diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 430506237d..7215ed2787 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -1,23 +1,6 @@ { "build_entry_point": "", "docsets_to_publish": [ - { - "docset_name": "bcs-VSTS", - "build_source_folder": "bcs", - "build_output_subfolder": "bcs-VSTS", - "locale": "en-us", - "monikers": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "moniker_groups": [], - "version": 0 - }, { "docset_name": "education-VSTS", "build_source_folder": "education", diff --git a/bcs/docfx.json b/bcs/docfx.json deleted file mode 100644 index aa19bbfd9b..0000000000 --- a/bcs/docfx.json +++ /dev/null @@ -1,47 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/**.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.svg", - "**/*.jpg", - "**/*.json" - ], - "exclude": [ - "**/obj/**", - "**/includes/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "breadcrumb_path": "/microsoft-365-business/breadcrumb/toc.json", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "TechNet.bcs" - } - } - }, - "fileMetadata": {}, - "template": [], - "dest": "bcs" - } -} \ No newline at end of file diff --git a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md index 01157f507c..61120d6a25 100644 --- a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md +++ b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md @@ -164,8 +164,8 @@ Users can sign in to Microsoft Edge to access intranet sites and online resource *Organization policies that this may affect:*
--> -### Telemetry +### Diagnostic data -The Surface Hub OS uses the Windows 10 Connected User Experience and Telemetry component to gather and transmit telemetry data. For more information, see [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization). +The Surface Hub OS uses the Windows 10 Connected User Experience and Telemetry component to gather and transmit diagnostic data. For more information, see [Configure Windows diagnostic data in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization). -*Organization policies that this may affect:*
Configure telemetry levels for Surface Hub in the same way as you do for Windows 10 Enterprise. +*Organization policies that this may affect:*
Configure diagnostic data levels for Surface Hub in the same way as you do for Windows 10 Enterprise. diff --git a/devices/surface-hub/monitor-surface-hub.md b/devices/surface-hub/monitor-surface-hub.md index d8ddba730e..7fe0d6aeff 100644 --- a/devices/surface-hub/monitor-surface-hub.md +++ b/devices/surface-hub/monitor-surface-hub.md @@ -86,7 +86,7 @@ This table describes the sample queries in the Surface Hub solution: | Alert type | Impact | Recommended remediation | Details | | ---------- | ------ | ----------------------- | ------- | -| Software | Error | **Reboot the device**.
Reboot manually, or using the [Reboot configuration service provider](https://msdn.microsoft.com/en-us/library/windows/hardware/mt720802(v=vs.85).aspx).
Suggest doing this between meetings to minimize impact to your people in your organization. | Trigger conditions:
- A critical process in the Surface Hub operating system, such as the shell, projection, or Skype, crashes or becomes non-responsive.
- The device hasn't reported a heartbeat in the past 24 hours. This may be due to network connectivity issue or network-related hardware failure, or an error with the telemetry reporting system. | +| Software | Error | **Reboot the device**.
Reboot manually, or using the [Reboot configuration service provider](https://msdn.microsoft.com/en-us/library/windows/hardware/mt720802(v=vs.85).aspx).
Suggest doing this between meetings to minimize impact to your people in your organization. | Trigger conditions:
- A critical process in the Surface Hub operating system, such as the shell, projection, or Skype, crashes or becomes non-responsive.
- The device hasn't reported a heartbeat in the past 24 hours. This may be due to network connectivity issue or network-related hardware failure, or an error with the diagnostic data reporting system. | | Software | Error | **Check your Exchange service**.
Verify:
- The service is available.
- The device account password is up to date – see [Password management](password-management-for-surface-hub-device-accounts.md) for details.| Triggers when there's an error syncing the device calendar with Exchange. | | Software | Error | **Check your Skype for Business service**.
Verify:
- The service is available.
- The device account password is up to date – see [Password management](password-management-for-surface-hub-device-accounts.md) for details.
- The domain name for Skype for Business is properly configured - see [Configure a domain name](use-fully-qualified-domain-name-surface-hub.md). | Triggers when Skype fails to sign in. | | Software | Error | **Reset the device**.
This takes some time, so you should take the device offline.
For more information, see [Device reset](device-reset-surface-hub.md).| Triggers when there is an error cleaning up user and app data at the end of a session. When this operation repeatedly fails, the device is locked to protect user data. You must reset the device to continue. | diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index d649dc5dda..077e16a6a5 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -40,9 +40,9 @@ Depending on your environment, access to additional ports may be needed: - For online environments, see [Office 365 IP URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). - For on-premises installations, see [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx). -Microsoft collects telemetry to help improve your Surface Hub experience. Add these sites to your allow list: -- Telemetry client endpoint: `https://vortex.data.microsoft.com/` -- Telemetry settings endpoint: `https://settings.data.microsoft.com/` +Microsoft collects diagnostic data to help improve your Surface Hub experience. Add these sites to your allow list: +- Diagnostic data client endpoint: `https://vortex.data.microsoft.com/` +- Diagnostic data settings endpoint: `https://settings.data.microsoft.com/` ### Proxy configuration diff --git a/devices/surface-hub/troubleshoot-surface-hub.md b/devices/surface-hub/troubleshoot-surface-hub.md index df8612a26a..9b2ef8764a 100644 --- a/devices/surface-hub/troubleshoot-surface-hub.md +++ b/devices/surface-hub/troubleshoot-surface-hub.md @@ -524,7 +524,7 @@ This section lists status codes, mapping, user messages, and actions an admin ca

0x85002004

E_FAIL_ABORT

-

This error is used to interrupt the hanging sync, and will not be exposed to users. It will be shown in the telemetry if you force an interactive sync, delete the account, or update its settings.

+

This error is used to interrupt the hanging sync, and will not be exposed to users. It will be shown in the diagnostic data if you force an interactive sync, delete the account, or update its settings.

Nothing.

diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md index f448a10be8..1f647b7dbb 100644 --- a/education/trial-in-a-box/educator-tib-get-started.md +++ b/education/trial-in-a-box/educator-tib-get-started.md @@ -23,7 +23,7 @@ ms.date: 01/12/2017 | | | | :---: |:--- | | [![Connect the device to Wi-Fi](images/edu-TIB-setp-1-v3.png)](#edu-task1) | [Log in](#edu-task1) to **Device A** with your Teacher credentials and connect to the school network. | -| [![Try Learning Tools Immersive Reader](images/edu-TIB-setp-2-v3.png)](#edu-task2) | **Interested in drastically improving your students' reading speed and comprehension?[1](#footnote1)**
Try the [Learning Tools Immersive Reader](#edu-task2) to see how kids can learn to read faster, using text read aloud, and highlighting words for syntax. | +| [![Try Learning Tools Immersive Reader](images/edu-TIB-setp-2-v3.png)](#edu-task2) | **Interested in significantly improving your students' reading speed and comprehension?[1](#footnote1)**
Try the [Learning Tools Immersive Reader](#edu-task2) to see how kids can learn to read faster, using text read aloud, and highlighting words for syntax. | | [![Launch Microsoft Teams](images/edu-TIB-setp-3-v3.png)](#edu-task3) | **Looking to foster collaboration, communication, and critical thinking in the classroom?**
Launch [Microsoft Teams](#edu-task3) and learn how to set up digital classroom discussions, respond to student questions, and organize class content. | | [![Open OneNote](images/edu-TIB-setp-4-v3.png)](#edu-task4) | **Trying to expand classroom creativity and interaction between students?**
Open [OneNote](#edu-task4) and create an example group project for your class. | | [![Play with Minecraft: Education Edition](images/edu-TIB-setp-5-v3.png)](#edu-task5) | **Want to teach kids to further collaborate and problem solve?**
Play with [Minecraft: Education Edition](#edu-task5) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. | @@ -46,7 +46,7 @@ To try out the educator tasks, start by logging in as a teacher.
![Improve student reading speed and comprehension](images/edu-TIB-setp-2-jump.png) -## 2. Drastically improve student reading speed and comprehension +## 2. Significantly improve student reading speed and comprehension + ## AboveLock policies
@@ -33,7 +33,7 @@ ms.date: 01/29/2018
- + **AboveLock/AllowActionCenterNotifications** @@ -84,11 +84,11 @@ The following list shows the supported values: - 1 (default) - Allowed. - +
- + **AboveLock/AllowCortanaAboveLock** @@ -134,11 +134,11 @@ The following list shows the supported values: - 1 (default) - Allowed. - +
- + **AboveLock/AllowToasts** @@ -186,7 +186,7 @@ The following list shows the supported values: - 1 (default) - Allowed. - +
Footnote: @@ -195,5 +195,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md b/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md index e74c715473..2d0549e77b 100644 --- a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md +++ b/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - AccountPoliciesAccountLockoutPolicy @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## AccountPoliciesAccountLockoutPolicy policies
@@ -35,7 +35,7 @@ ms.date: 01/29/2018
- + **AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration** @@ -78,11 +78,11 @@ If an account lockout threshold is defined, the account lockout duration must be Default: None, because this policy setting only has meaning when an Account lockout threshold is specified. - +
- + **AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold** @@ -125,11 +125,11 @@ Failed password attempts against workstations or member servers that have been l Default: 0. - +
- + **AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter** @@ -172,7 +172,7 @@ If an account lockout threshold is defined, this reset time must be less than or Default: None, because this policy setting only has meaning when an Account lockout threshold is specified. - +
Footnote: @@ -181,5 +181,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 14b5d262f0..0fb29f4870 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Accounts @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Accounts policies
@@ -36,7 +36,7 @@ ms.date: 01/29/2018
- + **Accounts/AllowAddingNonMicrosoftAccountsManually** @@ -87,11 +87,11 @@ The following list shows the supported values: - 1 (default) - Allowed. - +
- + **Accounts/AllowMicrosoftAccountConnection** @@ -139,11 +139,11 @@ The following list shows the supported values: - 1 (default) - Allowed. - +
- + **Accounts/AllowMicrosoftAccountSignInAssistant** @@ -189,11 +189,11 @@ The following list shows the supported values: - 1 (default) - Manual start. - +
- + **Accounts/DomainNamesForEmailSync** @@ -236,7 +236,7 @@ The data type is a string. The default value is an empty string, which allows all email accounts on the device to sync email. Otherwise, the string should contain a pipe-separated list of domains that are allowed to sync email on the device. For example, "contoso.com|fabrikam.net|woodgrove.gov". - +
Footnote: @@ -245,7 +245,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Accounts policies supported by Windows Holographic for Business diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index 6b16327ccb..4bea893b54 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - ActiveXControls @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## ActiveXControls policies
@@ -27,7 +27,7 @@ ms.date: 01/29/2018
- + **ActiveXControls/ApprovedInstallationSites** @@ -87,7 +87,7 @@ ADMX Info: - GP ADMX file name: *ActiveXInstallService.admx* - +
Footnote: @@ -96,5 +96,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 2889bb4f2a..0e45ce047c 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - ApplicationDefaults @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## ApplicationDefaults policies
@@ -27,7 +27,7 @@ ms.date: 01/29/2018
- + **ApplicationDefaults/DefaultAssociationsConfiguration** @@ -122,7 +122,7 @@ Here is the SyncMl example: ``` - +
Footnote: @@ -131,5 +131,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 1ca01c5a3f..9ee5181bd2 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - ApplicationManagement @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## ApplicationManagement policies
@@ -57,7 +57,7 @@ ms.date: 01/29/2018
- + **ApplicationManagement/AllowAllTrustedApps** @@ -106,11 +106,11 @@ The following list shows the supported values: - 65535 (default) - Not configured. - +
- + **ApplicationManagement/AllowAppStoreAutoUpdate** @@ -159,11 +159,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **ApplicationManagement/AllowDeveloperUnlock** @@ -212,11 +212,11 @@ The following list shows the supported values: - 65535 (default) - Not configured. - +
- + **ApplicationManagement/AllowGameDVR** @@ -267,11 +267,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **ApplicationManagement/AllowSharedUserAppData** @@ -319,11 +319,11 @@ The following list shows the supported values: - 1 – Allowed. - +
- + **ApplicationManagement/AllowStore** @@ -371,11 +371,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **ApplicationManagement/ApplicationRestrictions** @@ -436,11 +436,11 @@ Value type is chr. Value evaluation rule - The information for PolicyManager is opaque. There is no most restricted value evaluation. Whenever there is a change to the value, the device parses the node value and enforces specified policies. - +
- + **ApplicationManagement/DisableStoreOriginatedApps** @@ -486,11 +486,11 @@ The following list shows the supported values: - 1 – Disable launch of apps. - +
- + **ApplicationManagement/RequirePrivateStoreOnly** @@ -539,11 +539,11 @@ The following list shows the supported values: - 1 – Only Private store is enabled. - +
- + **ApplicationManagement/RestrictAppDataToSystemVolume** @@ -591,11 +591,11 @@ The following list shows the supported values: - 1 – Restricted. - +
- + **ApplicationManagement/RestrictAppToSystemVolume** @@ -643,7 +643,7 @@ The following list shows the supported values: - 1 – Restricted. - +
Footnote: @@ -652,7 +652,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## ApplicationManagement policies supported by Windows Holographic for Business diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index f1bfd67657..5ec36f8881 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - AppVirtualization @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## AppVirtualization policies
@@ -108,7 +108,7 @@ ms.date: 01/29/2018
- + **AppVirtualization/AllowAppVClient** @@ -162,11 +162,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/AllowDynamicVirtualization** @@ -220,11 +220,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/AllowPackageCleanup** @@ -278,11 +278,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/AllowPackageScripts** @@ -336,11 +336,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/AllowPublishingRefreshUX** @@ -394,11 +394,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/AllowReportingServer** @@ -462,11 +462,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/AllowRoamingFileExclusions** @@ -520,11 +520,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/AllowRoamingRegistryExclusions** @@ -578,11 +578,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/AllowStreamingAutoload** @@ -636,11 +636,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/ClientCoexistenceAllowMigrationmode** @@ -694,11 +694,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/IntegrationAllowRootGlobal** @@ -752,11 +752,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/IntegrationAllowRootUser** @@ -810,11 +810,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/PublishingAllowServer1** @@ -886,11 +886,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/PublishingAllowServer2** @@ -962,11 +962,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/PublishingAllowServer3** @@ -1038,11 +1038,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/PublishingAllowServer4** @@ -1114,11 +1114,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/PublishingAllowServer5** @@ -1190,11 +1190,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/StreamingAllowCertificateFilterForClient_SSL** @@ -1248,11 +1248,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/StreamingAllowHighCostLaunch** @@ -1306,11 +1306,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/StreamingAllowLocationProvider** @@ -1364,11 +1364,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/StreamingAllowPackageInstallationRoot** @@ -1422,11 +1422,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/StreamingAllowPackageSourceRoot** @@ -1480,11 +1480,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/StreamingAllowReestablishmentInterval** @@ -1538,11 +1538,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/StreamingAllowReestablishmentRetries** @@ -1596,11 +1596,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/StreamingSharedContentStoreMode** @@ -1654,11 +1654,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/StreamingSupportBranchCache** @@ -1712,11 +1712,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/StreamingVerifyCertificateRevocationList** @@ -1770,11 +1770,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
- + **AppVirtualization/VirtualComponentsAllowList** @@ -1828,7 +1828,7 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
Footnote: @@ -1837,5 +1837,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index b23d0fec1c..3cd9a8202d 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - AttachmentManager @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## AttachmentManager policies
@@ -33,7 +33,7 @@ ms.date: 01/29/2018
- + **AttachmentManager/DoNotPreserveZoneInformation** @@ -93,11 +93,11 @@ ADMX Info: - GP ADMX file name: *AttachmentManager.admx* - +
- + **AttachmentManager/HideZoneInfoMechanism** @@ -157,11 +157,11 @@ ADMX Info: - GP ADMX file name: *AttachmentManager.admx* - +
- + **AttachmentManager/NotifyAntivirusPrograms** @@ -221,7 +221,7 @@ ADMX Info: - GP ADMX file name: *AttachmentManager.admx* - +
Footnote: @@ -230,5 +230,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 6755d07861..881ae7ff19 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Authentication @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Authentication policies
@@ -39,7 +39,7 @@ ms.date: 01/29/2018
- + **Authentication/AllowAadPasswordReset** @@ -85,11 +85,11 @@ The following list shows the supported values: - 1 – Allowed. - +
- + **Authentication/AllowEAPCertSSO** @@ -135,11 +135,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Authentication/AllowFastReconnect** @@ -187,11 +187,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Authentication/AllowFidoDeviceSignon** @@ -241,11 +241,11 @@ The following list shows the supported values: - 1 - Allow. The FIDO device credential provider is enabled and allows usage of FIDO devices to sign into an Windows. - +
- + **Authentication/AllowSecondaryAuthenticationDevice** @@ -293,7 +293,7 @@ The following list shows the supported values: - 1 – Allowed. - +
Footnote: @@ -302,7 +302,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Authentication policies supported by Windows Holographic for Business diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 1691a0fce0..ea02a39c19 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Autoplay @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Autoplay policies
@@ -33,7 +33,7 @@ ms.date: 01/29/2018
- + **Autoplay/DisallowAutoplayForNonVolumeDevices** @@ -92,11 +92,11 @@ ADMX Info: - GP ADMX file name: *AutoPlay.admx* - +
- + **Autoplay/SetDefaultAutoRunBehavior** @@ -164,11 +164,11 @@ ADMX Info: - GP ADMX file name: *AutoPlay.admx* - +
- + **Autoplay/TurnOffAutoPlay** @@ -237,7 +237,7 @@ ADMX Info: - GP ADMX file name: *AutoPlay.admx* - +
Footnote: @@ -246,5 +246,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index 35eb61f9df..852a915bac 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Bitlocker @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Bitlocker policies
@@ -27,7 +27,7 @@ ms.date: 01/29/2018
- + **Bitlocker/EncryptionMethod** @@ -106,7 +106,7 @@ The following list shows the supported values: - 7 - XTS-AES 256-bit (Desktop only) - +
Footnote: @@ -115,5 +115,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index dc992781e7..3a6b797bf3 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Bluetooth @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Bluetooth policies
@@ -39,7 +39,7 @@ ms.date: 01/29/2018
- + **Bluetooth/AllowAdvertising** @@ -89,11 +89,11 @@ The following list shows the supported values: - 1 (default) – Allowed. When set to 1, the device will send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is received by the peripheral. - +
- + **Bluetooth/AllowDiscoverableMode** @@ -143,11 +143,11 @@ The following list shows the supported values: - 1 (default) – Allowed. When set to 1, other devices will be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel and verify that you can discover it. - +
- + **Bluetooth/AllowPrepairing** @@ -193,11 +193,11 @@ The following list shows the supported values: - 1 (default)– Allowed. - +
- + **Bluetooth/LocalDeviceName** @@ -240,11 +240,11 @@ If this is set, the value that it is set to will be used as the Bluetooth device If this policy is not set or it is deleted, the default local radio name is used. - +
- + **Bluetooth/ServicesAllowedList** @@ -285,7 +285,7 @@ Set a list of allowable services and profiles. String hex formatted array of Blu The default value is an empty string. - +
Footnote: @@ -294,7 +294,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Bluetooth policies supported by Windows Holographic for Business diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 51ca199a31..9ffaf7854f 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Browser @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## Browser policies
@@ -140,7 +140,7 @@ ms.date: 01/29/2018
- + **Browser/AllowAddressBarDropdown** @@ -192,11 +192,11 @@ The following list shows the supported values: - 1 (default) – Allowed. Address bar drop-down is enabled. - +
- + **Browser/AllowAutofill** @@ -254,11 +254,11 @@ To verify AllowAutofill is set to 0 (not allowed): 4. Verify the setting **Save form entries** is greyed out. - +
- + **Browser/AllowBrowser** @@ -313,11 +313,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Browser/AllowCookies** @@ -376,11 +376,11 @@ To verify AllowCookies is set to 0 (not allowed): 4. Verify the setting **Cookies** is greyed out. - +
- + **Browser/AllowDeveloperTools** @@ -433,11 +433,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Browser/AllowDoNotTrack** @@ -495,11 +495,11 @@ To verify AllowDoNotTrack is set to 0 (not allowed): 4. Verify the setting **Send Do Not Track requests** is greyed out. - +
- + **Browser/AllowExtensions** @@ -546,11 +546,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Browser/AllowFlash** @@ -597,11 +597,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Browser/AllowFlashClickToRun** @@ -648,11 +648,11 @@ The following list shows the supported values: - 1 (default) – Users must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content. - +
- + **Browser/AllowInPrivate** @@ -701,11 +701,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Browser/AllowMicrosoftCompatibilityList** @@ -757,11 +757,11 @@ The following list shows the supported values: - 1 (default) – Enabled. - +
- + **Browser/AllowPasswordManager** @@ -819,11 +819,11 @@ To verify AllowPasswordManager is set to 0 (not allowed): 4. Verify the settings **Offer to save password** and **Manage my saved passwords** are greyed out. - +
- + **Browser/AllowPopups** @@ -881,11 +881,11 @@ To verify AllowPopups is set to 0 (not allowed): 4. Verify the setting **Block pop-ups** is greyed out. - +
- + **Browser/AllowSearchEngineCustomization** @@ -936,11 +936,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Browser/AllowSearchSuggestionsinAddressBar** @@ -989,11 +989,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Browser/AllowSmartScreen** @@ -1051,11 +1051,11 @@ To verify AllowSmartScreen is set to 0 (not allowed): 4. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is greyed out. - +
- + **Browser/AlwaysEnableBooksLibrary** @@ -1102,11 +1102,11 @@ The following list shows the supported values: - 1 - Enable. Always show the Books Library, regardless of countries or region of activation. - +
- + **Browser/ClearBrowsingDataOnExit** @@ -1163,11 +1163,11 @@ To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set 3. Open Microsoft Edge and start typing the same URL in address bar. Verify that it does not auto-complete from history. - +
- + **Browser/ConfigureAdditionalSearchEngines** @@ -1225,11 +1225,11 @@ The following list shows the supported values: - 1 – Additional search engines are allowed. - +
- + **Browser/DisableLockdownOfStartPages** @@ -1284,11 +1284,11 @@ The following list shows the supported values: - 1 – Disable lockdown of the Start pages and allow users to modify them. - +
- + **Browser/EnableExtendedBooksTelemetry** @@ -1327,21 +1327,21 @@ The following list shows the supported values: This policy setting lets you decide how much data to send to Microsoft about the book you're reading from the Books tab in Microsoft Edge. -If you enable this setting, Microsoft Edge sends additional telemetry data, on top of the basic telemetry data, from the Books tab. If you disable or don't configure this setting, Microsoft Edge only sends basic telemetry data, depending on your device configuration. +If you enable this setting, Microsoft Edge sends additional diagnostic data, on top of the basic diagnostic data, from the Books tab. If you disable or don't configure this setting, Microsoft Edge only sends basic diagnostic data, depending on your device configuration. The following list shows the supported values: -- 0 (default) - Disable. No additional telemetry. -- 1 - Enable. Additional telemetry for schools. +- 0 (default) - Disable. No additional diagnostic data. +- 1 - Enable. Additional diagnostic data for schools. - +
- + **Browser/EnterpriseModeSiteList** @@ -1392,11 +1392,11 @@ The following list shows the supported values: - Set to a URL location of the enterprise site list. - +
- + **Browser/EnterpriseSiteListServiceUrl** @@ -1437,11 +1437,11 @@ The following list shows the supported values: > This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist). - +
- + **Browser/FirstRunURL** @@ -1489,11 +1489,11 @@ The data type is a string. The default value is an empty string. Otherwise, the string should contain the URL of the webpage users will see the first time Microsoft Edge is run. For example, “contoso.com”. - +
- + **Browser/HomePages** @@ -1543,11 +1543,11 @@ Starting in Windows 10, version 1703, if you don’t want to send traffic to Mi > Turning this setting off, or not configuring it, sets your default Start pages to the webpages specified in App settings. - +
- + **Browser/LockdownFavorites** @@ -1603,11 +1603,11 @@ The following list shows the supported values: - 1 - Enabled. Lockdown Favorites. - +
- + **Browser/PreventAccessToAboutFlagsInMicrosoftEdge** @@ -1654,11 +1654,11 @@ The following list shows the supported values: - 1 – Users can't access the about:flags page in Microsoft Edge. - +
- + **Browser/PreventFirstRunPage** @@ -1707,11 +1707,11 @@ The following list shows the supported values: - 1 – Employees don't see the First Run webpage. - +
- + **Browser/PreventLiveTileDataCollection** @@ -1760,11 +1760,11 @@ The following list shows the supported values: - 1 – Microsoft servers will not be contacted if a site is pinned to Start from Microsoft Edge. - +
- + **Browser/PreventSmartScreenPromptOverride** @@ -1813,11 +1813,11 @@ The following list shows the supported values: - 1 – On. - +
- + **Browser/PreventSmartScreenPromptOverrideForFiles** @@ -1864,11 +1864,11 @@ The following list shows the supported values: - 1 – On. - +
- + **Browser/PreventUsingLocalHostIPAddressForWebRTC** @@ -1919,11 +1919,11 @@ The following list shows the supported values: - 1 – The localhost IP address is hidden. - +
- + **Browser/ProvisionFavorites** @@ -1976,11 +1976,11 @@ If you disable or don't configure this setting, employees will see the favorites Data type is string. - +
- + **Browser/SendIntranetTraffictoInternetExplorer** @@ -2033,11 +2033,11 @@ The following list shows the supported values: - 1 – Intranet traffic is sent to Microsoft Edge. - +
- + **Browser/SetDefaultSearchEngine** @@ -2094,11 +2094,11 @@ The following list shows the supported values: - 1 - Allows you to configure the default search engine for your employees. - +
- + **Browser/ShowMessageWhenOpeningSitesInInternetExplorer** @@ -2151,11 +2151,11 @@ The following list shows the supported values: - 1 – Interstitial pages are shown. - +
- + **Browser/SyncFavoritesBetweenIEAndMicrosoftEdge** @@ -2217,11 +2217,11 @@ To verify that favorites are in synchronized between Internet Explorer and Micro - +
- + **Browser/UseSharedFolderForBooks** @@ -2268,7 +2268,7 @@ The following list shows the supported values: - 1 - Use a shared folder. - +
Footnote: @@ -2277,7 +2277,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Browser policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index fc227b1f17..635f9d4118 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Camera @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Camera policies
@@ -27,7 +27,7 @@ ms.date: 01/29/2018
- + **Camera/AllowCamera** @@ -75,7 +75,7 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
Footnote: @@ -84,7 +84,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Camera policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index db8f20499e..33931f6aa7 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Cellular @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Cellular policies
@@ -39,7 +39,7 @@ ms.date: 01/29/2018
- + **Cellular/LetAppsAccessCellularData** @@ -98,11 +98,11 @@ The following list shows the supported values: - 2 - Force Deny - +
- + **Cellular/LetAppsAccessCellularData_ForceAllowTheseApps** @@ -141,11 +141,11 @@ The following list shows the supported values: Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string. - +
- + **Cellular/LetAppsAccessCellularData_ForceDenyTheseApps** @@ -184,11 +184,11 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string. - +
- + **Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps** @@ -227,11 +227,11 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string. - +
- + **Cellular/ShowAppCellularAccessUI** @@ -294,7 +294,7 @@ ADMX Info: - GP ADMX file name: *wwansvc.admx* - +
Footnote: @@ -303,7 +303,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Cellular policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index c4e91457b4..df9e662f31 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Connectivity @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Connectivity policies
@@ -66,7 +66,7 @@ ms.date: 01/29/2018
- + **Connectivity/AllowBluetooth** @@ -120,11 +120,11 @@ The following list shows the supported values: - 2 (default) – Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on. - +
- + **Connectivity/AllowCellularData** @@ -171,11 +171,11 @@ The following list shows the supported values: - 2 - Allow the cellular data channel. The user cannot turn it off. - +
- + **Connectivity/AllowCellularDataRoaming** @@ -234,11 +234,11 @@ To validate on mobile devices, do the following: 3. On the Properties page, select **Data roaming options**. - +
- + **Connectivity/AllowConnectedDevices** @@ -287,11 +287,11 @@ The following list shows the supported values: - 0 - Disable (CDP service not available). - +
- + **Connectivity/AllowNFC** @@ -343,11 +343,11 @@ The following list shows the supported values: - 1 (default) – Allow NFC capabilities. - +
- + **Connectivity/AllowUSBConnection** @@ -401,11 +401,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Connectivity/AllowVPNOverCellular** @@ -453,11 +453,11 @@ The following list shows the supported values: - 1 (default) – VPN can use any connection, including cellular. - +
- + **Connectivity/AllowVPNRoamingOverCellular** @@ -505,11 +505,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Connectivity/DiablePrintingOverHTTP** @@ -562,11 +562,11 @@ ADMX Info: - GP ADMX file name: *ICM.admx* - +
- + **Connectivity/DisableDownloadingOfPrintDriversOverHTTP** @@ -619,11 +619,11 @@ ADMX Info: - GP ADMX file name: *ICM.admx* - +
- + **Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards** @@ -676,11 +676,11 @@ ADMX Info: - GP ADMX file name: *ICM.admx* - +
- + **Connectivity/DisallowNetworkConnectivityActiveTests** @@ -721,11 +721,11 @@ Added in Windows 10, version 1703. Network Connection Status Indicator (NCSI) de Value type is integer. - +
- + **Connectivity/HardenedUNCPaths** @@ -781,11 +781,11 @@ ADMX Info: - GP ADMX file name: *networkprovider.admx* - +
- + **Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge** @@ -838,7 +838,7 @@ ADMX Info: - GP ADMX file name: *NetworkConnections.admx* - +
Footnote: @@ -847,7 +847,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Connectivity policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index 421980c7b1..d4124e950a 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - ControlPolicyConflict @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## ControlPolicyConflict policies
@@ -29,7 +29,7 @@ ms.date: 01/29/2018
- + **ControlPolicyConflict/MDMWinsOverGP** @@ -83,7 +83,7 @@ The following list shows the supported values: - 1 - The MDM policy is used and the GP policy is blocked. - +
Footnote: @@ -92,5 +92,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index 20a5e4fc8d..8994842055 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - CredentialProviders @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## CredentialProviders policies
@@ -33,7 +33,7 @@ ms.date: 01/29/2018
- + **CredentialProviders/AllowPINLogon** @@ -95,11 +95,11 @@ ADMX Info: - GP ADMX file name: *credentialproviders.admx* - +
- + **CredentialProviders/BlockPicturePassword** @@ -159,11 +159,11 @@ ADMX Info: - GP ADMX file name: *credentialproviders.admx* - +
- + **CredentialProviders/DisableAutomaticReDeploymentCredentials** @@ -211,7 +211,7 @@ The following list shows the supported values: - 1 - Disable visibility of the credentials for Windows 10 Automatic ReDeployment - +
Footnote: @@ -220,7 +220,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## CredentialProviders policies supported by IoT Core diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index 29395b9209..869f016e13 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - CredentialsUI @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## CredentialsUI policies
@@ -30,7 +30,7 @@ ms.date: 01/29/2018
- + **CredentialsUI/DisablePasswordReveal** @@ -93,11 +93,11 @@ ADMX Info: - GP ADMX file name: *credui.admx* - +
- + **CredentialsUI/EnumerateAdministrators** @@ -155,7 +155,7 @@ ADMX Info: - GP ADMX file name: *credui.admx* - +
Footnote: @@ -164,5 +164,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 2957dd9d77..81023d5fdd 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Cryptography @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Cryptography policies
@@ -30,7 +30,7 @@ ms.date: 01/29/2018
- + **Cryptography/AllowFipsAlgorithmPolicy** @@ -76,11 +76,11 @@ The following list shows the supported values: - 1– Allowed. - +
- + **Cryptography/TLSCipherSuites** @@ -119,7 +119,7 @@ The following list shows the supported values: Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. - +
Footnote: @@ -128,7 +128,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Cryptography policies supported by Microsoft Surface Hub diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index 0a497016a1..1563402e93 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - DataProtection @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## DataProtection policies
@@ -30,7 +30,7 @@ ms.date: 01/29/2018
- + **DataProtection/AllowDirectMemoryAccess** @@ -78,11 +78,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **DataProtection/LegacySelectiveWipeID** @@ -128,7 +128,7 @@ Setting used by Windows 8.1 Selective Wipe. > This policy is not recommended for use in Windows 10. - +
Footnote: @@ -137,7 +137,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## DataProtection policies supported by IoT Core diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index 736ad17532..9d64360b36 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - DataUsage @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## DataUsage policies
@@ -30,7 +30,7 @@ ms.date: 01/29/2018
- + **DataUsage/SetCost3G** @@ -94,11 +94,11 @@ ADMX Info: - GP ADMX file name: *wwansvc.admx* - +
- + **DataUsage/SetCost4G** @@ -162,7 +162,7 @@ ADMX Info: - GP ADMX file name: *wwansvc.admx* - +
Footnote: @@ -171,5 +171,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index bcd17f7911..6dcfb31902 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Defender @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Defender policies
@@ -129,7 +129,7 @@ ms.date: 01/29/2018
- + **Defender/AllowArchiveScanning** @@ -179,11 +179,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Defender/AllowBehaviorMonitoring** @@ -233,11 +233,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Defender/AllowCloudProtection** @@ -287,11 +287,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Defender/AllowEmailScanning** @@ -341,11 +341,11 @@ The following list shows the supported values: - 1 – Allowed. - +
- + **Defender/AllowFullScanOnMappedNetworkDrives** @@ -395,11 +395,11 @@ The following list shows the supported values: - 1 – Allowed. - +
- + **Defender/AllowFullScanRemovableDriveScanning** @@ -449,11 +449,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Defender/AllowIOAVProtection** @@ -503,11 +503,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Defender/AllowIntrusionPreventionSystem** @@ -557,11 +557,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Defender/AllowOnAccessProtection** @@ -611,11 +611,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Defender/AllowRealtimeMonitoring** @@ -665,11 +665,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Defender/AllowScanningNetworkFiles** @@ -719,11 +719,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Defender/AllowScriptScanning** @@ -773,11 +773,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Defender/AllowUserUIAccess** @@ -827,11 +827,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Defender/AttackSurfaceReductionOnlyExclusions** @@ -876,11 +876,11 @@ Added in Windows 10, version 1709. This policy setting allows you to prevent Att Value type is string. - +
- + **Defender/AttackSurfaceReductionRules** @@ -927,11 +927,11 @@ For more information about ASR rule ID and status ID, see [Enable Attack Surface Value type is string. - +
- + **Defender/AvgCPULoadFactor** @@ -981,11 +981,11 @@ The default value is 50. Valid values: 0–100 - +
- + **Defender/CloudBlockLevel** @@ -1044,11 +1044,11 @@ The following list shows the supported values: - 0x6 - Zero tolerance blocking level – block all unknown executables - +
- + **Defender/CloudExtendedTimeout** @@ -1097,11 +1097,11 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se > This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required". - +
- + **Defender/ControlledFolderAccessAllowedApplications** @@ -1143,11 +1143,11 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the | as the substring separator. - +
- + **Defender/ControlledFolderAccessProtectedFolders** @@ -1189,11 +1189,11 @@ Added in Windows 10, version 1709. This policy setting allows user-specified app Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the | as the substring separator. - +
- + **Defender/DaysToRetainCleanedMalware** @@ -1243,11 +1243,11 @@ The default value is 0, which keeps items in quarantine, and does not automatica Valid values: 0–90 - +
- + **Defender/EnableControlledFolderAccess** @@ -1297,11 +1297,11 @@ The following list shows the supported values: - 2 - Audit Mode - +
- + **Defender/EnableNetworkProtection** @@ -1357,11 +1357,11 @@ The following list shows the supported values: - 2 - Enabled (audit mode) - +
- + **Defender/ExcludedExtensions** @@ -1404,11 +1404,11 @@ The following list shows the supported values: Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj". - +
- + **Defender/ExcludedPaths** @@ -1451,11 +1451,11 @@ Allows an administrator to specify a list of file type extensions to ignore duri Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a **|**. For example, "C:\\Example|C:\\Example1". - +
- + **Defender/ExcludedProcesses** @@ -1504,11 +1504,11 @@ Allows an administrator to specify a list of files opened by processes to ignore Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe". - +
- + **Defender/PUAProtection** @@ -1559,11 +1559,11 @@ The following list shows the supported values: - 2 – Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer. - +
- + **Defender/RealTimeScanDirection** @@ -1617,11 +1617,11 @@ The following list shows the supported values: - 2 – Monitor outgoing files. - +
- + **Defender/ScanParameter** @@ -1671,11 +1671,11 @@ The following list shows the supported values: - 2 – Full scan - +
- + **Defender/ScheduleQuickScanTime** @@ -1731,11 +1731,11 @@ The default value is 120 Valid values: 0–1380 - +
- + **Defender/ScheduleScanDay** @@ -1795,11 +1795,11 @@ The following list shows the supported values: - 8 – No scheduled scan - +
- + **Defender/ScheduleScanTime** @@ -1855,11 +1855,11 @@ The default value is 120. Valid values: 0–1380. - +
- + **Defender/SignatureUpdateInterval** @@ -1911,11 +1911,11 @@ The default value is 8. Valid values: 0–24. - +
- + **Defender/SubmitSamplesConsent** @@ -1967,11 +1967,11 @@ The following list shows the supported values: - 3 – Send all samples automatically. - +
- + **Defender/ThreatSeverityDefaultAction** @@ -2032,7 +2032,7 @@ The following list shows the supported values for possible actions: - 10 – Block - +
Footnote: @@ -2041,7 +2041,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Defender policies supported by Microsoft Surface Hub diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 066c6de874..d05d2cedb0 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - DeliveryOptimization @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## DeliveryOptimization policies
@@ -98,7 +98,7 @@ ms.date: 01/29/2018
- + **DeliveryOptimization/DOAbsoluteMaxCacheSize** @@ -143,11 +143,11 @@ Added in Windows 10, version 1607. Specifies the maximum size in GB of Delivery The default value is 10. - +
- + **DeliveryOptimization/DOAllowVPNPeerCaching** @@ -197,11 +197,11 @@ The following list shows the supported values: - 1 - Allowed. - +
- + **DeliveryOptimization/DODelayBackgroundDownloadFromHttp** @@ -242,11 +242,11 @@ Added in Windows 10, next major update. This policy allows you to delay the use After the max delay is reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from peers. Note that a download that is waiting for peer sources, will appear to be stuck for the end user. The recommended value is 1 hour (3600). - +
- + **DeliveryOptimization/DODelayForegroundDownloadFromHttp** @@ -299,11 +299,11 @@ The following list shows the supported values as number of seconds: - Default is not configured. - +
- + **DeliveryOptimization/DODownloadMode** @@ -357,11 +357,11 @@ The following list shows the supported values: - 100 - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607. - +
- + **DeliveryOptimization/DOGroupId** @@ -407,11 +407,11 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this > You must use a GUID as the group ID. - +
- + **DeliveryOptimization/DOGroupIdSource** @@ -467,11 +467,11 @@ The following list shows the supported values: - 4 - DNS suffix - +
- + **DeliveryOptimization/DOMaxCacheAge** @@ -516,11 +516,11 @@ Specifies the maximum time in seconds that each file is held in the Delivery Opt The default value is 259200 seconds (3 days). - +
- + **DeliveryOptimization/DOMaxCacheSize** @@ -565,11 +565,11 @@ Specifies the maximum cache size that Delivery Optimization can utilize, as a pe The default value is 20. - +
- + **DeliveryOptimization/DOMaxDownloadBandwidth** @@ -614,11 +614,11 @@ Added in Windows 10, version 1607. Specifies the maximum download bandwidth in The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads. - +
- + **DeliveryOptimization/DOMaxUploadBandwidth** @@ -663,11 +663,11 @@ Specifies the maximum upload bandwidth in KiloBytes/second that a device will us The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth). - +
- + **DeliveryOptimization/DOMinBackgroundQos** @@ -712,11 +712,11 @@ Added in Windows 10, version 1607. Specifies the minimum download QoS (Quality The default value is 500. - +
- + **DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload** @@ -760,11 +760,11 @@ Added in Windows 10, version 1703. Specifies any value between 1 and 100 (in pe The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used. - +
- + **DeliveryOptimization/DOMinDiskSizeAllowedToPeer** @@ -812,11 +812,11 @@ Added in Windows 10, version 1703. Specifies the required minimum disk size (cap The default value is 32 GB. - +
- + **DeliveryOptimization/DOMinFileSizeToCache** @@ -861,11 +861,11 @@ Added in Windows 10, version 1703. Specifies the minimum content file size in MB The default value is 100 MB. - +
- + **DeliveryOptimization/DOMinRAMAllowedToPeer** @@ -910,11 +910,11 @@ Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required The default value is 4 GB. - +
- + **DeliveryOptimization/DOModifyCacheDrive** @@ -959,11 +959,11 @@ Added in Windows 10, version 1607. Specifies the drive that Delivery Optimizati By default, %SystemDrive% is used to store the cache. - +
- + **DeliveryOptimization/DOMonthlyUploadDataCap** @@ -1010,11 +1010,11 @@ The value 0 (zero) means "unlimited"; No monthly upload limit is applied if 0 is The default value is 20. - +
- + **DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth** @@ -1055,22 +1055,22 @@ Added in Windows 10, next major update. Specifies the maximum background downloa Note that downloads from LAN peers will not be throttled even when this policy is set. - +
- + **DeliveryOptimization/DOPercentageMaxDownloadBandwidth** This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryoptimization-dopercentagemaxforedownloadbandwidth) and [DOPercentageMaxBackDownloadBandwidth](#deliveryoptimization-dopercentagemaxbackdownloadbandwidth) policies instead. - +
- + **DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth** @@ -1111,11 +1111,11 @@ Added in Windows 10, next major update. Specifies the maximum foreground downloa Note that downloads from LAN peers will not be throttled even when this policy is set. - +
- + **DeliveryOptimization/DORestrictPeerSelectionBy** @@ -1163,11 +1163,11 @@ The following list shows the supported values: - 1 - Subnet mask. - +
- + **DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth** @@ -1216,11 +1216,11 @@ This policy allows an IT Admin to define the following: - % of throttle for foreground traffic outside of business hours - +
- + **DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth** @@ -1269,7 +1269,7 @@ This policy allows an IT Admin to define the following: - % of throttle for foreground traffic outside of business hours - +
Footnote: @@ -1278,7 +1278,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## DeliveryOptimization policies supported by Microsoft Surface Hub diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index 009265655e..56fcae51f5 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Desktop @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Desktop policies
@@ -27,7 +27,7 @@ ms.date: 01/29/2018
- + **Desktop/PreventUserRedirectionOfProfileFolders** @@ -85,7 +85,7 @@ ADMX Info: - GP ADMX file name: *desktop.admx* - +
Footnote: @@ -94,7 +94,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Desktop policies supported by Microsoft Surface Hub diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index d2cc249634..bde8f4dc65 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - DeviceGuard @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## DeviceGuard policies
@@ -33,7 +33,7 @@ ms.date: 01/29/2018
- + **DeviceGuard/EnableVirtualizationBasedSecurity** @@ -79,11 +79,11 @@ The following list shows the supported values: - 1 - enable virtualization based security. - +
- + **DeviceGuard/LsaCfgFlags** @@ -130,11 +130,11 @@ The following list shows the supported values: - 2 - (Enabled without lock) Turns on Credential Guard without UEFI lock. - +
- + **DeviceGuard/RequirePlatformSecurityFeatures** @@ -180,7 +180,7 @@ The following list shows the supported values: - 3 - Turns on VBS with Secure Boot and direct memory access (DMA). DMA requires hardware support. - +
Footnote: @@ -189,5 +189,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index d104e70a92..5813ea9ecb 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - DeviceInstallation @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## DeviceInstallation policies
@@ -30,7 +30,7 @@ ms.date: 01/29/2018
- + **DeviceInstallation/PreventInstallationOfMatchingDeviceIDs** @@ -88,11 +88,11 @@ ADMX Info: - GP ADMX file name: *deviceinstallation.admx* - +
- + **DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses** @@ -150,7 +150,7 @@ ADMX Info: - GP ADMX file name: *deviceinstallation.admx* - +
Footnote: @@ -159,5 +159,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 3b169444ca..2555067447 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - DeviceLock @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## DeviceLock policies
@@ -77,7 +77,7 @@ ms.date: 01/29/2018
- + **DeviceLock/AllowIdleReturnWithoutPassword** @@ -130,11 +130,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **DeviceLock/AllowScreenTimeoutWhileLockedUserConfig** @@ -192,11 +192,11 @@ The following list shows the supported values: - 1 – Allowed. - +
- + **DeviceLock/AllowSimpleDevicePassword** @@ -249,11 +249,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **DeviceLock/AlphanumericDevicePasswordRequired** @@ -312,11 +312,11 @@ The following list shows the supported values: - 2 (default) – Users can choose: Numeric PIN or password, or Alphanumeric PIN or password. - +
- + **DeviceLock/DevicePasswordEnabled** @@ -403,11 +403,11 @@ The following list shows the supported values: - 1 – Disabled - +
- + **DeviceLock/DevicePasswordExpiration** @@ -462,11 +462,11 @@ The following list shows the supported values: - 0 (default) - Passwords do not expire. - +
- + **DeviceLock/DevicePasswordHistory** @@ -523,11 +523,11 @@ The following list shows the supported values: - 0 (default) - +
- + **DeviceLock/EnforceLockScreenAndLogonImage** @@ -572,11 +572,11 @@ Added in Windows 10, version 1607. Specifies the default lock screen and logon Value type is a string, which is the full image filepath and filename. - +
- + **DeviceLock/EnforceLockScreenProvider** @@ -621,11 +621,11 @@ Added in Windows 10, version 1607. Restricts lock screen image to a specific lo Value type is a string, which is the AppID. - +
- + **DeviceLock/MaxDevicePasswordFailedAttempts** @@ -687,11 +687,11 @@ The following list shows the supported values: - 0 (default) - The device is never wiped after an incorrect PIN or password is entered. - +
- + **DeviceLock/MaxInactivityTimeDeviceLock** @@ -744,11 +744,11 @@ The following list shows the supported values: - 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined." - +
- + **DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay** @@ -797,11 +797,11 @@ The following list shows the supported values: - 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined." - +
- + **DeviceLock/MinDevicePasswordComplexCharacters** @@ -911,11 +911,11 @@ The enforcement of policies for Microsoft accounts happen on the server, and the For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca). - +
- + **DeviceLock/MinDevicePasswordLength** @@ -973,11 +973,11 @@ The following list shows the supported values: - The default value is 4 for mobile devices and desktop devices. - +
- + **DeviceLock/MinimumPasswordAge** @@ -1020,11 +1020,11 @@ The minimum password age must be less than the Maximum password age, unless the Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default. - +
- + **DeviceLock/PreventLockScreenSlideShow** @@ -1082,11 +1082,11 @@ ADMX Info: - GP ADMX file name: *ControlPanelDisplay.admx* - +
- + **DeviceLock/ScreenTimeoutWhileLocked** @@ -1136,7 +1136,7 @@ The default value is 10. Most restricted value is 0. - +
Footnote: @@ -1145,7 +1145,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## DeviceLock policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index e2302d2679..fbfc7878d5 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Display @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Display policies
@@ -30,7 +30,7 @@ ms.date: 01/29/2018
- + **Display/TurnOffGdiDPIScalingForApps** @@ -84,11 +84,11 @@ To validate on Desktop, do the following: 2. Run the app and observe blurry text. - +
- + **Display/TurnOnGdiDPIScalingForApps** @@ -142,7 +142,7 @@ To validate on Desktop, do the following: 2. Run the app and observe crisp text. - +
Footnote: @@ -151,5 +151,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index 70e051604f..3583549ed4 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Education @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Education policies
@@ -33,7 +33,7 @@ ms.date: 01/29/2018
- + **Education/DefaultPrinterName** @@ -74,11 +74,11 @@ Added in Windows 10, version 1709. This policy allows IT Admins to set the user The policy value is expected to be the name (network host name) of an installed printer. - +
- + **Education/PreventAddingNewPrinters** @@ -124,11 +124,11 @@ The following list shows the supported values: - 1 – Prevent user installation. - +
- + **Education/PrinterNames** @@ -169,7 +169,7 @@ Added in Windows 10, version 1709. Allows IT Admins to automatically provision The policy value is expected to be a `````` seperated list of printer names. The OS will attempt to search and install the matching printer driver for each listed printer. - +
Footnote: @@ -178,5 +178,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index 635152c9cc..63d4b5f3b2 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - EnterpriseCloudPrint @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## EnterpriseCloudPrint policies
@@ -42,7 +42,7 @@ ms.date: 01/29/2018
- + **EnterpriseCloudPrint/CloudPrintOAuthAuthority** @@ -85,11 +85,11 @@ The datatype is a string. The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://azuretenant.contoso.com/adfs". - +
- + **EnterpriseCloudPrint/CloudPrintOAuthClientId** @@ -132,11 +132,11 @@ The datatype is a string. The default value is an empty string. Otherwise, the value should contain a GUID. For example, "E1CF1107-FF90-4228-93BF-26052DD2C714". - +
- + **EnterpriseCloudPrint/CloudPrintResourceId** @@ -179,11 +179,11 @@ The datatype is a string. The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MicrosoftEnterpriseCloudPrint/CloudPrint". - +
- + **EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint** @@ -226,11 +226,11 @@ The datatype is a string. The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://cloudprinterdiscovery.contoso.com". - +
- + **EnterpriseCloudPrint/DiscoveryMaxPrinterLimit** @@ -273,11 +273,11 @@ The datatype is an integer. For Windows Mobile, the default value is 20. - +
- + **EnterpriseCloudPrint/MopriaDiscoveryResourceId** @@ -320,7 +320,7 @@ The datatype is a string. The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MopriaDiscoveryService/CloudPrint". - +
Footnote: @@ -329,5 +329,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 8b4deb16d5..e33bbb0431 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - ErrorReporting @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## ErrorReporting policies
@@ -39,7 +39,7 @@ ms.date: 01/29/2018
- + **ErrorReporting/CustomizeConsentSettings** @@ -107,11 +107,11 @@ ADMX Info: - GP ADMX file name: *ErrorReporting.admx* - +
- + **ErrorReporting/DisableWindowsErrorReporting** @@ -169,11 +169,11 @@ ADMX Info: - GP ADMX file name: *ErrorReporting.admx* - +
- + **ErrorReporting/DisplayErrorNotification** @@ -235,11 +235,11 @@ ADMX Info: - GP ADMX file name: *ErrorReporting.admx* - +
- + **ErrorReporting/DoNotSendAdditionalData** @@ -297,11 +297,11 @@ ADMX Info: - GP ADMX file name: *ErrorReporting.admx* - +
- + **ErrorReporting/PreventCriticalErrorDisplay** @@ -359,7 +359,7 @@ ADMX Info: - GP ADMX file name: *ErrorReporting.admx* - +
Footnote: @@ -368,5 +368,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index b531654651..10a8c1e6f4 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - EventLogService @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## EventLogService policies
@@ -36,7 +36,7 @@ ms.date: 01/29/2018
- + **EventLogService/ControlEventLogBehavior** @@ -96,11 +96,11 @@ ADMX Info: - GP ADMX file name: *eventlog.admx* - +
- + **EventLogService/SpecifyMaximumFileSizeApplicationLog** @@ -158,11 +158,11 @@ ADMX Info: - GP ADMX file name: *eventlog.admx* - +
- + **EventLogService/SpecifyMaximumFileSizeSecurityLog** @@ -220,11 +220,11 @@ ADMX Info: - GP ADMX file name: *eventlog.admx* - +
- + **EventLogService/SpecifyMaximumFileSizeSystemLog** @@ -282,7 +282,7 @@ ADMX Info: - GP ADMX file name: *eventlog.admx* - +
Footnote: @@ -291,5 +291,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 9c346946d7..162e0d9065 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Experience @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## Experience policies
@@ -89,7 +89,7 @@ ms.date: 01/29/2018
- + **Experience/AllowCopyPaste** @@ -140,11 +140,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Experience/AllowCortana** @@ -192,11 +192,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Experience/AllowDeviceDiscovery** @@ -246,11 +246,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Experience/AllowFindMyDevice** @@ -300,11 +300,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Experience/AllowManualMDMUnenrollment** @@ -356,11 +356,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Experience/AllowSIMErrorDialogPromptWhenNoSIM** @@ -410,22 +410,22 @@ The following list shows the supported values: - 1 (default) – SIM card dialog prompt is displayed. - +
- + **Experience/AllowSaveAsOfOfficeFiles** This policy is deprecated. - +
- + **Experience/AllowScreenCapture** @@ -477,22 +477,22 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Experience/AllowSharingOfOfficeFiles** This policy is deprecated. - +
- + **Experience/AllowSyncMySettings** @@ -538,11 +538,11 @@ The following list shows the supported values: - 1 (default) – Sync settings allowed. - +
- + **Experience/AllowTailoredExperiencesWithDiagnosticData** @@ -597,11 +597,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Experience/AllowTaskSwitcher** @@ -651,11 +651,11 @@ The following list shows the supported values: - 1 (default) – Task switching allowed. - +
- + **Experience/AllowThirdPartySuggestionsInWindowsSpotlight** @@ -705,11 +705,11 @@ The following list shows the supported values: - 1 (default) – Third-party suggestions allowed. - +
- + **Experience/AllowVoiceRecording** @@ -761,11 +761,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Experience/AllowWindowsConsumerFeatures** @@ -817,11 +817,11 @@ The following list shows the supported values: - 1 – Allowed. - +
- + **Experience/AllowWindowsSpotlight** @@ -873,11 +873,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Experience/AllowWindowsSpotlightOnActionCenter** @@ -928,11 +928,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Experience/AllowWindowsSpotlightWindowsWelcomeExperience** @@ -984,11 +984,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Experience/AllowWindowsTips** @@ -1034,11 +1034,11 @@ The following list shows the supported values: - 1 (default) – Enabled. - +
- + **Experience/ConfigureWindowsSpotlightOnLockScreen** @@ -1089,11 +1089,11 @@ The following list shows the supported values: - 2 – placeholder only for future extension. Using this value has no effect. - +
