ | | -| [AllowPrelaunch](/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) | Specify whether Microsoft Edge can pre-launch as a background process during Windows startup when the system is idle waiting to be launched by the user. | ✔️ | | | | | -| [AllowPrinting](/windows/client-management/mdm/policy-csp-browser#browser-allowprinting) | Specify whether users can print web content in Microsoft Edge. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowSavingHistory](/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory) | Specify whether Microsoft Edge saves the browsing history. | ✔️ | | | | | -| [AllowSearchEngineCustomization](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchenginecustomization) | Allow search engine customization for MDM-enrolled devices. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowSearchSuggestionsinAddressBar](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchsuggestionsinaddressbar) | Specify whether search suggestions are allowed in the address bar. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowSideloadingOfExtensions](/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions) | Specify whether extensions can be sideloaded in Microsoft Edge. | ✔️ | | | | | -| [AllowSmartScreen](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsmartscreen) | Specify whether Windows Defender SmartScreen is allowed. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowTabPreloading](/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) | Specify whether preloading the Start and New tab pages during Windows sign-in is allowed. | ✔️ | | | | | -| [AllowWebContentOnNewTabPage](/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | Specify whether a New tab page opens with the default content or a blank page. | ✔️ | ✔️ | ✔️ | | ✔️ | -[AlwaysEnableBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | ✔️ | ✔️ | | | | -| [ClearBrowsingDataOnExit](/windows/client-management/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | ✔️ | | | | | -| [ConfigureAdditionalSearchEngines](/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to 5 additional search engines for MDM-enrolled devices. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [ConfigureFavoritesBar](/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | Specify whether the Favorites bar is shown or hidden on all pages. | ✔️ | | | | | -| [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | Configure whether the Home button will be shown, and what should happen when it is selected. You should also configure the [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting. | ✔️ | | | | | -| [ConfigureKioskMode](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device. | ✔️ | | | | | -| [ConfigureKioskResetAfterIdleTimeout](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | Specify the time, in minutes, after which Microsoft Edge running in kiosk mode resets to the default kiosk configuration. | ✔️ | | | | | -| [ConfigureOpenMicrosoftEdgeWith](/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | Specify which pages should load when Microsoft Edge opens. You should also configure the [ConfigureStartPages](/windows/client-management/mdm/policy-csp-browser#browser-configurestartpages) setting and [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) setting. | ✔️ | | | | | -| [ConfigureTelemetryForMicrosoft365Analytics](/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) | Specify whether to send Microsoft Edge browsing history data to Microsoft 365 Analytics. | ✔️ | | | | | -| [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | ✔️ | | | | | -[EnableExtendedBooksTelemetry](/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send additional diagnostic data, on top of the basic diagnostic data, from the Books tab. | ✔️ | ✔️ | | | | -| [EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist) | Allow the user to specify a URL of an enterprise site list. | ✔️ | | | | | -| [EnterpriseSiteListServiceUrl](/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | ✔️ | | | | | -| [FirstRunURL](/windows/client-management/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it is opened for the first time. | ✔️ | ✔️ | | | | -| [HomePages](/windows/client-management/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | ✔️ | | | | | -[LockdownFavorites](/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge. | ✔️ | ✔️ | | | | -| [PreventAccessToAboutFlagsInMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge) | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [PreventCertErrorOverrides](/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | Specify whether to override security warnings about sites that have SSL errors. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [PreventFirstRunPage](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventfirstrunpage) | Specify whether to enable or disable the First Run webpage. | ✔️ | | | | | -| [PreventLiveTileDataCollection](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventlivetiledatacollection) | Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [PreventSmartScreenPromptOverride](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [PreventSmartScreenPromptOverrideForFiles](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen warnings about downloading unverified files. | ✔️ | ✔️ | ✔️ | | ✔️ | -PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. Applies to Windows 10, version 1803 and earlier only. | ✔️ | | | | | -| [PreventTurningOffRequiredExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions) | Enter a list of extensions in Microsoft Edge that users cannot turn off, using a semi-colon delimited list of extension package family names. | ✔️ | | | | | -| [PreventUsingLocalHostIPAddressForWebRTC](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc) | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. | ✔️ | ✔️ | ✔️ | | ✔️ | -[ProvisionFavorites](/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites which will appear for employees. | ✔️ | ✔️ | | | | -| [SendIntranetTraffictoInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-sendintranettraffictointernetexplorer) | Specify whether to send intranet traffic to Internet Explorer. | ✔️ | | | | | -| [SetDefaultSearchEngine](/windows/client-management/mdm/policy-configuration-service-provider#browser-setdefaultsearchengine) | Configure the default search engine for your employees. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | Specify a custom URL for the Home button. You should also enable the [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) setting and select the **Show the home button; clicking the home button loads a specific URL** option. | ✔️ | | | | | -| [SetNewTabPageURL](/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl) | Specify a custom URL for a New tab page. | ✔️ | | | | | -| [ShowMessageWhenOpeningSitesInInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-showmessagewhenopeningsitesininternetexplorer) | Specify whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site list. | ✔️ | | | | | -| [SyncFavoritesBetweenIEAndMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-syncfavoritesbetweenieandmicrosoftedge) | Specify whether favorites are kept in sync between Internet Explorer and Microsoft Edge. | ✔️ | | | | | -| [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) | Specify whether users can make changes to the Home button. | ✔️ | | | | | -[UseSharedFolderForBooks](/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | Specify whether organizations should use a folder shared across users to store books from the Books Library. | ✔️ | ✔️ | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowAddressBarDropdown](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowaddressbardropdown) | Specify whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. | ✔️ | | | | +| [AllowAutofill](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowautofill) | Specify whether autofill on websites is allowed. | ✔️ | ✔️ | | ✔️ | +| [AllowBrowser](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowbrowser) | Specify whether the browser is allowed on the device (for Windows 10, version 1803 and earlier only). | ✔️ | | | | +[AllowConfigurationUpdateForBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | Specify whether Microsoft Edge can automatically update the configuration data for the Books Library. | ✔️ | | | | +| [AllowCookies](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowcookies) | Specify whether cookies are allowed. | ✔️ | ✔️ | | ✔️ | +| [AllowDeveloperTools](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdevelopertools) | Specify whether employees can use F12 Developer Tools on Microsoft Edge. | ✔️ | | | | +| [AllowDoNotTrack](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do Not Track headers are allowed. | ✔️ | ✔️ | | ✔️ | +| [AllowExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowextensions) | Specify whether Microsoft Edge extensions are allowed. | ✔️ | | | | +| [AllowFlash](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflash) | Specify whether Adobe Flash can run in Microsoft Edge. | ✔️ | | | | +| [AllowFlashClickToRun](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflashclicktorun) | Specify whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | ✔️ | | | | +| [AllowFullScreenMode](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowfullscreenmode) | Specify whether full-screen mode is allowed. | ✔️ | ✔️ | | ✔️ | +| [AllowInPrivate](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowinprivate) | Specify whether InPrivate browsing is allowed on corporate networks. | ✔️ | ✔️ | | ✔️ | +| [AllowMicrosoftCompatibilityList](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowmicrosoftcompatibilitylist) | Specify whether to use the Microsoft compatibility list in Microsoft Edge. | ✔️ | ✔️ | | ✔️ | +| [AllowPasswordManager](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpasswordmanager) | Specify whether saving and managing passwords locally on the device is allowed. | ✔️ | ✔️ | | ✔️ | +| [AllowPopups](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpopups) | Specify whether pop-up blocker is allowed or enabled. | ✔️ | | ✔️ | | +| [AllowPrelaunch](/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) | Specify whether Microsoft Edge can pre-launch as a background process during Windows startup when the system is idle waiting to be launched by the user. | ✔️ | | | | +| [AllowPrinting](/windows/client-management/mdm/policy-csp-browser#browser-allowprinting) | Specify whether users can print web content in Microsoft Edge. | ✔️ | ✔️ | | ✔️ | +| [AllowSavingHistory](/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory) | Specify whether Microsoft Edge saves the browsing history. | ✔️ | | | | +| [AllowSearchEngineCustomization](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchenginecustomization) | Allow search engine customization for MDM-enrolled devices. | ✔️ | ✔️ | | ✔️ | +| [AllowSearchSuggestionsinAddressBar](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchsuggestionsinaddressbar) | Specify whether search suggestions are allowed in the address bar. | ✔️ | ✔️ | | ✔️ | +| [AllowSideloadingOfExtensions](/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions) | Specify whether extensions can be sideloaded in Microsoft Edge. | ✔️ | | | | +| [AllowSmartScreen](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsmartscreen) | Specify whether Windows Defender SmartScreen is allowed. | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowTabPreloading](/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) | Specify whether preloading the Start and New tab pages during Windows sign-in is allowed. | ✔️ | | | | +| [AllowWebContentOnNewTabPage](/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | Specify whether a New tab page opens with the default content or a blank page. | ✔️ | ✔️ | | ✔️ | +[AlwaysEnableBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | ✔️ | | | | +| [ClearBrowsingDataOnExit](/windows/client-management/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | ✔️ | | | | +| [ConfigureAdditionalSearchEngines](/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to 5 additional search engines for MDM-enrolled devices. | ✔️ | ✔️ | | ✔️ | +| [ConfigureFavoritesBar](/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | Specify whether the Favorites bar is shown or hidden on all pages. | ✔️ | | | | +| [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | Configure whether the Home button will be shown, and what should happen when it is selected. You should also configure the [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting. | ✔️ | | | | +| [ConfigureKioskMode](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device. | ✔️ | | | | +| [ConfigureKioskResetAfterIdleTimeout](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | Specify the time, in minutes, after which Microsoft Edge running in kiosk mode resets to the default kiosk configuration. | ✔️ | | | | +| [ConfigureOpenMicrosoftEdgeWith](/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | Specify which pages should load when Microsoft Edge opens. You should also configure the [ConfigureStartPages](/windows/client-management/mdm/policy-csp-browser#browser-configurestartpages) setting and [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) setting. | ✔️ | | | | +| [ConfigureTelemetryForMicrosoft365Analytics](/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) | Specify whether to send Microsoft Edge browsing history data to Microsoft 365 Analytics. | ✔️ | | | | +| [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | ✔️ | | | | +[EnableExtendedBooksTelemetry](/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send additional diagnostic data, on top of the basic diagnostic data, from the Books tab. | ✔️ | ✔️ | | | +| [EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist) | Allow the user to specify a URL of an enterprise site list. | ✔️ | | | | +| [EnterpriseSiteListServiceUrl](/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | ✔️ | | | | +| [FirstRunURL](/windows/client-management/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it is opened for the first time. | ✔️ | | | | +| [HomePages](/windows/client-management/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | ✔️ | | | | +[LockdownFavorites](/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge. | ✔️ | | | | +| [PreventAccessToAboutFlagsInMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge) | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features. | ✔️ | ✔️ | | ✔️ | +| [PreventCertErrorOverrides](/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | Specify whether to override security warnings about sites that have SSL errors. | ✔️ | ✔️ | | ✔️ | +| [PreventFirstRunPage](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventfirstrunpage) | Specify whether to enable or