updated-CSPimagesetting-4749599

windows/client-management/mdm/accounts-csp.md

@@ -17,9 +17,18 @@ manager: dansimp
 The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and join it to a local user group. This CSP was added in Windows 10, version 1803.
 
 
-The following diagram shows the Accounts configuration service provider in tree format.
+The following shows the Accounts configuration service provider in tree format.
 
-![Accounts CSP diagram](images/provisioning-csp-accounts.png) 
+```
+./Device/Vendor/MSFT
+Accounts
+----Domain
+--------ComputerName
+----Users
+--------UserName
+------------Password
+------------LocalUserGroup
+```
 
 <a href="" id="accounts"></a>**./Device/Vendor/MSFT/Accounts**  
 Root node.

windows/client-management/mdm/activesync-csp.md

@@ -28,9 +28,39 @@ The ./Vendor/MSFT/ActiveSync path is deprecated, but will continue to work in th
 
  
 
-The following diagram shows the ActiveSync configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
+The following shows the ActiveSync configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
 
-![activesync csp (cp)](images/provisioning-csp-activesync-cp.png)
+```
+./Vendor/MSFT
+ActiveSync
+----Accounts
+--------Account GUID
+------------EmailAddress
+------------Domain
+------------AccountIcon
+------------AccountType
+------------AccountName
+------------Password
+------------ServerName
+------------UserName
+------------Options
+----------------CalendarAgeFilter
+----------------Logging
+----------------MailBodyType
+----------------MailHTMLTruncation
+----------------MailPlainTextTruncation
+----------------Schedule
+----------------UseSSL
+----------------MailAgeFilter
+----------------ContentTypes
+--------------------Content Type GUID
+------------------------Enabled
+------------------------Name
+------------Policies
+----------------MailBodyType
+----------------MaxMailAgeFilter
+
+```
 
 <a href="" id="--user-vendor-msft-activesync"></a>**./User/Vendor/MSFT/ActiveSync**  
 The root node for the ActiveSync configuration service provider.

windows/client-management/mdm/alljoynmanagement-csp.md

@@ -26,9 +26,37 @@ This CSP was added in Windows 10, version 1511.
 
 For the firewall settings, note that PublicProfile and PrivateProfile are mutually exclusive. The Private Profile must be set on the directly on the device itself, and the only supported operation is Get. For PublicProfile, both Add and Get are supported. This CSP is intended to be used in conjunction with the AllJoyn Device System Bridge, and an understanding of the bridge will help when determining when and how to use this CSP. For more information, see [Device System Bridge (DSB) Project](https://go.microsoft.com/fwlink/p/?LinkId=615876) and [AllJoyn Device System Bridge](https://go.microsoft.com/fwlink/p/?LinkId=615877).
 
-The following diagram shows the AllJoynManagement configuration service provider in tree format
+The following shows the AllJoynManagement configuration service provider in tree format
 
-![alljoynmanagement csp diagram](images/provisioning-csp-alljoynmanagement.png)
+```
+./Vendor/MSFT
+AllJoynManagement
+----Configurations
+--------ServiceID
+------------Port
+----------------PortNum
+--------------------ConfigurableObjects
+------------------------CfgObjectPath
+----Credentials
+--------ServiceID
+------------Key
+----Firewall
+--------PublicProfile
+--------PrivateProfile
+----Services
+--------ServiceID
+------------AppId
+------------DeviceId
+------------AppName
+------------Manufacturer
+------------ModelNumber
+------------Description
+------------SoftwareVersion
+------------AJSoftwareVersion
+------------HardwareVersion
+----Options
+--------QueryIdleTime
+```
 
 The following list describes the characteristics and parameters.
 

windows/client-management/mdm/applicationcontrol-csp.md

@@ -16,10 +16,33 @@ ms.date: 09/10/2020
 Windows Defender Application Control (WDAC) policies can be managed from an MDM server or locally using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot.
 Existing WDAC policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although WDAC policy deployment via the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only.
 
-The following diagram shows the ApplicationControl CSP in tree format.
-
-![tree diagram for applicationcontrol csp](images/provisioning-csp-applicationcontrol.png)
+The following shows the ApplicationControl CSP in tree format.
 
+```
+./Vendor/MSFT
+ApplicationControl
+----Policies
+--------Policy GUID
+------------Policy
+------------PolicyInfo
+----------------Version
+----------------IsEffective
+----------------IsDeployed
+----------------IsAuthorized
+----------------Status
+----------------FriendlyName
+------------Token
+----------------TokenID
+----Tokens
+--------ID
+------------Token
+------------TokenInfo
+----------------Status
+------------PolicyIDs
+----------------Policy GUID
+----TenantID
+----DeviceID
+```
 <a href="" id="vendor-msft-applicationcontrol"></a>**./Vendor/MSFT/ApplicationControl**  
 Defines the root node for the ApplicationControl CSP.
 

windows/client-management/mdm/applocker-csp.md

@@ -17,10 +17,54 @@ ms.date: 11/19/2019
 
 The AppLocker configuration service provider is used to specify which applications are allowed or disallowed. There is no user interface shown for apps that are blocked.
 