- + **Experience/DoNotShowFeedbackNotifications** @@ -1143,7 +1143,7 @@ The following list shows the supported values: - 1 – Feedback notifications are disabled. - +
Footnote: @@ -1152,7 +1152,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Experience policies supported by Windows Holographic for Business diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index 9f742bb32f..f52eb4c227 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - ExploitGuard @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## ExploitGuard policies
@@ -27,7 +27,7 @@ ms.date: 01/29/2018
- + **ExploitGuard/ExploitProtectionSettings** @@ -95,7 +95,7 @@ Here is an example: ``` - +
Footnote: @@ -104,5 +104,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 233f091ce6..2a651204e1 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Games @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Games policies
@@ -27,7 +27,7 @@ ms.date: 01/29/2018
- + **Games/AllowAdvancedGamingServices** @@ -73,7 +73,7 @@ The following list shows the supported values: - 1 (default) - Allowed - +
Footnote: @@ -82,5 +82,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index ac276081cf..c03012e8f2 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Handwriting @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Handwriting policies
@@ -27,7 +27,7 @@ ms.date: 01/29/2018
- + **Handwriting/PanelDefaultModeDocked** @@ -79,7 +79,7 @@ The following list shows the supported values: - 1 - Enabled. - +
Footnote: @@ -88,5 +88,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index ba26acd4fc..4e2042350f 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - InternetExplorer @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## InternetExplorer policies
@@ -753,7 +753,7 @@ ms.date: 01/29/2018
- + **InternetExplorer/AddSearchProvider** @@ -812,11 +812,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowActiveXFiltering** @@ -875,11 +875,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowAddOnList** @@ -944,11 +944,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowAutoComplete** @@ -1001,11 +1001,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowCertificateAddressMismatchWarning** @@ -1059,11 +1059,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowDeletingBrowsingHistoryOnExit** @@ -1117,11 +1117,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowEnhancedProtectedMode** @@ -1182,11 +1182,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowEnterpriseModeFromToolsMenu** @@ -1245,11 +1245,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowEnterpriseModeSiteList** @@ -1308,11 +1308,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowFallbackToSSL3** @@ -1365,11 +1365,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowInternetExplorer7PolicyList** @@ -1428,11 +1428,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowInternetExplorerStandardsMode** @@ -1493,11 +1493,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowInternetZoneTemplate** @@ -1562,11 +1562,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowIntranetZoneTemplate** @@ -1631,11 +1631,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowLocalMachineZoneTemplate** @@ -1700,11 +1700,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowLockedDownInternetZoneTemplate** @@ -1769,11 +1769,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowLockedDownIntranetZoneTemplate** @@ -1838,11 +1838,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowLockedDownLocalMachineZoneTemplate** @@ -1907,11 +1907,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate** @@ -1976,11 +1976,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowOneWordEntry** @@ -2039,11 +2039,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowSiteToZoneAssignmentList** @@ -2108,11 +2108,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowSoftwareWhenSignatureIsInvalid** @@ -2166,11 +2166,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowSuggestedSites** @@ -2231,11 +2231,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowTrustedSitesZoneTemplate** @@ -2300,11 +2300,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate** @@ -2369,11 +2369,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/AllowsRestrictedSitesZoneTemplate** @@ -2438,11 +2438,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/CheckServerCertificateRevocation** @@ -2496,11 +2496,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/CheckSignaturesOnDownloadedPrograms** @@ -2554,11 +2554,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses** @@ -2612,11 +2612,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableAdobeFlash** @@ -2677,11 +2677,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableBypassOfSmartScreenWarnings** @@ -2740,11 +2740,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles** @@ -2803,11 +2803,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableConfiguringHistory** @@ -2861,11 +2861,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableCrashDetection** @@ -2919,11 +2919,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation** @@ -2984,11 +2984,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableDeletingUserVisitedWebsites** @@ -3042,11 +3042,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableEnclosureDownloading** @@ -3105,11 +3105,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableEncryptionSupport** @@ -3170,11 +3170,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableFirstRunWizard** @@ -3237,11 +3237,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableFlipAheadFeature** @@ -3304,11 +3304,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableHomePageChange** @@ -3366,11 +3366,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableIgnoringCertificateErrors** @@ -3424,11 +3424,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableInPrivateBrowsing** @@ -3482,11 +3482,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableProcessesInEnhancedProtectedMode** @@ -3540,11 +3540,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableProxyChange** @@ -3603,11 +3603,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableSearchProviderChange** @@ -3666,11 +3666,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableSecondaryHomePageChange** @@ -3731,11 +3731,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableSecuritySettingsCheck** @@ -3789,11 +3789,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DisableUpdateCheck** @@ -3853,11 +3853,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DoNotAllowActiveXControlsInProtectedMode** @@ -3911,11 +3911,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DoNotAllowUsersToAddSites** @@ -3979,11 +3979,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DoNotAllowUsersToChangePolicies** @@ -4047,11 +4047,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DoNotBlockOutdatedActiveXControls** @@ -4112,11 +4112,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains** @@ -4181,11 +4181,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/IncludeAllLocalSites** @@ -4246,11 +4246,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/IncludeAllNetworkPaths** @@ -4311,11 +4311,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneAllowAccessToDataSources** @@ -4376,11 +4376,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls** @@ -4441,11 +4441,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads** @@ -4504,11 +4504,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneAllowCopyPasteViaScript** @@ -4562,11 +4562,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles** @@ -4620,11 +4620,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneAllowFontDownloads** @@ -4685,11 +4685,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneAllowLessPrivilegedSites** @@ -4750,11 +4750,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles** @@ -4808,11 +4808,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents** @@ -4873,11 +4873,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls** @@ -4931,11 +4931,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** @@ -4989,11 +4989,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneAllowScriptInitiatedWindows** @@ -5047,11 +5047,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls** @@ -5105,11 +5105,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneAllowScriptlets** @@ -5170,11 +5170,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneAllowSmartScreenIE** @@ -5237,11 +5237,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript** @@ -5295,11 +5295,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneAllowUserDataPersistence** @@ -5360,11 +5360,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -5418,11 +5418,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneDownloadSignedActiveXControls** @@ -5476,11 +5476,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneDownloadUnsignedActiveXControls** @@ -5534,11 +5534,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter** @@ -5592,11 +5592,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** @@ -5650,11 +5650,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** @@ -5708,11 +5708,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneEnableMIMESniffing** @@ -5766,11 +5766,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneEnableProtectedMode** @@ -5824,11 +5824,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer** @@ -5882,11 +5882,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneInitializeAndScriptActiveXControls** @@ -5949,11 +5949,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe** @@ -5982,11 +5982,11 @@ ADMX Info: - +
- + **InternetExplorer/InternetZoneJavaPermissions** @@ -6040,11 +6040,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME** @@ -6098,11 +6098,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneLogonOptions** @@ -6156,11 +6156,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneNavigateWindowsAndFrames** @@ -6221,11 +6221,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** @@ -6279,11 +6279,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles** @@ -6337,11 +6337,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/InternetZoneUsePopupBlocker** @@ -6395,11 +6395,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/IntranetZoneAllowAccessToDataSources** @@ -6460,11 +6460,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls** @@ -6525,11 +6525,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads** @@ -6588,11 +6588,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/IntranetZoneAllowFontDownloads** @@ -6653,11 +6653,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/IntranetZoneAllowLessPrivilegedSites** @@ -6718,11 +6718,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents** @@ -6783,11 +6783,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/IntranetZoneAllowScriptlets** @@ -6848,11 +6848,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/IntranetZoneAllowSmartScreenIE** @@ -6915,11 +6915,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/IntranetZoneAllowUserDataPersistence** @@ -6980,11 +6980,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -7038,11 +7038,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls** @@ -7105,11 +7105,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/IntranetZoneJavaPermissions** @@ -7163,11 +7163,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/IntranetZoneNavigateWindowsAndFrames** @@ -7228,11 +7228,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LocalMachineZoneAllowAccessToDataSources** @@ -7293,11 +7293,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls** @@ -7358,11 +7358,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads** @@ -7421,11 +7421,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LocalMachineZoneAllowFontDownloads** @@ -7486,11 +7486,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites** @@ -7551,11 +7551,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents** @@ -7616,11 +7616,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LocalMachineZoneAllowScriptlets** @@ -7681,11 +7681,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LocalMachineZoneAllowSmartScreenIE** @@ -7748,11 +7748,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LocalMachineZoneAllowUserDataPersistence** @@ -7813,11 +7813,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -7871,11 +7871,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls** @@ -7938,11 +7938,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LocalMachineZoneJavaPermissions** @@ -7996,11 +7996,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames** @@ -8061,11 +8061,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources** @@ -8126,11 +8126,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls** @@ -8191,11 +8191,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads** @@ -8254,11 +8254,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownInternetZoneAllowFontDownloads** @@ -8319,11 +8319,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites** @@ -8384,11 +8384,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents** @@ -8449,11 +8449,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownInternetZoneAllowScriptlets** @@ -8514,11 +8514,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE** @@ -8581,11 +8581,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence** @@ -8646,11 +8646,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls** @@ -8713,11 +8713,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownInternetZoneJavaPermissions** @@ -8771,11 +8771,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames** @@ -8836,11 +8836,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources** @@ -8901,11 +8901,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls** @@ -8966,11 +8966,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads** @@ -9029,11 +9029,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownIntranetZoneAllowFontDownloads** @@ -9094,11 +9094,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites** @@ -9159,11 +9159,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents** @@ -9224,11 +9224,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownIntranetZoneAllowScriptlets** @@ -9289,11 +9289,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE** @@ -9356,11 +9356,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence** @@ -9421,11 +9421,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls** @@ -9488,11 +9488,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames** @@ -9553,11 +9553,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources** @@ -9618,11 +9618,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls** @@ -9683,11 +9683,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads** @@ -9746,11 +9746,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads** @@ -9811,11 +9811,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites** @@ -9876,11 +9876,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents** @@ -9941,11 +9941,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets** @@ -10006,11 +10006,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE** @@ -10073,11 +10073,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence** @@ -10138,11 +10138,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls** @@ -10205,11 +10205,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownLocalMachineZoneJavaPermissions** @@ -10263,11 +10263,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames** @@ -10328,11 +10328,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources** @@ -10393,11 +10393,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -10458,11 +10458,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -10521,11 +10521,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads** @@ -10586,11 +10586,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites** @@ -10651,11 +10651,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents** @@ -10716,11 +10716,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets** @@ -10781,11 +10781,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE** @@ -10848,11 +10848,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence** @@ -10913,11 +10913,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls** @@ -10980,11 +10980,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions** @@ -11038,11 +11038,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames** @@ -11103,11 +11103,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources** @@ -11168,11 +11168,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -11233,11 +11233,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -11296,11 +11296,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads** @@ -11361,11 +11361,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites** @@ -11426,11 +11426,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents** @@ -11491,11 +11491,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets** @@ -11556,11 +11556,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE** @@ -11623,11 +11623,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence** @@ -11688,11 +11688,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls** @@ -11755,11 +11755,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions** @@ -11813,11 +11813,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames** @@ -11878,11 +11878,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses** @@ -11936,11 +11936,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses** @@ -11994,11 +11994,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/NotificationBarInternetExplorerProcesses** @@ -12052,11 +12052,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/PreventManagingSmartScreenFilter** @@ -12110,11 +12110,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/PreventPerUserInstallationOfActiveXControls** @@ -12168,11 +12168,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses** @@ -12226,11 +12226,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls** @@ -12284,11 +12284,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses** @@ -12342,11 +12342,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictFileDownloadInternetExplorerProcesses** @@ -12400,11 +12400,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources** @@ -12465,11 +12465,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowActiveScripting** @@ -12523,11 +12523,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -12588,11 +12588,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -12651,11 +12651,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors** @@ -12709,11 +12709,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript** @@ -12767,11 +12767,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles** @@ -12825,11 +12825,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowFileDownloads** @@ -12883,11 +12883,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowFontDownloads** @@ -12948,11 +12948,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites** @@ -13013,11 +13013,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles** @@ -13071,11 +13071,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH** @@ -13129,11 +13129,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents** @@ -13194,11 +13194,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls** @@ -13252,11 +13252,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** @@ -13310,11 +13310,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows** @@ -13368,11 +13368,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls** @@ -13426,11 +13426,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowScriptlets** @@ -13491,11 +13491,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE** @@ -13558,11 +13558,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript** @@ -13616,11 +13616,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence** @@ -13681,11 +13681,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -13739,11 +13739,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls** @@ -13797,11 +13797,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls** @@ -13855,11 +13855,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter** @@ -13913,11 +13913,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** @@ -13971,11 +13971,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** @@ -14029,11 +14029,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneEnableMIMESniffing** @@ -14087,11 +14087,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer** @@ -14145,11 +14145,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls** @@ -14212,11 +14212,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneJavaPermissions** @@ -14270,11 +14270,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME** @@ -14328,11 +14328,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneLogonOptions** @@ -14386,11 +14386,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames** @@ -14451,11 +14451,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins** @@ -14509,11 +14509,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** @@ -14567,11 +14567,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting** @@ -14625,11 +14625,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets** @@ -14683,11 +14683,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles** @@ -14741,11 +14741,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode** @@ -14799,11 +14799,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/RestrictedSitesZoneUsePopupBlocker** @@ -14857,11 +14857,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses** @@ -14915,11 +14915,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/SearchProviderList** @@ -14978,11 +14978,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/SecurityZonesUseOnlyMachineSettings** @@ -15035,11 +15035,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/SpecifyUseOfActiveXInstallerService** @@ -15093,11 +15093,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/TrustedSitesZoneAllowAccessToDataSources** @@ -15158,11 +15158,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -15223,11 +15223,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -15286,11 +15286,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/TrustedSitesZoneAllowFontDownloads** @@ -15351,11 +15351,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites** @@ -15416,11 +15416,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents** @@ -15481,11 +15481,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/TrustedSitesZoneAllowScriptlets** @@ -15546,11 +15546,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/TrustedSitesZoneAllowSmartScreenIE** @@ -15613,11 +15613,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/TrustedSitesZoneAllowUserDataPersistence** @@ -15678,11 +15678,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -15736,11 +15736,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls** @@ -15803,11 +15803,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/TrustedSitesZoneJavaPermissions** @@ -15861,11 +15861,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
- + **InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames** @@ -15926,7 +15926,7 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
Footnote: @@ -15935,5 +15935,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 7a2e9f901b..361a19a81c 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Kerberos @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Kerberos policies
@@ -39,7 +39,7 @@ ms.date: 01/29/2018
- + **Kerberos/AllowForestSearchOrder** @@ -97,11 +97,11 @@ ADMX Info: - GP ADMX file name: *Kerberos.admx* - +
- + **Kerberos/KerberosClientSupportsClaimsCompoundArmor** @@ -158,11 +158,11 @@ ADMX Info: - GP ADMX file name: *Kerberos.admx* - +
- + **Kerberos/RequireKerberosArmoring** @@ -224,11 +224,11 @@ ADMX Info: - GP ADMX file name: *Kerberos.admx* - +
- + **Kerberos/RequireStrictKDCValidation** @@ -286,11 +286,11 @@ ADMX Info: - GP ADMX file name: *Kerberos.admx* - +
- + **Kerberos/SetMaximumContextTokenSize** @@ -352,7 +352,7 @@ ADMX Info: - GP ADMX file name: *Kerberos.admx* - +
Footnote: @@ -361,5 +361,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index 769c55b3dd..6606c038b3 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - KioskBrowser @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## KioskBrowser policies
@@ -44,7 +44,7 @@ ms.date: 01/29/2018
- + **KioskBrowser/BlockedUrlExceptions** @@ -84,11 +84,11 @@ ms.date: 01/29/2018 Added in Windows 10, next major update. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. - +
- + **KioskBrowser/BlockedUrls** @@ -128,11 +128,11 @@ Added in Windows 10, next major update. List of exceptions to the blocked websit Added in Windows 10, next major update. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. - +
- + **KioskBrowser/DefaultURL** @@ -172,11 +172,11 @@ Added in Windows 10, next major update. List of blocked website URLs (with wildc Added in Windows 10, next major update. Configures the default URL kiosk browsers to navigate on launch and restart. - +
- + **KioskBrowser/EnableHomeButton** @@ -216,11 +216,11 @@ Added in Windows 10, next major update. Configures the default URL kiosk browser Added in Windows 10, next major update. Enable/disable kiosk browser's home button. - +
- + **KioskBrowser/EnableNavigationButtons** @@ -260,11 +260,11 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's home butt Added in Windows 10, next major update. Enable/disable kiosk browser's navigation buttons (forward/back). - +
- + **KioskBrowser/RestartOnIdleTime** @@ -306,7 +306,7 @@ Added in Windows 10, next major update. Amount of time in minutes the session is The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. - +
Footnote: @@ -315,5 +315,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 28751d2800..66109605f7 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Licensing @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Licensing policies
@@ -30,7 +30,7 @@ ms.date: 01/29/2018
- + **Licensing/AllowWindowsEntitlementReactivation** @@ -76,11 +76,11 @@ The following list shows the supported values: - 1 (default) – Enable Windows license reactivation on managed devices. - +
- + **Licensing/DisallowKMSClientOnlineAVSValidation** @@ -126,7 +126,7 @@ The following list shows the supported values: - 1 – Enabled. - +
Footnote: @@ -135,5 +135,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 1207e03022..f67234078a 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - LocalPoliciesSecurityOptions @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## LocalPoliciesSecurityOptions policies
@@ -191,7 +191,7 @@ ms.date: 01/29/2018
- + **LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts** @@ -245,11 +245,11 @@ The following list shows the supported values: - 1 - enabled (users cannot add Microsoft accounts). - +
- + **LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus** @@ -303,11 +303,11 @@ Valid values: - 1 - local Administrator account is enabled - +
- + **LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus** @@ -358,11 +358,11 @@ Valid values: - 1 - local Guest account is enabled - +
- + **LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly** @@ -421,11 +421,11 @@ Valid values: - 1 - enabled - local accounts that are not password protected will only be able to log on at the computer's keyboard - +
- + **LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount** @@ -470,11 +470,11 @@ Default: Administrator. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
- + **LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount** @@ -519,11 +519,11 @@ Default: Guest. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
- + **LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon** @@ -569,11 +569,11 @@ Caution: Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable. - +
- + **LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia** @@ -619,11 +619,11 @@ This security setting determines who is allowed to format and eject removable NT Default: This policy is not defined and only Administrators have this ability. - +
- + **LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters** @@ -671,11 +671,11 @@ Note This setting does not affect the ability to add a local printer. This setting does not affect Administrators. - +
- + **LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly** @@ -720,11 +720,11 @@ If this policy is enabled, it allows only the interactively logged-on user to ac Default: This policy is not defined and CD-ROM access is not restricted to the locally logged-on user. - +
- + **LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways** @@ -780,11 +780,11 @@ If this policy is enabled, the policy Domain member: Digitally sign secure chann Logon information transmitted over the secure channel is always encrypted regardless of whether encryption of ALL other secure channel traffic is negotiated or not. - +
- + **LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible** @@ -837,11 +837,11 @@ There is no known reason for disabling this setting. Besides unnecessarily reduc Note: Domain controllers are also domain members and establish secure channels with other domain controllers in the same domain as well as domain controllers in trusted domains. - +
- + **LocalPoliciesSecurityOptions/DomainMember_DigitallySignSecureChannelDataWhenPossible** @@ -888,11 +888,11 @@ This setting determines whether or not the domain member attempts to negotiate s Default: Enabled. - +
- + **LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges** @@ -940,11 +940,11 @@ This security setting should not be enabled. Computer account passwords are used This setting should not be used in an attempt to support dual-boot scenarios that use the same computer account. If you want to dual-boot two installations that are joined to the same domain, give the two installations different computer names. - +
- + **LocalPoliciesSecurityOptions/DomainMember_MaximumMachineAccountPasswordAge** @@ -991,11 +991,11 @@ Important This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers. - +
- + **LocalPoliciesSecurityOptions/DomainMember_RequireStrongSessionKey** @@ -1053,11 +1053,11 @@ In order to take advantage of this policy on member workstations and servers, al In order to take advantage of this policy on domain controllers, all domain controllers in the same domain as well as all trusted domains must run Windows 2000 or later. - +
- + **LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked** @@ -1106,11 +1106,11 @@ Valid values: - 3 - Do not display user information - +
- + **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn** @@ -1164,11 +1164,11 @@ Valid values: - 1 - enabled (username will not be shown) - +
- + **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn** @@ -1223,11 +1223,11 @@ Valid values: - 1 - enabled (username will not be shown) - +
- + **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL** @@ -1283,11 +1283,11 @@ Valid values: - 1 - enabled (a user is not required to press CTRL+ALT+DEL to log on) - +
- + **LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit** @@ -1338,11 +1338,11 @@ Valid values: - 1 - enabled (session will lock after amount of inactive time exceeds the inactivity limit) - +
- + **LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn** @@ -1389,11 +1389,11 @@ Default: No message. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
- + **LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn** @@ -1438,11 +1438,11 @@ Default: No message. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
- + **LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior** @@ -1502,11 +1502,11 @@ Default: This policy is not defined, which means that the system treats it as No On Windows Vista and above: For this setting to work, the Smart Card Removal Policy service must be started. - +
- + **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways** @@ -1567,11 +1567,11 @@ SMB packet signing can significantly degrade SMB performance, depending on diale For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - +
- + **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees** @@ -1629,11 +1629,11 @@ SMB packet signing can significantly degrade SMB performance, depending on diale For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - +
- + **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers** @@ -1678,11 +1678,11 @@ Sending unencrypted passwords is a security risk. Default: Disabled. - +
- + **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession** @@ -1729,11 +1729,11 @@ For this policy setting, a value of 0 means to disconnect an idle session as qui Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations. - +
- + **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways** @@ -1803,11 +1803,11 @@ HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecurity For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - +
- + **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees** @@ -1869,11 +1869,11 @@ SMB packet signing can significantly degrade SMB performance, depending on diale For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - +
- + **LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts** @@ -1928,11 +1928,11 @@ Important This policy has no impact on domain controllers. - +
- + **LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares** @@ -1977,11 +1977,11 @@ Windows allows anonymous users to perform certain activities, such as enumeratin Default: Disabled. - +
- + **LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers** @@ -2028,11 +2028,11 @@ If this policy is enabled, the Everyone SID is added to the token that is create Default: Disabled. - +
- + **LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares** @@ -2077,11 +2077,11 @@ Network access: Shares that can be accessed anonymously Default: Enabled. - +
- + **LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM** @@ -2126,11 +2126,11 @@ If not selected, the default security descriptor will be used. This policy is supported on at least Windows Server 2016. - +
- + **LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM** @@ -2183,11 +2183,11 @@ This policy is supported on at least Windows Vista or Windows Server 2008. Note: Windows Vista or Windows Server 2008 do not expose this setting in Group Policy. - +
- + **LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests** @@ -2237,11 +2237,11 @@ Valid values: - 1 - enabled (allow PKU2U authentication requests to this computer to use online identities.) - +
- + **LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange** @@ -2291,11 +2291,11 @@ Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authenticat This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98. - +
- + **LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel** @@ -2360,11 +2360,11 @@ Windows Server 2003: Send NTLM response only Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only - +
- + **LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients** @@ -2414,11 +2414,11 @@ Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Windows 7 and Windows Server 2008 R2: Require 128-bit encryption - +
- + **LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers** @@ -2468,11 +2468,11 @@ Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Windows 7 and Windows Server 2008 R2: Require 128-bit encryption - +
- + **LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon** @@ -2514,11 +2514,11 @@ Valid values: - 1 - enabled (allow automatic administrative logon) - +
- + **LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn** @@ -2574,11 +2574,11 @@ Valid values: - 1 - enabled (allow system to be shut down without having to log on) - +
- + **LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile** @@ -2625,11 +2625,11 @@ When this policy is enabled, it causes the system pagefile to be cleared upon cl Default: Disabled. - +
- + **LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems** @@ -2674,11 +2674,11 @@ If this setting is enabled, case insensitivity is enforced for all directory obj Default: Enabled. - +
- + **LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation** @@ -2733,11 +2733,11 @@ Valid values: - 1 - enabled (allow UIAccess applications to prompt for elevation without using the secure desktop) - +
- + **LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators** @@ -2794,11 +2794,11 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
- + **LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers** @@ -2848,11 +2848,11 @@ The following list shows the supported values: - 3 (Default) - Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. - +
- + **LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation** @@ -2899,11 +2899,11 @@ Enabled: (Default) When an application installation package is detected that req Disabled: Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary. - +
- + **LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated** @@ -2950,11 +2950,11 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
- + **LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations** @@ -3007,11 +3007,11 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
- + **LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode** @@ -3059,11 +3059,11 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
- + **LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation** @@ -3110,11 +3110,11 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
- + **LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode** @@ -3161,11 +3161,11 @@ The options are: • Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege. - +
- + **LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations** @@ -3215,7 +3215,7 @@ The following list shows the supported values: - 1 - Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry. - +
Footnote: @@ -3224,5 +3224,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md index 3d2a9f5773..ac9c25abfa 100644 --- a/windows/client-management/mdm/policy-csp-location.md +++ b/windows/client-management/mdm/policy-csp-location.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Location @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Location policies
@@ -27,7 +27,7 @@ ms.date: 01/29/2018
- + **Location/EnableLocation** @@ -83,7 +83,7 @@ To validate on Desktop, do the following: 2. Use Windows Maps Application (or similar) to see if a location can or cannot be obtained. - +
Footnote: @@ -92,5 +92,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index 38165bb182..a63d073566 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - LockDown @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## LockDown policies
@@ -27,7 +27,7 @@ ms.date: 01/29/2018
- + **LockDown/AllowEdgeSwipe** @@ -75,7 +75,7 @@ The following list shows the supported values: - 1 (default, not configured) - allow edge swipe. - +
Footnote: @@ -84,5 +84,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index d4c5ac8af2..4d5a5f55ec 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Maps @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Maps policies
@@ -30,7 +30,7 @@ ms.date: 01/29/2018
- + **Maps/AllowOfflineMapsDownloadOverMeteredConnection** @@ -79,11 +79,11 @@ The following list shows the supported values: - 65535 (default) – Not configured. User's choice. - +
- + **Maps/EnableOfflineMapsAutoUpdate** @@ -132,7 +132,7 @@ The following list shows the supported values: - 65535 (default) – Not configured. User's choice. - +
Footnote: @@ -141,5 +141,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index 743c206a04..abd33e0f71 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Messaging @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Messaging policies
@@ -33,7 +33,7 @@ ms.date: 01/29/2018
- + **Messaging/AllowMMS** @@ -82,11 +82,11 @@ The following list shows the supported values: - 1 (default) - Enabled. - +
- + **Messaging/AllowMessageSync** @@ -132,11 +132,11 @@ The following list shows the supported values: - 1 - message sync is allowed. The user can change this setting. - +
- + **Messaging/AllowRCS** @@ -185,7 +185,7 @@ The following list shows the supported values: - 1 (default) - Enabled. - +
Footnote: @@ -194,5 +194,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index 1e104d4c8a..445d9a8d6d 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - NetworkIsolation @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## NetworkIsolation policies
@@ -48,7 +48,7 @@ ms.date: 01/29/2018
- + **NetworkIsolation/EnterpriseCloudResources** @@ -87,11 +87,11 @@ ms.date: 01/29/2018 Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the **EnterpriseInternalProxyServers** policy. This domain list is a pipe-separated list of cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address. For example, **<*cloudresource*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|**. - +
- + **NetworkIsolation/EnterpriseIPRange** @@ -143,11 +143,11 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ``` - +
- + **NetworkIsolation/EnterpriseIPRangesAreAuthoritative** @@ -186,11 +186,11 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. - +
- + **NetworkIsolation/EnterpriseInternalProxyServers** @@ -229,11 +229,11 @@ Boolean value that tells the client to accept the configured list and not to use This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies. - +
- + **NetworkIsolation/EnterpriseNetworkDomainNames** @@ -282,11 +282,11 @@ Here are the steps to create canonical domain names: 3. Call [IdnToUnicode](https://msdn.microsoft.com/library/windows/desktop/dd318151.aspx) with no flags set (dwFlags = 0). - +
- + **NetworkIsolation/EnterpriseProxyServers** @@ -325,11 +325,11 @@ Here are the steps to create canonical domain names: This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". - +
- + **NetworkIsolation/EnterpriseProxyServersAreAuthoritative** @@ -368,11 +368,11 @@ This is a comma-separated list of proxy servers. Any server on this list is cons Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. - +
- + **NetworkIsolation/NeutralResources** @@ -411,7 +411,7 @@ Boolean value that tells the client to accept the configured list of proxies and List of domain names that can used for work or personal resource. - +
Footnote: @@ -420,5 +420,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index d9bb95050c..2f8a4559f5 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Notifications @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Notifications policies
@@ -27,7 +27,7 @@ ms.date: 01/29/2018
- + **Notifications/DisallowNotificationMirroring** @@ -77,7 +77,7 @@ The following list shows the supported values: - 1 - disable notification mirroring. - +
Footnote: @@ -86,5 +86,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index 7ea180fcf7..5bc495e5d8 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Power @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Power policies
@@ -51,7 +51,7 @@ ms.date: 01/29/2018
- + **Power/AllowStandbyWhenSleepingPluggedIn** @@ -109,11 +109,11 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
- + **Power/DisplayOffTimeoutOnBattery** @@ -173,11 +173,11 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
- + **Power/DisplayOffTimeoutPluggedIn** @@ -237,11 +237,11 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
- + **Power/HibernateTimeoutOnBattery** @@ -302,11 +302,11 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
- + **Power/HibernateTimeoutPluggedIn** @@ -366,11 +366,11 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
- + **Power/RequirePasswordWhenComputerWakesOnBattery** @@ -428,11 +428,11 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
- + **Power/RequirePasswordWhenComputerWakesPluggedIn** @@ -490,11 +490,11 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
- + **Power/StandbyTimeoutOnBattery** @@ -554,11 +554,11 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
- + **Power/StandbyTimeoutPluggedIn** @@ -618,7 +618,7 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
Footnote: @@ -627,5 +627,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index 709afa0ddb..2e10fa65e7 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Printers @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Printers policies
@@ -33,7 +33,7 @@ ms.date: 01/29/2018
- + **Printers/PointAndPrintRestrictions** @@ -104,11 +104,11 @@ ADMX Info: - GP ADMX file name: *Printing.admx* - +
- + **Printers/PointAndPrintRestrictions_User** @@ -179,11 +179,11 @@ ADMX Info: - GP ADMX file name: *Printing.admx* - +
- + **Printers/PublishPrinters** @@ -243,7 +243,7 @@ ADMX Info: - GP ADMX file name: *Printing2.admx* - +
Footnote: @@ -252,5 +252,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 5422f5440f..c42149d2f1 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Privacy @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Privacy policies
@@ -255,7 +255,7 @@ ms.date: 01/29/2018
- + **Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts** @@ -307,11 +307,11 @@ The following list shows the supported values: - 1 – Allowed. - +
- + **Privacy/AllowInputPersonalization** @@ -359,11 +359,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Privacy/DisableAdvertisingId** @@ -412,11 +412,11 @@ The following list shows the supported values: - 65535 (default)- Not configured. - +
- + **Privacy/EnableActivityFeed** @@ -462,11 +462,11 @@ The following list shows the supported values: - 1 – (default) Enabled. Apps/OS can publish the activities and will be roamed across device graph. - +
- + **Privacy/LetAppsAccessAccountInfo** @@ -516,11 +516,11 @@ The following list shows the supported values: - 2 - Force deny. - +
- + **Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps** @@ -559,11 +559,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. - +
- + **Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps** @@ -602,11 +602,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. - +
- + **Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps** @@ -645,11 +645,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. - +
- + **Privacy/LetAppsAccessCalendar** @@ -699,11 +699,11 @@ The following list shows the supported values: - 2 - Force deny. - +
- + **Privacy/LetAppsAccessCalendar_ForceAllowTheseApps** @@ -742,11 +742,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. - +
- + **Privacy/LetAppsAccessCalendar_ForceDenyTheseApps** @@ -785,11 +785,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. - +
- + **Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps** @@ -828,11 +828,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. - +
- + **Privacy/LetAppsAccessCallHistory** @@ -882,11 +882,11 @@ The following list shows the supported values: - 2 - Force deny. - +
- + **Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps** @@ -925,11 +925,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. - +
- + **Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps** @@ -968,11 +968,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. - +
- + **Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps** @@ -1011,11 +1011,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. - +
- + **Privacy/LetAppsAccessCamera** @@ -1065,11 +1065,11 @@ The following list shows the supported values: - 2 - Force deny. - +
- + **Privacy/LetAppsAccessCamera_ForceAllowTheseApps** @@ -1108,11 +1108,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessCamera_ForceDenyTheseApps** @@ -1151,11 +1151,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessCamera_UserInControlOfTheseApps** @@ -1194,11 +1194,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessContacts** @@ -1248,11 +1248,11 @@ The following list shows the supported values: - 2 - Force deny. - +
- + **Privacy/LetAppsAccessContacts_ForceAllowTheseApps** @@ -1291,11 +1291,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessContacts_ForceDenyTheseApps** @@ -1334,11 +1334,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessContacts_UserInControlOfTheseApps** @@ -1377,11 +1377,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessEmail** @@ -1431,11 +1431,11 @@ The following list shows the supported values: - 2 - Force deny. - +
- + **Privacy/LetAppsAccessEmail_ForceAllowTheseApps** @@ -1474,11 +1474,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessEmail_ForceDenyTheseApps** @@ -1517,11 +1517,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessEmail_UserInControlOfTheseApps** @@ -1560,11 +1560,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessLocation** @@ -1614,11 +1614,11 @@ The following list shows the supported values: - 2 - Force deny. - +
- + **Privacy/LetAppsAccessLocation_ForceAllowTheseApps** @@ -1657,11 +1657,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessLocation_ForceDenyTheseApps** @@ -1700,11 +1700,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessLocation_UserInControlOfTheseApps** @@ -1743,11 +1743,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessMessaging** @@ -1797,11 +1797,11 @@ The following list shows the supported values: - 2 - Force deny. - +
- + **Privacy/LetAppsAccessMessaging_ForceAllowTheseApps** @@ -1840,11 +1840,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessMessaging_ForceDenyTheseApps** @@ -1883,11 +1883,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps** @@ -1926,11 +1926,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessMicrophone** @@ -1980,11 +1980,11 @@ The following list shows the supported values: - 2 - Force deny. - +
- + **Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps** @@ -2023,11 +2023,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps** @@ -2066,11 +2066,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps** @@ -2109,11 +2109,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessMotion** @@ -2163,11 +2163,11 @@ The following list shows the supported values: - 2 - Force deny. - +
- + **Privacy/LetAppsAccessMotion_ForceAllowTheseApps** @@ -2206,11 +2206,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessMotion_ForceDenyTheseApps** @@ -2249,11 +2249,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessMotion_UserInControlOfTheseApps** @@ -2292,11 +2292,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessNotifications** @@ -2346,11 +2346,11 @@ The following list shows the supported values: - 2 - Force deny. - +
- + **Privacy/LetAppsAccessNotifications_ForceAllowTheseApps** @@ -2389,11 +2389,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessNotifications_ForceDenyTheseApps** @@ -2432,11 +2432,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps** @@ -2475,11 +2475,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessPhone** @@ -2529,11 +2529,11 @@ The following list shows the supported values: - 2 - Force deny. - +
- + **Privacy/LetAppsAccessPhone_ForceAllowTheseApps** @@ -2572,11 +2572,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessPhone_ForceDenyTheseApps** @@ -2615,11 +2615,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessPhone_UserInControlOfTheseApps** @@ -2658,11 +2658,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessRadios** @@ -2712,11 +2712,11 @@ The following list shows the supported values: - 2 - Force deny. - +
- + **Privacy/LetAppsAccessRadios_ForceAllowTheseApps** @@ -2755,11 +2755,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessRadios_ForceDenyTheseApps** @@ -2798,11 +2798,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessRadios_UserInControlOfTheseApps** @@ -2841,11 +2841,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessTasks** @@ -2884,11 +2884,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1703. Specifies whether Windows apps can access tasks. - +
- + **Privacy/LetAppsAccessTasks_ForceAllowTheseApps** @@ -2927,11 +2927,11 @@ Added in Windows 10, version 1703. Specifies whether Windows apps can access tas Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessTasks_ForceDenyTheseApps** @@ -2970,11 +2970,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessTasks_UserInControlOfTheseApps** @@ -3013,11 +3013,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessTrustedDevices** @@ -3067,11 +3067,11 @@ The following list shows the supported values: - 2 - Force deny. - +
- + **Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps** @@ -3110,11 +3110,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps** @@ -3153,11 +3153,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. - +
- + **Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps** @@ -3196,11 +3196,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. - +
- + **Privacy/LetAppsGetDiagnosticInfo** @@ -3250,11 +3250,11 @@ The following list shows the supported values: - 2 - Force deny. - +
- + **Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps** @@ -3293,11 +3293,11 @@ The following list shows the supported values: Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. - +
- + **Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps** @@ -3336,11 +3336,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. - +
- + **Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps** @@ -3379,11 +3379,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. - +
- + **Privacy/LetAppsRunInBackground** @@ -3435,11 +3435,11 @@ The following list shows the supported values: - 2 - Force deny. - +
- + **Privacy/LetAppsRunInBackground_ForceAllowTheseApps** @@ -3478,11 +3478,11 @@ The following list shows the supported values: Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. - +
- + **Privacy/LetAppsRunInBackground_ForceDenyTheseApps** @@ -3521,11 +3521,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. - +
- + **Privacy/LetAppsRunInBackground_UserInControlOfTheseApps** @@ -3564,11 +3564,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. - +
- + **Privacy/LetAppsSyncWithDevices** @@ -3618,11 +3618,11 @@ The following list shows the supported values: - 2 - Force deny. - +
- + **Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps** @@ -3661,11 +3661,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. - +
- + **Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps** @@ -3704,11 +3704,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. - +
