deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 20:03:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

DMClient-CSP Updates- new nodes

Browse Source 
This is updated as per task 5864419. Thanks!
This commit is contained in:
Alekhya Jupudi
2022-05-11 12:53:31 +05:30
parent c3d534740d
commit f222504c2b
1 changed files with 107 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
windows/client-management/mdm/dmclient-csp.md
View File

@ -41,6 +41,8 @@ DMClient
------------Unenroll
------------AADResourceID
------------AADDeviceID
------------AADSendDeviceToken
------------ForceAadToken
------------EnrollmentType
------------EnableOmaDmKeepAliveMessage
------------HWDevID
@ -63,6 +65,19 @@ DMClient
----------------NumberOfRemainingScheduledRetries
----------------PollOnLogin
----------------AllUsersPollOnFirstLogin
------------LinkedEnrollment
----------------Priority
----------------Enroll
----------------Unenroll
----------------EnrollStatus
----------------LastError
------------Recovery
----------------AllowRecovery
------------MultipleSession
----------------NumAllowedConcurrentUserSessionForBackgroundSync
----------------NumAllowedConcurrentUserSessionAtUserLogonSync
----------------IntervalForScheduledRetriesForUserSession
----------------NumberOfScheduledRetriesForUserSession
----Unenroll
----UpdateManagementServiceAddress
```
@ -317,6 +332,10 @@ Device. Added in Windows 10 version 1803. For Azure AD backed enrollments, this
Supported operations are Add, Delete, Get, and Replace. Value type is bool.
<a href="" id="provider-providerid-forceaadtoken"></a>**Provider/*ProviderID*/ForceAadToken**
- new
<a href="" id="provider-providerid-poll"></a>**Provider/*ProviderID*/Poll**
Optional. Polling schedules must use the DMClient CSP. The Registry paths previously associated with polling using the Registry CSP are now deprecated.
@ -435,6 +454,94 @@ Optional. Boolean value that allows the IT admin to require the device to start
Supported operations are Add, Get, and Replace.
<a href="" id="provider-providerid-linkedenrollment-priority"></a>**Provider/*ProviderID*/LinkedEnrollment/Priority**
This node is an integer, value is "0" or "1".
Default is 1, meaning the MDM enrollment is the “winning” authority for conflicting policies/resources. Value 1 means MMP-C enrollment is the “winning” one.
Support operations are Get and Set.
<a href="" id="provider-providerid-linkedenrollment-nenroll"></a>**Provider/*ProviderID*/LinkedEnrollment/Enroll**
This is an execution node and will trigger a silent MMP-C enrollment, using the AAD device token pulled from the AADJed device. There is no user interaction needed.
Support operation is Exec.
<a href="" id="provider-providerid-linkedenrollment-unenroll"></a>**Provider/*ProviderID*/LinkedEnrollment/Unenroll**
This is an execution node and will trigger a silent MMP-C unenroll, there is no user interaction needed. On un-enrollment, all the settings/resources set by MMPC will be rolled back(rollback details will be covered later).
Support operation is Exec.
<a href="" id="provider-providerid-linkedenrollment-enrollstatus"></a>**Provider/*ProviderID*/LinkedEnrollment/EnrollStatus**
This node can be used to check both enroll and unenroll statuses.
This will return the enroll action status and is defined as a enum class LinkedEnrollmentStatus. The values are aas follows:
- Undefined = 0
- EnrollmentNotStarted = 1
- InProgress = 2
- Failed = 3
- Succeeded = 4
- UnEnrollmentQueued = 5
- UnEnrollmentSucceeded = 8
Support operation is Get only.
<a href="" id="provider-providerid-linkedenrollment-lasterror"></a>**Provider/*ProviderID*/LinkedEnrollment/LastError**
This specifies the Hresult to report the enrollment/unenroll results.
<a href="" id="provider-providerid-recovery-allowrecovery"></a>**Provider/*ProviderID*/Recovery/AllowRecovery**
This node determines whether or not the client will automatically initiate a MDM Recovery operation when it detects issues with the MDM certificate.
This node tracks the status of a Recovery request from the InitiateRecovery node. The values are as follows:
- 0 - No Recovery request has been processed.
- 1 - Recovery is in Process.
- 2 - Recovery has finished successfully.
- 3 - Recovery has failed to start because TPM is not available.
- 4 - Recovery has failed to start because AAD keys are not protected by the TPM.
- 5 - Recovery has failed to start because the MDM keys are already protected by the TPM.
- 6 - Recovery has failed to start because the TPM is not ready for attestation.
- 7 - Recovery has failed because the client cannot authenticate to the server.
- 8 - Recovery has failed because the server has rejected the client's request.
<a href="" id="provider-providerid-multiplesession-numallowedconcurrentusersessionforbackgroundsync"></a>**Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionForBackgroundSync**
Optional. This node specifies maximum number of concurrent user sync sessions in background. Default value is 25.
The values are : 0= none, 1= sequential, anything else= parallel.
Supported operation is Get, Add, Replace and Delete.
Value type is integer. Only applicable for Windows 10 multi-session.
<a href="" id="provider-providerid-multiplesession-numallowedconcurrentusersessionatuserlogonsync"></a>**Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionAtUserLogonSync**
Optional. This node specifies maximum number of concurrent user sync sessions at User Login. Default value is 25.
The values are : 0= none, 1= sequential, anything else= parallel.
Supported operation is Get, Add, Replace and Delete.
Value type is integer. Only applicable for Windows 10 multi-session.
>[!Note]
> Max(NumAllowedConcurrentUserSession, NumAllowedConcurrentUserSessionAtUserLogon) + 1
<a href="" id="provider-providerid-multiplesession-intervalforscheduledretriesforusersession"></a>**Provider/*ProviderID*/MultipleSession/IntervalForScheduledRetriesForUserSession**
Optional. This node specifies the waiting time (in minutes) for the initial set of retries as specified by the number of retries in **/<ProviderID>/Poll/NumberOfScheduledRetriesForUserSession**.
If IntervalForScheduledRetriesForUserSession is not set, then the default value is used. The default value is 1440. If the value is set to 0, this schedule is disabled.
This configuration is only applicable for Windows Multi-session Editions.
Supported operations are Get and Replace.
<a href="" id="provider-providerid-multiplesession-numberofscheduledretriesforusersession"></a>**Provider/*ProviderID*/MultipleSession/NumberOfScheduledRetriesForUserSession**
Optional. This node specifies the number of times the DM client should retry to connect to the server when the client is initially configured or enrolled to communicate with the server.
If the value is set to 0 and the IntervalForScheduledRetriesForUserSession value is not 0, then the schedule will be set to repeat an infinite number of times.
The default value is 0. This configuration is only applicable for Windows Multi-session Editions.
Supported operations are Get and Replace.
<a href="" id="provider-providerid-configlock"></a>**Provider/*ProviderID*/ConfigLock**
Optional. This node enables [Config Lock](config-lock.md) feature. If enabled, policies defined in the Config Lock document will be monitored and quickly remediated when a configuration drift is detected.