disable the First Run webpage. | ✔️ | | | | +| [PreventLiveTileDataCollection](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventlivetiledatacollection) | Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. | ✔️ | ✔️ | | ✔️ | +| [PreventSmartScreenPromptOverride](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites. | ✔️ | ✔️ | | ✔️ | +| [PreventSmartScreenPromptOverrideForFiles](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen warnings about downloading unverified files. | ✔️ | ✔️ | | ✔️ | +PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. Applies to Windows 10, version 1803 and earlier only. | ✔️ | | | | +| [PreventTurningOffRequiredExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions) | Enter a list of extensions in Microsoft Edge that users cannot turn off, using a semi-colon delimited list of extension package family names. | ✔️ | | | | +| [PreventUsingLocalHostIPAddressForWebRTC](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc) | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. | ✔️ | ✔️ | | ✔️ | +[ProvisionFavorites](/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites which will appear for employees. | ✔️ | | | | +| [SendIntranetTraffictoInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-sendintranettraffictointernetexplorer) | Specify whether to send intranet traffic to Internet Explorer. | ✔️ | | | | +| [SetDefaultSearchEngine](/windows/client-management/mdm/policy-configuration-service-provider#browser-setdefaultsearchengine) | Configure the default search engine for your employees. | ✔️ | ✔️ | | ✔️ | +| [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | Specify a custom URL for the Home button. You should also enable the [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) setting and select the **Show the home button; clicking the home button loads a specific URL** option. | ✔️ | | | | +| [SetNewTabPageURL](/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl) | Specify a custom URL for a New tab page. | ✔️ | | | | +| [ShowMessageWhenOpeningSitesInInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-showmessagewhenopeningsitesininternetexplorer) | Specify whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site list. | ✔️ | | | | +| [SyncFavoritesBetweenIEAndMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-syncfavoritesbetweenieandmicrosoftedge) | Specify whether favorites are kept in sync between Internet Explorer and Microsoft Edge. | ✔️ | | | | +| [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) | Specify whether users can make changes to the Home button. | ✔️ | | | | +[UseSharedFolderForBooks](/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | Specify whether organizations should use a folder shared across users to store books from the Books Library. | ✔️ | | | | ## Camera -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowCamera](/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | ✔️ | ✔️ | ✔️ | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowCamera](/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | ✔️ | ✔️ | | | ## Connectivity -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowBluetooth](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowbluetooth) | Allow the user to enable Bluetooth or restrict access. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowCellularData](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardata) | Allow the cellular data channel on the device. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowCellularDataRoaming](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardataroaming) | Allow or disallow cellular data roaming on the device. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowConnectedDevices](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowconnecteddevices) | Allows IT admins the ability to disable the Connected Devices Platform component. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowNFC](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allownfc) | Allow or disallow near field communication (NFC) on the device. | | ✔️ | | | ✔️ | -| [AllowUSBConnection](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowusbconnection) | Enable USB connection between the device and a computer to sync files with the device or to use developer tools or to deploy or debug applications. | | ✔️ | | | ✔️ | -| [AllowVPNOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnovercellular) | Specify what type of underlyinng connections VPN is allowed to use. |✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowVPNRoamingOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnroamingovercellular) | Prevent the device from connecting to VPN when the device roams over cellular networks. | ✔️ | ✔️ | ✔️ | | ✔️ | -| HideCellularConnectionMode | Hide the checkbox that lets the user change the connection mode. | ✔️ | ✔️ | ✔️ | | ✔️ | -| HideCellularRoamingOption | Hide the dropdown menu that lets the user change the roaming preferences. | ✔️ | ✔️ | ✔️ | | ✔️ | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowBluetooth](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowbluetooth) | Allow the user to enable Bluetooth or restrict access. | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowCellularData](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardata) | Allow the cellular data channel on the device. | ✔️ | ✔️ | | ✔️ | +| [AllowCellularDataRoaming](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardataroaming) | Allow or disallow cellular data roaming on the device. | ✔️ | ✔️ | | ✔️ | +| [AllowConnectedDevices](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowconnecteddevices) | Allows IT admins the ability to disable the Connected Devices Platform component. | ✔️ | ✔️ | | ✔️ | +| [AllowNFC](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allownfc) | Allow or disallow near field communication (NFC) on the device. | | | | ✔️ | +| [AllowUSBConnection](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowusbconnection) | Enable USB connection between the device and a computer to sync files with the device or to use developer tools or to deploy or debug applications. | | | | ✔️ | +| [AllowVPNOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnovercellular) | Specify what type of underlying connections VPN is allowed to use. |✔️ | ✔️ | | ✔️ | +| [AllowVPNRoamingOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnroamingovercellular) | Prevent the device from connecting to VPN when the device roams over cellular networks. | ✔️ | ✔️ | | ✔️ | +| HideCellularConnectionMode | Hide the checkbox that lets the user change the connection mode. | ✔️ | ✔️ | | ✔️ | +| HideCellularRoamingOption | Hide the dropdown menu that lets the user change the roaming preferences. | ✔️ | ✔️ | | ✔️ | ## CredentialProviders -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -[DisableAutomaticReDeploymentCredentials](/windows/client-management/mdm/policy-csp-credentialproviders) | This setting disables the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered the devices are for ready for use by information workers or students. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +[DisableAutomaticReDeploymentCredentials](/windows/client-management/mdm/policy-csp-credentialproviders) | This setting disables the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered the devices are for ready for use by information workers or students. | ✔️ | | | | ## Cryptography -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowFipsAlgorithmPolicy](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-allowfipsalgorithmpolicy) | Allow or disallow the Federal Information Processing Standard (FIPS) policy. | ✔️ | ✔️ | | | | -| [TLSCiperSuites](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-tlsciphersuites) | List the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. | ✔️ | ✔️ | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowFipsAlgorithmPolicy](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-allowfipsalgorithmpolicy) | Allow or disallow the Federal Information Processing Standard (FIPS) policy. | ✔️ | | | | +| [TLSCiperSuites](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-tlsciphersuites) | List the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. | ✔️ | | | | ## Defender -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowArchiveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowarchivescanning) | Allow or disallow scanning of archives. | ✔️ | | | | | -| [AllowBehaviorMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowbehaviormonitoring) | Allow or disallow Windows Defender Behavior Monitoring functionality. | ✔️ | | | | | -| [AllowCloudProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowcloudprotection) | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. | ✔️ | | | | | -| [AllowEmailScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowemailscanning) | Allow or disallow scanning of email. | ✔️ | | | | | -| [AllowFullScanOnMappedNetworkDrives](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanonmappednetworkdrives) | Allow or disallow a full scan of mapped network drives. | ✔️ | | | | | -| [AllowFullScanRemovableDriveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanremovabledrivescanning) | Allow or disallow a full scan of removable drives. | ✔️ | | | | | -| [AllowIOAVProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowioavprotection) | Allow or disallow Windows Defender IOAVP Protection functionality. | ✔️ | | | | | -| [AllowOnAccessProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowonaccessprotection) | Allow or disallow Windows Defender On Access Protection functionality. | ✔️ | | | | | -| [AllowRealtimeMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowrealtimemonitoring) | Allow or disallow Windows Defender Realtime Monitoring functionality. | ✔️ | | | | | -| [AllowScanningNetworkFiles](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscanningnetworkfiles) | Allow or disallow scanning of network files. | ✔️ | | | | | -| [AllowScriptScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscriptscanning) | Allow or disallow Windows Defender Script Scanning functionality. | ✔️ | | | | | -| [AllowUserUIAccess](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowuseruiaccess) | Allow or disallow user access to the Windows Defender UI. | ✔️ | | | | | -| [AvgCPULoadFactor](/windows/client-management/mdm/policy-configuration-service-provider#defender-avgcpuloadfactor) | Represents the average CPU load factor for the Windows Defeder scan (in percent). | ✔️ | | | | | -| [DaysToRetainCleanedMalware](/windows/client-management/mdm/policy-configuration-service-provider#defender-daystoretaincleanedmalware) | Specify time period (in days) that quarantine items will be stored on the system. | ✔️ | | | | | -| [ExcludedExtensions](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore durinng a scan. Separate each file type in the list by using \|. | ✔️ | | | | | -| [ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) | Specify a list of directory paths to ignore during a scan. Separate each path in the list by using \|. | ✔️ | | | | | -| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore durinng a scan. Separate each file type in the list by using \|. The process itself is not excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✔️ | | | | | -| [RealTimeScanDirection](/windows/client-management/mdm/policy-configuration-service-provider#defender-realtimescandirection) | Control which sets of files should be monitored. | ✔️ | | | | | -| [ScanParameter](/windows/client-management/mdm/policy-configuration-service-provider#defender-scanparameter) | Select whether to perform a quick scan or full scan. | ✔️ | | | | | -| [ScheduleQuickScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulequickscantime) | Specify the time of day that Windows Defender quick scan should run. | ✔️ | | | | | -| [ScheduleScanDay](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescanday) | Select the day that Windows Defender scan should run. | ✔️ | | | | | -| [ScheduleScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescantime) | Select the time of day that the Windows Defender scan should run. | ✔️ | | | | | -| [SignatureUpdateInterval](/windows/client-management/mdm/policy-configuration-service-provider#defender-signatureupdateinterval) | Specify the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. | ✔️ | | | | | -| [SubmitSamplesConsent](/windows/client-management/mdm/policy-configuration-service-provider#defender-submitsamplesconsent) | Checks for the user consent level in Windows Defender to send data. | ✔️ | | | | | -| [ThreatSeverityDefaultAction](/windows/client-management/mdm/policy-configuration-service-provider#defender-threatseveritydefaultaction) | Specify any valid threat severity levels and the corresponding default action ID to take. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowArchiveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowarchivescanning) | Allow or disallow scanning of archives. | ✔️ | | | | +| [AllowBehaviorMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowbehaviormonitoring) | Allow or disallow Windows Defender Behavior Monitoring functionality. | ✔️ | | | | +| [AllowCloudProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowcloudprotection) | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. | ✔️ | | | | +| [AllowEmailScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowemailscanning) | Allow or disallow scanning of email. | ✔️ | | | | +| [AllowFullScanOnMappedNetworkDrives](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanonmappednetworkdrives) | Allow or disallow a full scan of mapped network drives. | ✔️ | | | | +| [AllowFullScanRemovableDriveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanremovabledrivescanning) | Allow or disallow a full scan of removable drives. | ✔️ | | | | +| [AllowIntrusionPreventionSystem](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowintrusionpreventionsystem) | Allow or disallow Windows Defender Intrusion Prevention functionality. | ✔️ | | | | +| [AllowIOAVProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowioavprotection) | Allow or disallow Windows Defender IOAVP Protection functionality. | ✔️ | | | | +| [AllowOnAccessProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowonaccessprotection) | Allow or disallow Windows Defender On Access Protection functionality. | ✔️ | | | | +| [AllowRealtimeMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowrealtimemonitoring) | Allow or disallow Windows Defender Realtime Monitoring functionality. | ✔️ | | | | +| [AllowScanningNetworkFiles](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscanningnetworkfiles) | Allow or disallow scanning of network files. | ✔️ | | | | +| [AllowScriptScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscriptscanning) | Allow or disallow Windows Defender Script Scanning functionality. | ✔️ | | | | +| [AllowUserUIAccess](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowuseruiaccess) | Allow or disallow user access to the Windows Defender UI. | ✔️ | | | | +| [AvgCPULoadFactor](/windows/client-management/mdm/policy-configuration-service-provider#defender-avgcpuloadfactor) | Represents the average CPU load factor for the Windows Defender scan (in percent). | ✔️ | | | | +| [DaysToRetainCleanedMalware](/windows/client-management/mdm/policy-configuration-service-provider#defender-daystoretaincleanedmalware) | Specify time period (in days) that quarantine items will be stored on the system. | ✔️ | | | | +| [ExcludedExtensions](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore during a scan. Separate each file type in the list by using \|. | ✔️ | | | | +| [ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) | Specify a list of directory paths to ignore during a scan. Separate each path in the list by using \|. | ✔️ | | | | +| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore during a scan. Separate each file type in the list by using \|. The process itself is not excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✔️ | | | | +| [RealTimeScanDirection](/windows/client-management/mdm/policy-configuration-service-provider#defender-realtimescandirection) | Control which sets of files should be monitored. | ✔️ | | | | +| [ScanParameter](/windows/client-management/mdm/policy-configuration-service-provider#defender-scanparameter) | Select whether to perform a quick scan or full scan. | ✔️ | | | | +| [ScheduleQuickScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulequickscantime) | Specify the time of day that Windows Defender quick scan should run. | ✔️ | | | | +| [ScheduleScanDay](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescanday) | Select the day that Windows Defender scan should run. | ✔️ | | | | +| [ScheduleScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescantime) | Select the time of day that the Windows Defender scan should run. | ✔️ | | | | +| [SignatureUpdateInterval](/windows/client-management/mdm/policy-configuration-service-provider#defender-signatureupdateinterval) | Specify the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. | ✔️ | | | | +| [SubmitSamplesConsent](/windows/client-management/mdm/policy-configuration-service-provider#defender-submitsamplesconsent) | Checks for the user consent level in Windows Defender to send data. | ✔️ | | | | +| [ThreatSeverityDefaultAction](/windows/client-management/mdm/policy-configuration-service-provider#defender-threatseveritydefaultaction) | Specify any valid threat severity levels and the corresponding default action ID to take. | ✔️ | | | | ## DeliveryOptimization -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [DOAbsoluteMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doabsolutemaxcachesize) | Specify the maximum size in GB of Delivery Optimization cache. | ✔️ | | | | | -| [DOAllowVPNPeerCaching](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doallowvpnpeercaching) | Specify whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. | ✔️ | | | | | -| [DODelayBackgroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelaybackgrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. | ✔️ | | | | | -| [DODelayForegroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelayforegrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. | ✔️ | | | | | -| [DODownloadMode](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dodownloadmode) | Specify the download method that Delivery Optimization can use in downloads of Windows Updates, apps, and app updates. | ✔️ | | | | | -| [DOGroupId](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupid) | Specify an arbitrary group ID that the device belongs to. | ✔️ | | | | | -| [DOGroupIdSource](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupidsource) | Set this policy to restrict peer selection to a specific source | ✔️ | | | | | -| [DOMaxCacheAge](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcacheage) | Specify the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. | ✔️ | | | | | -| [DOMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcachesize) | Specify the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). | ✔️ | | | | | -| [DOMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxdownloadbandwidth) | Specify the maximum download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization. | ✔️ | | | | | -| [DOMaxUploadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxuploadbandwidth) | Specify the maximum upload bandwidth in kilobytes/second that a device will use across all concurrent upload activity usinng Delivery Optimization. | ✔️ | | | | | -| [DOMinBackgroundQos](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbackgroundqos) | Specify the minimum download QoS (Quality of Service or speed) i kilobytes/second for background downloads. | ✔️ | | | | | -| [DOMinBatteryPercentageAllowedToUpload](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbatterypercentageallowedtoupload) | Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and group peers while on battery power. | ✔️ | | | | | -| [DOMinDiskSizeAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domindisksizeallowedtopeer) | Specify the required minimum disk size (capabity in GB) for the device to use Peer Caching. | ✔️ | | | | | -| [DOMinFileSizeToCache](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominfilesizetocache) | Specify the minimum content file size in MB enabled to use Peer Caching. | ✔️ | | | | | -| [DOMinRAMAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominramallowedtopeer) | Specify the minimum RAM size in GB requried to use Peer Caching. | ✔️ | | | | | -| [DOModifyCacheDrive](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domodifycachedrive) | Specify the drive that Delivery Optimization should use for its cache. | ✔️ | | | | | -| [DOMonthlyUploadDataCap](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domonthlyuploaddatacap) | Specify the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. | ✔️ | | | | | -| [DOPercentageMaxBackDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxbackgroundbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | | -| [DOPercentageMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxdownloadbandwidth) | Specify the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | | -| [DOPercentageMaxForeDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxforegroundbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | | -| [DORestrictPeerSelectionBy](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dorestrictpeerselectionby) | Set this policy to restrict peer selection by the selected option. | ✔️ | | | | | -| [DOSetHoursToLimitBackgroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | | -| [DOSetHoursToLimitForegroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [DOAbsoluteMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doabsolutemaxcachesize) | Specify the maximum size in GB of Delivery Optimization cache. | ✔️ | | | | +| [DOAllowVPNPeerCaching](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doallowvpnpeercaching) | Specify whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. | ✔️ | | | | +| [DODelayBackgroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelaybackgrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. | ✔️ | | | | +| [DODelayForegroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelayforegrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. | ✔️ | | | | +| [DODownloadMode](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dodownloadmode) | Specify the download method that Delivery Optimization can use in downloads of Windows Updates, apps, and app updates. | ✔️ | | | | +| [DOGroupId](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupid) | Specify an arbitrary group ID that the device belongs to. | ✔️ | | | | +| [DOGroupIdSource](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupidsource) | Set this policy to restrict peer selection to a specific source | ✔️ | | | | +| [DOMaxCacheAge](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcacheage) | Specify the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. | ✔️ | | | | +| [DOMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcachesize) | Specify the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). | ✔️ | | | | +| [DOMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxdownloadbandwidth) | Specify the maximum download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization. | ✔️ | | | | +| [DOMaxUploadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxuploadbandwidth) | Specify the maximum upload bandwidth in kilobytes/second that a device will use across all concurrent upload activity using Delivery Optimization. | ✔️ | | | | +| [DOMinBackgroundQos](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbackgroundqos) | Specify the minimum download QoS (Quality of Service or speed) i kilobytes/second for background downloads. | ✔️ | | | | +| [DOMinBatteryPercentageAllowedToUpload](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbatterypercentageallowedtoupload) | Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and group peers while on battery power. | ✔️ | | | | +| [DOMinDiskSizeAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domindisksizeallowedtopeer) | Specify the required minimum disk size (capacity in GB) for the device to use Peer Caching. | ✔️ | | | | +| [DOMinFileSizeToCache](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominfilesizetocache) | Specify the minimum content file size in MB enabled to use Peer Caching. | ✔️ | | | | +| [DOMinRAMAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominramallowedtopeer) | Specify the minimum RAM size in GB required to use Peer Caching. | ✔️ | | | | +| [DOModifyCacheDrive](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domodifycachedrive) | Specify the drive that Delivery Optimization should use for its cache. | ✔️ | | | | +| [DOMonthlyUploadDataCap](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domonthlyuploaddatacap) | Specify the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. | ✔️ | | | | +| [DOPercentageMaxBackDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxbackgroundbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | +| [DOPercentageMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxdownloadbandwidth) | Specify the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | +| [DOPercentageMaxForeDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxforegroundbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | +| [DORestrictPeerSelectionBy](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dorestrictpeerselectionby) | Set this policy to restrict peer selection by the selected option. | ✔️ | | | | +| [DOSetHoursToLimitBackgroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | +| [DOSetHoursToLimitForegroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | ## DeviceGuard -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -[EnableVirtualizationBasedSecurity](/windows/client-management/mdm/policy-csp-deviceguard) | Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +[EnableVirtualizationBasedSecurity](/windows/client-management/mdm/policy-csp-deviceguard) | Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. | ✔️ | | | | ## DeviceLock -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowIdleReturnWithoutPassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowidlereturnwithoutpassword) | Specify whether the user must input a PIN or password when the device resumes from an idle state. | | ✔️ | | | | -| [AllowScreenTimeoutWhileLockedUserConfig](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowscreentimeoutwhilelockeduserconfig) | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen. | | ✔️ | | | | -| [AllowSimpleDevicePassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowsimpledevicepassword) | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. | ✔️ | ✔️ | | ✔️ | | -|[AlphanumericDevicePasswordRequired](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-alphanumericdevicepasswordrequired) | Select the type of PIN or password required. | ✔️ | ✔️ | | ✔️ | | -| [DevicePasswordEnabled](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordenabled) | Specify whether device password is enabled. | ✔️ | ✔️ | | ✔️ | | -| [DevicePasswordExpiration](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordexpiration) | Specify when the password expires (in days). | ✔️ | ✔️ | | ✔️ | | -| [DevicePasswordHistory](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordhistory) | Specify how many passwords can be stored in the history that can't be reused. | ✔️ | ✔️ | | ✔️ | | -| [MaxDevicePasswordFailedAttempts](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxdevicepasswordfailedattempts) | Specify the number of authentication failures allowed before the device will be wiped. | ✔️ | ✔️ | | ✔️ | | -| [MaxInactivityTimeDeviceLock](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxinactivitytimedevicelock) |Specify the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. | ✔️ | ✔️ | | ✔️ | | -| [MinDevicePasswordComplexCharacters](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordcomplexcharacters) | Specify the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. | ✔️ | ✔️ | | ✔️ | | -| [MinDevicePasswordLength](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordlength) | Specify the minimum number or characters required in the PIN or password. | ✔️ | ✔️ | | ✔️ | | -| [ScreenTimeoutWhileLocked](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-screentimeoutwhilelocked) | Specify the duration in seconds for the screen timeout while on the lock screen. | | ✔️ | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowIdleReturnWithoutPassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowidlereturnwithoutpassword) | Specify whether the user must input a PIN or password when the device resumes from an idle state. | | | | | +| [AllowScreenTimeoutWhileLockedUserConfig](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowscreentimeoutwhilelockeduserconfig) | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen. | | | | | +| [AllowSimpleDevicePassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowsimpledevicepassword) | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. | ✔️ | | ✔️ | | +|[AlphanumericDevicePasswordRequired](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-alphanumericdevicepasswordrequired) | Select the type of PIN or password required. | ✔️ | | ✔️ | | +| [DevicePasswordEnabled](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordenabled) | Specify whether device password is enabled. | ✔️ | | ✔️ | | +| [DevicePasswordExpiration](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordexpiration) | Specify when the password expires (in days). | ✔️ | | ✔️ | | +| [DevicePasswordHistory](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordhistory) | Specify how many passwords can be stored in the history that can't be reused. | ✔️ | | ✔️ | | +| [MaxDevicePasswordFailedAttempts](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxdevicepasswordfailedattempts) | Specify the number of authentication failures allowed before the device will be wiped. | ✔️ | | ✔️ | | +| [MaxInactivityTimeDeviceLock](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxinactivitytimedevicelock) |Specify the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. | ✔️ | | ✔️ | | +| [MinDevicePasswordComplexCharacters](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordcomplexcharacters) | Specify the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. | ✔️ | | ✔️ | | +| [MinDevicePasswordLength](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordlength) | Specify the minimum number or characters required in the PIN or password. | ✔️ | | ✔️ | | +| [ScreenTimeoutWhileLocked](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-screentimeoutwhilelocked) | Specify the duration in seconds for the screen timeout while on the lock screen. | | | | | ## DeviceManagement -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| DisableMDMEnrollment | Use this setting to prevent the device from enrolling in MDM. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| DisableMDMEnrollment | Use this setting to prevent the device from enrolling in MDM. | ✔️ | | | | ## Experience -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowCopyPaste](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcopypaste) | Specify whether copy and paste is allowed. | | ✔️ | | | | -| [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | ✔️ | ✔️ | | ✔️ | | -| [AllowDeviceDiscovery](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI. | ✔️ | ✔️ | | | | -| [AllowFindMyDevice](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowfindmydevice) | Turn on **Find my device** feature. | ✔️ | ✔️ | | | | -| [AllowManualMDMUnenrollment](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowmanualmdmunenrollment) | Specify whether the user is allowed to delete the workplace account. | ✔️ | ✔️ | | ✔️ | | -| [AllowScreenCapture](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowscreencapture) | Specify whether screen capture is allowed. | | ✔️ | | | | -| [AllowSIMErrorDialogPromptWhenNoSIM](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsimerrordialogpromptwhennosim) | Specify whether to display a dialog prompt when no SIM card is detected. | | ✔️ | | | | -| [AllowSyncMySettings](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsyncmysettings) | Allow or disallow all Windows sync settings on the device. | ✔️ | ✔️ | | | | -| [AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtailoredexperienceswithdiagnosticdata) | Prevent Windows from using diagnostic data to provide customized experiences to the user. | ✔️ | | | | | -| [AllowTaskSwitcher](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtaskswitcher) | Allow or disallow task switching on the device. | | ✔️ | | | | -| [AllowThirdPartySuggestionsInWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowthirdpartysuggestionsinwindowsspotlight) | Specify whether to allow app and content suggestions from third-party software publishers in Windows Spotlight. | ✔️ | | | | | -| [AllowVoiceRecording](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowvoicerecording) | Specify whether voice recording is allowed for apps. | | ✔️ | | | | -| [AllowWindowsConsumerFeatures](/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) | Turn on experiences that are typically for consumers only, such as Start suggetions, membership notifications, post-OOBE app install, and redirect tiles. | ✔️ | | | | | -| [AllowWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlight) |Specify whether to turn off all Windows Spotlight features at once. | ✔️ | | | | | -| [AllowWindowsSpotlightOnActionCenter](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightonactioncenter) | Prevent Windows Spotlight notifications from being displayed in the Action Center. | ✔️ | | | | | -| [AllowWindowsSpotlightWindowsWelcomeExperience](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightwindowswelcomeexperience) | Turn off the Windows Spotlight Windows welcome experience feature. | ✔️ | | | | | -| [AllowWindowsTips](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowstips) | Enable or disable Windows Tips. | ✔️ | | | | | -| [ConfigureWindowsSpotlightOnLockScreen](/windows/client-management/mdm/policy-configuration-service-provider#experience-configurewindowsspotlightonlockscreen) | Specify whether Spotlight should be used on the user's lock screen. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowCopyPaste](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcopypaste) | Specify whether copy and paste is allowed. | | | | | +| [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | ✔️ | | ✔️ | | +| [AllowDeviceDiscovery](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI. | ✔️ | | | | +| [AllowFindMyDevice](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowfindmydevice) | Turn on **Find my device** feature. | ✔️ | | | | +| [AllowManualMDMUnenrollment](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowmanualmdmunenrollment) | Specify whether the user is allowed to delete the workplace account. | ✔️ | | ✔️ | | +| [AllowScreenCapture](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowscreencapture) | Specify whether screen capture is allowed. | | | | | +| [AllowSIMErrorDialogPromptWhenNoSIM](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsimerrordialogpromptwhennosim) | Specify whether to display a dialog prompt when no SIM card is detected. | | | | | +| [AllowSyncMySettings](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsyncmysettings) | Allow or disallow all Windows sync settings on the device. | ✔️ | | | | +| [AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtailoredexperienceswithdiagnosticdata) | Prevent Windows from using diagnostic data to provide customized experiences to the user. | ✔️ | | | | +| [AllowTaskSwitcher](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtaskswitcher) | Allow or disallow task switching on the device. | | | | | +| [AllowThirdPartySuggestionsInWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowthirdpartysuggestionsinwindowsspotlight) | Specify whether to allow app and content suggestions from third-party software publishers in Windows Spotlight. | ✔️ | | | | +| [AllowVoiceRecording](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowvoicerecording) | Specify whether voice recording is allowed for apps. | | | | | +| [AllowWindowsConsumerFeatures](/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) | Turn on experiences that are typically for consumers only, such as Start suggestions, membership notifications, post-OOBE app install, and redirect tiles. | ✔️ | | | | +| [AllowWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlight) |Specify whether to turn off all Windows Spotlight features at once. | ✔️ | | | | +| [AllowWindowsSpotlightOnActionCenter](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightonactioncenter) | Prevent Windows Spotlight notifications from being displayed in the Action Center. | ✔️ | | | | +| [AllowWindowsSpotlightWindowsWelcomeExperience](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightwindowswelcomeexperience) | Turn off the Windows Spotlight Windows welcome experience feature. | ✔️ | | | | +| [AllowWindowsTips](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowstips) | Enable or disable Windows Tips. | ✔️ | | | | +| [ConfigureWindowsSpotlightOnLockScreen](/windows/client-management/mdm/policy-configuration-service-provider#experience-configurewindowsspotlightonlockscreen) | Specify whether Spotlight should be used on the user's lock screen. | ✔️ | | | | ## ExploitGuard -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) | See the [explanation of ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) in the Policy CSP for instructions. In the **ExploitProtectionSettings** field, you can enter a path (local, UNC, or URI) to the mitigation options config, or you can enter the XML for the config. | ✔️ | ✔️ | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) | See the [explanation of ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) in the Policy CSP for instructions. In the **ExploitProtectionSettings** field, you can enter a path (local, UNC, or URI) to the mitigation options config, or you can enter the XML for the config. | ✔️ | | | | ## Games -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAdvancedGamingServices](/windows/client-management/mdm/policy-configuration-service-provider#games-allowadvancedgamingservices) | Currently not supported. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowAdvancedGamingServices](/windows/client-management/mdm/policy-configuration-service-provider#games-allowadvancedgamingservices) | Currently not supported. | ✔️ | | | | ## KioskBrowser These settings apply to the **Kiosk Browser** app available in Microsoft Store. For more information, see [Guidelines for web browsers](../guidelines-for-assigned-access-app.md#guidelines-for-web-browsers). -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✔️ | | | | | -[BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. | ✔️ | | | | | -[DefaultURL](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | ✔️ | | | | | -[EnableEndSessionButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enableendsessionbutton) | Enable/disable kiosk browser's end session button. | ✔️ | | | | | -[EnableHomeButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button. | ✔️ | | | | | -[EnableNavigationButtons](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | ✔️ | | | | | -[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +|[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✔️ | | | | +|[BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. | ✔️ | | | | +|[DefaultURL](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | ✔️ | | | | +|[EnableEndSessionButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enableendsessionbutton) | Enable/disable kiosk browser's end session button. | ✔️ | | | | +|[EnableHomeButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button. | ✔️ | | | | +|[EnableNavigationButtons](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | ✔️ | | | | +|[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. | ✔️ | | | | To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer: @@ -339,252 +340,253 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in ## LocalPoliciesSecurityOptions -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [InteractiveLogon_DoNotDisplayLastSignedIn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) | Specify whether the Windows sign-in screen will show the username of the last person who signed in. | ✔️ | | | | | -| [Shutdown_AllowSystemtobeShutDownWithoutHavingToLogOn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon) | Specify whether a computer can be shut down without signing in. | ✔️ | | | | | -| [UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers) | Configure how an elevation prompt should behave for standard users. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [InteractiveLogon_DoNotDisplayLastSignedIn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) | Specify whether the Windows sign-in screen will show the username of the last person who signed in. | ✔️ | | | | +| [Shutdown_AllowSystemtobeShutDownWithoutHavingToLogOn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon) | Specify whether a computer can be shut down without signing in. | ✔️ | | | | +| [UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers) | Configure how an elevation prompt should behave for standard users. | ✔️ | | | | ## Location -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [EnableLocation](/windows/client-management/mdm/policy-configuration-service-provider#location-enablelocation) | Do not use. | | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [EnableLocation](/windows/client-management/mdm/policy-configuration-service-provider#location-enablelocation) | Do not use. | | | | | ## Power -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowStandbyStatesWhenSleepingOnBattery](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingonbattery) | Specify whether Windows can use standby states when putting the computer in a sleep state while on battery. | ✔️ | | | | | -| [AllowStandbyWhenSleepingPluggedIn](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingpluggedin) | Specify whether Windows can use standby states when putting the computer in a sleep state while plugged in. | ✔️ | | | | | -| [DisplayOffTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#displayofftimeoutonbattery) | Specify the period of inactivity before Windows turns off the display while on battery. | ✔️ | | | | | -| [DisplayOffTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#displayofftimeoutpluggedin) | Specify the period of inactivity before Windows turns off the display while plugged in. | ✔️ | | | | | -| [EnergySaverBatteryThresholdOnBattery](/windows/client-management/mdm/policy-csp-power#energysaverbatterythresholdonbattery) | Specify the battery charge level at which Energy Saver is turned on while on battery. | ✔️ | | | | | -| [EnergySaverBatteryThresholdPluggedIn](/windows/client-management/mdm/policy-csp-power#EnergySaverBatteryThresholdPluggedIn) | Specify the battery charge level at which Energy Saver is turned on while plugged in. | ✔️ | | | | | -| [HibernateTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to hibernate while on battery. | ✔️ | | | | | -| [HibernateTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to hibernate while plugged in. | ✔️ | | | | | -| [RequirePasswordWhenComputerWakesOnBattery](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakesonbattery) | Specify whether the user is prompted for a password when the system resumes from sleep while on battery. | ✔️ | | | | | -| [RequirePasswordWhenComputerWakesPluggedIn](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakespluggedin) | Specify whether the user is prompted for a password when the system resumes from sleep while plugged in. | ✔️ | | | | | -| [SelectLidCloseActionBattery](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on battery. | ✔️ | | | | | -| [SelectLidCloseActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on plugged in. | ✔️ | | | | | -| [SelectPowerButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactiononbattery) | Select the action to be taken when the user presses the power button while on battery. | ✔️ | | | | | -| [SelectPowerButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactionpluggedin) | Select the action to be taken when the user presses the power button while on plugged in. | ✔️ | | | | | -| [SelectSleepButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactiononbattery) | Select the action to be taken when the user presses the sleep button while on battery. | ✔️ | | | | | -| [SelectSleepButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactionpluggedin) | Select the action to be taken when the user presses the sleep button while plugged in. | ✔️ | | | | | -| [StandbyTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#StandbyTimeoutOnBattery) | Specify the period of inactivity before Windows transitions the system to sleep while on battery. | ✔️ | | | | | -| [StandbyTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#standbytimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep while plugged in. | ✔️ | | | | | -| [TurnOffHybridSleepOnBattery](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeponbattery) | Turn off hybrid sleep while on battery. | ✔️ | | | | | -| [TurnOffHybridSleepPluggedIn](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeppluggedin) | Turn off hybrid sleep while plugged in. | ✔️ | | | | | -| [UnattendedSleepTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while on battery. | ✔️ | | | | | -| [UnattendedSleepTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while plugged in. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowStandbyStatesWhenSleepingOnBattery](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingonbattery) | Specify whether Windows can use standby states when putting the computer in a sleep state while on battery. | ✔️ | | | | +| [AllowStandbyWhenSleepingPluggedIn](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingpluggedin) | Specify whether Windows can use standby states when putting the computer in a sleep state while plugged in. | ✔️ | | | | +| [DisplayOffTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#displayofftimeoutonbattery) | Specify the period of inactivity before Windows turns off the display while on battery. | ✔️ | | | | +| [DisplayOffTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#displayofftimeoutpluggedin) | Specify the period of inactivity before Windows turns off the display while plugged in. | ✔️ | | | | +| [EnergySaverBatteryThresholdOnBattery](/windows/client-management/mdm/policy-csp-power#energysaverbatterythresholdonbattery) | Specify the battery charge level at which Energy Saver is turned on while on battery. | ✔️ | | | | +| [EnergySaverBatteryThresholdPluggedIn](/windows/client-management/mdm/policy-csp-power#EnergySaverBatteryThresholdPluggedIn) | Specify the battery charge level at which Energy Saver is turned on while plugged in. | ✔️ | | | | +| [HibernateTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to hibernate while on battery. | ✔️ | | | | +| [HibernateTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to hibernate while plugged in. | ✔️ | | | | +| [RequirePasswordWhenComputerWakesOnBattery](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakesonbattery) | Specify whether the user is prompted for a password when the system resumes from sleep while on battery. | ✔️ | | | | +| [RequirePasswordWhenComputerWakesPluggedIn](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakespluggedin) | Specify whether the user is prompted for a password when the system resumes from sleep while plugged in. | ✔️ | | | | +| [SelectLidCloseActionBattery](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on battery. | ✔️ | | | | +| [SelectLidCloseActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on plugged in. | ✔️ | | | | +| [SelectPowerButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactiononbattery) | Select the action to be taken when the user presses the power button while on battery. | ✔️ | | | | +| [SelectPowerButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactionpluggedin) | Select the action to be taken when the user presses the power button while on plugged in. | ✔️ | | | | +| [SelectSleepButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactiononbattery) | Select the action to be taken when the user presses the sleep button while on battery. | ✔️ | | | | +| [SelectSleepButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactionpluggedin) | Select the action to be taken when the user presses the sleep button while plugged in. | ✔️ | | | | +| [StandbyTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#StandbyTimeoutOnBattery) | Specify the period of inactivity before Windows transitions the system to sleep while on battery. | ✔️ | | | | +| [StandbyTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#standbytimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep while plugged in. | ✔️ | | | | +| [TurnOffHybridSleepOnBattery](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeponbattery) | Turn off hybrid sleep while on battery. | ✔️ | | | | +| [TurnOffHybridSleepPluggedIn](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeppluggedin) | Turn off hybrid sleep while plugged in. | ✔️ | | | | +| [UnattendedSleepTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while on battery. | ✔️ | | | | +| [UnattendedSleepTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while plugged in. | ✔️ | | | | ## Privacy -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAutoAcceptPairingAndPrivacyConsentPrompts](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowautoacceptpairingandprivacyconsentprompts) | Allow or disallow the automatic acceptance of the pairing and privacy user consent dialog boxes when launching apps. | | ✔️ | | | | -| [AllowInputPersonalization](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowinputpersonalization) | Allow the use of cloud-based speech services for Cortana, dictation, or Store apps. | ✔️ | ✔️ | | ✔️ | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowAutoAcceptPairingAndPrivacyConsentPrompts](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowautoacceptpairingandprivacyconsentprompts) | Allow or disallow the automatic acceptance of the pairing and privacy user consent dialog boxes when launching apps. | | | | | +| [AllowInputPersonalization](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowinputpersonalization) | Allow the use of cloud-based speech services for Cortana, dictation, or Store apps. | ✔️ | | ✔️ | | ## Search -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -[AllowCloudSearch](/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch) | Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T | ✔️ | ✔️ | | | | -[AllowCortanaInAAD](/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. | ✔️ | | | | | -| [AllowIndexingEncryptedStoresOrItems](/windows/client-management/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | ✔️ | ✔️ | | | | -| [AllowSearchToUseLocation](/windows/client-management/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | ✔️ | ✔️ | | ✔️ | | -| [AllowUsingDiacritics](/windows/client-management/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | ✔️ | ✔️ | | | | -| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To do this, it requires access to the file system and app data stores such as Outlook OST files.- **Off** setting disables Windows indexer- **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)- **Enterprise** setting reduces potential network loads for enterprises- **Standard** setting is appropriate for consuemrs | ✔️ | ✔️ | | | | -| [AlwaysUseAutoLangDetection](/windows/client-management/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | ✔️ | ✔️ | | | | -| [DoNotUseWebResults](/windows/client-management/mdm/policy-configuration-service-provider#search-donotusewebresults) | Specify whether to allow Search to perform queries on the web. | ✔️ | ✔️ | | | | -| [DisableBackoff](/windows/client-management/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | ✔️ | ✔️ | | | | -| [DisableRemovableDriveIndexing](/windows/client-management/mdm/policy-configuration-service-provider#search-disableremovabledriveindexing) | Configure whether locations on removable drives can be added to libraries. | ✔️ | ✔️ | | | | -| [PreventIndexingLowDiskSpaceMB](/windows/client-management/mdm/policy-configuration-service-provider#search-preventindexinglowdiskspacemb) | Prevent indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. | ✔️ | ✔️ | | | | -| [PreventRemoteQueries](/windows/client-management/mdm/policy-configuration-service-provider#search-preventremotequeries) | If enabled, clients will be unable to query this device's index remotely. | ✔️ | ✔️ | | | | -| [SafeSearchPermissions](/windows/client-management/mdm/policy-configuration-service-provider#search-safesearchpermissions) | Specify the level of safe search (filtering adult content) required. | | ✔️ | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +[AllowCloudSearch](/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch) | Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T | ✔️ | | | | +[AllowCortanaInAAD](/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. | ✔️ | | | | +| [AllowIndexingEncryptedStoresOrItems](/windows/client-management/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | ✔️ | | | | +| [AllowSearchToUseLocation](/windows/client-management/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | ✔️ | | ✔️ | | +| [AllowUsingDiacritics](/windows/client-management/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | ✔️ | | | | +| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To do this, it requires access to the file system and app data stores such as Outlook OST files.- **Off** setting disables Windows indexer- **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)- **Enterprise** setting reduces potential network loads for enterprises- **Standard** setting is appropriate for consumers | ✔️ | | | | +| [AlwaysUseAutoLangDetection](/windows/client-management/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | ✔️ | | | | +| [DoNotUseWebResults](/windows/client-management/mdm/policy-configuration-service-provider#search-donotusewebresults) | Specify whether to allow Search to perform queries on the web. | ✔️ | | | | +| [DisableBackoff](/windows/client-management/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | ✔️ | | | | +| [DisableRemovableDriveIndexing](/windows/client-management/mdm/policy-configuration-service-provider#search-disableremovabledriveindexing) | Configure whether locations on removable drives can be added to libraries. | ✔️ | | | | +| [PreventIndexingLowDiskSpaceMB](/windows/client-management/mdm/policy-configuration-service-provider#search-preventindexinglowdiskspacemb) | Prevent indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. | ✔️ | | | | +| [PreventRemoteQueries](/windows/client-management/mdm/policy-configuration-service-provider#search-preventremotequeries) | If enabled, clients will be unable to query this device's index remotely. | ✔️ | | | | +| [SafeSearchPermissions](/windows/client-management/mdm/policy-configuration-service-provider#search-safesearchpermissions) | Specify the level of safe search (filtering adult content) required. | | | | | ## Security -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAddProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowaddprovisioningpackage) | Specify whether to allow installation of provisioning packages. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowManualRootCertificateInstallation](/windows/client-management/mdm/policy-configuration-service-provider#security-allowmanualrootcertificateinstallation) | Specify whether the user is allowed to manually install root and intermediate CA certificates. | | ✔️ | | | | -| [AllowRemoveProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowremoveprovisioningpackage) | Specify whether removal of provisioning packages is allowed. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AntiTheftMode](/windows/client-management/mdm/policy-configuration-service-provider#security-antitheftmode) | Allow or disallow Anti Theft Mode on the device. | | ✔️ | | | | -| [RequireDeviceEncryption](/windows/client-management/mdm/policy-configuration-service-provider#security-requiredeviceencryption) | Specify whether encryption is required. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [RequireProvisioningPackageSignature](/windows/client-management/mdm/policy-configuration-service-provider#security-requireprovisioningpackagesignature) | Specify whether provisioning packages must have a certificate signed by a device-trusted authority. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [RequireRetrieveHealthCertificateOnBoot](/windows/client-management/mdm/policy-configuration-service-provider#security-requireretrievehealthcertificateonboot) | Specify whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service when a device boots or reboots. | ✔️ | ✔️ | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowAddProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowaddprovisioningpackage) | Specify whether to allow installation of provisioning packages. | ✔️ | ✔️ | | ✔️ | +| [AllowManualRootCertificateInstallation](/windows/client-management/mdm/policy-configuration-service-provider#security-allowmanualrootcertificateinstallation) | Specify whether the user is allowed to manually install root and intermediate CA certificates. | | | | | +| [AllowRemoveProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowremoveprovisioningpackage) | Specify whether removal of provisioning packages is allowed. | ✔️ | ✔️ | | ✔️ | +| [AntiTheftMode](/windows/client-management/mdm/policy-configuration-service-provider#security-antitheftmode) | Allow or disallow Anti Theft Mode on the device. | | | | | +| [RequireDeviceEncryption](/windows/client-management/mdm/policy-configuration-service-provider#security-requiredeviceencryption) | Specify whether encryption is required. | ✔️ | ✔️ | ✔️ | ✔️ | +| [RequireProvisioningPackageSignature](/windows/client-management/mdm/policy-configuration-service-provider#security-requireprovisioningpackagesignature) | Specify whether provisioning packages must have a certificate signed by a device-trusted authority. | ✔️ | ✔️ | | ✔️ | +| [RequireRetrieveHealthCertificateOnBoot](/windows/client-management/mdm/policy-configuration-service-provider#security-requireretrievehealthcertificateonboot) | Specify whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service when a device boots or reboots. | ✔️ | | | | ## Settings -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAutoPlay](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowautoplay) | Allow the user to change AutoPlay settings. | | ✔️ | | | | -| [AllowDataSense](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowdatasense) | Allow the user to change Data Sense settings. | | ✔️ | | | | -| [AllowVPN](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. | | ✔️ | | ✔️ | | -| [ConfigureTaskbarCalendar](/windows/client-management/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | ✔️ | | | | | -[PageVisiblityList](/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) | Allows IT admins to prevent specific pages in the System Settings app from being visible or accessible. Pages are identified by a shortened version of their already [published URIs](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference), which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowAutoPlay](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowautoplay) | Allow the user to change AutoPlay settings. | | | | | +| [AllowDataSense](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowdatasense) | Allow the user to change Data Sense settings. | | | | | +| [AllowVPN](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. | | | ✔️ | | +| [ConfigureTaskbarCalendar](/windows/client-management/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | ✔️ | | | | +[PageVisiblityList](/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) | Allows IT admins to prevent specific pages in the System Settings app from being visible or accessible. Pages are identified by a shortened version of their already [published URIs](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference), which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. | ✔️ | | | | ## Start -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowPinnedFolderDocuments](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments) | Control the visibility of the Documents shortcut on the Start menu. | ✔️ | | | | | -| [AllowPinnedFolderDownloads](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | Control the visibility of the Downloadds shortcut on the Start menu. | ✔️ | | | | | -| [AllowPinnedFolderFileExplorer](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer) | Control the visibility of the File Explorer shortcut on the Start menu. | ✔️ | | | | | -| [AllowPinnedFolderHomeGroup](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | Control the visibility of the Home Group shortcut on the Start menu. | ✔️ | | | | | -| [AllowPinnedFolderMusic](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | Control the visibility of the Music shortcut on the Start menu. | ✔️ | | | | | -| [AllowPinnedFolderNetwork](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork) | Control the visibility of the Network shortcut on the Start menu. | ✔️ | | | | | -| [AllowPinnedFolderPersonalFolder](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder) | Control the visibility of the Personal Folder shortcut on the Start menu. | ✔️ | | | | | -| [AllowPinnedFolderPictures](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | Control the visibility of the Pictures shortcut on the Start menu. | ✔️ | | | | | -| [AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | Control the visibility of the Settings shortcut on the Start menu. | ✔️ | | | | | -| [AllowPinnedFolderVideos](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos) |Control the visibility of the Videos shortcut on the Start menu. | ✔️ | | | | | -DisableContextMenus | Prevent context menus from being invoked in the Start menu. | ✔️ | | | | | -| [ForceStartSize](/windows/client-management/mdm/policy-configuration-service-provider#start-forcestartsize) | Force the size of the Start screen. | ✔️ | | | | | -| [HideAppList](/windows/client-management/mdm/policy-configuration-service-provider#start-hideapplist) | Collapse or remove the all apps list. | ✔️ | | | | | -| [HideChangeAccountSettings](/windows/client-management/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) | Hide **Change account settings** from appearing in the user tile. | ✔️ | | | | | -| [HideFrequentlyUsedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps) | Hide **Most used** section of Start. | ✔️ | | | | | -| [HideHibernate](/windows/client-management/mdm/policy-configuration-service-provider#start-hidehibernate) | Prevent **Hibernate** option from appearing in the Power button. | ✔️ | | | | | -| [HideLock](/windows/client-management/mdm/policy-configuration-service-provider#start-hidelock) | Prevent **Lock** from appearing in the user tile. | ✔️ | | | | | -| HidePeopleBar | Remove the people icon from the taskbar, as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | ✔️ | | | | | -| [HidePowerButton](/windows/client-management/mdm/policy-configuration-service-provider#start-hidepowerbutton) | Hide the **Power** button. | ✔️ | | | | | -| [HideRecentJumplists](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentjumplists) | Hide jumplists of recently opened items. | ✔️ | | | | | -| [HideRecentlyAddedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps) | Hide **Recently added** section of Start. | ✔️ | | | | | -| [HideRestart](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderestart) | Prevent **Restart** and **Update and restart** from appearing in the Power button. | ✔️ | | | | | -| [HideShutDown](/windows/client-management/mdm/policy-configuration-service-provider#start-hideshutdown) | Prevent **Shut down** and **Update and shut down** from appearing in the Power button. | ✔️ | | | | | -| [HideSignOut](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesignout) | Prevent **Sign out** from appearing in the user tile. | ✔️ | | | | | -| [HideSleep](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesleep) | Prevent **Sleep** from appearing in the Power button. | ✔️ | | | | | -| [HideSwitchAccount](/windows/client-management/mdm/policy-configuration-service-provider#start-hideswitchaccount) | Prevent **Switch account** from appearing in the user tile. | ✔️ | | | | | -| [HideUserTile](/windows/client-management/mdm/policy-configuration-service-provider#start-hideusertile) | Hide the user tile. | ✔️ | | | | | -| [ImportEdgeAssets](/windows/client-management/mdm/policy-configuration-service-provider#start-importedgeassets) | Import Edge assets for secondary tiles. For more information, see [Add image for secondary Microsoft Edge tiles](../start-secondary-tiles.md). | ✔️ | | | | | -| [NoPinningToTaskbar](/windows/client-management/mdm/policy-configuration-service-provider#start-nopinningtotaskbar) | Prevent users from pinning and unpinning apps on the taskbar. | ✔️ | | | | | -| [StartLayout](/windows/client-management/mdm/policy-configuration-service-provider#start-startlayout) | Apply a custom Start layout. For more information, see [Customize Windows 10 Start and taskbar with provisioning packages](../customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowPinnedFolderDocuments](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments) | Control the visibility of the Documents shortcut on the Start menu. | ✔️ | | | | +| [AllowPinnedFolderDownloads](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | Control the visibility of the Downloads shortcut on the Start menu. | ✔️ | | | | +| [AllowPinnedFolderFileExplorer](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer) | Control the visibility of the File Explorer shortcut on the Start menu. | ✔️ | | | | +| [AllowPinnedFolderHomeGroup](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | Control the visibility of the Home Group shortcut on the Start menu. | ✔️ | | | | +| [AllowPinnedFolderMusic](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | Control the visibility of the Music shortcut on the Start menu. | ✔️ | | | | +| [AllowPinnedFolderNetwork](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork) | Control the visibility of the Network shortcut on the Start menu. | ✔️ | | | | +| [AllowPinnedFolderPersonalFolder](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder) | Control the visibility of the Personal Folder shortcut on the Start menu. | ✔️ | | | | +| [AllowPinnedFolderPictures](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | Control the visibility of the Pictures shortcut on the Start menu. | ✔️ | | | | +| [AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | Control the visibility of the Settings shortcut on the Start menu. | ✔️ | | | | +| [AllowPinnedFolderVideos](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos) |Control the visibility of the Videos shortcut on the Start menu. | ✔️ | | | | +| DisableContextMenus | Prevent context menus from being invoked in the Start menu. | ✔️ | | | | +| [ForceStartSize](/windows/client-management/mdm/policy-configuration-service-provider#start-forcestartsize) | Force the size of the Start screen. | ✔️ | | | | +| [HideAppList](/windows/client-management/mdm/policy-configuration-service-provider#start-hideapplist) | Collapse or remove the all apps list. | ✔️ | | | | +| [HideChangeAccountSettings](/windows/client-management/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) | Hide **Change account settings** from appearing in the user tile. | ✔️ | | | | +| [HideFrequentlyUsedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps) | Hide **Most used** section of Start. | ✔️ | | | | +| [HideHibernate](/windows/client-management/mdm/policy-configuration-service-provider#start-hidehibernate) | Prevent **Hibernate** option from appearing in the Power button. | ✔️ | | | | +| [HideLock](/windows/client-management/mdm/policy-configuration-service-provider#start-hidelock) | Prevent **Lock** from appearing in the user tile. | ✔️ | | | | +| HidePeopleBar | Remove the people icon from the taskbar, as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | ✔️ | | | | +| [HidePowerButton](/windows/client-management/mdm/policy-configuration-service-provider#start-hidepowerbutton) | Hide the **Power** button. | ✔️ | | | | +| [HideRecentJumplists](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentjumplists) | Hide jumplists of recently opened items. | ✔️ | | | | +| [HideRecentlyAddedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps) | Hide **Recently added** section of Start. | ✔️ | | | | +| [HideRestart](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderestart) | Prevent **Restart** and **Update and restart** from appearing in the Power button. | ✔️ | | | | +| [HideShutDown](/windows/client-management/mdm/policy-configuration-service-provider#start-hideshutdown) | Prevent **Shut down** and **Update and shut down** from appearing in the Power button. | ✔️ | | | | +| [HideSignOut](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesignout) | Prevent **Sign out** from appearing in the user tile. | ✔️ | | | | +| [HideSleep](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesleep) | Prevent **Sleep** from appearing in the Power button. | ✔️ | | | | +| [HideSwitchAccount](/windows/client-management/mdm/policy-configuration-service-provider#start-hideswitchaccount) | Prevent **Switch account** from appearing in the user tile. | ✔️ | | | | +| [HideUserTile](/windows/client-management/mdm/policy-configuration-service-provider#start-hideusertile) | Hide the user tile. | ✔️ | | | | +| [ImportEdgeAssets](/windows/client-management/mdm/policy-configuration-service-provider#start-importedgeassets) | Import Edge assets for secondary tiles. For more information, see [Add image for secondary Microsoft Edge tiles](../start-secondary-tiles.md). | ✔️ | | | | +| [NoPinningToTaskbar](/windows/client-management/mdm/policy-configuration-service-provider#start-nopinningtotaskbar) | Prevent users from pinning and unpinning apps on the taskbar. | ✔️ | | | | +| [StartLayout](/windows/client-management/mdm/policy-configuration-service-provider#start-startlayout) | Apply a custom Start layout. For more information, see [Customize Windows 10 Start and taskbar with provisioning packages](../customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) | ✔️ | | | | ## System -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowBuildPreview](/windows/client-management/mdm/policy-configuration-service-provider#system-allowbuildpreview) | Specify whether users can access the Insider build controls in the **Advanced Options** for Windows Update. | ✔️ | ✔️ | | | | -| [AllowEmbeddedMode](/windows/client-management/mdm/policy-configuration-service-provider#system-allowembeddedmode) | Specify whether to set general purpose device to be in embedded mode. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowExperimentation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | ✔️ | ✔️ | | | | -| [AllowLocation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowStorageCard](/windows/client-management/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowTelemetry](/windows/client-management/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | ✔️ | ✔️ | | ✔️ | | -| [AllowUserToResetPhone](/windows/client-management/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | ✔️ | ✔️ | | | | -ConfigureTelemetryOptInChangeNotification | This policy setting determines whether a device shows notifications about telemetry levels to people on first sign-in or when changes occur in Settings. | ✔️ | ✔️ | | | | -ConfigureTelemetryOptInSettingsUx | This policy setting determines whether people can change their own telemetry levels in Settings | ✔️ | ✔️ | | | | -| DisableDeviceDelete | Specify whether the delete diagnostic data is enabled in the Diagnostic & Feedback Settings page. | ✔️ | ✔️ | | | | -| DisableDataDiagnosticViewer | Configure whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. | ✔️ | ✔️ | | | | -| [DisableOneDriveFileSync](/windows/client-management/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | ✔️ | | | | | -| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | ✔️ | ✔️ | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowBuildPreview](/windows/client-management/mdm/policy-configuration-service-provider#system-allowbuildpreview) | Specify whether users can access the Insider build controls in the **Advanced Options** for Windows Update. | ✔️ | | | | +| [AllowEmbeddedMode](/windows/client-management/mdm/policy-configuration-service-provider#system-allowembeddedmode) | Specify whether to set general purpose device to be in embedded mode. | ✔️ | ✔️ | | ✔️ | +| [AllowExperimentation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | ✔️ | | | | +| [AllowLocation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowStorageCard](/windows/client-management/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | ✔️ | ✔️ | | ✔️ | +| [AllowTelemetry](/windows/client-management/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | ✔️ | | ✔️ | | +| [AllowUserToResetPhone](/windows/client-management/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | ✔️ | | | | +ConfigureTelemetryOptInChangeNotification | This policy setting determines whether a device shows notifications about telemetry levels to people on first sign-in or when changes occur in Settings. | ✔️ | | | | +ConfigureTelemetryOptInSettingsUx | This policy setting determines whether people can change their own telemetry levels in Settings | ✔️ | | | | +| DisableDeviceDelete | Specify whether the delete diagnostic data is enabled in the Diagnostic & Feedback Settings page. | ✔️ | | | | +| DisableDataDiagnosticViewer | Configure whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. | ✔️ | | | | +| [DisableOneDriveFileSync](/windows/client-management/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | ✔️ | | | | +| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | ✔️ | | | | ## TextInput -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowIMELogging](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimelogging) | Allow the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. | ✔️ | | | | | -| [AllowIMENetworkAccess](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary. | ✔️ | | | | | -| [AllowInputPanel](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowinputpanel) | Disable the touch/handwriting keyboard. | ✔️ | | | | | -| [AllowJapaneseIMESurrogatePairCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseimesurrogatepaircharacters) | Allow the Japanese IME surrogate pair characters. | ✔️ | | | | | -| [AllowJapaneseIVSCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseivscharacters) | Allow Japanese Ideographic Variation Sequence (IVS) characters. | ✔️ | | | | | -| [AllJapaneseNonPublishingStandardGlyph](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapanesenonpublishingstandardglyph) | All the Japanese non-publishing standard glyph. | ✔️ | | | | | -| [AllowJapaneseUserDictionary](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseuserdictionary) | Allow the Japanese user dictionary. | ✔️ | | | | | -| [AllowKeyboardTextSuggestions](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowkeyboardtextsuggestions) | Specify whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. | ✔️ | | | | | -| [AllowLanguageFeaturesUninstall](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowlanguagefeaturesuninstall) | All language features to be uninstalled. | ✔️ | | | | | -| AllowUserInputsFromMiracastRecevier | Do not use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | | | | | | -| [ExcludeJapaneseIMEExceptISO208](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | | | -| [ExcludeJapaneseIMEExceptISO208andEUDC](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208andeudc) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | | | -| [ExcludeJapaneseIMEExceptShiftJIS](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptshiftjis) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowIMELogging](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimelogging) | Allow the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. | ✔️ | | | | +| [AllowIMENetworkAccess](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary. | ✔️ | | | | +| [AllowInputPanel](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowinputpanel) | Disable the touch/handwriting keyboard. | ✔️ | | | | +| [AllowJapaneseIMESurrogatePairCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseimesurrogatepaircharacters) | Allow the Japanese IME surrogate pair characters. | ✔️ | | | | +| [AllowJapaneseIVSCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseivscharacters) | Allow Japanese Ideographic Variation Sequence (IVS) characters. | ✔️ | | | | +| [AllJapaneseNonPublishingStandardGlyph](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapanesenonpublishingstandardglyph) | All the Japanese non-publishing standard glyph. | ✔️ | | | | +| [AllowJapaneseUserDictionary](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseuserdictionary) | Allow the Japanese user dictionary. | ✔️ | | | | +| [AllowKeyboardTextSuggestions](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowkeyboardtextsuggestions) | Specify whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. | ✔️ | | | | +| [AllowLanguageFeaturesUninstall](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowlanguagefeaturesuninstall) | All language features to be uninstalled. | ✔️ | | | | +| AllowUserInputsFromMiracastRecevier | Do not use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | | | | | +| [ExcludeJapaneseIMEExceptISO208](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | | +| [ExcludeJapaneseIMEExceptISO208andEUDC](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208andeudc) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | | +| [ExcludeJapaneseIMEExceptShiftJIS](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptshiftjis) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | | ## TimeLanguageSettings -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowSet24HourClock](/windows/client-management/mdm/policy-configuration-service-provider#timelanguagesettings-allowset24hourclock) | Configure the default clock setting to be the 24 hour format. | | ✔️ | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowSet24HourClock](/windows/client-management/mdm/policy-configuration-service-provider#timelanguagesettings-allowset24hourclock) | Configure the default clock setting to be the 24 hour format. | | | | | ## Update -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------:|:---------------:|:-----------:|:--------:|:--------:| -| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update rboots are not scheduled. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork) | Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowMUUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowNonMicrosoftSignedUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [AutoRestartDeadlinePeriodInDays](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindaysforfeatureupdates) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AutoRestartNotificationSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AutoRestartRequiredNotificationDismissal](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [BranchReadinessLevel](/windows/client-management/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [DeferQualityUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [DeferUpdatePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [DeferUpgradePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) | Specify upgrade delays for up to 8 months. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [DetectionFrequency](/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Do not allow update deferral policies to cause scans against Windows Update. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartDeadline](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartSnoozeSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartSnoozeScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartTransitionScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windws Update (WU) drivers during quality updates. | ✔️ | | ✔️ | | ✔️ | -| [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it is missing from the metadata. | ✔️ | ✔️ | ✔️ | | ✔️ | -| ManagePreviewBuilds | Use to enable or disable preview builds. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| PhoneUpdateRestrictions | Deprecated | | ✔️ | | | | -| [RequireDeferUpgrade](/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallDay](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) | To schedule update installation every week, set the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) | To schedule update installation the first week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) | To schedule update installation the fourth week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallTime](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [ScheduleRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [SetAutoRestartNotificationDisable](/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [SetDisablePauseUXAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisablepauseuxaccess) | Disable access to scan Windows Update. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [SetDisableUXWUAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisableuxwuaccess) | Disable the **Pause updates** feature. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [SetEDURestart](/windows/client-management/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | ✔️ | ✔️ | ✔️ | | ✔️ | -| UpdateNotificationLevel | Specify whether to enable or disable Windows Update notifications, including restart warnings. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [UpdateServiceUrl](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [UpdateServiceUrlAlternate](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +|---------|-------------|:--------------:|:-----------:|:--------:|:--------:| +| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update reboots are not scheduled. | ✔️ | ✔️ | | ✔️ | +| [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | ✔️ | ✔️ | | ✔️ | +| [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | ✔️ | ✔️ | | ✔️ | +| [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork) | Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | ✔️ | ✔️ | | ✔️ | +| [AllowMUUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowNonMicrosoftSignedUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | ✔️ | ✔️ | | ✔️ | +| [AllowUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | ✔️ | ✔️ | ✔️ | ✔️ | +| [AutoRestartDeadlinePeriodInDays](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | | ✔️ | +| [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindaysforfeatureupdates) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | | ✔️ | +| [AutoRestartNotificationSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | ✔️ | ✔️ | | ✔️ | +| [AutoRestartRequiredNotificationDismissal](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | ✔️ | ✔️ | | ✔️ | +| [BranchReadinessLevel](/windows/client-management/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | ✔️ | ✔️ | ✔️ | ✔️ | +| [DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | ✔️ | ✔️ | | ✔️ | +| [DeferQualityUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | ✔️ | ✔️ | | ✔️ | +| [DeferUpdatePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | ✔️ | ✔️ | ✔️ | ✔️ | +| [DeferUpgradePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) | Specify upgrade delays for up to 8 months. | ✔️ | ✔️ | ✔️ | ✔️ | +| [DetectionFrequency](/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | ✔️ | ✔️ | ✔️ | ✔️ | +| [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Do not allow update deferral policies to cause scans against Windows Update. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartDeadline](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartSnoozeSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartSnoozeScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartTransitionScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ | +| [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windows Update (WU) drivers during quality updates. | ✔️ | ✔️ | | ✔️ | +| [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it is missing from the metadata. | ✔️ | ✔️ | | ✔️ | +| ManagePreviewBuilds | Use to enable or disable preview builds. | ✔️ | ✔️ | ✔️ | ✔️ | +| PhoneUpdateRestrictions | Deprecated | | ✔️ | | | +| [RequireDeferUpgrade](/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallDay](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) | To schedule update installation every week, set the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) | To schedule update installation the first week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) | To schedule update installation the fourth week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallTime](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | ✔️ | ✔️ | | ✔️ | +| [ScheduleRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | ✔️ | ✔️ | | ✔️ | +| [SetAutoRestartNotificationDisable](/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | ✔️ | ✔️ | | ✔️ | +| [SetDisablePauseUXAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisablepauseuxaccess) | Disable access to scan Windows Update. | ✔️ | ✔️ | | ✔️ | +| [SetDisableUXWUAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisableuxwuaccess) | Disable the **Pause updates** feature. | ✔️ | ✔️ | | ✔️ | +| [SetEDURestart](/windows/client-management/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | ✔️ | ✔️ | | ✔️ | +| UpdateNotificationLevel | Specify whether to enable or disable Windows Update notifications, including restart warnings. | ✔️ | ✔️ | | ✔️ | +| [UpdateServiceUrl](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | +| [UpdateServiceUrlAlternate](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | ## WiFi -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAutoConnectToWiFiSenseHotspots](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowautoconnecttowifisensehotspots) | Allow the device to connect automatically to Wi-Fi hotspots. | ✔️ | ✔️ | | | | -| [AllowInternetSharing](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowinternetsharing) | Allow Internet sharing. | ✔️ | ✔️ | | | | -| [AllowManualWiFiConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowmanualwificonfiguration) | Allow connecting to Wi-Fi outside of MDM server-installed networks. | | ✔️ | | | | -| [AllowWiFi](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowwifi) | Allow Wi-Fi connections. | | ✔️ | | | | -| [WLANScanMode](/windows/client-management/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | ✔️ | ✔️ | ✔️ | | ✔️ | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowAutoConnectToWiFiSenseHotspots](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowautoconnecttowifisensehotspots) | Allow the device to connect automatically to Wi-Fi hotspots. | ✔️ | | | | +| [AllowInternetSharing](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowinternetsharing) | Allow Internet sharing. | ✔️ | | | | +| [AllowManualWiFiConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowmanualwificonfiguration) | Allow connecting to Wi-Fi outside of MDM server-installed networks. | | | | | +| [AllowWiFi](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowwifi) | Allow Wi-Fi connections. | | | | | +| [WLANScanMode](/windows/client-management/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | ✔️ | ✔️ | | ✔️ | ## WindowsInkWorkspace -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowSuggestedAppsInWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace) | Show recommended app suggestions in the ink workspace. | ✔️ | | | | | -| [AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowwindowsinkworkspace) | Specify whether to allow the user to access the ink workspace. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowSuggestedAppsInWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace) | Show recommended app suggestions in the ink workspace. | ✔️ | | | | +| [AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowwindowsinkworkspace) | Specify whether to allow the user to access the ink workspace. | ✔️ | | | | ## WindowsLogon -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [HideFastUserSwitching](/windows/client-management/mdm/policy-configuration-service-provider#windowslogon-hidefastuserswitching) | Hide the **Switch account** button on the sign-in screen, Start, and the Task Manager. | ✔️ | | | | | + +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [HideFastUserSwitching](/windows/client-management/mdm/policy-configuration-service-provider#windowslogon-hidefastuserswitching) | Hide the **Switch account** button on the sign-in screen, Start, and the Task Manager. | ✔️ | | | | ## WirelessDisplay -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub. | ✔️ | ✔️ | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub. | ✔️ | | | | diff --git a/windows/configuration/wcd/wcd-privacy.md b/windows/configuration/wcd/wcd-privacy.md index 5904abff0c..867728c6b3 100644 --- a/windows/configuration/wcd/wcd-privacy.md +++ b/windows/configuration/wcd/wcd-privacy.md @@ -17,9 +17,9 @@ Use **Privacy** to configure settings for app activation with voice. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | ✔️ | ✔️ | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | ✔️ | | ✔️ | ## LetAppsActivateWithVoice @@ -27,4 +27,4 @@ Select between **User is in control**, **Force allow**, or **Force deny**. ## LetAppsActivateWithVoiceAboveLock -Select between **User is in control**, **Force allow**, or **Force deny**. \ No newline at end of file +Select between **User is in control**, **Force allow**, or **Force deny**. diff --git a/windows/configuration/wcd/wcd-provisioningcommands.md b/windows/configuration/wcd/wcd-provisioningcommands.md index 51ca4daddb..dab5b939b7 100644 --- a/windows/configuration/wcd/wcd-provisioningcommands.md +++ b/windows/configuration/wcd/wcd-provisioningcommands.md @@ -19,9 +19,9 @@ Use ProvisioningCommands settings to install Windows desktop applications using ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | | | | For instructions on adding apps to provisioning packages, see [Provision PCs with apps](../provisioning-packages/provision-pcs-with-apps.md). diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md index 2cee7eec84..3dd25e3954 100644 --- a/windows/configuration/wcd/wcd-sharedpc.md +++ b/windows/configuration/wcd/wcd-sharedpc.md @@ -20,9 +20,9 @@ Use SharedPC settings to optimize Windows 10 for shared use scenarios, such as t ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | | | | ## AccountManagement diff --git a/windows/configuration/wcd/wcd-smisettings.md b/windows/configuration/wcd/wcd-smisettings.md index f378d5f114..ed3dbc5df6 100644 --- a/windows/configuration/wcd/wcd-smisettings.md +++ b/windows/configuration/wcd/wcd-smisettings.md @@ -19,9 +19,9 @@ Use SMISettings settings to customize the device with custom shell, suppress Win ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | | | | ## All settings in SMISettings diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md index cd1ddd0c36..b5e9674a75 100644 --- a/windows/configuration/wcd/wcd-start.md +++ b/windows/configuration/wcd/wcd-start.md @@ -19,12 +19,12 @@ Use Start settings to apply a customized Start screen to devices. ## Applies to -| Setting | Desktop editions | Surface Hub | HoloLens | IoT Core | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | | --- | :---: | :---: | :---: | :---: | | StartLayout | ✔️ | | | | >[!IMPORTANT] ->The StartLayout setting is available in the advanced provisioning for Windows 10 desktop editions, but shouldn't be used. For desktop editions, use [Policies > StartLayout](wcd-policies.md#start). +>The StartLayout setting is available in the advanced provisioning for Windows 10, but shouldn't be used. For Windows client, use [Policies > StartLayout](wcd-policies.md#start). ## StartLayout diff --git a/windows/configuration/wcd/wcd-startupapp.md b/windows/configuration/wcd/wcd-startupapp.md index 84b5fbc1cd..49815cf169 100644 --- a/windows/configuration/wcd/wcd-startupapp.md +++ b/windows/configuration/wcd/wcd-startupapp.md @@ -19,8 +19,8 @@ Use StartupApp settings to configure the default app that will run on start for ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| Default | | | | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| Default | | | | ✔️ | Enter the [Application User Model ID (AUMID)](/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app) for the default app. \ No newline at end of file diff --git a/windows/configuration/wcd/wcd-startupbackgroundtasks.md b/windows/configuration/wcd/wcd-startupbackgroundtasks.md index 375b29173c..7d169c131d 100644 --- a/windows/configuration/wcd/wcd-startupbackgroundtasks.md +++ b/windows/configuration/wcd/wcd-startupbackgroundtasks.md @@ -19,7 +19,7 @@ Documentation not available at this time. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | | | | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | | | | ✔️ | diff --git a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md index bf25d4dfd0..d48b954521 100644 --- a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md +++ b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md @@ -22,6 +22,6 @@ Use **StorageD3InModernStandby** to enable or disable low-power state (D3) durin ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | ✔️ | ✔️ | | ✔️ | \ No newline at end of file +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | ✔️ | | ✔️ | \ No newline at end of file diff --git a/windows/configuration/wcd/wcd-surfacehubmanagement.md b/windows/configuration/wcd/wcd-surfacehubmanagement.md index d0492b9ac5..edf2a819ed 100644 --- a/windows/configuration/wcd/wcd-surfacehubmanagement.md +++ b/windows/configuration/wcd/wcd-surfacehubmanagement.md @@ -24,9 +24,9 @@ Use SurfaceHubManagement settings to set the administrator group that will manag ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | | | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | | ✔️ | | | ## GroupName diff --git a/windows/configuration/wcd/wcd-tabletmode.md b/windows/configuration/wcd/wcd-tabletmode.md index 6f1c67bfb8..e97c3ebf6e 100644 --- a/windows/configuration/wcd/wcd-tabletmode.md +++ b/windows/configuration/wcd/wcd-tabletmode.md @@ -19,9 +19,9 @@ Use TabletMode to configure settings related to tablet mode. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | ✔️ | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | ✔️ | | | ## ConvertibleSlateModePromptPreference diff --git a/windows/configuration/wcd/wcd-takeatest.md b/windows/configuration/wcd/wcd-takeatest.md index 0f3d22d642..f9f3708a13 100644 --- a/windows/configuration/wcd/wcd-takeatest.md +++ b/windows/configuration/wcd/wcd-takeatest.md @@ -19,9 +19,9 @@ Use TakeATest to configure the Take A Test app, a secure browser for test-taking ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | | | | ## AllowScreenMonitoring diff --git a/windows/configuration/wcd/wcd-time.md b/windows/configuration/wcd/wcd-time.md index 1efcbc613a..259df9fdd1 100644 --- a/windows/configuration/wcd/wcd-time.md +++ b/windows/configuration/wcd/wcd-time.md @@ -17,9 +17,9 @@ Use **Time** to configure settings for time zone setup for Windows 10, version ( ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [ProvisionSetTimeZone](#provisionsettimezone) | ✔️ | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [ProvisionSetTimeZone](#provisionsettimezone) | ✔️ | | | | ## ProvisionSetTimeZone diff --git a/windows/configuration/wcd/wcd-unifiedwritefilter.md b/windows/configuration/wcd/wcd-unifiedwritefilter.md index 2463513137..c5586d1c3a 100644 --- a/windows/configuration/wcd/wcd-unifiedwritefilter.md +++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md @@ -40,9 +40,9 @@ The overlay doesn't mirror the entire volume. It dynamically grows to keep track ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | | | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | | | ✔️ | ## FilterEnabled diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md index 2085c5e99a..0822937da4 100644 --- a/windows/configuration/wcd/wcd-universalappinstall.md +++ b/windows/configuration/wcd/wcd-universalappinstall.md @@ -22,13 +22,13 @@ Use UniversalAppInstall settings to install Windows apps from the Microsoft Stor ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [DeviceContextApp](#devicecontextapp) | ✔️ | | ✔️ | | | -| [DeviceContextAppLicense](#devicecontextapplicense) | ✔️ | | ✔️ | | | -| [StoreInstall](#storeinstall) | ✔️ | ✔️ | ✔️ | | ✔️ | -| [UserContextApp](#usercontextapp) | ✔️ | ✔️ | ✔️ | | ✔️ | -| [UserContextAppLicense](#usercontextapplicense) | ✔️ | ✔️ | ✔️ | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [DeviceContextApp](#devicecontextapp) | ✔️ | ✔️ | | | +| [DeviceContextAppLicense](#devicecontextapplicense) | ✔️ | ✔️ | | | +| [StoreInstall](#storeinstall) | ✔️ | ✔️ | | ✔️ | +| [UserContextApp](#usercontextapp) | ✔️ | ✔️ | | ✔️ | +| [UserContextAppLicense](#usercontextapplicense) | ✔️ | ✔️ | | ✔️ | ## DeviceContextApp diff --git a/windows/configuration/wcd/wcd-universalappuninstall.md b/windows/configuration/wcd/wcd-universalappuninstall.md index 0ae1ade853..625891ae05 100644 --- a/windows/configuration/wcd/wcd-universalappuninstall.md +++ b/windows/configuration/wcd/wcd-universalappuninstall.md @@ -20,10 +20,10 @@ Use UniversalAppUninstall settings to uninstall or remove Windows apps. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [RemoveProvisionedApp](#removeprovisionedapp) | ✔️ | | | | | -| [Uninstall](#uninstall) | ✔️ | ✔️ | ✔️ | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [RemoveProvisionedApp](#removeprovisionedapp) | ✔️ | | | | +| [Uninstall](#uninstall) | ✔️ | ✔️ | | ✔️ | ## RemoveProvisionedApp diff --git a/windows/configuration/wcd/wcd-usberrorsoemoverride.md b/windows/configuration/wcd/wcd-usberrorsoemoverride.md index 9b4fc26665..3eb9975d01 100644 --- a/windows/configuration/wcd/wcd-usberrorsoemoverride.md +++ b/windows/configuration/wcd/wcd-usberrorsoemoverride.md @@ -20,9 +20,9 @@ Allows an OEM to hide the USB option UI in Settings and all USB device errors. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [HideUsbErrorNotifyOptionUI](#hideusberrornotifyoptionui) | ✔️ | ✔️ | ✔️ | ✔️ | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [HideUsbErrorNotifyOptionUI](#hideusberrornotifyoptionui) | ✔️ | ✔️ | ✔️ | | ## HideUsbErrorNotifyOptionUI diff --git a/windows/configuration/wcd/wcd-weakcharger.md b/windows/configuration/wcd/wcd-weakcharger.md index 0f57e581fd..ce9f3ab265 100644 --- a/windows/configuration/wcd/wcd-weakcharger.md +++ b/windows/configuration/wcd/wcd-weakcharger.md @@ -20,10 +20,10 @@ Use WeakCharger settings to configure the charger notification UI. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [HideWeakChargerNotifyOptionUI](#hideweakchargernotifyoptionui) | ✔️ | ✔️ | ✔️ | | | -| [NotifyOnWeakCharger](#notifyonweakcharger) | ✔️ | ✔️ | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [HideWeakChargerNotifyOptionUI](#hideweakchargernotifyoptionui) | ✔️ | ✔️ | | | +| [NotifyOnWeakCharger](#notifyonweakcharger) | ✔️ | ✔️ | | | ## HideWeakChargerNotifyOptionUI diff --git a/windows/configuration/wcd/wcd-windowshelloforbusiness.md b/windows/configuration/wcd/wcd-windowshelloforbusiness.md index d000b9facc..fc0d8fbd54 100644 --- a/windows/configuration/wcd/wcd-windowshelloforbusiness.md +++ b/windows/configuration/wcd/wcd-windowshelloforbusiness.md @@ -19,9 +19,9 @@ Use WindowsHelloForBusiness settings to specify whether [FIDO2 security keys for ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [SecurityKeys](#securitykeys) | ✔️ | | | | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [SecurityKeys](#securitykeys) | ✔️ | | | | ## SecurityKeys diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md index a4e82b4a0e..9307518bf1 100644 --- a/windows/configuration/wcd/wcd-windowsteamsettings.md +++ b/windows/configuration/wcd/wcd-windowsteamsettings.md @@ -20,9 +20,9 @@ Use WindowsTeamSettings settings to configure Surface Hub. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | | | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | | ✔️ | | | ## Connect diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md index 2a746063eb..8b931bc90a 100644 --- a/windows/configuration/wcd/wcd-wlan.md +++ b/windows/configuration/wcd/wcd-wlan.md @@ -20,7 +20,7 @@ Do not use at this time. Instead, use [ConnectivityProfiles > WLAN](wcd-connecti ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | | | | | diff --git a/windows/configuration/wcd/wcd-workplace.md b/windows/configuration/wcd/wcd-workplace.md index 48f7826dc9..e810f28679 100644 --- a/windows/configuration/wcd/wcd-workplace.md +++ b/windows/configuration/wcd/wcd-workplace.md @@ -20,9 +20,9 @@ Use Workplace settings to configure bulk user enrollment to a mobile device mana ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [Enrollments](#enrollments) | ✔️ | ✔️ | ✔️ | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [Enrollments](#enrollments) | ✔️ | ✔️ | | ✔️ | ## Enrollments diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md index 0d09e59143..952a247ff3 100644 --- a/windows/configuration/wcd/wcd.md +++ b/windows/configuration/wcd/wcd.md @@ -18,7 +18,7 @@ This section describes the settings that you can configure in [provisioning pack ## Edition that each group of settings applies to -| Setting group | Desktop editions | Surface Hub | HoloLens | IoT Core | +| Setting group | Windows client | Surface Hub | HoloLens | IoT Core | | --- | :---: | :---: | :---: | :---: | | [AccountManagement](wcd-accountmanagement.md) | | | ✔️ | | | [Accounts](wcd-accounts.md) | ✔️ | ✔️ | ✔️ | ✔️ | diff --git a/windows/deployment/planning/windows-10-deployment-considerations.md b/windows/deployment/planning/windows-10-deployment-considerations.md index 90d0c547cb..4d8bf0ff3e 100644 --- a/windows/deployment/planning/windows-10-deployment-considerations.md +++ b/windows/deployment/planning/windows-10-deployment-considerations.md @@ -36,46 +36,13 @@ Windows 10 also introduces two additional scenarios that organizations should c So how do you choose? At a high level: -
| Consider ... | -For these scenarios | -
|---|---|
| In-place upgrade | -
|
-
| Traditional wipe-and-load | -
|
-
| Dynamic provisioning | -
|
-
| - | - | Windows 10 Home | -Windows 10 Pro | -Windows 10 Pro Education | -Windows 10 Education | -Windows 10 Enterprise | -
|---|---|---|---|---|---|---|
| Windows 7 | -||||||
| Starter | -✔ | -✔ | -✔ | -✔ | -- | |
| Home Basic | -✔ | -✔ | -✔ | -✔ | -- | |
| Home Premium | -✔ | -✔ | -✔ | -✔ | -- | |
| Professional | -D | -✔ | -✔ | -✔ | -✔ | -|
| Ultimate | -D | -✔ | -✔ | -✔ | -✔ | -|
| Enterprise | -- | - | - | ✔ | -✔ | -|
| Windows 8.1 | -||||||
| (Core) | -✔ | -✔ | -✔ | -✔ | -- | |
| Connected | -✔ | -✔ | -✔ | -✔ | -- | |
| Pro | -D | -✔ | -✔ | -✔ | -✔ | -|
| Pro Student | -D | -✔ | -✔ | -✔ | -✔ | -|
| Pro WMC | -D | -✔ | -✔ | -✔ | -✔ | -|
| Enterprise | -- | - | - | ✔ | -✔ | -|
| Embedded Industry | -- | - | - | - | ✔ | -|
| Windows RT | -- | - | - | - | - | |
| Windows Phone 8.1 | -- | - | - | - | - | |
| Windows 10 | -||||||
| Home | -- | ✔ | -✔ | -✔ | -- | |
| Pro | -D | -- | ✔ | -✔ | -✔ | -|
| Education | -- | - | - | - | D | -|
| Enterprise | -- | - | - | ✔ | -- |