- + **Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps** @@ -3747,11 +3747,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. - +
- + **Privacy/PublishUserActivities** @@ -3797,7 +3797,7 @@ The following list shows the supported values: - 1 – (default) Enabled. Apps/OS can publish the *user activities*. - +
Footnote: @@ -3806,7 +3806,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Privacy policies supported by Windows Holographic for Business diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index 1cf07a4456..79ab76a706 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - RemoteAssistance @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## RemoteAssistance policies
@@ -36,7 +36,7 @@ ms.date: 01/29/2018
- + **RemoteAssistance/CustomizeWarningMessages** @@ -100,11 +100,11 @@ ADMX Info: - GP ADMX file name: *remoteassistance.admx* - +
- + **RemoteAssistance/SessionLogging** @@ -164,11 +164,11 @@ ADMX Info: - GP ADMX file name: *remoteassistance.admx* - +
- + **RemoteAssistance/SolicitedRemoteAssistance** @@ -236,11 +236,11 @@ ADMX Info: - GP ADMX file name: *remoteassistance.admx* - +
- + **RemoteAssistance/UnsolicitedRemoteAssistance** @@ -331,7 +331,7 @@ ADMX Info: - GP ADMX file name: *remoteassistance.admx* - +
Footnote: @@ -340,5 +340,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index 2c808afadf..79615e7c27 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - RemoteDesktopServices @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## RemoteDesktopServices policies
@@ -42,7 +42,7 @@ ms.date: 01/29/2018
- + **RemoteDesktopServices/AllowUsersToConnectRemotely** @@ -106,11 +106,11 @@ ADMX Info: - GP ADMX file name: *terminalserver.admx* - +
- + **RemoteDesktopServices/ClientConnectionEncryptionLevel** @@ -178,11 +178,11 @@ ADMX Info: - GP ADMX file name: *terminalserver.admx* - +
- + **RemoteDesktopServices/DoNotAllowDriveRedirection** @@ -244,11 +244,11 @@ ADMX Info: - GP ADMX file name: *terminalserver.admx* - +
- + **RemoteDesktopServices/DoNotAllowPasswordSaving** @@ -306,11 +306,11 @@ ADMX Info: - GP ADMX file name: *terminalserver.admx* - +
- + **RemoteDesktopServices/PromptForPasswordUponConnection** @@ -374,11 +374,11 @@ ADMX Info: - GP ADMX file name: *terminalserver.admx* - +
- + **RemoteDesktopServices/RequireSecureRPCCommunication** @@ -442,7 +442,7 @@ ADMX Info: - GP ADMX file name: *terminalserver.admx* - +
Footnote: @@ -451,5 +451,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index 141fbaed7e..609bfc4763 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - RemoteManagement @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## RemoteManagement policies
@@ -69,7 +69,7 @@ ms.date: 01/29/2018
- + **RemoteManagement/AllowBasicAuthentication_Client** @@ -122,11 +122,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
- + **RemoteManagement/AllowBasicAuthentication_Service** @@ -179,11 +179,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
- + **RemoteManagement/AllowCredSSPAuthenticationClient** @@ -236,11 +236,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
- + **RemoteManagement/AllowCredSSPAuthenticationService** @@ -293,11 +293,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
- + **RemoteManagement/AllowRemoteServerManagement** @@ -350,11 +350,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
- + **RemoteManagement/AllowUnencryptedTraffic_Client** @@ -407,11 +407,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
- + **RemoteManagement/AllowUnencryptedTraffic_Service** @@ -464,11 +464,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
- + **RemoteManagement/DisallowDigestAuthentication** @@ -521,11 +521,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
- + **RemoteManagement/DisallowNegotiateAuthenticationClient** @@ -578,11 +578,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
- + **RemoteManagement/DisallowNegotiateAuthenticationService** @@ -635,11 +635,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
- + **RemoteManagement/DisallowStoringOfRunAsCredentials** @@ -692,11 +692,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
- + **RemoteManagement/SpecifyChannelBindingTokenHardeningLevel** @@ -749,11 +749,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
- + **RemoteManagement/TrustedHosts** @@ -806,11 +806,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
- + **RemoteManagement/TurnOnCompatibilityHTTPListener** @@ -863,11 +863,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
- + **RemoteManagement/TurnOnCompatibilityHTTPSListener** @@ -920,7 +920,7 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
Footnote: @@ -929,5 +929,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 6038112891..16adbb0e97 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - RemoteProcedureCall @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## RemoteProcedureCall policies
@@ -30,7 +30,7 @@ ms.date: 01/29/2018
- + **RemoteProcedureCall/RPCEndpointMapperClientAuthentication** @@ -92,11 +92,11 @@ ADMX Info: - GP ADMX file name: *rpc.admx* - +
- + **RemoteProcedureCall/RestrictUnauthenticatedRPCClients** @@ -166,7 +166,7 @@ ADMX Info: - GP ADMX file name: *rpc.admx* - +
Footnote: @@ -175,5 +175,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index d1a746424c..5f9c72ad15 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - RemoteShell @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## RemoteShell policies
@@ -45,7 +45,7 @@ ms.date: 01/29/2018
- + **RemoteShell/AllowRemoteShellAccess** @@ -98,11 +98,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteShell.admx* - +
- + **RemoteShell/MaxConcurrentUsers** @@ -155,11 +155,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteShell.admx* - +
- + **RemoteShell/SpecifyIdleTimeout** @@ -212,11 +212,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteShell.admx* - +
- + **RemoteShell/SpecifyMaxMemory** @@ -269,11 +269,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteShell.admx* - +
- + **RemoteShell/SpecifyMaxProcesses** @@ -326,11 +326,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteShell.admx* - +
- + **RemoteShell/SpecifyMaxRemoteShells** @@ -383,11 +383,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteShell.admx* - +
- + **RemoteShell/SpecifyShellTimeout** @@ -440,7 +440,7 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteShell.admx* - +
Footnote: @@ -449,5 +449,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 743ea8568e..616c8eb992 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Search @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## Search policies
@@ -68,7 +68,7 @@ ms.date: 01/29/2018
- + **Search/AllowCloudSearch** @@ -114,11 +114,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Search/AllowCortanaInAAD** @@ -164,11 +164,11 @@ The following list shows the supported values: - 1 - Allowed. The Cortana consent page will appear in Azure AAD OOBE during setup. - +
- + **Search/AllowIndexingEncryptedStoresOrItems** @@ -220,11 +220,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Search/AllowSearchToUseLocation** @@ -272,11 +272,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Search/AllowStoringImagesFromVisionSearch** @@ -292,11 +292,11 @@ The following list shows the supported values: This policy has been deprecated. - +
- + **Search/AllowUsingDiacritics** @@ -345,11 +345,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Search/AllowWindowsIndexer** @@ -388,11 +388,11 @@ The following list shows the supported values: Allow Windows indexer. Value type is integer. - +
- + **Search/AlwaysUseAutoLangDetection** @@ -441,11 +441,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Search/DisableBackoff** @@ -491,11 +491,11 @@ The following list shows the supported values: - 1 – Enable. - +
- + **Search/DisableRemovableDriveIndexing** @@ -545,11 +545,11 @@ The following list shows the supported values: - 1 – Enable. - +
- + **Search/DoNotUseWebResults** @@ -600,11 +600,11 @@ The following list shows the supported values: - 1 (default) - Allowed. Queries will be performed on the web and web results will be displayed when a user performs a query in Search. - +
- + **Search/PreventIndexingLowDiskSpaceMB** @@ -654,11 +654,11 @@ The following list shows the supported values: - 1 (default) – Enable. - +
- + **Search/PreventRemoteQueries** @@ -704,11 +704,11 @@ The following list shows the supported values: - 1 (default) – Enable. - +
- + **Search/SafeSearchPermissions** @@ -761,7 +761,7 @@ The following list shows the supported values: - 1 (default) – Moderate filtering against adult content (valid search results will not be filtered). - +
Footnote: @@ -770,7 +770,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Search policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index 8d7edec458..fa48adfe0d 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Security @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## Security policies
@@ -59,7 +59,7 @@ ms.date: 01/29/2018
- + **Security/AllowAddProvisioningPackage** @@ -105,11 +105,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices** @@ -155,11 +155,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Security/AllowManualRootCertificateInstallation** @@ -211,11 +211,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Security/AllowRemoveProvisioningPackage** @@ -261,11 +261,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Security/AntiTheftMode** @@ -315,11 +315,11 @@ The following list shows the supported values: - 1 (default) – Anti Theft Mode will follow the default device configuration (region-dependent). - +
- + **Security/ClearTPMIfNotReady** @@ -368,11 +368,11 @@ The following list shows the supported values: - 1 – Will prompt to clear the TPM if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear. - +
- + **Security/ConfigureWindowsPasswords** @@ -422,11 +422,11 @@ The following list shows the supported values: - 2- Default (Feature defaults as per SKU and device capabilities. Windows 10 S devices will exhibit "Disallow passwords" default, and all other devices will default to "Allow passwords") - +
- + **Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices** @@ -478,11 +478,11 @@ The following list shows the supported values: - 1 – Encryption disabled. - +
- + **Security/RequireDeviceEncryption** @@ -534,11 +534,11 @@ The following list shows the supported values: - 1 – Encryption is required. - +
- + **Security/RequireProvisioningPackageSignature** @@ -584,11 +584,11 @@ The following list shows the supported values: - 1 – Required. - +
- + **Security/RequireRetrieveHealthCertificateOnBoot** @@ -646,7 +646,7 @@ The following list shows the supported values: - 1 – Required. - +
Footnote: @@ -655,7 +655,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Security policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 1ba96f10d0..bd6a64ba12 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Settings @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## Settings policies
@@ -68,7 +68,7 @@ ms.date: 01/29/2018
- + **Settings/AllowAutoPlay** @@ -121,11 +121,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Settings/AllowDataSense** @@ -171,11 +171,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Settings/AllowDateTime** @@ -221,11 +221,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Settings/AllowEditDeviceName** @@ -271,11 +271,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Settings/AllowLanguage** @@ -325,11 +325,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Settings/AllowOnlineTips** @@ -370,11 +370,11 @@ Enables or disables the retrieval of online tips and help for the Settings app. If disabled, Settings will not contact Microsoft content services to retrieve tips and help content. - +
- + **Settings/AllowPowerSleep** @@ -424,11 +424,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Settings/AllowRegion** @@ -478,11 +478,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Settings/AllowSignInOptions** @@ -532,11 +532,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Settings/AllowVPN** @@ -582,11 +582,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Settings/AllowWorkplace** @@ -636,11 +636,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Settings/AllowYourAccount** @@ -686,11 +686,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Settings/ConfigureTaskbarCalendar** @@ -738,11 +738,11 @@ The following list shows the supported values: - 3 - Traditional Chinese (Lunar). - +
- + **Settings/PageVisibilityList** @@ -813,7 +813,7 @@ To validate on Desktop, do the following: 3. Open System Settings again and verify that the About page is no longer accessible. - +
Footnote: @@ -822,7 +822,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Settings policies supported by Windows Holographic for Business diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index 27398259c1..f52bfb67a6 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - SmartScreen @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## SmartScreen policies
@@ -33,7 +33,7 @@ ms.date: 01/29/2018
- + **SmartScreen/EnableAppInstallControl** @@ -79,11 +79,11 @@ The following list shows the supported values: - 1 – Turns on Application Installation Control, allowing users to only install apps from the Store. - +
- + **SmartScreen/EnableSmartScreenInShell** @@ -129,11 +129,11 @@ The following list shows the supported values: - 1 – Turns on SmartScreen in Windows. - +
- + **SmartScreen/PreventOverrideForFilesInShell** @@ -179,7 +179,7 @@ The following list shows the supported values: - 1 – Employees cannot ignore SmartScreen warnings and run malicious files. - +
Footnote: @@ -188,5 +188,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index 2c38f752bb..e5c27c3200 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Speech @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Speech policies
@@ -27,7 +27,7 @@ ms.date: 01/29/2018
- + **Speech/AllowSpeechModelUpdate** @@ -73,7 +73,7 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
Footnote: @@ -82,5 +82,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index eabc6aabe7..e8122802b3 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Start @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Start policies
@@ -111,7 +111,7 @@ ms.date: 01/29/2018
- + **Start/AllowPinnedFolderDocuments** @@ -158,11 +158,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
- + **Start/AllowPinnedFolderDownloads** @@ -209,11 +209,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
- + **Start/AllowPinnedFolderFileExplorer** @@ -260,11 +260,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
- + **Start/AllowPinnedFolderHomeGroup** @@ -311,11 +311,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
- + **Start/AllowPinnedFolderMusic** @@ -362,11 +362,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
- + **Start/AllowPinnedFolderNetwork** @@ -413,11 +413,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
- + **Start/AllowPinnedFolderPersonalFolder** @@ -464,11 +464,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
- + **Start/AllowPinnedFolderPictures** @@ -515,11 +515,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
- + **Start/AllowPinnedFolderSettings** @@ -566,11 +566,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
- + **Start/AllowPinnedFolderVideos** @@ -617,11 +617,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
- + **Start/ForceStartSize** @@ -675,11 +675,11 @@ The following list shows the supported values: - 2 - Force a fullscreen size of Start. - +
- + **Start/HideAppList** @@ -741,11 +741,11 @@ The following list shows the supported values: - 3 - Hide all apps list, remove all apps button, and Disable "Show app list in Start menu" in Settings app. - +
- + **Start/HideChangeAccountSettings** @@ -798,11 +798,11 @@ To validate on Desktop, do the following: 2. Open Start, click on the user tile, and verify that "Change account settings" is not available. - +
- + **Start/HideFrequentlyUsedApps** @@ -862,11 +862,11 @@ To validate on Desktop, do the following: 6. Check that most used apps do not appear in Start. - +
- + **Start/HideHibernate** @@ -923,11 +923,11 @@ To validate on Laptop, do the following: 2. Open Start, click on the Power button, and verify "Hibernate" is not available. - +
- + **Start/HideLock** @@ -980,11 +980,11 @@ To validate on Desktop, do the following: 2. Open Start, click on the user tile, and verify "Lock" is not available. - +
- + **Start/HidePeopleBar** @@ -1025,11 +1025,11 @@ Added in Windows 10, version 1709. Enabling this policy removes the people icon Value type is integer. - +
- + **Start/HidePowerButton** @@ -1085,11 +1085,11 @@ To validate on Desktop, do the following: 2. Open Start, and verify the power button is not available. - +
- + **Start/HideRecentJumplists** @@ -1152,11 +1152,11 @@ To validate on Desktop, do the following: 9. Right Click pinned photos app and verify that there is no jumplist of recent items. - +
- + **Start/HideRecentlyAddedApps** @@ -1216,11 +1216,11 @@ To validate on Desktop, do the following: 6. Check that recently added apps do not appear in Start. - +
- + **Start/HideRestart** @@ -1273,11 +1273,11 @@ To validate on Desktop, do the following: 2. Open Start, click on the Power button, and verify "Restart" and "Update and restart" are not available. - +
- + **Start/HideShutDown** @@ -1330,11 +1330,11 @@ To validate on Desktop, do the following: 2. Open Start, click on the Power button, and verify "Shut down" and "Update and shut down" are not available. - +
- + **Start/HideSignOut** @@ -1387,11 +1387,11 @@ To validate on Desktop, do the following: 2. Open Start, click on the user tile, and verify "Sign out" is not available. - +
- + **Start/HideSleep** @@ -1444,11 +1444,11 @@ To validate on Desktop, do the following: 2. Open Start, click on the Power button, and verify that "Sleep" is not available. - +
- + **Start/HideSwitchAccount** @@ -1501,11 +1501,11 @@ To validate on Desktop, do the following: 2. Open Start, click on the user tile, and verify that "Switch account" is not available. - +
- + **Start/HideUserTile** @@ -1562,11 +1562,11 @@ To validate on Desktop, do the following: 3. Log in, and verify that the user tile is gone from Start. - +
- + **Start/ImportEdgeAssets** @@ -1622,11 +1622,11 @@ To validate on Desktop, do the following: 4. Verify that all Edge assets defined in XML show up in %LOCALAPPDATA%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState path. - +
- + **Start/NoPinningToTaskbar** @@ -1682,11 +1682,11 @@ To validate on Desktop, do the following: 5. Verify that More->Pin to taskbar menu does not show. - +
- + **Start/StartLayout** @@ -1731,7 +1731,7 @@ Allows you to override the default Start layout and prevents the user from chang For further details on how to customize the Start layout, please see [Customize and export Start layout](https://docs.microsoft.com/en-us/windows/configuration/customize-and-export-start-layout) and [Configure Windows 10 taskbar](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-10-taskbar). - +
Footnote: @@ -1740,5 +1740,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index b7bc8809d4..dbcdfe8bd5 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Storage @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Storage policies
@@ -30,7 +30,7 @@ ms.date: 01/29/2018
- + **Storage/AllowDiskHealthModelUpdates** @@ -80,11 +80,11 @@ The following list shows the supported values: - 1 (default) - Allow - +
- + **Storage/EnhancedStorageDevices** @@ -142,7 +142,7 @@ ADMX Info: - GP ADMX file name: *enhancedstorage.admx* - +
Footnote: @@ -151,5 +151,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index f7c6e8a3f8..f45d4b3ddc 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - System @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## System policies
@@ -71,7 +71,7 @@ ms.date: 01/29/2018
- + **System/AllowBuildPreview** @@ -124,11 +124,11 @@ The following list shows the supported values: - 2 (default) – Not configured. Users can make their devices available for downloading and installing preview software. - +
- + **System/AllowEmbeddedMode** @@ -176,11 +176,11 @@ The following list shows the supported values: - 1 – Allowed. - +
- + **System/AllowExperimentation** @@ -233,11 +233,11 @@ The following list shows the supported values: - 2 – Allows Microsoft to conduct full experimentations. - +
- + **System/AllowFontProviders** @@ -296,11 +296,11 @@ To verify if System/AllowFontProviders is set to true: - After a client machine is rebooted, check whether there is any network traffic from client machine to fs.microsoft.com. - +
- + **System/AllowLocation** @@ -356,11 +356,11 @@ The following list shows the supported values: - 2 – Force Location On. All Location Privacy settings are toggled on and greyed out. Users cannot change the settings and all consent permissions will be automatically suppressed. - +
- + **System/AllowStorageCard** @@ -408,11 +408,11 @@ The following list shows the supported values: - 1 (default) – Allow a storage card. - +
- + **System/AllowTelemetry** @@ -527,11 +527,11 @@ Windows 10 Values: Most restricted value is 0. - +
- + **System/AllowUserToResetPhone** @@ -580,11 +580,11 @@ orted values: - 1 (default) – Allowed to reset to factory default settings. - +
- + **System/BootStartDriverInitialization** @@ -636,11 +636,11 @@ ADMX Info: - GP ADMX file name: *earlylauncham.admx* - +
- + **System/DisableEnterpriseAuthProxy** @@ -679,11 +679,11 @@ ADMX Info: This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy. - +
- + **System/DisableOneDriveFileSync** @@ -745,11 +745,11 @@ To validate on Desktop, do the following: 3. Verify that OneDrive.exe is not running in Task Manager. - +
- + **System/DisableSystemRestore** @@ -813,11 +813,11 @@ ADMX Info: - GP ADMX file name: *systemrestore.admx* - +
- + **System/FeedbackHubAlwaysSaveDiagnosticsLocally** @@ -863,11 +863,11 @@ The following list shows the supported values: - 1 - True. The Feedback Hub should always save a local copy of diagnostics that may be created when a feedback is submitted. - +
- + **System/LimitEnhancedDiagnosticDataWindowsAnalytics** @@ -919,11 +919,11 @@ Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combina If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. - +
- + **System/TelemetryProxy** @@ -964,7 +964,7 @@ Allows you to specify the fully qualified domain name (FQDN) or IP address of a If you disable or do not configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration. - +
Footnote: @@ -973,7 +973,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## System policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md index e717d43451..7071a57f68 100644 --- a/windows/client-management/mdm/policy-csp-systemservices.md +++ b/windows/client-management/mdm/policy-csp-systemservices.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - SystemServices @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## SystemServices policies
@@ -44,7 +44,7 @@ ms.date: 01/29/2018
- + **SystemServices/ConfigureHomeGroupListenerServiceStartupMode** @@ -83,11 +83,11 @@ ms.date: 01/29/2018 Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
- + **SystemServices/ConfigureHomeGroupProviderServiceStartupMode** @@ -126,11 +126,11 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
- + **SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode** @@ -169,11 +169,11 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
- + **SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode** @@ -212,11 +212,11 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
- + **SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode** @@ -255,11 +255,11 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
- + **SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode** @@ -298,7 +298,7 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
Footnote: @@ -307,5 +307,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md index 0da5ed456d..e55edde857 100644 --- a/windows/client-management/mdm/policy-csp-taskscheduler.md +++ b/windows/client-management/mdm/policy-csp-taskscheduler.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - TaskScheduler @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## TaskScheduler policies
@@ -29,7 +29,7 @@ ms.date: 01/29/2018
- + **TaskScheduler/EnableXboxGameSaveTask** @@ -68,7 +68,7 @@ ms.date: 01/29/2018 Added in Windows 10, next major update. This setting determines whether the specific task is enabled (1) or disabled (0). Default: Enabled. - +
Footnote: @@ -77,5 +77,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index e712a54e76..ef51165474 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - TextInput @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## TextInput policies
@@ -68,7 +68,7 @@ ms.date: 01/29/2018
- + **TextInput/AllowIMELogging** @@ -120,11 +120,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **TextInput/AllowIMENetworkAccess** @@ -176,11 +176,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **TextInput/AllowInputPanel** @@ -232,11 +232,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **TextInput/AllowJapaneseIMESurrogatePairCharacters** @@ -289,11 +289,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **TextInput/AllowJapaneseIVSCharacters** @@ -345,11 +345,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **TextInput/AllowJapaneseNonPublishingStandardGlyph** @@ -401,11 +401,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **TextInput/AllowJapaneseUserDictionary** @@ -457,11 +457,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **TextInput/AllowKeyboardTextSuggestions** @@ -520,22 +520,22 @@ To validate that text prediction is disabled on Windows 10 for desktop, do the f 3. Launch the handwriting tool from the touch keyboard. Verify that text prediction is disabled when you write using the tool. - +
- + **TextInput/AllowKoreanExtendedHanja** This policy has been deprecated. - +
- + **TextInput/AllowLanguageFeaturesUninstall** @@ -587,11 +587,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode** @@ -643,11 +643,11 @@ The following list shows the supported values: - 1 - Enabled. - +
- + **TextInput/ExcludeJapaneseIMEExceptJIS0208** @@ -697,11 +697,11 @@ The following list shows the supported values: - 1 – All characters except JIS0208 are filtered. - +
- + **TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC** @@ -751,11 +751,11 @@ The following list shows the supported values: - 1 – All characters except JIS0208 and EUDC are filtered. - +
- + **TextInput/ExcludeJapaneseIMEExceptShiftJIS** @@ -805,7 +805,7 @@ The following list shows the supported values: - 1 – All characters except ShiftJIS are filtered. - +
Footnote: @@ -814,7 +814,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## TextInput policies supported by Microsoft Surface Hub diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index ddda234337..c926c03e45 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - TimeLanguageSettings @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## TimeLanguageSettings policies
@@ -27,7 +27,7 @@ ms.date: 01/29/2018
- + **TimeLanguageSettings/AllowSet24HourClock** @@ -73,7 +73,7 @@ The following list shows the supported values: - 1 (default) – Set 24 hour clock. - +
Footnote: @@ -82,5 +82,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 3eac735f1d..47a34b96dd 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Update @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## Update policies
@@ -170,7 +170,7 @@ ms.date: 01/29/2018
- + **Update/ActiveHoursEnd** @@ -216,11 +216,11 @@ Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. The default is 17 (5 PM). - +
- + **Update/ActiveHoursMaxRange** @@ -263,11 +263,11 @@ Supported values are 8-18. The default value is 18 (hours). - +
- + **Update/ActiveHoursStart** @@ -313,11 +313,11 @@ Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. The default value is 8 (8 AM). - +
- + **Update/AllowAutoUpdate** @@ -376,11 +376,11 @@ The following list shows the supported values: - 5 – Turn off automatic updates. - +
- + **Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork** @@ -430,11 +430,11 @@ The following list shows the supported values: - 1 - Allowed - +
- + **Update/AllowMUUpdateService** @@ -480,11 +480,11 @@ The following list shows the supported values: - 1 – Allowed. Accepts updates received through Microsoft Update. - +
- + **Update/AllowNonMicrosoftSignedUpdate** @@ -534,11 +534,11 @@ The following list shows the supported values: - 1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer. - +
- + **Update/AllowUpdateService** @@ -591,11 +591,11 @@ The following list shows the supported values: - 1 (default) – Update service is allowed. - +
- + **Update/AutoRestartDeadlinePeriodInDays** @@ -638,11 +638,11 @@ Supported values are 2-30 days. The default value is 7 days. - +
- + **Update/AutoRestartNotificationSchedule** @@ -687,11 +687,11 @@ The default value is 15 (minutes). Supported values are 15, 30, 60, 120, and 240 (minutes). - +
- + **Update/AutoRestartRequiredNotificationDismissal** @@ -737,11 +737,11 @@ The following list shows the supported values: - 2 – User Dismissal. - +
- + **Update/BranchReadinessLevel** @@ -790,11 +790,11 @@ The following list shows the supported values: - 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. - +
- + **Update/ConfigureFeatureUpdateUninstallPeriod** @@ -824,11 +824,11 @@ The following list shows the supported values: Added in Windows 10, next major update. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days. - +
- + **Update/DeferFeatureUpdatesPeriodInDays** @@ -874,11 +874,11 @@ Supported values are 0-365 days. > The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703. - +
- + **Update/DeferQualityUpdatesPeriodInDays** @@ -919,11 +919,11 @@ Added in Windows 10, version 1607. Defers Quality Updates for the specified num Supported values are 0-30. - +
- + **Update/DeferUpdatePeriod** @@ -1055,11 +1055,11 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego --> - +
- + **Update/DeferUpgradePeriod** @@ -1110,11 +1110,11 @@ If the "Specify intranet Microsoft update service location" policy is enabled, t If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. - +
- + **Update/DetectionFrequency** @@ -1153,11 +1153,11 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours. - +
- + **Update/DisableDualScan** @@ -1209,11 +1209,11 @@ The following list shows the supported values: - 1 - do not allow update deferral policies to cause scans against Windows Update - +
- + **Update/EngagedRestartDeadline** @@ -1256,11 +1256,11 @@ Supported values are 2-30 days. The default value is 0 days (not specified). - +
- + **Update/EngagedRestartSnoozeSchedule** @@ -1303,11 +1303,11 @@ Supported values are 1-3 days. The default value is 3 days. - +
- + **Update/EngagedRestartTransitionSchedule** @@ -1350,11 +1350,11 @@ Supported values are 2-30 days. The default value is 7 days. - +
- + **Update/ExcludeWUDriversInQualityUpdate** @@ -1403,11 +1403,11 @@ The following list shows the supported values: - 1 – Exclude Windows Update drivers. - +
- + **Update/FillEmptyContentUrls** @@ -1456,11 +1456,11 @@ The following list shows the supported values: - 1 – Enabled. - +
- + **Update/IgnoreMOAppDownloadLimit** @@ -1521,11 +1521,11 @@ To validate this policy: 3. Verify that any downloads that are above the download size limit will complete without being paused. - +
- + **Update/IgnoreMOUpdateDownloadLimit** @@ -1586,11 +1586,11 @@ To validate this policy: 2. Run the scheduled task on phone to check for OS updates in the background. For example, on a mobile device, run the following commands in TShell: - +
- + **Update/ManagePreviewBuilds** @@ -1637,11 +1637,11 @@ The following list shows the supported values: - 2 - Enable Preview builds - +
- + **Update/PauseDeferrals** @@ -1696,11 +1696,11 @@ The following list shows the supported values: - 1 – Deferrals are paused. - +
- + **Update/PauseFeatureUpdates** @@ -1749,11 +1749,11 @@ The following list shows the supported values: - 1 – Feature Updates are paused for 60 days or until value set to back to 0, whichever is sooner. - +
- + **Update/PauseFeatureUpdatesStartTime** @@ -1794,11 +1794,11 @@ Added in Windows 10, version 1703. Specifies the date and time when the IT admi Value type is string. Supported operations are Add, Get, Delete, and Replace. - +
- + **Update/PauseQualityUpdates** @@ -1844,11 +1844,11 @@ The following list shows the supported values: - 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner. - +
- + **Update/PauseQualityUpdatesStartTime** @@ -1889,22 +1889,22 @@ Added in Windows 10, version 1703. Specifies the date and time when the IT admi Value type is string. Supported operations are Add, Get, Delete, and Replace. - +
- + **Update/PhoneUpdateRestrictions** This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead. - +
- + **Update/RequireDeferUpgrade** @@ -1954,11 +1954,11 @@ The following list shows the supported values: - 1 – User gets upgrades from Semi-Annual Channel. - +
- + **Update/RequireUpdateApproval** @@ -2010,11 +2010,11 @@ The following list shows the supported values: - 1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment. - +
- + **Update/ScheduleImminentRestartWarning** @@ -2059,11 +2059,11 @@ The default value is 15 (minutes). Supported values are 15, 30, or 60 (minutes). - +
- + **Update/ScheduleRestartWarning** @@ -2112,11 +2112,11 @@ The default value is 4 (hours). Supported values are 2, 4, 8, 12, or 24 (hours). - +
- + **Update/ScheduledInstallDay** @@ -2172,11 +2172,11 @@ The following list shows the supported values: - 7 – Saturday - +
- + **Update/ScheduledInstallEveryWeek** @@ -2219,11 +2219,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - +
- + **Update/ScheduledInstallFirstWeek** @@ -2266,11 +2266,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - +
- + **Update/ScheduledInstallFourthWeek** @@ -2313,11 +2313,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - +
- + **Update/ScheduledInstallSecondWeek** @@ -2360,11 +2360,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - +
- + **Update/ScheduledInstallThirdWeek** @@ -2407,11 +2407,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - +
- + **Update/ScheduledInstallTime** @@ -2462,11 +2462,11 @@ Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3. - +
- + **Update/SetAutoRestartNotificationDisable** @@ -2512,11 +2512,11 @@ The following list shows the supported values: - 1 – Disabled - +
- + **Update/SetEDURestart** @@ -2562,11 +2562,11 @@ The following list shows the supported values: - 1 - configured - +
- + **Update/UpdateServiceUrl** @@ -2637,11 +2637,11 @@ Example ``` - +
- + **Update/UpdateServiceUrlAlternate** @@ -2691,7 +2691,7 @@ Value type is string and the default value is an empty string, "". If the settin > This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs. - +
Footnote: @@ -2700,7 +2700,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Update policies supported by Windows Holographic for Business diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 53cf96c3f3..b091456af0 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - UserRights @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## UserRights policies
@@ -113,7 +113,7 @@ ms.date: 01/29/2018
- + **UserRights/AccessCredentialManagerAsTrustedCaller** @@ -152,11 +152,11 @@ ms.date: 01/29/2018 This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities. - +
- + **UserRights/AccessFromNetwork** @@ -195,11 +195,11 @@ This user right is used by Credential Manager during Backup/Restore. No accounts This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right.Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server. - +
- + **UserRights/ActAsPartOfTheOperatingSystem** @@ -238,11 +238,11 @@ This user right determines which users and groups are allowed to connect to the This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separate user account with this privilege specially assigned. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users. - +
- + **UserRights/AllowLocalLogOn** @@ -281,11 +281,11 @@ This user right allows a process to impersonate any user without authentication. This user right determines which users can log on to the computer. Note: Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website. - +
- + **UserRights/BackupFilesAndDirectories** @@ -324,11 +324,11 @@ This user right determines which users can log on to the computer. Note: Modifyi This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories.Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Read. Caution: Assigning this user right can be a security risk. Since users with this user right can read any registry settings and files, only assign this user right to trusted users - +
- + **UserRights/ChangeSystemTime** @@ -367,11 +367,11 @@ This user right determines which users can bypass file, directory, registry, and This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. - +
- + **UserRights/CreateGlobalObjects** @@ -410,11 +410,11 @@ This user right determines which users and groups can change the time and date o This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. Caution: Assigning this user right can be a security risk. Assign this user right only to trusted users. - +
- + **UserRights/CreatePageFile** @@ -453,11 +453,11 @@ This security setting determines whether users can create global objects that ar This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users - +
- + **UserRights/CreatePermanentSharedObjects** @@ -496,11 +496,11 @@ This user right determines which users and groups can call an internal applicati This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it is not necessary to specifically assign it. - +
- + **UserRights/CreateSymbolicLinks** @@ -539,11 +539,11 @@ This user right determines which accounts can be used by processes to create a d This user right determines if the user can create a symbolic link from the computer he is logged on to. Caution: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. Note: This setting can be used in conjunction a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type 'fsutil behavior set symlinkevaluation /?' at the command line to get more information about fsutil and symbolic links. - +
- + **UserRights/CreateToken** @@ -582,11 +582,11 @@ This user right determines if the user can create a symbolic link from the compu This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system. - +
- + **UserRights/DebugPrograms** @@ -625,11 +625,11 @@ This user right determines which accounts can be used by processes to create a t This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users. - +
- + **UserRights/DenyAccessFromNetwork** @@ -668,11 +668,11 @@ This user right determines which users can attach a debugger to any process or t This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies. - +
- + **UserRights/DenyLocalLogOn** @@ -711,11 +711,11 @@ This user right determines which users are prevented from accessing a computer o This security setting determines which service accounts are prevented from registering a process as a service. Note: This security setting does not apply to the System, Local Service, or Network Service accounts. - +
- + **UserRights/DenyRemoteDesktopServicesLogOn** @@ -754,11 +754,11 @@ This security setting determines which service accounts are prevented from regis This user right determines which users and groups are prohibited from logging on as a Remote Desktop Services client. - +
- + **UserRights/EnableDelegation** @@ -797,11 +797,11 @@ This user right determines which users and groups are prohibited from logging on This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account does not have the Account cannot be delegated account control flag set. Caution: Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources. - +
- + **UserRights/GenerateSecurityAudits** @@ -840,11 +840,11 @@ This user right determines which users can set the Trusted for Delegation settin This user right determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causing a denial of service. Shut down system immediately if unable to log security audits security policy setting is enabled. - +
- + **UserRights/ImpersonateClient** @@ -887,11 +887,11 @@ Assigning this user right to a user allows programs running on behalf of that us Because of these factors, users do not usually need this user right. Warning: If you enable this setting, programs that previously had the Impersonate privilege may lose it, and they may not run. - +
- + **UserRights/IncreaseSchedulingPriority** @@ -930,11 +930,11 @@ Because of these factors, users do not usually need this user right. Warning: If This user right determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. - +
- + **UserRights/LoadUnloadDeviceDrivers** @@ -973,11 +973,11 @@ This user right determines which accounts can use a process with Write Property This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system. - +
- + **UserRights/LockMemory** @@ -1016,11 +1016,11 @@ This user right determines which users can dynamically load and unload device dr This user right determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). - +
- + **UserRights/ManageAuditingAndSecurityLog** @@ -1059,11 +1059,11 @@ This user right determines which accounts can use a process to keep data in phys This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log. - +
- + **UserRights/ManageVolume** @@ -1102,11 +1102,11 @@ This user right determines which users can specify object access auditing option This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data. - +
- + **UserRights/ModifyFirmwareEnvironment** @@ -1145,11 +1145,11 @@ This user right determines which users and groups can run maintenance tasks on a This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor.On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows.Note: This security setting does not affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties. - +
- + **UserRights/ModifyObjectLabel** @@ -1188,11 +1188,11 @@ This user right determines who can modify firmware environment values. Firmware This user right determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege. - +
- + **UserRights/ProfileSingleProcess** @@ -1231,11 +1231,11 @@ This user right determines which user accounts can modify the integrity label of This user right determines which users can use performance monitoring tools to monitor the performance of system processes. - +
- + **UserRights/RemoteShutdown** @@ -1274,11 +1274,11 @@ This user right determines which users can use performance monitoring tools to m This user right determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service. - +
- + **UserRights/RestoreFilesAndDirectories** @@ -1317,11 +1317,11 @@ This user right determines which users are allowed to shut down a computer from This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Write. Caution: Assigning this user right can be a security risk. Since users with this user right can overwrite registry settings, hide data, and gain ownership of system objects, only assign this user right to trusted users. - +
- + **UserRights/TakeOwnership** @@ -1360,7 +1360,7 @@ This user right determines which users can bypass file, directory, registry, and This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Caution: Assigning this user right can be a security risk. Since owners of objects have full control of them, only assign this user right to trusted users. - +
Footnote: @@ -1369,5 +1369,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 5d27b9d4f0..8fa7a54082 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Wifi @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## Wifi policies
@@ -45,18 +45,18 @@ ms.date: 01/29/2018
- + **WiFi/AllowWiFiHotSpotReporting** This policy has been deprecated. - +
- + **Wifi/AllowAutoConnectToWiFiSenseHotspots** @@ -104,11 +104,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
- + **Wifi/AllowInternetSharing** @@ -156,11 +156,11 @@ The following list shows the supported values: - 1 (default) – Allow the use of Internet Sharing. - +
- + **Wifi/AllowManualWiFiConfiguration** @@ -211,11 +211,11 @@ The following list shows the supported values: - 1 (default) – Adding new network SSIDs beyond the already MDM provisioned ones is allowed. - +
- + **Wifi/AllowWiFi** @@ -263,11 +263,11 @@ The following list shows the supported values: - 1 (default) – WiFi connection is allowed. - +
- + **Wifi/AllowWiFiDirect** @@ -313,11 +313,11 @@ The following list shows the supported values: - 1 - WiFi Direct connection is allowed. - +
- + **Wifi/WLANScanMode** @@ -362,7 +362,7 @@ The default value is 0. Supported operations are Add, Delete, Get, and Replace. - +
Footnote: @@ -371,7 +371,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Wifi policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index a7f22fe4fc..65c25b116e 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - WindowsDefenderSecurityCenter @@ -17,7 +17,7 @@ ms.date: 01/29/2018
- + ## WindowsDefenderSecurityCenter policies
@@ -83,7 +83,7 @@ ms.date: 01/29/2018
- + **WindowsDefenderSecurityCenter/CompanyName** @@ -124,11 +124,11 @@ Added in Windows 10, version 1709. The company name that is displayed to the use Value type is string. Supported operations are Add, Get, Replace and Delete. - +
- + **WindowsDefenderSecurityCenter/DisableAccountProtectionUI** @@ -174,11 +174,11 @@ Valid values: - 1 - (Enable) The users cannot see the display of the Account protection area in Windows Defender Security Center. - +
- + **WindowsDefenderSecurityCenter/DisableAppBrowserUI** @@ -226,11 +226,11 @@ The following list shows the supported values: - 1 - (Enable) The users cannot see the display of the app and browser protection area in Windows Defender Security Center. - +
- + **WindowsDefenderSecurityCenter/DisableDeviceSecurityUI** @@ -276,11 +276,11 @@ Valid values: - 1 - (Enable) The users cannot see the display of the Device secuirty area in Windows Defender Security Center. - +
- + **WindowsDefenderSecurityCenter/DisableEnhancedNotifications** @@ -331,11 +331,11 @@ The following list shows the supported values: - 1 - (Enable) Windows Defender Security Center only display notifications which are considered critical on clients. - +
- + **WindowsDefenderSecurityCenter/DisableFamilyUI** @@ -383,11 +383,11 @@ The following list shows the supported values: - 1 - (Enable) The users cannot see the display of the family options area in Windows Defender Security Center. - +
- + **WindowsDefenderSecurityCenter/DisableHealthUI** @@ -435,11 +435,11 @@ The following list shows the supported values: - 1 - (Enable) The users cannot see the display of the device performance and health area in Windows Defender Security Center. - +
- + **WindowsDefenderSecurityCenter/DisableNetworkUI** @@ -487,11 +487,11 @@ The following list shows the supported values: - 1 - (Enable) The users cannot see the display of the firewall and network protection area in Windows Defender Security Center. - +
- + **WindowsDefenderSecurityCenter/DisableNotifications** @@ -539,11 +539,11 @@ The following list shows the supported values: - 1 - (Enable) The users cannot see the display of Windows Defender Security Center notifications. - +
- + **WindowsDefenderSecurityCenter/DisableVirusUI** @@ -591,11 +591,11 @@ The following list shows the supported values: - 1 - (Enable) The users cannot see the display of the virus and threat protection area in Windows Defender Security Center. - +
- + **WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride** @@ -643,11 +643,11 @@ The following list shows the supported values: - 1 - (Enable) Local users cannot make changes in the exploit protection settings area. - +
- + **WindowsDefenderSecurityCenter/Email** @@ -688,11 +688,11 @@ Added in Windows 10, version 1709. The email address that is displayed to users. Value type is string. Supported operations are Add, Get, Replace and Delete. - +
- + **WindowsDefenderSecurityCenter/EnableCustomizedToasts** @@ -740,11 +740,11 @@ The following list shows the supported values: - 1 - (Enable) Notifications contain the company name and contact options. - +
- + **WindowsDefenderSecurityCenter/EnableInAppCustomization** @@ -792,11 +792,11 @@ The following list shows the supported values: - 1 - (Enable) Display the company name and contact options in the card fly out notification. - +
- + **WindowsDefenderSecurityCenter/HideRansomwareDataRecovery** @@ -842,11 +842,11 @@ Valid values: - 1 - (Enable) The Ransomware data recovery area is hidden. - +
- + **WindowsDefenderSecurityCenter/HideSecureBoot** @@ -892,11 +892,11 @@ Valid values: - 1 - (Enable) The Secure boot area is hidden. - +
- + **WindowsDefenderSecurityCenter/HideTPMTroubleshooting** @@ -942,11 +942,11 @@ Valid values: - 1 - (Enable) The Security processor (TPM) troubleshooting area is hidden. - +
- + **WindowsDefenderSecurityCenter/Phone** @@ -987,11 +987,11 @@ Added in Windows 10, version 1709. The phone number or Skype ID that is displaye Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
- + **WindowsDefenderSecurityCenter/URL** @@ -1032,7 +1032,7 @@ Added in Windows 10, version 1709. The help portal URL this is displayed to user Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
Footnote: @@ -1041,5 +1041,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index 69290e276b..0b0a6104d4 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - WindowsInkWorkspace @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## WindowsInkWorkspace policies
@@ -30,7 +30,7 @@ ms.date: 01/29/2018
- + **WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace** @@ -76,11 +76,11 @@ The following list shows the supported values: - 1 (default) -allow app suggestions. - +
- + **WindowsInkWorkspace/AllowWindowsInkWorkspace** @@ -127,7 +127,7 @@ Value type is int. The following list shows the supported values: - 2 (default) - ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen. - +
Footnote: @@ -136,5 +136,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 9679d7b3a3..513b783cee 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - WindowsLogon @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## WindowsLogon policies
@@ -33,7 +33,7 @@ ms.date: 01/29/2018
- + **WindowsLogon/DisableLockScreenAppNotifications** @@ -91,11 +91,11 @@ ADMX Info: - GP ADMX file name: *logon.admx* - +
- + **WindowsLogon/DontDisplayNetworkSelectionUI** @@ -153,11 +153,11 @@ ADMX Info: - GP ADMX file name: *logon.admx* - +
- + **WindowsLogon/HideFastUserSwitching** @@ -210,7 +210,7 @@ To validate on Desktop, do the following: 2. Verify that the Switch account button in Start is hidden. - +
Footnote: @@ -219,5 +219,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index e7c65f476a..5830a05aa4 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - WirelessDisplay @@ -15,7 +15,7 @@ ms.date: 01/29/2018
- + ## WirelessDisplay policies
@@ -48,7 +48,7 @@ ms.date: 01/29/2018
- + **WirelessDisplay/AllowMdnsAdvertisement** @@ -94,11 +94,11 @@ The following list shows the supported values: - 1 - Allow - +
- + **WirelessDisplay/AllowMdnsDiscovery** @@ -144,11 +144,11 @@ The following list shows the supported values: - 1 - Allow - +
- + **WirelessDisplay/AllowProjectionFromPC** @@ -194,11 +194,11 @@ The following list shows the supported values: - 1 - your PC can discover and project to other devices - +
- + **WirelessDisplay/AllowProjectionFromPCOverInfrastructure** @@ -244,11 +244,11 @@ The following list shows the supported values: - 1 - your PC can discover and project to other devices over infrastructure. - +
- + **WirelessDisplay/AllowProjectionToPC** @@ -298,11 +298,11 @@ The following list shows the supported values: - 1 (default) - projection to PC is allowed. Enabled only above the lock screen. - +
- + **WirelessDisplay/AllowProjectionToPCOverInfrastructure** @@ -348,11 +348,11 @@ The following list shows the supported values: - 1 - your PC is discoverable and other devices can project to it over infrastructure. - +
- + **WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver** @@ -375,11 +375,11 @@ The following list shows the supported values: - 1 (default) - Wireless display input enabled. - +
- + **WirelessDisplay/RequirePinForPairing** @@ -429,7 +429,7 @@ The following list shows the supported values: - 1 - PIN is required. - +
Footnote: @@ -438,5 +438,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md index a86a8fef94..5fa0f29fa7 100644 --- a/windows/client-management/mdm/tpmpolicy-csp.md +++ b/windows/client-management/mdm/tpmpolicy-csp.md @@ -12,7 +12,7 @@ ms.date: 11/01/2017 # TPMPolicy CSP -The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (telemetry or otherwise, such as downloading background images, Windows Updates, etc.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval. +The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, etc.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval. The TPMPolicy CSP was added in Windows 10, version 1703. @@ -30,7 +30,7 @@ The following diagram shows the TPMPolicy configuration service provider in tree
  • There should be no traffic when machine is on idle. When the user is not interacting with the system/device, no traffic is expected.
  • There should be no traffic during installation of Windows and first logon when local ID is used.
  • Launching and using a local app (Notepad, Paint, etc.) should not send any traffic. Similarly, performing common tasks (clicking on start menu, browsing folders, etc.) should not send any traffic.
    • -
  • Launching and using Internet enabled apps should not send any unexpected traffic (for maintenance, diagnostic, telemetry, etc.) to Microsoft.
    • +
  • Launching and using Internet enabled apps should not send any unexpected traffic (for maintenance, diagnostic data, etc.) to Microsoft.
    • Here is an example: diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md index 5999ebee5e..4e19920eef 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md @@ -77,7 +77,7 @@ The following list describes the characteristics and parameters.