-The following diagram shows the AppLocker configuration service provider in tree format.
-
-![applocker csp](images/provisioning-csp-applocker.png)
-
+The following shows the AppLocker configuration service provider in tree format.
+```
+./Vendor/MSFT
+AppLocker
+----ApplicationLaunchRestrictions
+--------Grouping
+------------EXE
+----------------Policy
+----------------EnforcementMode
+----------------NonInteractiveProcessEnforcement
+------------MSI
+----------------Policy
+----------------EnforcementMode
+------------Script
+----------------Policy
+----------------EnforcementMode
+------------StoreApps
+----------------Policy
+----------------EnforcementMode
+------------DLL
+----------------Policy
+----------------EnforcementMode
+----------------NonInteractiveProcessEnforcement
+------------CodeIntegrity
+----------------Policy
+----EnterpriseDataProtection
+--------Grouping
+------------EXE
+----------------Policy
+------------StoreApps
+----------------Policy
+----LaunchControl
+--------Grouping
+------------EXE
+----------------Policy
+----------------EnforcementMode
+------------StoreApps
+----------------Policy
+----------------EnforcementMode
+----FamilySafety
+--------Grouping
+------------EXE
+----------------Policy
+----------------EnforcementMode
+------------StoreApps
+----------------Policy
+----------------EnforcementMode
+```
 <a href="" id="--vendor-msft-applocker"></a>**./Vendor/MSFT/AppLocker**  
 Defines the root node for the AppLocker configuration service provider.
 

windows/client-management/mdm/assignedaccess-csp.md

@@ -29,10 +29,17 @@ For a step-by-step guide for setting up devices to run in kiosk mode, see [Set u
 > [!Note]
 > The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709 it is also supported in Windows 10 Pro and Windows 10 S. Starting in Windows 10, version 1803, it is also supported in Windows Holographic for Business edition.
 
-The following diagram shows the AssignedAccess configuration service provider in tree format
-
-![assignedaccess csp diagram](images/provisioning-csp-assignedaccess.png)
+The following shows the AssignedAccess configuration service provider in tree format
 
+```
+./Vendor/MSFT
+AssignedAccess
+----KioskModeApp
+----Configuration
+----Status
+----ShellLauncher
+----StatusConfiguration
+```
 <a href="" id="--vendor-msft-assignedaccess"></a>**./Device/Vendor/MSFT/AssignedAccess**
 Root node for the CSP.
 

windows/client-management/mdm/bitlocker-csp.md

@@ -24,11 +24,29 @@ the setting configured by the admin.
 
 For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation returns the actual status of enforcement to the admin, such as if Trusted Platform Module (TPM) protection is required and if encryption is required. And if the device has BitLocker enabled but with password protector, the status reported is 0. A Get operation on RequireDeviceEncryption does not verify that the a minimum PIN length is enforced (SystemDrivesMinimumPINLength).
 
-The following diagram shows the BitLocker configuration service provider in tree format.
-
-![BitLocker csp](images/provisioning-csp-bitlocker.png)
-
-
+The following shows the BitLocker configuration service provider in tree format.
+```
+./Device/Vendor/MSFT
+BitLocker
+----RequireStorageCardEncryption
+----RequireDeviceEncryption
+----EncryptionMethodByDriveType
+----SystemDrivesRequireStartupAuthentication
+----SystemDrivesMinimumPINLength
+----SystemDrivesRecoveryMessage
+----SystemDrivesRecoveryOptions
+----FixedDrivesRecoveryOptions
+----FixedDrivesRequireEncryption
+----RemovableDrivesRequireEncryption
+----AllowWarningForOtherDiskEncryption
+----AllowStandardUserEncryption
+----ConfigureRecoveryPasswordRotation
+----RotateRecoveryPasswords
+----Status
+--------DeviceEncryptionStatus
+--------RotateRecoveryPasswordsStatus
+--------RotateRecoveryPasswordsRequestID
+```
 <a href="" id="--device-vendor-msft-bitlocker"></a>**./Device/Vendor/MSFT/BitLocker**  
 Defines the root node for the BitLocker configuration service provider.
 <!--Policy-->

windows/client-management/mdm/certificatestore-csp.md

@@ -25,10 +25,86 @@ The CertificateStore configuration service provider is used to add secure socket
 
 For the CertificateStore CSP, you cannot use the Replace command unless the node already exists.
 