    Supported operations are Get and Replace. **Configuration/TelemetryReportingFrequency** -

    Added in Windows 10, version 1703. Returns or sets the Windows Defender Advanced Threat Protection telemetry reporting frequency. +

    Added in Windows 10, version 1703. Returns or sets the Windows Defender Advanced Threat Protection diagnostic data reporting frequency.

    The following list shows the supported values: diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md index a47fcba793..d475e14ee4 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md @@ -227,7 +227,7 @@ The XML below is the current version for this CSP. 1 - Return or set Windows Defender Advanced Threat Protection telemetry reporting frequency. Allowed values are: 1 - Normal, 2 - Expedite + Return or set Windows Defender Advanced Threat Protection diagnostic data reporting frequency. Allowed values are: 1 - Normal, 2 - Expedite diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md index f0535dc3e4..a330013d0d 100644 --- a/windows/client-management/windows-10-mobile-and-mdm.md +++ b/windows/client-management/windows-10-mobile-and-mdm.md @@ -2,7 +2,7 @@ title: Windows 10 Mobile deployment and management guide (Windows 10) description: This guide helps IT professionals plan for and deploy Windows 10 Mobile devices. ms.assetid: 6CAA1004-CB65-4FEC-9B84-61AAD2125E5E -keywords: Mobile, telemetry, BYOD, MDM +keywords: Mobile, diagnostic data, BYOD, MDM ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -14,7 +14,8 @@ ms.date: 09/21/2017 # Windows 10 Mobile deployment and management guide -*Applies to: Windows 10 Mobile, version 1511 and Windows 10 Mobile, version 1607* +**Applies to:** +- Windows 10 Mobile, version 1511 and Windows 10 Mobile, version 1607 This guide helps IT professionals plan for and deploy Windows 10 Mobile devices. @@ -189,7 +190,7 @@ Multiple MDM systems support Windows 10 and most support personal and corporate In addition, Microsoft recently added MDM capabilities powered by Intune to Office 365. MDM for Office 365 supports mobile devices only, such as those running Windows 10 Mobile, iOS, and Android. MDM for Office 365 offers a subset of the management capabilities found in Intune, including the ability to remotely wipe a device, block a device from accessing Exchange Server email, and configure device policies (e.g., passcode requirements). For more information about MDM for Office 365 capabilities, see [Overview of Mobile Device Management for Office 365](http://technet.microsoft.com/en-us/library/ms.o365.cc.devicepolicy.aspx). **Cloud services** -On mobile devices that run Windows 10 Mobile, users can easily connect to cloud services that provide user notifications and collect telemetry (usage data). Windows 10 Mobile enables organizations to manage how devices consume these cloud services. +On mobile devices that run Windows 10 Mobile, users can easily connect to cloud services that provide user notifications and collect diagnostic and usage data. Windows 10 Mobile enables organizations to manage how devices consume these cloud services. **Windows Push Notification Services** The Windows Push Notification Services enable software developers to send toast, tile, badge, and raw updates from their cloud services. It provides a mechanism to deliver updates to users in a power-efficient and dependable way. @@ -795,9 +796,9 @@ While Windows 10 Mobile provides updates directly to user devices from Windows U Upgrading to Windows 10 Mobile Enterprise edition provides additional device and app management capabilities for organizations that want to: - **Defer, approve and deploy feature and quality updates:** Windows 10 Mobile devices get updates directly from Windows Update. If you want to curate updates prior to deploying them, an upgrade to Windows 10 Mobile Enterprise edition is required. Once Enterprise edition is enabled, the phone can be set to the Current Branch for Business servicing option, giving IT additional time to test updates before they are released. - **Deploy an unlimited number of self-signed LOB apps to a single device:** To use an MDM system to deploy LOB apps directly to devices, you must cryptographically sign the software packages with a code signing certificate that your organization’s certificate authority (CA) generates. You can deploy a maximum of 20 self-signed LOB apps to a Windows 10 Mobile device. To deploy more than 20 self-signed LOB apps, Windows 10 Mobile Enterprise is required. -- **Set the telemetry level:** Microsoft collects telemetry data to help keep Windows devices secure and to help Microsoft improve the quality of Windows and Microsoft services. An upgrade to Windows 10 Mobile Enterprise edition is required to set the telemetry level so that only telemetry information required to keep devices secured is gathered. +- **Set the diagnostic data level:** Microsoft collects diagnostic data to help keep Windows devices secure and to help Microsoft improve the quality of Windows and Microsoft services. An upgrade to Windows 10 Mobile Enterprise edition is required to set the diagnostic data level so that only diagnostic information required to keep devices secured is gathered. -To learn more about telemetry, visit [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization). +To learn more about diagnostic, see [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization). To activate Windows 10 Mobile Enterprise, use your MDM system or a provisioning package to inject the Windows 10 Enterprise license on a Windows 10 Mobile device. Licenses can be obtained from the Volume Licensing portal. For testing purposes, you can obtain a licensing file from the MSDN download center. A valid MSDN subscription is required. @@ -1007,17 +1008,17 @@ The following list shows examples of the Windows 10 Mobile software and hardware - **Secure Boot state** Indicates whether Secure Boot is enabled - **Enterprise encryption policy compliance** Indicates whether the device is encrypted -### Manage telemetry +### Manage diagnostic data *Applies to: Corporate devices with Windows 10 Mobile Enterprise edition* -Microsoft uses telemetry (diagnostics, performance, and usage data) from Windows devices to help inform decisions and focus efforts to provide the most robust and valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Telemetry helps keep Windows devices healthy, improve the operating system, and personalize features and services. +Microsoft uses diagnostics, performance, and usage data from Windows devices to help inform decisions and focus efforts to provide the most robust and valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Diagnostic data helps keep Windows devices healthy, improve the operating system, and personalize features and services. -You can control the level of data that telemetry systems collect. To configure devices, specify one of these levels in the Allow Telemetry setting with your MDM system. +You can control the level of data that diagnostic data systems collect. To configure devices, specify one of these levels in the Allow Telemetry setting with your MDM system. -For more information, see [Configure Windows telemetry in Your organization](/windows/configuration/configure-windows-telemetry-in-your-organization). +For more information, see [Configure Windows diagnostic data in Your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization). ->**Note:** Telemetry can only be managed when the device is upgraded to Windows 10 Mobile Enterprise edition. +>**Note:** Diagnostic data can only be managed when the device is upgraded to Windows 10 Mobile Enterprise edition. ### Remote assistance diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md index 24d1e1b2eb..2542a03b63 100644 --- a/windows/configuration/TOC.md +++ b/windows/configuration/TOC.md @@ -1,10 +1,10 @@ # [Configure Windows 10](index.md) -## [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md) +## [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) ## [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md) ## [Windows 10, version 1709 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) -## [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](enhanced-telemetry-windows-analytics-events-and-fields.md) +## [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md) ## [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) -## [Windows 10 diagnostic data for the Full telemetry level](windows-diagnostic-data-1703.md) +## [Windows 10 diagnostic data for the Full diagnostic data level](windows-diagnostic-data-1703.md) ## [Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md) ## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) ## [Manage Windows 10 connection endpoints](manage-windows-endpoints-version-1709.md) diff --git a/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md index cf42ebfdaf..d6c2534f87 100644 --- a/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md +++ b/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md @@ -1,7 +1,7 @@ --- description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. title: Windows 10, version 1703 basic diagnostic events and fields (Windows 10) -keywords: privacy, telemetry +keywords: privacy, diagnostic data ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -24,7 +24,7 @@ The Basic level gathers a limited set of information that is critical for unders Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data. You can learn more about Windows functional and diagnostic data through these articles: - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) -- [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md) +- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) >[!Note] >Updated November 2017 to document new and modified events. We’ve added some new events and also added new fields to existing events to prepare for upgrades to the next release of Windows. @@ -88,12 +88,12 @@ The following fields are available: - **epoch** Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server. - **seqNum** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue.  The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server. - **iKey** Represents an ID for applications or other logical groupings of events. -- **flags** Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency. +- **flags** Represents a collection of bits that describe how the event should be processed by the Connected User Experiences and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency. - **os** Represents the operating system name. - **osVer** Represents the OS version, and its format is OS dependent. - **appId** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application. - **appVer** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app. -- **cV** Represents the Correlation Vector: A single field for tracking partial order of related telemetry events across component boundaries. +- **cV** Represents the Correlation Vector: A single field for tracking partial order of related diagnostic data events across component boundaries. ### Common Data Extensions.OS @@ -135,7 +135,7 @@ The following fields are available: ### Common Data Extensions.Consent UI Event -This User Account Control (UAC) telemetry point collects information on elevations that originate from low integrity levels. This occurs when a process running at low integrity level (IL) requires higher (administrator) privileges, and therefore requests for elevation via UAC (consent.exe). By better understanding the processes requesting these elevations, Microsoft can in turn improve the detection and handling of potentially malicious behavior in this path. +This User Account Control (UAC) diagnostic data point collects information on elevations that originate from low integrity levels. This occurs when a process running at low integrity level (IL) requires higher (administrator) privileges, and therefore requests for elevation via UAC (consent.exe). By better understanding the processes requesting these elevations, Microsoft can in turn improve the detection and handling of potentially malicious behavior in this path. The following fields are available: @@ -198,7 +198,7 @@ The following fields are available: - **HKCU_FlipAhead.HRESULT** The error code returned when trying to query Flip Ahead for the current user. - **HKLM_TailoredExperiences.TailoredExperiencesWithDiagnosticDataEnabled** Is Tailored Experiences with Diagnostics Data enabled for the current user after the feature update had completed? - **HKCU_TailoredExperiences.HRESULT** The error code returned when trying to query Tailored Experiences with Diagnostics Data for the current user. -- **HKLM_AdvertisingID.Enabled** Is the adveristing ID enabled for the device? +- **HKLM_AdvertisingID.Enabled** Is the adverising ID enabled for the device? - **HKLM_AdvertisingID.HRESULT** The error code returned when trying to query the state of the advertising ID for the device. - **HKCU_AdvertisingID.Enabled** Is the adveristing ID enabled for the current user? - **HKCU_AdvertisingID.HRESULT** The error code returned when trying to query the state of the advertising ID for the user. @@ -332,7 +332,7 @@ The following fields are available: - **HasCitData** Is the file present in CIT data? - **HasUpgradeExe** Does the anti-virus app have an upgrade.exe file? - **IsAv** Is the file an anti-virus reporting EXE? -- **ResolveAttempted** This will always be an empty string when sending telemetry. +- **ResolveAttempted** This will always be an empty string when sending diagnostic data. - **SdbEntries** An array of fields that indicates the SDB entries that apply to this file. @@ -1032,7 +1032,7 @@ The following fields are available: - **AppraiserBranch** The source branch in which the currently running version of Appraiser was built. - **AppraiserVersion** The version of the Appraiser file generating the events. -- **Context** Indicates what mode Appraiser is running in. Example: Setup or Telemetry. +- **Context** Indicates what mode Appraiser is running in. Example: Setup or Diagnostic Data. - **Time** The client time of the event. - **AppraiserProcess** The name of the process that launched Appraiser. - **PCFP** An ID for the system calculated by hashing hardware identifiers. @@ -1354,35 +1354,35 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.TelemetryRunHealth -A summary event indicating the parameters and result of a telemetry run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date. +A summary event indicating the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date. The following fields are available: - **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal. - **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device. -- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability. +- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability. - **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app. - **Time** The client time of the event. -- **RunDate** The date that the telemetry run was stated, expressed as a filetime. +- **RunDate** The date that the diagnostic data run was stated, expressed as a filetime. - **AppraiserProcess** The name of the process that launched Appraiser. - **AppraiserVersion** The file version (major, minor and build) of the Appraiser DLL, concatenated without dots. -- **SendingUtc** Indicates if the Appraiser client is sending events during the current telemetry run. +- **SendingUtc** Indicates if the Appraiser client is sending events during the current diagnostic data run. - **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan. - **AppraiserBranch** The source branch in which the version of Appraiser that is running was built. -- **EnterpriseRun** Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter. -- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic. +- **EnterpriseRun** Indicates if the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter. +- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic. - **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row. - **AuxFinal** Obsolete, always set to false - **StoreHandleIsNotNull** Obsolete, always set to false - **VerboseMode** Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging. -- **AppraiserDataVersion** The version of the data files being used by the Appraiser telemetry run. +- **AppraiserDataVersion** The version of the data files being used by the Appraiser diagnostic data run. - **FullSync** Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent. - **InventoryFullSync** Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent. - **PCFP** An ID for the system calculated by hashing hardware identifiers. - **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information. -- **TelementrySent** Indicates if telemetry was successfully sent. +- **TelementrySent** Indicates if diagnostic data was successfully sent. - **WhyFullSyncWithoutTablePrefix** Indicates the reason or reasons that a full sync was generated. -- **RunResult** The hresult of the Appraiser telemetry run. +- **RunResult** The hresult of the Appraiser diagnostic data run. ### Microsoft.Windows.Appraiser.General.WmdrmAdd @@ -1502,14 +1502,14 @@ The following fields are available: - **MSA_Accounts** Represents a list of hashed IDs of the Microsoft Accounts that are flighting (pre-release builds) on this device. - **IsFlightsDisabled** Represents if the device is participating in the Windows Insider program. - **FlightingBranchName** The name of the Windows Insider branch currently used by the device. -- **DeviceSampleRate** The telemetry sample rate assigned to the device. +- **DeviceSampleRate** The diagnostic data sample rate assigned to the device. - **EnablePreviewBuilds** Used to enable Windows Insider builds on a device. - **SSRK** Retrieves the mobile targeting settings. ### Census.Hardware -This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support, to help keep Windows up-to-date. +This event sends data about the device, including hardware type, OEM brand, model line, model, diagnostic data level setting, and TPM support, to help keep Windows up-to-date. The following fields are available: @@ -1532,8 +1532,8 @@ The following fields are available: - **PowerPlatformRole** The OEM preferred power management profile. It's used to help to identify the basic form factor of the device. - **TPMVersion** The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0. - **StudyID** Used to identify retail and non-retail device. -- **TelemetryLevel** The telemetry level the user has opted into, such as Basic or Enhanced. -- **TelemetrySettingAuthority** Determines who set the telemetry level, such as GP, MDM, or the user. +- **TelemetryLevel** The diagnostic data level the user has opted into, such as Basic or Enhanced. +- **TelemetrySettingAuthority** Determines who set the diagnostic data level, such as GP, MDM, or the user. - **DeviceForm** Indicates the form as per the device classification. - **DigitizerSupport** Is a digitizer supported? - **OEMModelBaseBoard** The baseboard model used by the OEM. @@ -1545,7 +1545,7 @@ The following fields are available: - **Gyroscope** Indicates whether the device has a gyroscope. - **Magnetometer** Indicates whether the device has a magnetometer. - **NFCProximity** Indicates whether the device supports NFC. -- **TelemetryLevelLimitEnhanced** The telemetry level for Windows Analytics-based solutions. +- **TelemetryLevelLimitEnhanced** The diagnostic data level for Windows Analytics-based solutions. ### Census.Memory @@ -1784,45 +1784,45 @@ This event provides information on about security settings used to help keep Win ### TelClientSynthetic.AuthorizationInfo_RuntimeTransition -This event sends data indicating that a device has undergone a change of telemetry opt-in level during the runtime of the device (not at UTC boot or offline), to help keep Windows up to date. +This event sends data indicating that a device has undergone a change of diagnostic data opt-in level during the runtime of the device (not at UTC boot or offline), to help keep Windows up to date. The following fields are available: -- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups. -- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism. +- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto diagnostic data from the OS provider groups. +- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS diagnostic data. Non-OS diagnostic data is responsible for providing its own opt-in mechanism. - **CanCollectCoreTelemetry** True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA. - **CanCollectHeartbeats** True if UTC is allowed to collect heartbeats. -- **CanCollectOsTelemetry** True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry). +- **CanCollectOsTelemetry** True if UTC is allowed to collect diagnostic data from the OS provider groups. - **CanPerformDiagnosticEscalations** True if UTC is allowed to perform all scenario escalations. - **CanPerformScripting** True if UTC is allowed to perform scripting. - **CanPerformTraceEscalations** True if UTC is allowed to perform scenario escalations with tracing actions. - **CanReportScenarios** True if UTC is allowed to load and report scenario completion, failure, and cancellation events. -- **TransitionFromEverythingOff** True if this transition is moving from not allowing core telemetry to allowing core telemetry. -- **PreviousPermissions** Bitmask representing the previously configured permissions since the telemetry opt-in level was last changed. +- **TransitionFromEverythingOff** True if this transition is moving from not allowing core diagnostic data to allowing core diagnostic data. +- **PreviousPermissions** Bitmask representing the previously configured permissions since the diagnostic data opt-in level was last changed. ### TelClientSynthetic.AuthorizationInfo_Startup -This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date. +This event sends data indicating that a device has undergone a change of diagnostic data opt-in level detected at UTC startup, to help keep Windows up to date. The following fields are available: -- **TransitionFromEverythingOff** True if this transition is moving from not allowing core telemetry to allowing core telemetry. -- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism. +- **TransitionFromEverythingOff** True if this transition is moving from not allowing core diagnostic data to allowing core diagnostic data. +- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS diagnostic data. Non-OS diagnostic data is responsible for providing its own opt-in mechanism. - **CanCollectHeartbeats** True if UTC is allowed to collect heartbeats. - **CanCollectCoreTelemetry** True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA. -- **CanCollectOsTelemetry** True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry). +- **CanCollectOsTelemetry** True if UTC is allowed to collect diagnostic data from the OS provider groups. - **CanReportScenarios** True if UTC is allowed to load and report scenario completion, failure, and cancellation events. -- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups. +- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto diagnostic data from the OS provider groups. - **CanPerformTraceEscalations** True if UTC is allowed to perform scenario escalations with tracing actions. - **CanPerformDiagnosticEscalations** True if UTC is allowed to perform all scenario escalations. - **CanPerformScripting** True if UTC is allowed to perform scripting. -- **PreviousPermissions** Bitmask representing the previously configured permissions since the telemetry client was last started. +- **PreviousPermissions** Bitmask representing the previously configured permissions since the diagnostic data client was last started. ### TelClientSynthetic.ConnectivityHeartBeat_0 -This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network. +This event sends data about the connectivity status of the Connected User Experiences and Telemetry component that uploads diagnostic data events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network. The following fields are available: @@ -1838,13 +1838,13 @@ The following fields are available: ### TelClientSynthetic.HeartBeat_5 -This event sends data about the health and quality of the telemetry data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device. +This event sends data about the health and quality of the diagnostic data data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device. The following fields are available: - **PreviousHeartBeatTime** The time of last heartbeat event. This allows chaining of events. -- **EtwDroppedCount** The number of events dropped by the ETW layer of the telemetry client. -- **ConsumerDroppedCount** The number of events dropped by the consumer layer of the telemetry client. +- **EtwDroppedCount** The number of events dropped by the ETW layer of the diagnostic data client. +- **ConsumerDroppedCount** The number of events dropped by the consumer layer of the diagnostic data client. - **DecodingDroppedCount** The number of events dropped because of decoding failures. - **ThrottledDroppedCount** The number of events dropped due to throttling of noisy providers. - **DbDroppedCount** The number of events that were dropped because the database was full. @@ -1852,10 +1852,10 @@ The following fields are available: - **EventSubStoreResetSizeSum** The total size of the event database across all resets reports in this instance. - **CriticalOverflowEntersCounter** The number of times a critical overflow mode was entered into the event database. - **EnteringCriticalOverflowDroppedCounter** The number of events that was dropped because a critical overflow mode was initiated. -- **UploaderDroppedCount** The number of events dropped by the uploader layer of the telemetry client. +- **UploaderDroppedCount** The number of events dropped by the uploader layer of the diagnostic data client. - **InvalidHttpCodeCount** The number of invalid HTTP codes received from Vortex. - **LastInvalidHttpCode** The last invalid HTTP code received from Vortex. -- **MaxInUseScenarioCounter** The soft maximum number of scenarios loaded by the Connected User Experience and Telemetry component. +- **MaxInUseScenarioCounter** The soft maximum number of scenarios loaded by the Connected User Experiences and Telemetry component. - **LastEventSizeOffender** The name of the last event that exceeded the maximum event size. - **SettingsHttpAttempts** The number of attempts to contact the OneSettings service. - **SettingsHttpFailures** The number of failures from contacting the OneSettings service. @@ -1957,7 +1957,7 @@ The following fields are available: - **ProcessArchitecture** Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64. - **ReportId** A GUID used to identify the report. This can used to track the report across Watson. - **Flags** Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting. -- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend. +- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the diagnostic data backend. - **TargetAppId** The kernel reported AppId of the application being reported. - **TargetAppVer** The specific version of the application being reported - **TargetAsId** The sequence number for the hanging process. @@ -1982,7 +1982,7 @@ The following fields are available: - **ProcessArchitecture** Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64. - **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application id of the package. - **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it is waiting. -- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the telemetry backend. +- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the diagnostic data backend. - **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting. - **PackageFullName** Store application identity. - **AppVersion** The version of the app that has hung. diff --git a/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md b/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md index d4a94c3455..7db5063374 100644 --- a/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md +++ b/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md @@ -1,7 +1,7 @@ --- description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. title: Windows 10, version 1709 basic diagnostic events and fields (Windows 10) -keywords: privacy, telemetry +keywords: privacy, diagnostic data ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -32,7 +32,7 @@ You can learn more about Windows functional and diagnostic data through these ar - [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) -- [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md) +- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) @@ -106,7 +106,7 @@ The following fields are available: - **osVer** Represents the OS version, and its format is OS dependent. - **appId** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application. - **appVer** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app. -- **cV** Represents the Correlation Vector: A single field for tracking partial order of related telemetry events across component boundaries. +- **cV** Represents the Correlation Vector: A single field for tracking partial order of related diagnostic data events across component boundaries. ### Common Data Extensions.OS @@ -148,7 +148,7 @@ The following fields are available: ### Common Data Extensions.Consent UI Event -This User Account Control (UAC) telemetry point collects information on elevations that originate from low integrity levels. This occurs when a process running at low integrity level (IL) requires higher (administrator) privileges, and therefore requests for elevation via UAC (consent.exe). By better understanding the processes requesting these elevations, Microsoft can in turn improve the detection and handling of potentially malicious behavior in this path. +This User Account Control (UAC) diagnostic data point collects information on elevations that originate from low integrity levels. This occurs when a process running at low integrity level (IL) requires higher (administrator) privileges, and therefore requests for elevation via UAC (consent.exe). By better understanding the processes requesting these elevations, Microsoft can in turn improve the detection and handling of potentially malicious behavior in this path. The following fields are available: @@ -262,39 +262,39 @@ The following fields are available: - **AppraiserBranch** The source branch in which the currently running version of Appraiser was built. - **AppraiserProcess** The name of the process that launched Appraiser. - **AppraiserVersion** The version of the Appraiser file generating the events. -- **Context** Indicates what mode Appraiser is running in. Example: Setup or Telemetry. +- **Context** Indicates what mode Appraiser is running in. Example: Setup or Diagnostic Data. - **PCFP** An ID for the system calculated by hashing hardware identifiers. - **Time** The client time of the event. ### Microsoft.Windows.Appraiser.General.TelemetryRunHealth -A summary event indicating the parameters and result of a telemetry run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date. +A summary event indicating the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date. The following fields are available: - **AppraiserBranch** The source branch in which the version of Appraiser that is running was built. -- **AppraiserDataVersion** The version of the data files being used by the Appraiser telemetry run. +- **AppraiserDataVersion** The version of the data files being used by the Appraiser diagnostic data run. - **AppraiserProcess** The name of the process that launched Appraiser. - **AppraiserVersion** The file version (major, minor and build) of the Appraiser DLL, concatenated without dots. - **AuxFinal** Obsolete, always set to false - **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app. - **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan. -- **EnterpriseRun** Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter. +- **EnterpriseRun** Indicates if the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter. - **FullSync** Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent. - **InventoryFullSync** Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent. - **PCFP** An ID for the system calculated by hashing hardware identifiers. - **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal. - **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row. - **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device. -- **RunDate** The date that the telemetry run was stated, expressed as a filetime. -- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic. +- **RunDate** The date that the diagnostic data run was stated, expressed as a filetime. +- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic. - **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information. -- **RunResult** The hresult of the Appraiser telemetry run. -- **SendingUtc** Indicates if the Appraiser client is sending events during the current telemetry run. +- **RunResult** The hresult of the Appraiser diagnostic data run. +- **SendingUtc** Indicates if the Appraiser client is sending events during the current diagnostic data run. - **StoreHandleIsNotNull** Obsolete, always set to false -- **TelementrySent** Indicates if telemetry was successfully sent. -- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability. +- **TelementrySent** Indicates if diagnostic data was successfully sent. +- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability. - **Time** The client time of the event. - **VerboseMode** Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging. - **WhyFullSyncWithoutTablePrefix** Indicates the reason or reasons that a full sync was generated. @@ -1461,7 +1461,7 @@ This event sends Windows Insider data from customers participating in improvemen The following fields are available: -- **DeviceSampleRate** The telemetry sample rate assigned to the device. +- **DeviceSampleRate** The diagnostic data sample rate assigned to the device. - **EnablePreviewBuilds** Used to enable Windows Insider builds on a device. - **FlightIds** A list of the different Windows Insider builds on this device. - **FlightingBranchName** The name of the Windows Insider branch currently used by the device. @@ -1472,7 +1472,7 @@ The following fields are available: ### Census.Hardware -This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support, to help keep Windows up-to-date. +This event sends data about the device, including hardware type, OEM brand, model line, model, diagnostic data level setting, and TPM support, to help keep Windows up-to-date. The following fields are available: @@ -1504,9 +1504,9 @@ The following fields are available: - **PowerPlatformRole** The OEM preferred power management profile. It's used to help to identify the basic form factor of the device. - **SoCName** The firmware manufacturer of the device. - **StudyID** Used to identify retail and non-retail device. -- **TelemetryLevel** The telemetry level the user has opted into, such as Basic or Enhanced. -- **TelemetryLevelLimitEnhanced** The telemetry level for Windows Analytics-based solutions. -- **TelemetrySettingAuthority** Determines who set the telemetry level, such as GP, MDM, or the user. +- **TelemetryLevel** The diagnostic data level the user has opted into, such as Basic or Enhanced. +- **TelemetryLevelLimitEnhanced** The diagnostic data level for Windows Analytics-based solutions. +- **TelemetrySettingAuthority** Determines who set the diagnostic data level, such as GP, MDM, or the user. - **TPMVersion** The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0. - **VoiceSupported** Does the device have a cellular radio capable of making voice calls? @@ -1729,45 +1729,45 @@ This event provides information on about security settings used to help keep Win ### TelClientSynthetic.AuthorizationInfo_Startup -This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date. +This event sends data indicating that a device has undergone a change of diagnostic data opt-in level detected at UTC startup, to help keep Windows up to date. The following fields are available: -- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups. -- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism. +- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto diagnostic data from the OS provider groups. +- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS diagnostic data. Non-OS diagnostic data is responsible for providing its own opt-in mechanism. - **CanCollectCoreTelemetry** True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA. - **CanCollectHeartbeats** True if UTC is allowed to collect heartbeats. -- **CanCollectOsTelemetry** True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry). +- **CanCollectOsTelemetry** True if UTC is allowed to collect diagnostic data from the OS provider groups. - **CanPerformDiagnosticEscalations** True if UTC is allowed to perform all scenario escalations. - **CanPerformScripting** True if UTC is allowed to perform scripting. - **CanPerformTraceEscalations** True if UTC is allowed to perform scenario escalations with tracing actions. - **CanReportScenarios** True if UTC is allowed to load and report scenario completion, failure, and cancellation events. -- **PreviousPermissions** Bitmask representing the previously configured permissions since the telemetry client was last started. -- **TransitionFromEverythingOff** True if this transition is moving from not allowing core telemetry to allowing core telemetry. +- **PreviousPermissions** Bitmask representing the previously configured permissions since the diagnostic data client was last started. +- **TransitionFromEverythingOff** True if this transition is moving from not allowing core diagnostic data to allowing core diagnostic data. ### TelClientSynthetic.AuthorizationInfo_RuntimeTransition -This event sends data indicating that a device has undergone a change of telemetry opt-in level during the runtime of the device (not at UTC boot or offline), to help keep Windows up to date. +This event sends data indicating that a device has undergone a change of diagnostic data opt-in level during the runtime of the device (not at UTC boot or offline), to help keep Windows up to date. The following fields are available: -- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups. -- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism. +- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto diagnostic data from the OS provider groups. +- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS diagnostic data. Non-OS diagnostic data is responsible for providing its own opt-in mechanism. - **CanCollectCoreTelemetry** True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA. - **CanCollectHeartbeats** True if UTC is allowed to collect heartbeats. -- **CanCollectOsTelemetry** True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry). +- **CanCollectOsTelemetry** True if UTC is allowed to collect diagnostic data from the OS provider groups. - **CanPerformDiagnosticEscalations** True if UTC is allowed to perform all scenario escalations. - **CanPerformScripting** True if UTC is allowed to perform scripting. - **CanPerformTraceEscalations** True if UTC is allowed to perform scenario escalations with tracing actions. - **CanReportScenarios** True if UTC is allowed to load and report scenario completion, failure, and cancellation events. -- **PreviousPermissions** Bitmask representing the previously configured permissions since the telemetry opt-in level was last changed. -- **TransitionFromEverythingOff** True if this transition is moving from not allowing core telemetry to allowing core telemetry. +- **PreviousPermissions** Bitmask representing the previously configured permissions since the diagnostic data opt-in level was last changed. +- **TransitionFromEverythingOff** True if this transition is moving from not allowing core diagnostic data to allowing core diagnostic data. ### TelClientSynthetic.ConnectivityHeartBeat_0 -This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network. +This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads diagnostic data events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network. The following fields are available: @@ -1783,7 +1783,7 @@ The following fields are available: ### TelClientSynthetic.HeartBeat_5 -This event sends data about the health and quality of the telemetry data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device. +This event sends data about the health and quality of the diagnostic data data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device. The following fields are available: @@ -1791,7 +1791,7 @@ The following fields are available: - **CensusExitCode** The last exit code of the Census task. - **CensusStartTime** The time of the last Census run. - **CensusTaskEnabled** Indicates whether Census is enabled. -- **ConsumerDroppedCount** The number of events dropped by the consumer layer of the telemetry client. +- **ConsumerDroppedCount** The number of events dropped by the consumer layer of the diagnostic data client. - **CriticalDataDbDroppedCount** The number of critical data sampled events that were dropped at the database layer. - **CriticalDataThrottleDroppedCount** The number of critical data sampled events that were dropped because of throttling. - **CriticalOverflowEntersCounter** The number of times a critical overflow mode was entered into the event database. @@ -1800,7 +1800,7 @@ The following fields are available: - **DecodingDroppedCount** The number of events dropped because of decoding failures. - **EnteringCriticalOverflowDroppedCounter** The number of events that was dropped because a critical overflow mode was initiated. - **EtwDroppedBufferCount** The number of buffers dropped in the CUET ETW session. -- **EtwDroppedCount** The number of events dropped by the ETW layer of the telemetry client. +- **EtwDroppedCount** The number of events dropped by the ETW layer of the diagnostic data client. - **EventSubStoreResetCounter** The number of times the event database was reset. - **EventSubStoreResetSizeSum** The total size of the event database across all resets reports in this instance. - **EventsUploaded** The number of events that have been uploaded. @@ -1817,7 +1817,7 @@ The following fields are available: - **SettingsHttpAttempts** The number of attempts to contact the OneSettings service. - **SettingsHttpFailures** The number of failures from contacting the OneSettings service. - **ThrottledDroppedCount** The number of events dropped due to throttling of noisy providers. -- **UploaderDroppedCount** The number of events dropped by the uploader layer of the telemetry client. +- **UploaderDroppedCount** The number of events dropped by the uploader layer of the diagnostic data client. - **VortexFailuresTimeout** The number of timeout failures received from Vortex. - **VortexHttpAttempts** The number of attempts to contact the Vortex service. - **VortexHttpFailures4xx** The number of 400-499 error codes received from Vortex. @@ -1888,7 +1888,7 @@ The following fields are available: The following fields are available: - **AppName** The name of the app that has crashed. -- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend. +- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the diagnostic data backend. - **AppTimeStamp** The date/time stamp of the app. - **AppVersion** The version of the app that has crashed. - **ExceptionCode** The exception code returned by the process that has crashed. @@ -1938,7 +1938,7 @@ This event sends data about hangs for both native and managed applications, to h The following fields are available: - **AppName** The name of the app that has hung. -- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the telemetry backend. +- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the diagnostic data backend. - **AppVersion** The version of the app that has hung. - **PackageFullName** Store application identity. - **PackageRelativeAppId** Store application identity. @@ -3185,7 +3185,7 @@ The following fields are available: ### Microsoft.Windows.UpdateNotificationPipeline.JavascriptJavascriptCriticalGenericMessage -This event indicates that Javascript is reporting a schema and a set of values for critical telemetry +This event indicates that Javascript is reporting a schema and a set of values for critical diagnostic data. The following fields are available: diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md index 38cd69cdf4..ce324c8cf1 100644 --- a/windows/configuration/change-history-for-configure-windows-10.md +++ b/windows/configuration/change-history-for-configure-windows-10.md @@ -48,7 +48,7 @@ The topics in this library have been updated for Windows 10, version 1709 (also - [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) - [Multi-app kiosk XML reference](multi-app-kiosk-xml.md) - [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) -- [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](enhanced-telemetry-windows-analytics-events-and-fields.md) +- [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md) ## September 2017 diff --git a/windows/configuration/configure-windows-telemetry-in-your-organization.md b/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md similarity index 55% rename from windows/configuration/configure-windows-telemetry-in-your-organization.md rename to windows/configuration/configure-windows-diagnostic-data-in-your-organization.md index 52483ff9cd..6a85eb7c57 100644 --- a/windows/configuration/configure-windows-telemetry-in-your-organization.md +++ b/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md @@ -1,6 +1,6 @@ --- -description: Use this article to make informed decisions about how you can configure telemetry in your organization. -title: Configure Windows telemetry in your organization (Windows 10) +description: Use this article to make informed decisions about how you can configure diagnostic data in your organization. +title: Configure Windows diagnostic data in your organization (Windows 10) keywords: privacy ms.prod: w10 ms.mktglfcycl: manage @@ -11,7 +11,7 @@ author: brianlic-msft ms.date: 10/17/2017 --- -# Configure Windows telemetry in your organization +# Configure Windows diagnostic data in your organization **Applies to** @@ -19,54 +19,54 @@ ms.date: 10/17/2017 - Windows 10 Mobile - Windows Server -At Microsoft, we use Windows telemetry to inform our decisions and focus our efforts in providing the most robust, most valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Telemetry gives users a voice in the operating system’s development. This guide describes the importance of Windows telemetry and how we protect that data. Additionally, it differentiates between telemetry and functional data. It also describes the telemetry levels that Windows supports. Of course, you can choose how much telemetry is shared with Microsoft, and this guide demonstrates how. +At Microsoft, we use Windows diagnostic data to inform our decisions and focus our efforts in providing the most robust, most valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Diagnostic data gives users a voice in the operating system’s development. This guide describes the importance of Windows diagnostic data and how we protect that data. Additionally, it differentiates between diagnostic data and functional data. It also describes the diagnostic data levels that Windows supports. Of course, you can choose how much diagnostic data is shared with Microsoft, and this guide demonstrates how. -To frame a discussion about telemetry, it is important to understand Microsoft’s privacy principles. We earn customer trust every day by focusing on six key privacy principles as described at [privacy.microsoft.com](https://privacy.microsoft.com/). These principles guided the implementation of the Windows telemetry system in the following ways: +To frame a discussion about diagnostic data, it is important to understand Microsoft’s privacy principles. We earn customer trust every day by focusing on six key privacy principles as described at [privacy.microsoft.com](https://privacy.microsoft.com/). These principles guided the implementation of the Windows diagnostic data system in the following ways: -- **Control.** We offer customers control of the telemetry they share with us by providing easy-to-use management tools. -- **Transparency.** We provide information about the telemetry that Windows and Windows Server collects so our customers can make informed decisions. -- **Security.** We encrypt telemetry in transit from your device and protect that data at our secure data centers. +- **Control.** We offer customers control of the diagnostic data they share with us by providing easy-to-use management tools. +- **Transparency.** We provide information about the diagnostic data that Windows and Windows Server collects so our customers can make informed decisions. +- **Security.** We encrypt diagnostic data in transit from your device and protect that data at our secure data centers. - **Strong legal protections.** We respect customers’ local privacy laws and fight for legal protection of their privacy as a fundamental human right. -- **No content-based targeting.** We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or emails, through the Windows telemetry system. Customer content inadvertently collected is kept confidential and not used for user targeting. -- **Benefits to you.** We collect Windows telemetry to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all our customers. +- **No content-based targeting.** We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or emails, through the Windows diagnostic data system. Customer content inadvertently collected is kept confidential and not used for user targeting. +- **Benefits to you.** We collect Windows diagnostic data to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all our customers. -This article applies to Windows and Windows Server telemetry only. Other Microsoft or third-party apps, such as System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager, might send data to their cloud services in ways that are inconsistent with this guide. Their publishers are responsible for notifying users of their privacy policies, telemetry controls, and so on. This article describes the types of telemetry we may gather, the ways you might manage it in your organization, and some examples of how telemetry can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers. +This article applies to Windows and Windows Server diagnostic data only. Other Microsoft or third-party apps, such as System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager, might send data to their cloud services in ways that are inconsistent with this guide. Their publishers are responsible for notifying users of their privacy policies, diagnostic data controls, and so on. This article describes the types of diagnostic data we may gather, the ways you might manage it in your organization, and some examples of how diagnostic data can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers. -Use this article to make informed decisions about how you might configure telemetry in your organization. Telemetry is a term that means different things to different people and organizations. For this article, we discuss telemetry as system data that is uploaded by the Connected User Experience and Telemetry component. The telemetry data is used to help keep Windows devices secure by identifying malware trends and other threats and to help Microsoft improve the quality of Windows and Microsoft services. +Use this article to make informed decisions about how you might configure diagnostic data in your organization. Diagnostic data is a term that means different things to different people and organizations. For this article, we discuss diagnostic data as system data that is uploaded by the Connected User Experiences and Telemetry component. The diagnostic data data is used to help keep Windows devices secure by identifying malware trends and other threats and to help Microsoft improve the quality of Windows and Microsoft services. We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com. ## Overview -In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016, you can control telemetry streams by using the Privacy option in Settings, Group Policy, or MDM. +In previous versions of Windows and Windows Server, Microsoft used diagnostic data to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016, you can control diagnostic data streams by using the Privacy option in Settings, Group Policy, or MDM. For Windows 10, we invite IT pros to join the [Windows Insider Program](http://insider.windows.com) to give us feedback on what we can do to make Windows work better for your organization. -## Understanding Windows telemetry +## Understanding Windows diagnostic data Windows as a Service is a fundamental change in how Microsoft plans, builds, and delivers the operating system. Historically, we released a major Windows version every few years. The effort required to deploy large and infrequent Windows versions was substantial. That effort included updating the infrastructure to support the upgrade. Windows as a Service accelerates the cadence to provide rich updates more frequently, and these updates require substantially less effort to roll out than earlier versions of Windows. Since it provides more value to organizations in a shorter timeframe, delivering Windows as a Service is a top priority for us. -The release cadence of Windows may be fast, so feedback is critical to its success. We rely on telemetry at each stage of the process to inform our decisions and prioritize our efforts. +The release cadence of Windows may be fast, so feedback is critical to its success. We rely on diagnostic data at each stage of the process to inform our decisions and prioritize our efforts. -### What is Windows telemetry? -Windows telemetry is vital technical data from Windows devices about the device and how Windows and related software are performing. It's used in the following ways: +### What is Windows diagnostic data? +Windows diagnostic data is vital technical data from Windows devices about the device and how Windows and related software are performing. It's used in the following ways: - Keep Windows up to date - Keep Windows secure, reliable, and performant - Improve Windows – through the aggregate analysis of the use of Windows - Personalize Windows engagement surfaces -Here are some specific examples of Windows telemetry data: +Here are some specific examples of Windows diagnostic data data: - Type of hardware being used - Applications installed and usage details - Reliability information on device drivers -### What is NOT telemetry? +### What is NOT diagnostic data? -Telemetry can sometimes be confused with functional data. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not telemetry. For example, exchanging a user’s location for local weather or news is not an example of telemetry—it is functional data that the app or service requires to satisfy the user’s request. +Diagnostic data can sometimes be confused with functional data. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not diagnostic data. For example, exchanging a user’s location for local weather or news is not an example of diagnostic data—it is functional data that the app or service requires to satisfy the user’s request. -There are subtle differences between telemetry and functional data. Windows collects and sends telemetry in the background automatically. You can control how much information is gathered by setting the telemetry level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash). On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data. +There are subtle differences between diagnostic data and functional data. Windows collects and sends diagnostic data in the background automatically. You can control how much information is gathered by setting the diagnostic data level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash). On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data. If you’re an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services). @@ -76,26 +76,26 @@ The following are specific examples of functional data: - Bing searches - Wallpaper and desktop settings synced across multiple devices -### Telemetry gives users a voice +### Diagnostic data gives users a voice -Windows and Windows Server telemetry gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows 10 and Windows Server 2016 behaves in the real world, focus on user priorities, and make informed decisions that benefit them. For our enterprise customers, representation in the dataset on which we will make future design decisions is a real benefit. The following sections offer real examples of these benefits. +Windows and Windows Server diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows 10 and Windows Server 2016 behaves in the real world, focus on user priorities, and make informed decisions that benefit them. For our enterprise customers, representation in the dataset on which we will make future design decisions is a real benefit. The following sections offer real examples of these benefits. ### Drive higher app and driver quality -Our ability to collect telemetry that drives improvements to Windows and Windows Server helps raise the bar for app and device driver quality. Telemetry helps us to quickly identify and fix critical reliability and security issues with apps and device drivers on given configurations. For example, we can identify an app that hangs on devices using a specific version of a video driver, allowing us to work with the app and device driver vendor to quickly fix the issue. The result is less downtime and reduced costs and increased productivity associated with troubleshooting these issues. +Our ability to collect diagnostic data that drives improvements to Windows and Windows Server helps raise the bar for app and device driver quality. Diagnostic data helps us to quickly identify and fix critical reliability and security issues with apps and device drivers on given configurations. For example, we can identify an app that hangs on devices using a specific version of a video driver, allowing us to work with the app and device driver vendor to quickly fix the issue. The result is less downtime and reduced costs and increased productivity associated with troubleshooting these issues. -#### Real-world example of how Windows telemetry helps -There was a version of a video driver that was crashing on some devices running Windows 10, causing the device to reboot. We detected the problem in our telemetry, and immediately contacted the third-party developer who builds the video driver. Working with the developer, we provided an updated driver to Windows Insiders within 24 hours. Based on telemetry from the Windows Insiders’ devices, we were able to validate the new version of the video driver, and rolled it out to the broad public as an update the next day. Telemetry helped us find, fix, and resolve this problem in just 48 hours, providing a better user experience and reducing costly support calls. +#### Real-world example of how Windows diagnostic data helps +There was a version of a video driver that was crashing on some devices running Windows 10, causing the device to reboot. We detected the problem in our diagnostic data, and immediately contacted the third-party developer who builds the video driver. Working with the developer, we provided an updated driver to Windows Insiders within 24 hours. Based on diagnostic data from the Windows Insiders’ devices, we were able to validate the new version of the video driver, and rolled it out to the broad public as an update the next day. Diagnostic data helped us find, fix, and resolve this problem in just 48 hours, providing a better user experience and reducing costly support calls. ### Improve end-user productivity -Windows telemetry also helps Microsoft better understand how customers use (or do not use) the operating system’s features and related services. The insights we gain from this data helps us prioritize our engineering effort to directly impact our customers’ experiences. Examples are: +Windows diagnostic data also helps Microsoft better understand how customers use (or do not use) the operating system’s features and related services. The insights we gain from this data helps us prioritize our engineering effort to directly impact our customers’ experiences. Examples are: - **Start menu.** How do people change the Start menu layout? Do they pin other apps to it? Are there any apps that they frequently unpin? We use this dataset to adjust the default Start menu layout to better reflect people’s expectations when they turn on their device for the first time. -- **Cortana.** We use telemetry to monitor the scalability of our cloud service, improving search performance. -- **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between applications. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows 10 to make this feature more discoverable. Later telemetry showed significantly higher usage of this feature. +- **Cortana.** We use diagnostic data to monitor the scalability of our cloud service, improving search performance. +- **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between applications. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows 10 to make this feature more discoverable. Later diagnostic data showed significantly higher usage of this feature. -**These examples show how the use of telemetry data enables Microsoft to build or enhance features which can help organizations increase employee productivity while lowering help desk calls.** +**These examples show how the use of diagnostic data data enables Microsoft to build or enhance features which can help organizations increase employee productivity while lowering help desk calls.** ### Insights into your own organization @@ -108,7 +108,7 @@ Upgrading to new operating system versions has traditionally been a challenging, To better help customers through this difficult process, Microsoft developed Upgrade Readiness to give enterprises the tools to plan and manage the upgrade process end to end and allowing them to adopt new Windows releases more quickly and on an ongoing basis. -With Windows telemetry enabled, Microsoft collects computer, application, and driver compatibility-related information for analysis. We then identify compatibility issues that can block your upgrade and suggest fixes when they are known to Microsoft. +With Windows diagnostic data enabled, Microsoft collects computer, application, and driver compatibility-related information for analysis. We then identify compatibility issues that can block your upgrade and suggest fixes when they are known to Microsoft. Use Upgrade Readiness to get: @@ -122,50 +122,50 @@ Use Upgrade Readiness to get: The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. -## How is telemetry data handled by Microsoft? +## How is diagnostic data data handled by Microsoft? ### Data collection -Windows 10 and Windows Server 2016 includes the Connected User Experience and Telemetry component, which uses Event Tracing for Windows (ETW) tracelogging technology that gathers and stores telemetry events and data. The operating system and some Microsoft management solutions, such as System Center, use the same logging technology. +Windows 10 and Windows Server 2016 includes the Connected User Experiences and Telemetry component, which uses Event Tracing for Windows (ETW) tracelogging technology that gathers and stores diagnostic data events and data. The operating system and some Microsoft management solutions, such as System Center, use the same logging technology. 1. Operating system features and some management applications are instrumented to publish events and data. Examples of management applications include Virtual Machine Manager (VMM), Server Manager, and Storage Spaces. 2. Events are gathered using public operating system event logging and tracing APIs. -3. You can configure the telemetry level by using MDM policy, Group Policy, or registry settings. -4. The Connected User Experience and Telemetry component transmits the telemetry data. +3. You can configure the diagnostic data level by using MDM policy, Group Policy, or registry settings. +4. The Connected User Experiences and Telemetry component transmits the diagnostic data data. -Info collected at the Enhanced and Full levels of telemetry is typically gathered at a fractional sampling rate, which can be as low as 1% of devices reporting data at those levels. +Info collected at the Enhanced and Full levels of diagnostic data is typically gathered at a fractional sampling rate, which can be as low as 1% of devices reporting data at those levels. ### Data transmission -All telemetry data is encrypted using SSL and uses certificate pinning during transfer from the device to the Microsoft Data Management Service. With Windows 10, data is uploaded on a schedule that is sensitive to event priority, battery use, and network cost. Real-time events, such as Windows Defender Advanced Threat Protection, are always sent immediately. Normal events are not uploaded on metered networks, unless you are on a metered server connection. On a free network, normal events can be uploaded every 4 hours if on battery, or every 15 minutes if on A/C power. Diagnostic and crash data are only uploaded on A/C power and free networks. +All diagnostic data data is encrypted using SSL and uses certificate pinning during transfer from the device to the Microsoft Data Management Service. With Windows 10, data is uploaded on a schedule that is sensitive to event priority, battery use, and network cost. Real-time events, such as Windows Defender Advanced Threat Protection, are always sent immediately. Normal events are not uploaded on metered networks, unless you are on a metered server connection. On a free network, normal events can be uploaded every 4 hours if on battery, or every 15 minutes if on A/C power. Diagnostic and crash data are only uploaded on A/C power and free networks. ### Endpoints The Microsoft Data Management Service routes data back to our secure cloud storage. Only Microsoft personnel with a valid business justification are permitted access. -The following table defines the endpoints for telemetry services: +The following table defines the endpoints for diagnostic data services: | Service | Endpoint | | - | - | -| Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com
    settings-win.data.microsoft.com | +| Connected User Experiences and Telemetry component | v10.vortex-win.data.microsoft.com
    settings-win.data.microsoft.com | | [Windows Error Reporting](http://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com | | [Online Crash Analysis](http://msdn.microsoft.com/library/windows/desktop/ee416349.aspx) | oca.telemetry.microsoft.com | | OneDrive app for Windows 10 | vortex.data.microsoft.com/collect/v1 | ### Data use and access -The principle of least privileged access guides access to telemetry data. Microsoft does not share personal data of our customers with third parties, except at the customer’s discretion or for the limited purposes described in the [Privacy Statement](https://privacy.microsoft.com/privacystatement). Microsoft may share business reports with OEMs and third-party partners that include aggregated and anonymized telemetry information. Data-sharing decisions are made by an internal team including privacy, legal, and data management. +The principle of least privileged access guides access to diagnostic data data. Microsoft does not share personal data of our customers with third parties, except at the customer’s discretion or for the limited purposes described in the [Privacy Statement](https://privacy.microsoft.com/privacystatement). Microsoft may share business reports with OEMs and third-party partners that include aggregated and anonymized diagnostic data information. Data-sharing decisions are made by an internal team including privacy, legal, and data management. ### Retention Microsoft believes in and practices information minimization. We strive to gather only the info we need and to store it only for as long as it’s needed to provide a service or for analysis. Much of the info about how Windows and apps are functioning is deleted within 30 days. Other info may be retained longer, such as error reporting data or Microsoft Store purchase history. -## Telemetry levels -This section explains the different telemetry levels in Windows 10, Windows Server 2016, and System Center. These levels are available on all desktop and mobile editions of Windows 10, except for the **Security** level, which is limited to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016. +## Diagnostic data levels +This section explains the different diagnostic data levels in Windows 10, Windows Server 2016, and System Center. These levels are available on all desktop and mobile editions of Windows 10, except for the **Security** level, which is limited to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016. -The telemetry data is categorized into four levels: +The diagnostic data data is categorized into four levels: -- **Security**. Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender. +- **Security**. Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender. - **Basic**. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the **Security** level. @@ -175,20 +175,20 @@ The telemetry data is categorized into four levels: The levels are cumulative and are illustrated in the following diagram. Also, these levels apply to all editions of Windows Server 2016. -![breakdown of telemetry levels and types of administrative controls](images/priv-telemetry-levels.png) +![breakdown of diagnostic data levels and types of administrative controls](images/priv-telemetry-levels.png) ### Security level -The Security level gathers only the telemetry info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windows IoT Core editions. +The Security level gathers only the diagnostic data info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windows IoT Core editions. > [!NOTE] > If your organization relies on Windows Update for updates, you shouldn’t use the **Security** level. Because no Windows Update information is gathered at this level, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates. -Windows Server Update Services (WSUS) and System Center Configuration Manager functionality is not affected at this level, nor is telemetry data about Windows Server features or System Center gathered. +Windows Server Update Services (WSUS) and System Center Configuration Manager functionality is not affected at this level, nor is diagnostic data data about Windows Server features or System Center gathered. The data gathered at this level includes: -- **Connected User Experience and Telemetry component settings**. If general telemetry data has been gathered and is queued, it is sent to Microsoft. Along with this telemetry, the Connected User Experience and Telemetry component may download a configuration settings file from Microsoft’s servers. This file is used to configure the Connected User Experience and Telemetry component itself. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop). +- **Connected User Experiences and Telemetry component settings**. If general diagnostic data data has been gathered and is queued, it is sent to Microsoft. Along with this diagnostic data, the Connected User Experiences and Telemetry component may download a configuration settings file from Microsoft’s servers. This file is used to configure the Connected User Experiences and Telemetry component itself. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop). - **Malicious Software Removal Tool (MSRT)** The MSRT infection report contains information, including device info and IP address. @@ -202,15 +202,15 @@ The data gathered at this level includes: Microsoft recommends that Windows Update, Windows Defender, and MSRT remain enabled unless the enterprise uses alternative solutions such as Windows Server Update Services, System Center Configuration Manager, or a third-party antimalware solution. Windows Update, Windows Defender, and MSRT provide core Windows functionality such as driver and OS updates, including security updates. -For servers with default telemetry settings and no Internet connectivity, you should set the telemetry level to **Security**. This stops data gathering for events that would not be uploaded due to the lack of Internet connectivity. +For servers with default diagnostic data settings and no Internet connectivity, you should set the diagnostic data level to **Security**. This stops data gathering for events that would not be uploaded due to the lack of Internet connectivity. -No user content, such as user files or communications, is gathered at the **Security** telemetry level, and we take steps to avoid gathering any information that directly identifies a company or user, such as name, email address, or account ID. However, in rare circumstances, MSRT information may unintentionally contain personal information. For instance, some malware may create entries in a computer’s registry that include information such as a username, causing it to be gathered. MSRT reporting is optional and can be turned off at any time. +No user content, such as user files or communications, is gathered at the **Security** diagnostic data level, and we take steps to avoid gathering any information that directly identifies a company or user, such as name, email address, or account ID. However, in rare circumstances, MSRT information may unintentionally contain personal information. For instance, some malware may create entries in a computer’s registry that include information such as a username, causing it to be gathered. MSRT reporting is optional and can be turned off at any time. ### Basic level -The Basic level gathers a limited set of data that’s critical for understanding the device and its configuration. This level also includes the **Security** level data. This level helps to identify problems that can occur on a specific hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a specific driver version. The Connected User Experience and Telemetry component does not gather telemetry data about System Center, but it can transmit telemetry for other non-Windows applications if they have user consent. +The Basic level gathers a limited set of data that’s critical for understanding the device and its configuration. This level also includes the **Security** level data. This level helps to identify problems that can occur on a specific hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a specific driver version. The Connected User Experiences and Telemetry component does not gather diagnostic data data about System Center, but it can transmit diagnostic data for other non-Windows applications if they have user consent. -The normal upload range for the Basic telemetry level is between 109 KB - 159 KB per day, per device. +The normal upload range for the Basic diagnostic data level is between 109 KB - 159 KB per day, per device. The data gathered at this level includes: @@ -232,7 +232,7 @@ The data gathered at this level includes: - Storage attributes, such as number of drives, type, and size -- **Connected User Experience and Telemetry component quality metrics**. Helps provide an understanding about how the Connected User Experience and Telemetry component is functioning, including % of uploaded events, dropped events, and the last upload time. +- **Connected User Experiences and Telemetry component quality metrics**. Helps provide an understanding about how the Connected User Experiences and Telemetry component is functioning, including % of uploaded events, dropped events, and the last upload time. - **Quality-related information**. Helps Microsoft develop a basic understanding of how a device and its operating system are performing. Some examples are the device characteristics of a Connected Standby device, the number of crashes or hangs, and application state change details, such as how much processor time and memory were used, and the total uptime for an app. @@ -259,7 +259,7 @@ The Enhanced level gathers data about how Windows and apps are used and how they This is the default level for Windows 10 Enterprise and Windows 10 Education editions, and the minimum level needed to quickly identify and address Windows, Windows Server, and System Center quality issues. -The normal upload range for the Enhanced telemetry level is between 239 KB - 348 KB per day, per device. +The normal upload range for the Enhanced diagnostic data level is between 239 KB - 348 KB per day, per device. The data gathered at this level includes: @@ -271,14 +271,14 @@ The data gathered at this level includes: - **Some crash dump types**. All crash dump types, except for heap dumps and full dumps. -If the Connected User Experience and Telemetry component detects a problem on Windows 10 that requires gathering more detailed instrumentation, the Connected User Experience and Telemetry component at the **Enhanced** telemetry level will only gather data about the events associated with the specific issue. +If the Connected User Experiences and Telemetry component detects a problem on Windows 10 that requires gathering more detailed instrumentation, the Connected User Experiences and Telemetry component at the **Enhanced** diagnostic data level will only gather data about the events associated with the specific issue. #### Limit Enhanced diagnostic data to the minimum required by Windows Analytics Windows Analytics Device Health reports are powered by diagnostic data not included in the **Basic** level, such as crash reports and certain operating system events. In the past, organizations sending **Enhanced** or **Full** level diagnostic data were able to participate in Device Health. However, organizations that required detailed event and field level documentation were unable to move from **Basic** to **Enhanced**. In Windows 10, version 1709, we introduce the **Limit Enhanced diagnostic data to the minimum required by Windows Analytics** feature. When enabled, this feature lets you send only the following subset of **Enhanced** level diagnostic data. For more info about Device Health, see the [Monitor the health of devices with Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor) topic. -- **Operating system events.** Limited to a small set required for analytics reports and documented in the [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/eventname) topic. +- **Operating system events.** Limited to a small set required for analytics reports and documented in the [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/eventname) topic. - **Some crash dump types.** All crash dump types, except for heap and full dumps. @@ -308,7 +308,7 @@ The **Full** level gathers data necessary to identify and to help fix problems, Additionally, at this level, devices opted in to the [Windows Insider Program](http://insider.windows.com) will send events, such as reliability and app responsiveness. that can show Microsoft how pre-release binaries and features are performing. These events help us make decisions on which builds are flighted. All devices in the [Windows Insider Program](http://insider.windows.com) are automatically set to this level. -If a device experiences problems that are difficult to identify or repeat using Microsoft’s internal testing, additional data becomes necessary. This data can include any user content that might have triggered the problem and is gathered from a small sample of devices that have both opted into the **Full** telemetry level and have exhibited the problem. +If a device experiences problems that are difficult to identify or repeat using Microsoft’s internal testing, additional data becomes necessary. This data can include any user content that might have triggered the problem and is gathered from a small sample of devices that have both opted into the **Full** diagnostic data level and have exhibited the problem. However, before more data is gathered, Microsoft’s privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information: @@ -320,27 +320,27 @@ However, before more data is gathered, Microsoft’s privacy governance team, in ## Enterprise management -Sharing telemetry data with Microsoft provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the telemetry level and managing specific components is the best option. +Sharing diagnostic data data with Microsoft provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the diagnostic data level and managing specific components is the best option. -Customers can set the telemetry level in both the user interface and with existing management tools. Users can change the telemetry level in the **Diagnostic data** setting. In the **Settings** app, it is in **Privacy\Feedback & diagnostics**. They can choose between Basic, Enhanced, and Full. The Security level is not available. +Customers can set the diagnostic data level in both the user interface and with existing management tools. Users can change the diagnostic data level in the **Diagnostic data** setting. In the **Settings** app, it is in **Privacy\Feedback & diagnostics**. They can choose between Basic, Enhanced, and Full. The Security level is not available. -IT pros can use various methods, including Group Policy and Mobile Device Management (MDM), to choose a telemetry level. If you’re using Windows 10 Enterprise, Windows 10 Education, or Windows Server 2016, the Security telemetry level is available when managing the policy. Setting the telemetry level through policy overrides users’ choices. The remainder of this section describes how to do that. +IT pros can use various methods, including Group Policy and Mobile Device Management (MDM), to choose a diagnostic data level. If you’re using Windows 10 Enterprise, Windows 10 Education, or Windows Server 2016, the Security diagnostic data level is available when managing the policy. Setting the diagnostic data level through policy overrides users’ choices. The remainder of this section describes how to do that. -### Manage your telemetry settings +### Manage your diagnostic data settings -We do not recommend that you turn off telemetry in your organization as valuable functionality may be impacted, but we recognize that in some scenarios this may be required. Use the steps in this section to do so for Windows, Windows Server, and System Center. +We do not recommend that you turn off diagnostic data in your organization as valuable functionality may be impacted, but we recognize that in some scenarios this may be required. Use the steps in this section to do so for Windows, Windows Server, and System Center. > [!IMPORTANT] -> These telemetry levels only apply to Windows, Windows Server, and System Center components and apps that use the Connected User Experience and Telemetry component. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these telemetry levels. You should work with your app vendors to understand their telemetry policy, and how you can to opt in or opt out. For more information on how Microsoft Office uses telemetry, see [Overview of Office Telemetry](http://technet.microsoft.com/library/jj863580.aspx). +> These diagnostic data levels only apply to Windows, Windows Server, and System Center components and apps that use the Connected User Experiences and Telemetry component. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these diagnostic data levels. You should work with your app vendors to understand their diagnostic data policy, and how you can to opt in or opt out. For more information on how Microsoft Office uses diagnostic data, see [Overview of Office Telemetry](http://technet.microsoft.com/library/jj863580.aspx). -You can turn on or turn off System Center telemetry gathering. The default is on and the data gathered at this level represents what is gathered by default when System Center telemetry is turned on. However, setting the operating system telemetry level to **Basic** will turn off System Center telemetry, even if the System Center telemetry switch is turned on. +You can turn on or turn off System Center diagnostic data gathering. The default is on and the data gathered at this level represents what is gathered by default when System Center diagnostic data is turned on. However, setting the operating system diagnostic data level to **Basic** will turn off System Center diagnostic data, even if the System Center diagnostic data switch is turned on. -The lowest telemetry setting level supported through management policies is **Security**. The lowest telemetry setting supported through the Settings UI is **Basic**. The default telemetry setting for Windows Server 2016 is **Enhanced**. +The lowest diagnostic data setting level supported through management policies is **Security**. The lowest diagnostic data setting supported through the Settings UI is **Basic**. The default diagnostic data setting for Windows Server 2016 is **Enhanced**. -### Configure the operating system telemetry level +### Configure the operating system diagnostic data level -You can configure your operating system telemetry settings using the management tools you’re already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your telemetry levels through a management policy overrides any device level settings. +You can configure your operating system diagnostic data settings using the management tools you’re already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy overrides any device level settings. Use the appropriate value in the table below when you configure the management policy. @@ -352,9 +352,9 @@ Use the appropriate value in the table below when you configure the management p | Full | Security data, basic system and quality data, enhanced insights and advanced reliability data, and full diagnostics data. | **3** | -### Use Group Policy to set the telemetry level +### Use Group Policy to set the diagnostic data level -Use a Group Policy object to set your organization’s telemetry level. +Use a Group Policy object to set your organization’s diagnostic data level. 1. From the Group Policy Management Console, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds**. @@ -362,11 +362,11 @@ Use a Group Policy object to set your organization’s telemetry level. 3. In the **Options** box, select the level that you want to configure, and then click **OK**. -### Use MDM to set the telemetry level +### Use MDM to set the diagnostic data level Use the [Policy Configuration Service Provider (CSP)](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) to apply the System/AllowTelemetry MDM policy. -### Use Registry Editor to set the telemetry level +### Use Registry Editor to set the diagnostic data level Use Registry Editor to manually set the registry level on each device in your organization or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, it will override this registry setting. @@ -380,25 +380,25 @@ Use Registry Editor to manually set the registry level on each device in your or 5. Click **File** > **Export**, and then save the file as a .reg file, such as **C:\\AllowTelemetry.reg**. You can run this file from a script on each device in your organization. -### Configure System Center 2016 telemetry +### Configure System Center 2016 diagnostic data -For System Center 2016 Technical Preview, you can turn off System Center telemetry by following these steps: +For System Center 2016 Technical Preview, you can turn off System Center diagnostic data by following these steps: -- Turn off telemetry by using the System Center UI Console settings workspace. +- Turn off diagnostic data by using the System Center UI Console settings workspace. -- For information about turning off telemetry for Service Management Automation and Service Provider Foundation, see [How to disable telemetry for Service Management Automation and Service Provider Foundation](https://support.microsoft.com/kb/3096505). +- For information about turning off diagnostic data for Service Management Automation and Service Provider Foundation, see [How to disable telemetry for Service Management Automation and Service Provider Foundation](https://support.microsoft.com/kb/3096505). -### Additional telemetry controls +### Additional diagnostic data controls -There are a few more settings that you can turn off that may send telemetry information: +There are a few more settings that you can turn off that may send diagnostic data information: -- To turn off Windows Update telemetry, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as [Windows Server Update Services (WSUS)](http://technet.microsoft.com/library/hh852345.aspx) or [System Center Configuration Manager](http://www.microsoft.com/server-cloud/products/system-center-2012-r2-configuration-manager/). +- To turn off Windows Update diagnostic data, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as [Windows Server Update Services (WSUS)](http://technet.microsoft.com/library/hh852345.aspx) or [System Center Configuration Manager](http://www.microsoft.com/server-cloud/products/system-center-2012-r2-configuration-manager/). - Turn off **Windows Defender Cloud-based Protection** and **Automatic sample submission** in **Settings** > **Update & security** > **Windows Defender**. - Manage the Malicious Software Removal Tool in your organization. For more info, see Microsoft KB article [891716](http://support.microsoft.com/kb/891716). -- Turn off **Linguistic Data Collection** in **Settings** > **Privacy**. At telemetry levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary. +- Turn off **Linguistic Data Collection** in **Settings** > **Privacy**. At diagnostic data levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary. > [!NOTE] > Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete the information. diff --git a/windows/configuration/enhanced-telemetry-windows-analytics-events-and-fields.md b/windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields.md similarity index 94% rename from windows/configuration/enhanced-telemetry-windows-analytics-events-and-fields.md rename to windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields.md index 4463ec973b..385988b6d3 100644 --- a/windows/configuration/enhanced-telemetry-windows-analytics-events-and-fields.md +++ b/windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields.md @@ -1,7 +1,7 @@ --- -description: Use this article to learn more about the enhanced telemetry events used by Windows Analytics +description: Use this article to learn more about the enhanced diagnostic data events used by Windows Analytics title: Windows 10, version 1709 enhanced telemtry events and fields used by Windows Analytics (Windows 10) -keywords: privacy, telemetry +keywords: privacy, diagnostic data ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -13,15 +13,15 @@ ms.author: jaimeo --- -# Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics +# Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics **Applies to** - Windows 10, version 1709 and later -Windows Analytics Device Health reports are powered by diagnostic data not included in the Basic level. This includes crash reports and certain OS telemetry events. Organizations sending Enhanced or Full level diagnostic data were able to participate in Device Health, but some organizations which required detailed event and field level documentation were unable to move from Basic to Enhanced. +Windows Analytics Device Health reports are powered by diagnostic data not included in the Basic level. This includes crash reports and certain OS diagnostic data events. Organizations sending Enhanced or Full level diagnostic data were able to participate in Device Health, but some organizations which required detailed event and field level documentation were unable to move from Basic to Enhanced. -In Windows 10, version 1709, we introduce a new feature: "Limit Enhanced diagnostic data to the minimum required by Windows Analytics". When enabled, this feature limits the operating system telemetry events included in the Enhanced level to only those described below. Note that the Enhanced level also includes limited crash reports, which are not described below. For more information on the Enhanced level, see [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md). +In Windows 10, version 1709, we introduce a new feature: "Limit Enhanced diagnostic data to the minimum required by Windows Analytics". When enabled, this feature limits the operating system diagnostic data events included in the Enhanced level to only those described below. Note that the Enhanced level also includes limited crash reports, which are not described below. For more information on the Enhanced level, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). ## KernelProcess.AppStateChangeSummary diff --git a/windows/configuration/gdpr-win10-whitepaper.md b/windows/configuration/gdpr-win10-whitepaper.md index 434bb0239b..c7dd56e8df 100644 --- a/windows/configuration/gdpr-win10-whitepaper.md +++ b/windows/configuration/gdpr-win10-whitepaper.md @@ -179,7 +179,7 @@ The GDPR includes explicit requirements for breach notification where a personal As noted in the Windows Security Center white paper, [Post Breach: Dealing with Advanced Threats](http://wincom.blob.core.windows.net/documents/Post_Breach_Dealing_with_Advanced_Threats_Whitepaper.pdf), “_Unlike pre-breach, post-breach assumes a breach has already occurred – acting as a flight recorder and Crime Scene Investigator (CSI). Post-breach provides security teams the information and toolset needed to identify, investigate, and respond to attacks that otherwise will stay undetected and below the radar._” -#### Insightful security telemetry +#### Insightful security diagnostic data For nearly two decades, Microsoft has been turning threats into useful intelligence that can help fortify our platform and protect customers. Today, with the immense computing advantages afforded by the cloud, we are finding new ways to use our rich analytics engines driven by threat intelligence to protect our customers. By applying a combination of automated and manual processes, machine learning and human experts, we can create an Intelligent Security Graph that learns from itself and evolves in real-time, reducing our collective time to detect and respond to new incidents across our products. diff --git a/windows/configuration/index.md b/windows/configuration/index.md index f41df7288e..c462632c79 100644 --- a/windows/configuration/index.md +++ b/windows/configuration/index.md @@ -19,11 +19,11 @@ Enterprises often need to apply custom configurations to devices for their users | Topic | Description | | --- | --- | -| [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md) | Use this article to make informed decisions about how you can configure Windows telemetry in your organization. | +| [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | Use this article to make informed decisions about how you can configure Windows diagnostic data in your organization. | | [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) | Learn about diagnostic data that is collected at the basic level in Windows 10, version 1709. | -|[Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](enhanced-telemetry-windows-analytics-events-and-fields.md)|Learn about diagnostic data that is collected by Windows Analytics.| +|[Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)|Learn about diagnostic data that is collected by Windows Analytics.| | [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) | Learn about diagnostic data that is collected at the basic level in Windows 10, version 1703. | -| [Windows 10 diagnostic data for the Full telemetry level](windows-diagnostic-data-1703.md) | Learn about the types of data that is collected at the full level in Windows 10, version 1703 and later. | +| [Windows 10 diagnostic data for the Full diagnostic data level](windows-diagnostic-data-1703.md) | Learn about the types of data that is collected at the full level in Windows 10, version 1703 and later. | |[Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)|Learn about Windows 10 and the upcoming GDPR-compliance requirements.| | [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Learn about the network connections that Windows components make to Microsoft and also the privacy settings that affect data that is shared with either Microsoft or apps and how they can be managed by an IT Pro. | | [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) | Wi-Fi Sense automatically connects you to Wi-Fi, so you can get online quickly in more places. It can connect you to open Wi-Fi hotspots it knows about through crowdsourcing, or to Wi-Fi networks your contacts have shared with you by using Wi-Fi Sense. The initial settings for Wi-Fi Sense are determined by the options you chose when you first set up your PC with Windows 10. | diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 3bfd1454ec..a34a6aa5a7 100644 --- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -19,13 +19,13 @@ ms.date: 01/29/2018 - Windows 10 - Windows Server 2016 -If you're looking for content on what each telemetry level means and how to configure it in your organization, see [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md). +If you're looking for content on what each diagnostic data level means and how to configure it in your organization, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Learn about the network connections that Windows components make to Microsoft and also the privacy settings that affect data that is shared with either Microsoft or apps and how they can be managed by an IT Pro. -If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider. You can configure telemetry at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article. +If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider. You can configure diagnostic data at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article. -You can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience. +You can configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience. To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. You should not extract this package to the windows\\system32 folder because it will not apply correctly. Applying this baseline is equivalent to applying the Windows 10 steps covered in this article. @@ -69,7 +69,7 @@ Here's a list of changes that were made to this article for Windows 10, version ## Management options for each setting -The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all of these connections. +The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all of these connections. If you're running Windows 10, they will be included in the next update for the Long Term Servicing Branch. @@ -362,7 +362,7 @@ Windows Insider Preview builds only apply to Windows 10 and are not available fo > [!NOTE] -> If you upgrade a device that is configured to minimize connections from Windows to Microsoft services (that is, a device configured for zero exhaust) to a Windows Insider Preview build, the Feedback & Diagnostic setting will automatically be set to **Full**. Although the telemetry level may initially appear as **Basic**, a few hours after the UI is refreshed or the machine is rebooted, the setting will become **Full**. +> If you upgrade a device that is configured to minimize connections from Windows to Microsoft services (that is, a device configured for zero exhaust) to a Windows Insider Preview build, the Feedback & Diagnostic setting will automatically be set to **Full**. Although the diagnostic data level may initially appear as **Basic**, a few hours after the UI is refreshed or the machine is rebooted, the setting will become **Full**. To turn off Insider Preview builds for a released version of Windows 10: @@ -886,7 +886,7 @@ To turn off **Turn on SmartScreen Filter to check web content (URLs) that Micros To turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**: > [!NOTE] -> If the telemetry level is set to either **Basic** or **Security**, this is turned off automatically. +> If the diagnostic data level is set to either **Basic** or **Security**, this is turned off automatically. @@ -1725,7 +1725,7 @@ For Windows 10 only, you can stop Enhanced Notifications: - Turn off the feature in the UI. -You can also use the registry to turn off Malicious Software Reporting Tool telemetry by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1. +You can also use the registry to turn off Malicious Software Reporting Tool diagnostic data by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1. ### 24. Windows Media Player diff --git a/windows/configuration/manage-windows-endpoints-version-1709.md b/windows/configuration/manage-windows-endpoints-version-1709.md index dbecf39d02..1c52da910b 100644 --- a/windows/configuration/manage-windows-endpoints-version-1709.md +++ b/windows/configuration/manage-windows-endpoints-version-1709.md @@ -133,7 +133,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper |----------------|----------|------------| | backgroundtaskhost | HTTPS | www.bing.com/proactive/v2/spark?cc=US&setlang=en-US | -The following endpoint is used by Cortana to report diagnostic and telemetry information. +The following endpoint is used by Cortana to report diagnostic and diagnostic data information. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and won't be able to fix them. | Source process | Protocol | Destination | @@ -175,6 +175,30 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper |----------------|----------|------------| | | | dmd.metaservices.microsoft.com.akadns.net | +## Diagnostic Data + +The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | cy2.vortex.data.microsoft.com.akadns.net | + +The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | v10.vortex-win.data.microsoft.com/collect/v1 | + +The following endpoints are used by Windows Error Reporting. +To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| wermgr | | watson.telemetry.microsoft.com/Telemetry.Request | +| |TLS v1.2 |modern.watson.data.microsoft.com.akadns.net| + ## Font streaming The following endpoints are used to download fonts on demand. @@ -340,7 +364,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper |----------------|----------|------------| | dmclient | HTTPS | settings.data.microsoft.com | -The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as Windows Connected User Experience and Telemetry component and Windows Insider Program use it. +The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as Windows Connected User Experiences and Telemetry component and Windows Insider Program use it. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working. | Source process | Protocol | Destination | @@ -355,29 +379,7 @@ The following endpoint is used to retrieve Skype configuration values. To turn o |----------------|----------|------------| |microsoft.windowscommunicationsapps.exe | HTTPS | config.edge.skype.com | -## Telemetry -The following endpoint is used by the Connected User Experience and Telemetry component and connects to the Microsoft Data Management service. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. - -| Source process | Protocol | Destination | -|----------------|----------|------------| -| svchost | | cy2.vortex.data.microsoft.com.akadns.net | - -The following endpoint is used by the Connected User Experience and Telemetry component and connects to the Microsoft Data Management service. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. - -| Source process | Protocol | Destination | -|----------------|----------|------------| -| svchost | | v10.vortex-win.data.microsoft.com/collect/v1 | - -The following endpoints are used by Windows Error Reporting. -To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft. - -| Source process | Protocol | Destination | -|----------------|----------|------------| -| wermgr | | watson.telemetry.microsoft.com/Telemetry.Request | -| |TLS v1.2 |modern.watson.data.microsoft.com.akadns.net| ## Windows Defender diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md index 7db69cb00b..196d95eb81 100644 --- a/windows/configuration/set-up-shared-or-guest-pc.md +++ b/windows/configuration/set-up-shared-or-guest-pc.md @@ -50,7 +50,7 @@ Apps can take advantage of shared PC mode with the following three APIs: - [IsEnabled](https://docs.microsoft.com/uwp/api/windows.system.profile.sharedmodesettings) - This informs apps when the PC has been configured for shared use scenarios. For example, an app might only download content on demand on a device in shared PC mode, or might skip first run experiences. - [ShouldAvoidLocalStorage](https://docs.microsoft.com/uwp/api/windows.system.profile.sharedmodesettings) - This informs apps when the PC has been configured to not allow the user to save to the local storage of the PC. Instead, only cloud save locations should be offered by the app or saved automatically by the app. -- [IsEducationEnvironment](https://docs.microsoft.com/uwp/api/windows.system.profile.educationsettings) - This informs apps when the PC is used in an education environment. Apps may want to handle telemetry differently or hide advertising functionality. +- [IsEducationEnvironment](https://docs.microsoft.com/uwp/api/windows.system.profile.educationsettings) - This informs apps when the PC is used in an education environment. Apps may want to handle diagnostic data differently or hide advertising functionality. ###Customization diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md index 5c8c80dffc..0073f13e81 100644 --- a/windows/configuration/wcd/wcd-connectivityprofiles.md +++ b/windows/configuration/wcd/wcd-connectivityprofiles.md @@ -166,7 +166,7 @@ The **Config** settings are initial settings that can be overwritten when settin ### SystemCapabilities -You can use these settings to configure system capabilities for Wi-Fi adapters, which is a new functionality in Windows 10. These system capabilities are added at image time to ensure that the information is at its most accurate. The capabilities allow the OS to have a better understanding of the underlying hardware that it's running on. Telemetry data is generated by the system to provide data that can be used to diagnose both software and hardware issues. +You can use these settings to configure system capabilities for Wi-Fi adapters, which is a new functionality in Windows 10. These system capabilities are added at image time to ensure that the information is at its most accurate. The capabilities allow the OS to have a better understanding of the underlying hardware that it's running on. Diagnostic data data is generated by the system to provide data that can be used to diagnose both software and hardware issues. | Setting | Description | | --- | --- | diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md index d95ae64429..25f5b58fc5 100644 --- a/windows/configuration/wcd/wcd-policies.md +++ b/windows/configuration/wcd/wcd-policies.md @@ -372,10 +372,10 @@ This section describes the **Policies** settings that you can configure in [prov | [AllowExperimentation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | X | X | | | | | [AllowLocation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | X | X | X | X | X | | [AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | X | X | X | X | X | -| [AllowTelemetry](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and useage telemetry data. | X | X | | | | +| [AllowTelemetry](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | X | X | | | | | [AllowUserToResetPhone](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | X | X | | | | | [DisableOneDriveFileSync](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | X | | | | | -| [LimitEnhancedDiagnosticDataWindowsAnalytics](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://go.microsoft.com/fwlink/?linkid=847594). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | X | X | | | | +| [LimitEnhancedDiagnosticDataWindowsAnalytics](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://go.microsoft.com/fwlink/?linkid=847594). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | X | X | | | | ## TextInput diff --git a/windows/configuration/windows-diagnostic-data-1703.md b/windows/configuration/windows-diagnostic-data-1703.md index bb63c4b710..954a8fc5e0 100644 --- a/windows/configuration/windows-diagnostic-data-1703.md +++ b/windows/configuration/windows-diagnostic-data-1703.md @@ -1,6 +1,6 @@ --- -title: Windows 10 diagnostic data for the Full telemetry level (Windows 10) -description: Use this article to learn about the types of data that is collected the the Full telemetry level. +title: Windows 10 diagnostic data for the Full diagnostic data level (Windows 10) +description: Use this article to learn about the types of data that is collected the the Full diagnostic data level. keywords: privacy,Windows 10 ms.prod: w10 ms.mktglfcycl: manage @@ -11,12 +11,12 @@ ms.author: lizross ms.date: 04/05/2017 --- -# Windows 10 diagnostic data for the Full telemetry level +# Windows 10 diagnostic data for the Full diagnostic data level **Applies to:** - Windows 10, version 1703 and later -Microsoft collects Windows diagnostic data to keep Windows up-to-date, secure, and operating properly. It also helps us improve Windows and, for users who have turned on “tailored experiences”, can be used to provide more relevant tips and recommendations to tailor Microsoft products to the user’s needs. This article describes all types diagnostic data collected by Windows at the Full telemetry level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1709 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) and [Windows 10, version 1703 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md). +Microsoft collects Windows diagnostic data to keep Windows up-to-date, secure, and operating properly. It also helps us improve Windows and, for users who have turned on “tailored experiences”, can be used to provide more relevant tips and recommendations to tailor Microsoft products to the user’s needs. This article describes all types diagnostic data collected by Windows at the Full diagnostic data level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1709 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) and [Windows 10, version 1703 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md). The data covered in this article is grouped into the following categories: diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md index 10dc612bdb..2040ebf2d1 100644 --- a/windows/deployment/deploy.md +++ b/windows/deployment/deploy.md @@ -21,7 +21,7 @@ Windows 10 upgrade options are discussed and information is provided about plann |[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This topic provides information about support for upgrading directly to Windows 10 from a previous operating system. | |[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This topic provides information about support for upgrading from one edition of Windows 10 to another. | |[Windows 10 volume license media](windows-10-media.md) |This topic provides information about updates to volume licensing media in the current version of Windows 10. | -|[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | +|[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | |[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). | |[Plan for Windows 10 deployment](planning/index.md) | This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning. | |[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). | diff --git a/windows/deployment/index.md b/windows/deployment/index.md index fe0e5d5f08..f63641d04f 100644 --- a/windows/deployment/index.md +++ b/windows/deployment/index.md @@ -32,7 +32,7 @@ Windows 10 upgrade options are discussed and information is provided about plann |[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This topic provides information about support for upgrading directly to Windows 10 from a previous operating system. | |[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This topic provides information about support for upgrading from one edition of Windows 10 to another. | |[Windows 10 volume license media](windows-10-media.md) |This topic provides information about media available in the Microsoft Volume Licensing Service Center. | -|[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | +|[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | |[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). | |[Plan for Windows 10 deployment](planning/index.md) | This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning. | |[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). | diff --git a/windows/deployment/planning/act-technical-reference.md b/windows/deployment/planning/act-technical-reference.md index 3d541198b1..a84f82eb0a 100644 --- a/windows/deployment/planning/act-technical-reference.md +++ b/windows/deployment/planning/act-technical-reference.md @@ -20,7 +20,7 @@ We've replaced the majority of functionality included in the Application Compati Microsoft developed Upgrade Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Analytics was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. -With Windows telemetry enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. +With Windows diagnostic data enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. Use Upgrade Analytics to get: - A visual workflow that guides you from pilot to production diff --git a/windows/deployment/update/device-health-get-started.md b/windows/deployment/update/device-health-get-started.md index 54f3d47f42..9350288947 100644 --- a/windows/deployment/update/device-health-get-started.md +++ b/windows/deployment/update/device-health-get-started.md @@ -23,17 +23,17 @@ Steps are provided in sections that follow the recommended setup process: Device Health has the following requirements: 1. Device Health is currently only compatible with Windows 10 and Windows Server 2016 devices. The solution is intended to be used with desktop devices (Windows 10 workstations and laptops). -2. The solution requires that at least the [enhanced level of telemetry](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#basic-level) is enabled on all devices that are intended to be displayed in the solution. To learn more about Windows telemetry, see [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization). -3. The telemetry of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the telemetry services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on telemetry endpoints and summarizes the use of each endpoint: +2. The solution requires that at least the [enhanced level of diagnostic data](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization#basic-level) is enabled on all devices that are intended to be displayed in the solution. To learn more about Windows diagnostic data, see [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization). +3. The diagnostic data of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the diagnostic data services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on diagnostic data endpoints and summarizes the use of each endpoint: Service | Endpoint --- | --- -Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com
    settings-win.data.microsoft.com +Connected User Experiences and Telemetry component | v10.vortex-win.data.microsoft.com
    settings-win.data.microsoft.com Windows Error Reporting | watson.telemetry.microsoft.com Online Crash Analysis | oca.telemetry.microsoft.com >[!NOTE] -> If your deployment includes devices running Windows 10 versions prior to Windows 10, version 1703, you must **exclude** *authentication* for the endpoints listed in Step 3. Windows Error Reporting did not support authenticating proxies until Windows 10, version 1703. See [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization) for steps to exclude authentication for these endpoints. +> If your deployment includes devices running Windows 10 versions prior to Windows 10, version 1703, you must **exclude** *authentication* for the endpoints listed in Step 3. Windows Error Reporting did not support authenticating proxies until Windows 10, version 1703. See [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization) for steps to exclude authentication for these endpoints. ## Add Device Health to Microsoft Operations Management Suite @@ -79,7 +79,7 @@ After you have added Device Health and devices have a Commercial ID, you will be >[!NOTE] >You can unsubscribe from the Device Health solution if you no longer want to monitor your organization’s devices. User device data will continue to be shared with Microsoft while the opt-in keys are set on user devices and the proxy allows traffic. -## Deploy your Commercial ID to your Windows 10 devices and set the telemetry level +## Deploy your Commercial ID to your Windows 10 devices and set the diagnostic data level In order for your devices to show up in Windows Analytics: Device Health, they must be configured with your organization’s Commercial ID. This is so that Microsoft knows that a given device is a member of your organization and to feed that device’s data back to you. There are two primary methods for widespread deployment of your Commercial ID: Group Policy and Mobile Device Management (MDM). @@ -114,7 +114,7 @@ If you need further information on Windows Error Reporting (WER) settings, see [ Devices must be able to reach the endpoints specified in the "Device Health prerequisites" section of this topic. >[!NOTE] -> If your deployment includes devices running Windows 10 versions prior to Windows 10, version 1703, you must **exclude** *authentication* for the endpoints listed in Step 3 of the "Device Health prerequisites" section of this topic. Windows Error Reporting did not support authenticating proxies until Windows 10, version 1703. (If you need more information about telemetry endpoints and how to manage them, see [Configure Windows telemetry in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-telemetry-in-your-organization). +> If your deployment includes devices running Windows 10 versions prior to Windows 10, version 1703, you must **exclude** *authentication* for the endpoints listed in Step 3 of the "Device Health prerequisites" section of this topic. Windows Error Reporting did not support authenticating proxies until Windows 10, version 1703. (If you need more information about diagnostic data endpoints and how to manage them, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization). If you are using proxy server authentication, it is worth taking extra care to check the configuration. Prior to Windows 10, version 1703, WER uploads error reports in the machine context. Both user (typically authenticated) and machine (typically anonymous) contexts require access through proxy servers to the diagnostic endpoints. In Windows 10, version 1703, and later WER will attempt to use the context of the user that is logged on for proxy authentication such that only the user account requires proxy access. diff --git a/windows/deployment/update/device-health-monitor.md b/windows/deployment/update/device-health-monitor.md index 2c35b7f05e..078a95742a 100644 --- a/windows/deployment/update/device-health-monitor.md +++ b/windows/deployment/update/device-health-monitor.md @@ -19,7 +19,7 @@ Device Health is the newest Windows Analytics solution that complements the exis Like Upgrade Readiness and Update Compliance, Device Health is a solution built within Operations Management Suite (OMS), a cloud-based monitoring and automation service that has a flexible servicing subscription based on data usage and retention. This release is free for customers to try and will not incur charges on your OMS workspace for its use. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/). -Device Health uses Windows diagnostic data that is part of all Windows 10 devices. If you have already employed Upgrade Readiness or Update Compliance solutions, all you need to do is select Device Health from the OMS solution gallery and add it to your OMS workspace. Device Health requires enhanced telemetry, so you might need to implement this policy if you've not already done so. +Device Health uses Windows diagnostic data that is part of all Windows 10 devices. If you have already employed Upgrade Readiness or Update Compliance solutions, all you need to do is select Device Health from the OMS solution gallery and add it to your OMS workspace. Device Health requires enhanced diagnostic data, so you might need to implement this policy if you've not already done so. Device Health provides the following: @@ -27,7 +27,7 @@ Device Health provides the following: - Identification of devices that crash frequently, and therefore might need to be rebuilt or replaced - Identification of device drivers that are causing device crashes, with suggestions of alternative versions of those drivers that might reduce the number of crashes - Notification of Windows Information Protection misconfigurations that send prompts to end users -- No need for new complex customized infrastructure, thanks to cloud-connected access using Windows 10 telemetry +- No need for new complex customized infrastructure, thanks to cloud-connected access using Windows 10 diagnostic data See the following topics in this guide for detailed information about configuring and using the Device Health solution: @@ -56,10 +56,10 @@ The Device Health architecture and data flow is summarized by the following five -**(1)** User computers send telemetry data to a secure Microsoft data center using the Microsoft Data Management Service.
    -**(2)** Telemetry data is analyzed by the Microsoft Telemetry Service.
    -**(3)** Telemetry data is pushed from the Microsoft Telemetry Service to your OMS workspace.
    -**(4)** Telemetry data is available in the Device Health solution.
    +**(1)** User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.
    +**(2)** Diagnostic data is analyzed by the Microsoft Telemetry Service.
    +**(3)** Diagnostic data is pushed from the Microsoft Telemetry Service to your OMS workspace.
    +**(4)** Diagnostic data is available in the Device Health solution.
    **(5)** You are now able to proactively monitor Device Health issues in your environment.
    These steps are illustrated in following diagram: @@ -67,7 +67,7 @@ These steps are illustrated in following diagram: [![](images/analytics-architecture.png)](images/analytics-architecture.png) >[!NOTE] ->This process assumes that Windows telemetry is enabled and you [have assigned your Commercial ID to devices](update-compliance-get-started.md#deploy-your-commercial-id-to-your-windows-10-devices). +>This process assumes that Windows diagnostic data is enabled and you [have assigned your Commercial ID to devices](update-compliance-get-started.md#deploy-your-commercial-id-to-your-windows-10-devices). diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 9a98859652..ead61e2d95 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -24,19 +24,19 @@ Steps are provided in sections that follow the recommended setup process: Update Compliance has the following requirements: 1. Update Compliance is currently only compatible with Windows 10 devices. The solution is intended to be used with desktop devices (Windows 10 workstations and laptops). -2. The solution requires that Windows 10 telemetry is enabled on all devices that are intended to be displayed in the solution. These devices must have at least the [basic level of telemetry](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#basic-level) enabled. To learn more about Windows telemetry, see [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization). -3. The telemetry of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the telemetry services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on telemetry endpoints and summarizes the use of each endpoint: +2. The solution requires that Windows 10 diagnostic data is enabled on all devices that are intended to be displayed in the solution. These devices must have at least the [basic level of diagnostic data](/configuration/configure-windows-diagnostic-data-in-your-organization#basic-level) enabled. To learn more about Windows diagnostic data, see [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization). +3. The diagnostic data of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the diagnostic data services](/configuration/configure-windows-diagnostic-data-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on diagnostic data endpoints and summarizes the use of each endpoint: Service | Endpoint --- | --- - Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com
    settings-win.data.microsoft.com + Connected User Experiences and Telemetry component | v10.vortex-win.data.microsoft.com
    settings-win.data.microsoft.com Windows Error Reporting | watson.telemetry.microsoft.com Online Crash Analysis | oca.telemetry.microsoft.com 4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Troublehsoot Windows Defender Antivirus reporting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md) topic for help on ensuring the configuration is correct. - For endpoints running Windows 10, version 1607 or earlier, [Windows telemetry must also be set to **Enhanced**](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level), to be compatible with Windows Defender Antivirus. + For endpoints running Windows 10, version 1607 or earlier, [Windows diagnostic data must also be set to **Enhanced**](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level), to be compatible with Windows Defender Antivirus. See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV. @@ -74,7 +74,7 @@ If you are not yet using OMS, use the following steps to subscribe to OMS Update ![OMS workspace with new Update Compliance tile on the right side highlighted](images/uc-09a.png) 9. Click **Subscribe** to subscribe to OMS Update Compliance. You will then need to distribute your Commercial ID across all your organization’s devices. More information on the Commercial ID is provided below. - ![Series of blades showing Connected Sources, Windows Telemetry, and Upgrade Analytics solution with Subscribe button](images/uc-10a.png) + ![Series of blades showing Connected Sources, Windows Diagnostic Data, and Upgrade Analytics solution with Subscribe button](images/uc-10a.png) After you are subscribed to OMS Update Compliance and your devices have a Commercial ID, you will begin receiving data. It will typically take 24 hours for the first data to begin appearing. The following section explains how to deploy your Commercial ID to your Windows 10 devices. diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md index 30bf291b67..cc368c6633 100644 --- a/windows/deployment/update/update-compliance-monitor.md +++ b/windows/deployment/update/update-compliance-monitor.md @@ -19,7 +19,7 @@ With Windows 10, organizations need to change the way they approach monitoring a Update Compliance is a solution built within Operations Management Suite (OMS), a cloud-based monitoring and automation service which has a flexible servicing subscription based off data usage/retention. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/). -Update Compliance uses the Windows telemetry that is part of all Windows 10 devices. It collects system data including update installation progress, Windows Update for Business (WUfB) configuration data, Windows Defender Antivirus data, and other update-specific information, and then sends this data privately to a secure cloud to be stored for analysis and usage within the solution. +Update Compliance uses the Windows diagnostic data that is part of all Windows 10 devices. It collects system data including update installation progress, Windows Update for Business (WUfB) configuration data, Windows Defender Antivirus data, and other update-specific information, and then sends this data privately to a secure cloud to be stored for analysis and usage within the solution. Update Compliance provides the following: @@ -28,7 +28,7 @@ Update Compliance provides the following: - The ability to track protection and threat status for Windows Defender Antivirus-enabled devices - An overview of WUfB deferral configurations (Windows 10 Anniversary Update [1607] and later) - Powerful built-in [log analytics](https://www.microsoft.com/en-us/cloud-platform/insight-and-analytics?WT.srch=1&WT.mc_id=AID529558_SEM_%5B_uniqid%5D&utm_source=Bing&utm_medium=CPC&utm_term=log%20analytics&utm_campaign=Hybrid_Cloud_Management) to create useful custom queries -- Cloud-connected access utilizing Windows 10 telemetry means no need for new complex, customized infrastructure +- Cloud-connected access utilizing Windows 10 diagnostic data means no need for new complex, customized infrastructure See the following topics in this guide for detailed information about configuring and using the Update Compliance solution: @@ -43,10 +43,10 @@ An overview of the processes used by the Update Compliance solution is provided The Update Compliance architecture and data flow is summarized by the following five-step process: -**(1)** User computers send telemetry data to a secure Microsoft data center using the Microsoft Data Management Service.
    -**(2)** Telemetry data is analyzed by the Update Compliance Data Service.
    -**(3)** Telemetry data is pushed from the Update Compliance Data Service to your OMS workspace.
    -**(4)** Telemetry data is available in the Update Compliance solution.
    +**(1)** User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.
    +**(2)** Diagnostic data is analyzed by the Update Compliance Data Service.
    +**(3)** Diagnostic data is pushed from the Update Compliance Data Service to your OMS workspace.
    +**(4)** Diagnostic data is available in the Update Compliance solution.
    **(5)** You are able to monitor and troubleshoot Windows updates and Windows Defender AV in your environment.
    These steps are illustrated in following diagram: @@ -54,7 +54,7 @@ These steps are illustrated in following diagram: ![Update Compliance architecture](images/uc-01-wdav.png) >[!NOTE] ->This process assumes that Windows telemetry is enabled and you [have assigned your Commercial ID to devices](update-compliance-get-started.md#deploy-your-commercial-id-to-your-windows-10-devices). +>This process assumes that Windows diagnostic data is enabled and you [have assigned your Commercial ID to devices](update-compliance-get-started.md#deploy-your-commercial-id-to-your-windows-10-devices). diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md index c97cf7439d..fe2d443d21 100644 --- a/windows/deployment/update/update-compliance-using.md +++ b/windows/deployment/update/update-compliance-using.md @@ -16,7 +16,7 @@ In this section you'll learn how to use Update Compliance to monitor your device Update Compliance: -- Uses telemetry gathered from user devices to form an all-up view of Windows 10 devices in your organization. +- Uses diagnostic data gathered from user devices to form an all-up view of Windows 10 devices in your organization. - Enables you to maintain a high-level perspective on the progress and status of updates across all devices. - Provides a workflow that can be used to quickly identify which devices require attention. - Enables you to track deployment compliance targets for updates. diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index 2fda260e22..f705f7b85f 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -28,7 +28,7 @@ ms.date: 10/13/2017 You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this topic provide the Group Policy and MDM policies for Windows 10, version 1511 and above. The MDM policies use the OMA-URI setting from the [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx). >[!IMPORTANT] ->For Windows Update for Business policies to be honored, the Telemetry level of the device must be set to **1 (Basic)** or higher. If it is set to **0 (Security)**, Windows Update for Business policies will have no effect. For instructions, see [Configure the operating system telemetry level](https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-telemetry-in-your-organization#configure-the-operating-system-telemetry-level). +>For Windows Update for Business policies to be honored, the Diagnostic Data level of the device must be set to **1 (Basic)** or higher. If it is set to **0 (Security)**, Windows Update for Business policies will have no effect. For instructions, see [Configure the operating system diagnostic data level](https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization#configure-the-operating-system-diagnostic-data-level). Some Windows Update for Business policies are not applicable or behave differently for devices running Windows 10 Mobile Enterprise. Specifically, policies pertaining to Feature Updates will not be applied to Windows 10 Mobile Enterprise. All Windows 10 Mobile updates are recognized as Quality Updates, and can only be deferred or paused using the Quality Update policy settings. Additional information is provided in this topic and in [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md). diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md index e0d006761b..e26cc352fc 100644 --- a/windows/deployment/update/waas-manage-updates-wufb.md +++ b/windows/deployment/update/waas-manage-updates-wufb.md @@ -121,7 +121,7 @@ Windows Update for Business was first made available in Windows 10, version 1511 ## Monitor Windows Updates using Update Compliance -Update Compliance, now **available in public preview**, provides a holistic view of OS update compliance, update deployment progress, and failure troubleshooting for Windows 10 devices. This new service uses telemetry data including installation progress, Windows Update configuration, and other information to provide such insights, at no extra cost and without additional infrastructure requirements. Whether used with Windows Update for Business or other management tools, you can be assured that your devices are properly updated. +Update Compliance, now **available in public preview**, provides a holistic view of OS update compliance, update deployment progress, and failure troubleshooting for Windows 10 devices. This new service uses diagnostic data including installation progress, Windows Update configuration, and other information to provide such insights, at no extra cost and without additional infrastructure requirements. Whether used with Windows Update for Business or other management tools, you can be assured that your devices are properly updated. ![Update Compliance Dashboard](images/waas-wufb-update-compliance.png) diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index 6c80c9612e..3452191682 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -45,7 +45,7 @@ One of the biggest challenges for organizations when it comes to deploying a new Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. With Windows 10, application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously. Microsoft understands the challenges organizations experienced when they migrated from the Windows XP operating system to Windows 7 and has been working to make Windows 10 upgrades a much better experience. -Most Windows 7–compatible desktop applications will be compatible with Windows 10 straight out of the box. Windows 10 achieved such high compatibility because the changes in the existing Win32 application programming interfaces were minimal. Combined with valuable feedback via the Windows Insider Program and telemetry data, this level of compatibility can be maintained through each feature update. As for websites, Windows 10 includes Internet Explorer 11 and its backward-compatibility modes for legacy websites. Finally, UWP apps follow a compatibility story similar to desktop applications, so most of them will be compatible with Windows 10. +Most Windows 7–compatible desktop applications will be compatible with Windows 10 straight out of the box. Windows 10 achieved such high compatibility because the changes in the existing Win32 application programming interfaces were minimal. Combined with valuable feedback via the Windows Insider Program and diagnostic data, this level of compatibility can be maintained through each feature update. As for websites, Windows 10 includes Internet Explorer 11 and its backward-compatibility modes for legacy websites. Finally, UWP apps follow a compatibility story similar to desktop applications, so most of them will be compatible with Windows 10. For the most important business-critical applications, organizations should still perform testing on a regular basis to validate compatibility with new builds. For remaining applications, consider validating them as part of a pilot deployment process to reduce the time spent on compatibility testing. If it’s unclear whether an application is compatible with Windows 10, IT pros can either consult with the ISV or check the supported software directory at [http://www.readyforwindows.com](http://www.readyforwindows.com). diff --git a/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md b/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md index 96bec400be..bd9b717522 100644 --- a/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md +++ b/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md @@ -14,7 +14,7 @@ With the release of Upgrade Readiness, enterprises now have the tools to plan an Microsoft developed Upgrade Readiness in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Readiness was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. -With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. +With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. Use Upgrade Readiness to get: @@ -28,11 +28,11 @@ Use Upgrade Readiness to get: The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. -**Important** For system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see: +**Important** For system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what diagnostic data Microsoft collects and how that data is used and protected by Microsoft, see: -- [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization) +- [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization) - [Manage connections from Windows operating system components to Microsoft services](/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services) -- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) +- [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) ##**Related topics** diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-readiness.md b/windows/deployment/upgrade/troubleshoot-upgrade-readiness.md index bb097f89bb..a837d861dc 100644 --- a/windows/deployment/upgrade/troubleshoot-upgrade-readiness.md +++ b/windows/deployment/upgrade/troubleshoot-upgrade-readiness.md @@ -24,16 +24,16 @@ If you still don’t see data in Upgrade Readiness, follow these steps: ## Disable Upgrade Readiness -If you want to stop using Upgrade Readiness and stop sending telemetry data to Microsoft, follow these steps: +If you want to stop using Upgrade Readiness and stop sending diagnostic data data to Microsoft, follow these steps: 1. Unsubscribe from the Upgrade Readiness solution in the OMS portal. In the OMS portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option. ![Upgrade Readiness unsubscribe](../images/upgrade-analytics-unsubscribe.png) -2. Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the telemetry level to **Security**: +2. Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the diagnostic data level to **Security**: **Windows 7 and Windows 8.1**: Delete CommercialDataOptIn registry property from *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection* - **Windows 10**: Follow the instructions in the [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#enterprise-management) topic. + **Windows 10**: Follow the instructions in the [Configure Windows diagnostic data in your organization](/configuration/configure-windows-diagnostic-data-in-your-organization.md) topic. 3. If you enabled **Internet Explorer Site Discovery**, you can disable Internet Explorer data collection by setting the *IEDataOptIn* registry key to value "0". The IEDataOptIn key can be found under: *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*. 4. You can also remove the “CommercialId” key from: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection". **This is an optional step**. diff --git a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md index 70e29d0699..5c45338c1d 100644 --- a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md +++ b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md @@ -18,7 +18,7 @@ This topic provides information on additional features that are available in Upg The site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 7, Windows 8.1, and Windows 10. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data. > [!NOTE] -> Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, data will be collected on all sites visited by Microsoft Edge on computers running Windows 10 version 1803 (including Insider Preview builds) or newer. The data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees. +> Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, data will be collected on all sites visited by Microsoft Edge on computers running Windows 10 version 1803 (including Insider Preview builds) or newer. The data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees. ### Install prerequisite security update for Internet Explorer @@ -27,7 +27,7 @@ Ensure the following prerequisites are met before using site discovery: 1. Install the prerequisite KBs to add Site Discovery support and the latest fixes from the [Microsoft Update Catalog](http://www.catalog.update.microsoft.com/home.aspx). Install the following: - For Windows 7 and Windows 8.1 - March, 2017 (or later) Security Monthly Rollup - For Windows 10 - Cumulative Update for Windows 10 Version 1607 (KB4015217) (or later) -2. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md) to allow Internet Explorer data collection before you run it. In addition, to enable Site Discovery on Windows 10 you must set computers to the **Enhanced Telemetry Level** for the Feedback and Diagnostics setting (Privacy > Feedback & Diagnostics settings), and enable **Page Prediction within Internet Explorer 11**. +2. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md) to allow Internet Explorer data collection before you run it. In addition, to enable Site Discovery on Windows 10 you must set computers to the **Enhanced** diagnostic data level for the Feedback and Diagnostics setting (Privacy > Feedback & Diagnostics settings), and enable **Page Prediction within Internet Explorer 11**. If you do not plan to use the Upgrade Readiness deployment script to enable Site discovery, you must create the following registry entry. diff --git a/windows/deployment/upgrade/upgrade-readiness-architecture.md b/windows/deployment/upgrade/upgrade-readiness-architecture.md index a37441da3e..fd7e2605ab 100644 --- a/windows/deployment/upgrade/upgrade-readiness-architecture.md +++ b/windows/deployment/upgrade/upgrade-readiness-architecture.md @@ -8,7 +8,7 @@ ms.date: 04/25/2017 # Upgrade Readiness architecture -Microsoft analyzes system, application, and driver telemetry data to help you determine when computers are upgrade-ready, allowing you to simplify and accelerate Windows upgrades in your organization. The diagram below illustrates how Upgrade Readiness components work together in a typical installation. +Microsoft analyzes system, application, and driver diagnostic data to help you determine when computers are upgrade-ready, allowing you to simplify and accelerate Windows upgrades in your organization. The diagram below illustrates how Upgrade Readiness components work together in a typical installation. @@ -47,13 +47,13 @@ Important: You can use either a Microsoft Account or a Work or School account to Upgrade Readiness can be integrated with your installation of Configuration Manager. For more information, see [Integrate Upgrade Readiness with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics). -## Telemetry and data sharing +## Diagnostic data and data sharing After you’ve signed in to Operations Management Suite and added the Upgrade Readiness solution to your workspace, you’ll need to complete the following tasks to allow user computer data to be shared with and assessed by Upgrade Readiness. -See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Readiness collects and assesses. See [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data. +See [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Readiness collects and assesses. See [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization) for more information about how Microsoft uses Windows diagnostic data. -**Whitelist telemetry endpoints.** To enable telemetry data to be sent to Microsoft, you’ll need to whitelist the following Microsoft telemetry endpoints on your proxy server or firewall. You may need to get approval from your security group to do this. +**Whitelist diagnostic data endpoints.** To enable diagnostic data to be sent to Microsoft, you’ll need to whitelist the following Microsoft endpoints on your proxy server or firewall. You may need to get approval from your security group to do this. `https://v10.vortex-win.data.microsoft.com/collect/v1`
    `https://vortex-win.data.microsoft.com/health/keepalive`
    @@ -68,7 +68,7 @@ See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields **Subscribe your OMS workspace to Upgrade Readiness.** For Upgrade Readiness to receive and display upgrade readiness data from Microsoft, you’ll need to subscribe your OMS workspace to Upgrade Readiness. -**Enable telemetry and connect data sources.** To allow Upgrade Readiness to collect system, application, and driver data and assess your organization’s upgrade readiness, communication must be established between Upgrade Readiness and user computers. You’ll need to connect Upgrade Readiness to your data sources and enable telemetry to establish communication. +**Enable diagnostic data and connect data sources.** To allow Upgrade Readiness to collect system, application, and driver data and assess your organization’s upgrade readiness, communication must be established between Upgrade Readiness and user computers. You’ll need to connect Upgrade Readiness to your data sources and enable diagnostic data to establish communication. **Deploy compatibility update and related KBs.** The compatibility update KB scans your systems and enables application usage tracking. If you don’t already have this KB installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager. @@ -82,7 +82,7 @@ Before you get started configuring Upgrade Anatlyics, review the following tips **Upgrade Readiness does not support on-premises Windows deployments.** Upgrade Readiness is built as a cloud service, which allows Upgrade Readiness to provide you with insights based on the data from user computers and other Microsoft compatibility services. Cloud services are easy to get up and running and are cost-effective because there is no requirement to physically implement and maintain services on-premises. -**In-region data storage requirements.** Windows telemetry data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Readiness solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. We’re adding support for additional regions and we’ll update this information when new international regions are supported. +**In-region data storage requirements.** Windows diagnostic data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Readiness solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. We’re adding support for additional regions and we’ll update this information when new international regions are supported. ### Tips diff --git a/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md b/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md index b75afc225b..58ffa25e69 100644 --- a/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md +++ b/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md @@ -141,7 +141,7 @@ Applications and drivers that are meet certain criteria to be considered low ris The first row reports the number of your apps that have an official statement of support on Windows 10 from the software vendor, so you can be confident that they will work on your target operating system. -The second row (**Apps that are "Highly adopted"**) shows apps that have a ReadyForWindows status of "Highly adopted". This means that they have been installed on at least 100,000 commercial Windows 10 devices, and that Microsoft has not detected significant issues with the app in telemetry. Since these apps are prevalent in the ecosystem at large, you can be confident that they will work in your environment as well. +The second row (**Apps that are "Highly adopted"**) shows apps that have a ReadyForWindows status of "Highly adopted". This means that they have been installed on at least 100,000 commercial Windows 10 devices, and that Microsoft has not detected significant issues with the app in diagnostic data. Since these apps are prevalent in the ecosystem at large, you can be confident that they will work in your environment as well. Each row of the blade uses a different criterion to filter your apps or drivers. You can view a list of applications that meet the criterion by clicking into a row of the blade. For example, if you click the row that says "Apps that are 'Highly adopted'", the result is a list of apps that have a ReadyForWindows status of "Highly adopted". From here, you can bulk-select the results, select **Ready to upgrade**, and then click **Save**.  This will mark all apps meeting the "Highly adopted" criterion as "Ready to upgrade"--no further validation is required. Any applications that you have marked as *Mission critical* or *Business critical* are filtered out, as well as any app that has an issue known to Microsoft. This allows you to work with apps in bulk without having to worry about missing a critical app. diff --git a/windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md b/windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md index 15cd2c2bf3..d74712221f 100644 --- a/windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md +++ b/windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md @@ -54,7 +54,7 @@ Select **Total computers** for a list of computers and details about them, inclu - Computer model - Operating system version and build - Count of system requirement, application, and driver issues per computer -- Upgrade assessment based on analysis of computer telemetry data +- Upgrade assessment based on analysis of computer diagnostic data - Upgrade decision status Select **Total applications** for a list of applications discovered on user computers and details about them, including: diff --git a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md index 8b8805f491..f0f332312c 100644 --- a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md +++ b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md @@ -10,7 +10,7 @@ ms.date: 08/30/2017 You can use Upgrade Readiness to prioritize and work through application and driver issues, assign and track issue resolution status, and identify computers that are ready to upgrade. Upgrade Readiness enables you to deploy Windows with confidence, knowing that you’ve addressed potential blocking issues. -- Based on telemetry data from user computers, Upgrade Readiness identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organization’s upgrade readiness. +- Based on diagnostic data from user computers, Upgrade Readiness identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organization’s upgrade readiness. - Information is refreshed daily so you can monitor upgrade progress. Any changes your team makes, such as assigning application importance and marking applications as ready to upgrade, are reflected 24 hours after you make them. When you are ready to begin the upgrade process, a workflow is provided to guide you through critical high-level tasks. diff --git a/windows/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md b/windows/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md index 4c6000558a..6e8c26d829 100644 --- a/windows/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md +++ b/windows/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md @@ -17,7 +17,7 @@ ms.date: 07/27/2017 On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed. While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches. Unfortunately, the ransomware, known as [WannaCrypt](https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt), appears to have affected computers that have not applied the patch for these vulnerabilities. While the attack is unfolding, we remind users to install [MS17-010](https://technet.microsoft.com/en-us/library/security/ms17-010.aspx) if they have not already done so. -Microsoft antimalware telemetry immediately picked up signs of this campaign. Our expert systems gave us visibility and context into this new attack as it happened, allowing [Windows Defender Antivirus](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/windows-defender-in-windows-10) to deliver real-time defense. Through automated analysis, machine learning, and predictive modeling, we were able to rapidly protect against this malware. +Microsoft antimalware diagnostic data immediately picked up signs of this campaign. Our expert systems gave us visibility and context into this new attack as it happened, allowing [Windows Defender Antivirus](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/windows-defender-in-windows-10) to deliver real-time defense. Through automated analysis, machine learning, and predictive modeling, we were able to rapidly protect against this malware. In this blog, we provide an early analysis of the end-to-end ransomware attack. Please note this threat is still under investigation. The attack is still active, and there is a possibility that the attacker will attempt to react to our detection response. diff --git a/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md index 1a68cfc212..f44c485e39 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md @@ -133,10 +133,10 @@ https://msdl.microsoft.com/download/symbols Universal Telemetry Client -Used by Windows to send client telemetry, Windows Defender Antivirus uses this for product quality monitoring purposes +Used by Windows to send client diagnostic data, Windows Defender Antivirus uses this for product quality monitoring purposes -This update uses SSL (TCP Port 443) to download manifests and upload telemetry to Microsoft that uses the following DNS endpoints:

    • vortex-win.data.microsoft.com
    • settings-win.data.microsoft.com
    +This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints:
    • vortex-win.data.microsoft.com
    • settings-win.data.microsoft.com
    diff --git a/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md index 0ba067be64..a45301b39d 100644 --- a/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md @@ -86,7 +86,15 @@ First, you should create your base image according to your business needs, apply After creating the image, you should ensure it is fully updated. See [Configure Windows Defender in Windows 10]( https://technet.microsoft.com/en-us/itpro/windows/keep-secure/configure-windows-defender-in-windows-10) for instructions on how to update Windows Defender AV protection via WSUS, Microsoft Update, the MMPC site, or UNC file shares. You should ensure that your initial base image is also fully patched with Microsoft and Windows updates and patches. ### Seal the base image -When the base image is fully updated, you should run a quick scan on the image. This “sealing” or “locking” of the image helps Windows Defender AV build a cache of known-good files and avoid scanning them again on your VMs. In turn, this can help ensure performance on the VM is not impacted. +When the base image is fully updated, you should run a quick scan on the image. + +After running a scan and buliding the cache, remove the machine GUID that uniquely identifies the device in telemetry for both Windows Defender Antivirus and the Microsoft Security Removal Tool. This key is located here: + +'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MRT' + +Remove the string found in the 'GUID' value + +This “sealing” or “locking” of the image helps Windows Defender AV build a cache of known-good files and avoid scanning them again on your VMs. In turn, this can help ensure performance on the VM is not impacted. You can run a quick scan [from the command line](command-line-arguments-windows-defender-antivirus.md) or via [System Center Configuration Manager](run-scan-windows-defender-antivirus.md). diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md index f5ba563109..0dd2646921 100644 --- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md @@ -51,7 +51,7 @@ In order for devices to properly show up in Update Compliance, you have to meet >- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](windows-defender-antivirus-compatibility.md) and the endpoint will not be reported in Update Compliance. > - [Cloud-delivered protection is enabled](enable-cloud-protection-windows-defender-antivirus.md). > - Endpoints can [connect to the Windows Defender AV cloud](configure-network-connections-windows-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud) -> - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 telemetry must be set to the Enhanced level](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level). +> - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 diagnostic data must be set to the Enhanced level](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level). > - It has been 3 days since all requirements have been met If the above pre-requisites have all been met, you may need to proceed to the next step to collect diagnostic information and send it to us. diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md index ad0296fcc4..926d1d9c7d 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md @@ -106,11 +106,11 @@ Health Status for onboarded machines: Sense Is Running | ./Device/Vendor/MSFT/Wi Health Status for onboarded machines: Onboarding State | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OnBoardingState | Integer | 1 | Onboarded to Windows Defender ATP Health Status for onboarded machines: Organization ID | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OrgId | String | Use OrgID from onboarding file | Onboarded to Organization ID Configuration for onboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/SampleSharing | Integer | 0 or 1
    Default value: 1 | Windows Defender ATP Sample sharing is enabled -Configuration for onboarded machines: telemetry reporting frequency | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/TelemetryReportingFrequency | Integer | 1 or 2
    1: Normal (default)