-The following diagram shows the CertificateStore configuration service provider management object in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
-
-![provisioning\-csp\-certificatestore](images/provisioning-csp-certificatestore.png)
+The following shows the CertificateStore configuration service provider management object in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
 
+```
+./Vendor/MSFT
+CertificateStore
+----ROOT
+--------*
+------------EncodedCertificate
+------------IssuedBy
+------------IssuedTo
+------------ValidFrom
+------------ValidTo
+------------TemplateName
+--------System
+------------*
+----------------EncodedCertificate
+----------------IssuedBy
+----------------IssuedTo
+----------------ValidFrom
+----------------ValidTo
+----------------TemplateName
+----MY
+--------User
+------------*
+----------------EncodedCertificate
+----------------IssuedBy
+----------------IssuedTo
+----------------ValidFrom
+----------------ValidTo
+----------------TemplateName
+--------SCEP
+------------*
+----------------Install
+--------------------ServerURL
+--------------------Challenge
+--------------------EKUMapping
+--------------------KeyUsage
+--------------------SubjectName
+--------------------KeyProtection
+--------------------RetryDelay
+--------------------RetryCount
+--------------------TemplateName
+--------------------KeyLength
+--------------------HashAlgrithm
+--------------------CAThumbPrint
+--------------------SubjectAlternativeNames
+--------------------ValidPeriod
+--------------------ValidPeriodUnit
+--------------------Enroll
+----------------CertThumbPrint
+----------------Status
+----------------ErrorCode
+--------WSTEP
+------------CertThumprint
+------------Renew
+----------------RenewPeriod
+----------------ServerURL
+----------------RetryInterval
+----------------ROBOSupport
+----------------Status
+----------------ErrorCode
+----------------LastRenewalAttemptTime
+----------------RenewNow
+----CA
+--------*
+------------EncodedCertificate
+------------IssuedBy
+------------IssuedTo
+------------ValidFrom
+------------ValidTo
+------------TemplateName
+--------System
+------------*
+----------------EncodedCertificate
+----------------IssuedBy
+----------------IssuedTo
+----------------ValidFrom
+----------------ValidTo
+----------------TemplateName
+```
 <a href="" id="root-system"></a>**Root/System**  
 Defines the certificate store that contains root, or self-signed, certificates.
 

windows/client-management/mdm/cleanpc-csp.md

@@ -15,10 +15,13 @@ manager: dansimp
 
 The CleanPC configuration service provider (CSP) allows removal of user-installed and pre-installed applications, with the option to persist user data. This CSP was added in Windows 10, version 1703.
 
-The following diagram shows the CleanPC configuration service provider in tree format.
-
-![CleanPC csp diagram](images/provisioning-csp-cleanpc.png)
-
+The following shows the CleanPC configuration service provider in tree format.
+```
+./Device/Vendor/MSFT
+CleanPC
+----CleanPCWithoutRetainingUserData
+----CleanPCRetainingUserData
+```
 <a href="" id="--device-vendor-msft-cleanpc"></a>**./Device/Vendor/MSFT/CleanPC**  
 <p style="margin-left: 20px">The root node for the CleanPC configuration service provider.</p>
 

windows/client-management/mdm/clientcertificateinstall-csp.md

@@ -23,10 +23,48 @@ For PFX certificate installation and SCEP installation, the SyncML commands must
 
 You can only set PFXKeyExportable to true if KeyLocation=3. For any other KeyLocation value, the CSP will fail.
 
-The following image shows the ClientCertificateInstall configuration service provider in tree format.
-
-![clientcertificateinstall csp](images/provisioning-csp-clientcertificateinstall.png)
-
+The following shows the ClientCertificateInstall configuration service provider in tree format.
+```
+./Vendor/MSFT
+ClientCertificateInstall
+----PFXCertInstall
+--------UniqueID
+------------KeyLocation
+------------ContainerName
+------------PFXCertBlob
+------------PFXCertPassword
+------------PFXCertPasswordEncryptionType
+------------PFXKeyExportable
+------------Thumbprint
+------------Status
+------------PFXCertPasswordEncryptionStore
+----SCEP
+--------UniqueID
+------------Install
+----------------ServerURL
+----------------Challenge
+----------------EKUMapping
+----------------KeyUsage
+----------------SubjectName
+----------------KeyProtection
+----------------RetryDelay
+----------------RetryCount
+----------------TemplateName
+----------------KeyLength
+----------------HashAlgorithm
+----------------CAThumbprint
+----------------SubjectAlternativeNames
+----------------ValidPeriod
+----------------ValidPeriodUnits
+----------------ContainerName
+----------------CustomTextToShowInPrompt
+----------------Enroll
+----------------AADKeyIdentifierList
+------------CertThumbprint
+------------Status
+------------ErrorCode
+------------RespondentServerUrl
+```
 <a href="" id="device-or-user"></a>**Device or User**  
 For device certificates, use <strong>./Device/Vendor/MSFT</strong> path and for user certificates use <strong>./User/Vendor/MSFT</strong> path.