    2: Expedite | Windows Defender ATP telemetry reporting +Configuration for onboarded machines: diagnostic data reporting frequency | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/TelemetryReportingFrequency | Integer | 1 or 2
    1: Normal (default)

    2: Expedite | Windows Defender ATP diagnostic data reporting > [!NOTE] > - The **Health Status for onboarded machines** policy uses read-only properties and can't be remediated. -> - Configuration of telemetry reporting frequency is only available for machines on Windows 10, version 1703. +> - Configuration of diagnostic data reporting frequency is only available for machines on Windows 10, version 1703. > - Using the Expedite mode might have an impact on the machine's battery usage and actual bandwidth used for sensor data. You should consider this when these measures are critical. diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md index 221265a041..f98fcf98cf 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md @@ -60,7 +60,7 @@ To effectively offboard the endpoints from the service, you'll need to disable t 2. In Windows Defender Security Center portal, select **Endpoint management**> **Non-Windows**. -3. Toggle the third-party provider switch button to turn stop telemetry from endpoints. +3. Toggle the third-party provider switch button to turn stop diagnostic data from endpoints. >[!WARNING] >If you decide to turn on the third-party integration again after disabling the integration, you'll need to regenerate the token and reapply it on endpoints. diff --git a/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md index 3a456f6352..cd4942e214 100644 --- a/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -47,7 +47,7 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe - WinHTTP configured using netsh command – Suitable only for desktops in a stable topology (for example: a desktop in a corporate network behind the same proxy) ## Configure the proxy server manually using a registry-based static proxy -Configure a registry-based static proxy to allow only Windows Defender ATP sensor to report telemetry and communicate with Windows Defender ATP services if a computer is not be permitted to connect to the Internet. +Configure a registry-based static proxy to allow only Windows Defender ATP sensor to report diagnostic data and communicate with Windows Defender ATP services if a computer is not be permitted to connect to the Internet. The static proxy is configurable through Group Policy (GP). The group policy can be found under: **Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry**. diff --git a/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md index 43244d2c7b..79a751c4a0 100644 --- a/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md @@ -155,7 +155,7 @@ The service could not contact the external processing servers at that URL. 17 Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: ```variable```. An error occurred with the Windows telemetry service. -[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled).
    +[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostics-service-is-enabled).
    Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
    See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). @@ -206,7 +206,7 @@ Ensure real-time antimalware protection is running properly. 28 Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration failed. Failure code: ```variable```. An error occurred with the Windows telemetry service. -[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled).
    +[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled).
    Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
    See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). @@ -222,7 +222,7 @@ Ensure real-time antimalware protection is running properly. 31 Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service unregistration failed. Failure code: ```variable```. An error occurred with the Windows telemetry service during onboarding. The offboarding process continues. -[Check for errors with the Windows telemetry service](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled). +[Check for errors with the Windows telemetry service](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled). 32 @@ -241,7 +241,7 @@ If the identifier does not persist, the same machine might appear twice in the p 34 Windows Defender Advanced Threat Protection service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: ```variable```. An error occurred with the Windows telemetry service. -[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled).
    +[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled).
    Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
    See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). @@ -250,7 +250,7 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen Windows Defender Advanced Threat Protection service failed to remove itself as a dependency on the Connected User Experiences and Telemetry service. Failure code: ```variable```. An error occurred with the Windows telemetry service during offboarding. The offboarding process continues. -Check for errors with the Windows telemetry service. +Check for errors with the Windows diagnostic data service. 36 diff --git a/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md index 05f7de339c..b31dad703f 100644 --- a/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md @@ -72,8 +72,8 @@ Follow theses actions to correct known issues related to a misconfigured machine - [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls)
    Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs. -- [Ensure the telemetry and diagnostics service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled)
    -If the endpoints aren't reporting correctly, you might need to check that the Windows 10 telemetry and diagnostics service is set to automatically start and is running on the endpoint. +- [Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostics-service-is-enabled)
    +If the endpoints aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint. - [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)
    If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Antivirus Early Launch Antimalware (ELAM) driver to be enabled. diff --git a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md index 8fc3acc6fa..3027bbe7f9 100644 --- a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -72,13 +72,14 @@ The Windows Defender ATP sensor can utilize up to 5MB daily of bandwidth to com For more information on additional proxy configuration settings see, [Configure Windows Defender ATP endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) . -Before you configure endpoints, the telemetry and diagnostics service must be enabled. The service is enabled by default in Windows 10. +Before you configure endpoints, the diagnostic data service must be enabled. The service is enabled by default in Windows 10. -### Telemetry and diagnostics settings -You must ensure that the telemetry and diagnostics service is enabled on all the endpoints in your organization. + +### Diagnostic data settings +You must ensure that the diagnostic data service is enabled on all the endpoints in your organization. By default, this service is enabled, but it's good practice to check to ensure that you'll get sensor data from them. -**Use the command line to check the Windows 10 telemetry and diagnostics service startup type**: +**Use the command line to check the Windows 10 diagnostic data service startup type**: 1. Open an elevated command-line prompt on the endpoint: @@ -100,7 +101,7 @@ If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the -**Use the command line to set the Windows 10 telemetry and diagnostics service to automatically start:** +**Use the command line to set the Windows 10 diagnostic data service to automatically start:** 1. Open an elevated command-line prompt on the endpoint: diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index b4176ad214..487679607d 100644 --- a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -128,7 +128,7 @@ ID | Severity | Event description | Troubleshooting steps ## Troubleshoot onboarding issues on the endpoint If the deployment tools used does not indicate an error in the onboarding process, but endpoints are still not appearing in the machines list in an hour, go through the following verification topics to check if an error occurred with the Windows Defender ATP agent: - [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) -- [Ensure the telemetry and diagnostics service is enabled](#ensure-the-telemetry-and-diagnostics-service-is-enabled) +- [Ensure the diagnostic data service is enabled](#ensure-the-diagnostics-service-is-enabled) - [Ensure the service is set to start](#ensure-the-service-is-set-to-start) - [Ensure the endpoint has an Internet connection](#ensure-the-endpoint-has-an-internet-connection) - [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy) @@ -176,14 +176,15 @@ Event ID | Message | Resolution steps
    There are additional components on the endpoint that the Windows Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Windows Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly. -### Ensure the telemetry and diagnostics service is enabled -If the endpoints aren't reporting correctly, you might need to check that the Windows 10 telemetry and diagnostics service is set to automatically start and is running on the endpoint. The service might have been disabled by other programs or user configuration changes. + +### Ensure the diagnostic data service is enabled +If the endpoints aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint. The service might have been disabled by other programs or user configuration changes. First, you should check that the service is set to start automatically when Windows starts, then you should check that the service is currently running (and start it if it isn't). ### Ensure the service is set to start -**Use the command line to check the Windows 10 telemetry and diagnostics service startup type**: +**Use the command line to check the Windows 10 diagnostic data service startup type**: 1. Open an elevated command-line prompt on the endpoint: @@ -204,7 +205,7 @@ First, you should check that the service is set to start automatically when Wind If the `START_TYPE` is not set to `AUTO_START`, then you'll need to set the service to automatically start. -**Use the command line to set the Windows 10 telemetry and diagnostics service to automatically start:** +**Use the command line to set the Windows 10 diagnostic data service to automatically start:** 1. Open an elevated command-line prompt on the endpoint: diff --git a/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md b/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md index 356afd413a..e5b587a7fe 100644 --- a/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md +++ b/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md @@ -43,7 +43,7 @@ Windows Defender SmartScreen helps to provide an early warning system against we - **Operating system integration.** SmartScreen is integrated into the Windows 10 operating system, meaning that it checks any files an app (including 3rd-party browsers and email clients) attempts to download and run. -- **Improved heuristics and telemetry.** SmartScreen is constantly learning and endeavoring to stay up-to-date, so it can help to protect you against potentially malicious sites and files. +- **Improved heuristics and diagnostic data.** SmartScreen is constantly learning and endeavoring to stay up-to-date, so it can help to protect you against potentially malicious sites and files. - **Management through Group Policy and Microsoft Intune.** SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen-available-settings.md). diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index dfcecb8b7a..fb858f7d9e 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -35,7 +35,7 @@ Windows ICD now includes simplified workflows for creating provisioning packages Microsoft developed Upgrade Readiness in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Readiness was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. -With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. +With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. Use Upgrade Readiness to get: