deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 5599: Merge master to rs4

Browse Source
This commit is contained in:
Justin Hall 2018-01-30 21:31:06 +00:00
commit f749bf175f
137 changed files with 2455 additions and 2506 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
.openpublishing.publish.config.json
View File

@ -1,23 +1,6 @@
{
"build_entry_point": "",
"docsets_to_publish": [
{
"docset_name": "bcs-VSTS",
"build_source_folder": "bcs",
"build_output_subfolder": "bcs-VSTS",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
},
{
"docset_name": "education-VSTS",
"build_source_folder": "education",

47
bcs/docfx.json
View File

@ -1,47 +0,0 @@
{
"build": {
"content": [
{
"files": [
"**/*.md",
"**/**.yml"
],
"exclude": [
"**/obj/**",
"**/includes/**",
"README.md",
"LICENSE",
"LICENSE-CODE",
"ThirdPartyNotices"
]
}
],
"resource": [
{
"files": [
"**/*.png",
"**/*.svg",
"**/*.jpg",
"**/*.json"
],
"exclude": [
"**/obj/**",
"**/includes/**"
]
}
],
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"breadcrumb_path": "/microsoft-365-business/breadcrumb/toc.json",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "TechNet.bcs"
}
}
},
"fileMetadata": {},
"template": [],
"dest": "bcs"
}
}

6
devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md
View File

@ -164,8 +164,8 @@ Users can sign in to Microsoft Edge to access intranet sites and online resource
*Organization policies that this may affect:* <br>
-->
### Telemetry
### Diagnostic data
The Surface Hub OS uses the Windows 10 Connected User Experience and Telemetry component to gather and transmit telemetry data. For more information, see [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization).
The Surface Hub OS uses the Windows 10 Connected User Experience and Telemetry component to gather and transmit diagnostic data. For more information, see [Configure Windows diagnostic data in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization).
*Organization policies that this may affect:* <br> Configure telemetry levels for Surface Hub in the same way as you do for Windows 10 Enterprise.
*Organization policies that this may affect:* <br> Configure diagnostic data levels for Surface Hub in the same way as you do for Windows 10 Enterprise.

2
devices/surface-hub/monitor-surface-hub.md
View File

@ -86,7 +86,7 @@ This table describes the sample queries in the Surface Hub solution:
| Alert type | Impact | Recommended remediation | Details |
| ---------- | ------ | ----------------------- | ------- |
| Software | Error | **Reboot the device**. <br> Reboot manually, or using the [Reboot configuration service provider](https://msdn.microsoft.com/en-us/library/windows/hardware/mt720802(v=vs.85).aspx). <br> Suggest doing this between meetings to minimize impact to your people in your organization. | Trigger conditions: <br> - A critical process in the Surface Hub operating system, such as the shell, projection, or Skype, crashes or becomes non-responsive. <br> - The device hasn't reported a heartbeat in the past 24 hours. This may be due to network connectivity issue or network-related hardware failure, or an error with the telemetry reporting system. |
| Software | Error | **Reboot the device**. <br> Reboot manually, or using the [Reboot configuration service provider](https://msdn.microsoft.com/en-us/library/windows/hardware/mt720802(v=vs.85).aspx). <br> Suggest doing this between meetings to minimize impact to your people in your organization. | Trigger conditions: <br> - A critical process in the Surface Hub operating system, such as the shell, projection, or Skype, crashes or becomes non-responsive. <br> - The device hasn't reported a heartbeat in the past 24 hours. This may be due to network connectivity issue or network-related hardware failure, or an error with the diagnostic data reporting system. |
| Software | Error | **Check your Exchange service**. <br> Verify: <br> - The service is available. <br> - The device account password is up to date see [Password management](password-management-for-surface-hub-device-accounts.md) for details.| Triggers when there's an error syncing the device calendar with Exchange. |
| Software | Error | **Check your Skype for Business service**. <br> Verify: <br> - The service is available. <br> - The device account password is up to date see [Password management](password-management-for-surface-hub-device-accounts.md) for details. <br> - The domain name for Skype for Business is properly configured - see [Configure a domain name](use-fully-qualified-domain-name-surface-hub.md). | Triggers when Skype fails to sign in. |
| Software | Error | **Reset the device**. <br> This takes some time, so you should take the device offline. <br> For more information, see [Device reset](device-reset-surface-hub.md).| Triggers when there is an error cleaning up user and app data at the end of a session. When this operation repeatedly fails, the device is locked to protect user data. You must reset the device to continue. |

6
devices/surface-hub/prepare-your-environment-for-surface-hub.md
View File

@ -40,9 +40,9 @@ Depending on your environment, access to additional ports may be needed:
- For online environments, see [Office 365 IP URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US).
- For on-premises installations, see [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx).
Microsoft collects telemetry to help improve your Surface Hub experience. Add these sites to your allow list:
- Telemetry client endpoint: `https://vortex.data.microsoft.com/`
- Telemetry settings endpoint: `https://settings.data.microsoft.com/`
Microsoft collects diagnostic data to help improve your Surface Hub experience. Add these sites to your allow list:
- Diagnostic data client endpoint: `https://vortex.data.microsoft.com/`
- Diagnostic data settings endpoint: `https://settings.data.microsoft.com/`
### Proxy configuration

2
devices/surface-hub/troubleshoot-surface-hub.md
View File

@ -524,7 +524,7 @@ This section lists status codes, mapping, user messages, and actions an admin ca
<tr class="even">
<td align="left"><p>0x85002004</p></td>
<td align="left"><p>E_FAIL_ABORT</p></td>
<td align="left"><p>This error is used to interrupt the hanging sync, and will not be exposed to users. It will be shown in the telemetry if you force an interactive sync, delete the account, or update its settings.</p></td>
<td align="left"><p>This error is used to interrupt the hanging sync, and will not be exposed to users. It will be shown in the diagnostic data if you force an interactive sync, delete the account, or update its settings.</p></td>
<td align="left"><p>Nothing.</p></td>
</tr>
<tr class="odd">

4
education/trial-in-a-box/educator-tib-get-started.md
View File

@ -23,7 +23,7 @@ ms.date: 01/12/2017
| | |
| :---: |:--- |
| [![Connect the device to Wi-Fi](images/edu-TIB-setp-1-v3.png)](#edu-task1) | [Log in](#edu-task1) to **Device A** with your Teacher credentials and connect to the school network. |
| [![Try Learning Tools Immersive Reader](images/edu-TIB-setp-2-v3.png)](#edu-task2) | **Interested in drastically improving your students' reading speed and comprehension?<sup>[1](#footnote1)</sup>** </br>Try the [Learning Tools Immersive Reader](#edu-task2) to see how kids can learn to read faster, using text read aloud, and highlighting words for syntax. |
| [![Try Learning Tools Immersive Reader](images/edu-TIB-setp-2-v3.png)](#edu-task2) | **Interested in significantly improving your students' reading speed and comprehension?<sup>[1](#footnote1)</sup>** </br>Try the [Learning Tools Immersive Reader](#edu-task2) to see how kids can learn to read faster, using text read aloud, and highlighting words for syntax. |
| [![Launch Microsoft Teams](images/edu-TIB-setp-3-v3.png)](#edu-task3) | **Looking to foster collaboration, communication, and critical thinking in the classroom?** </br>Launch [Microsoft Teams](#edu-task3) and learn how to set up digital classroom discussions, respond to student questions, and organize class content. |
| [![Open OneNote](images/edu-TIB-setp-4-v3.png)](#edu-task4) | **Trying to expand classroom creativity and interaction between students?** </br>Open [OneNote](#edu-task4) and create an example group project for your class. |
| [![Play with Minecraft: Education Edition](images/edu-TIB-setp-5-v3.png)](#edu-task5) | **Want to teach kids to further collaborate and problem solve?** </br>Play with [Minecraft: Education Edition](#edu-task5) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. |
@ -46,7 +46,7 @@ To try out the educator tasks, start by logging in as a teacher.
</br>
![Improve student reading speed and comprehension](images/edu-TIB-setp-2-jump.png)
## <a name="edu-task2"></a>2. Drastically improve student reading speed and comprehension
## <a name="edu-task2"></a>2. Significantly improve student reading speed and comprehension
<!-- hiding placeholder
<center><iframe width="560" height="315" src="https://aka.ms/EDU-Learning-Tools" frameborder="3" allow="autoplay; encrypted-media" allowfullscreen></iframe></center>

2
windows/application-management/svchost-service-refactoring.md
View File

@ -33,7 +33,7 @@ Benefits of this design change include:
* Reduced support costs by eliminating the troubleshooting overhead associated with isolating misbehaving services in the shared host.
* Increased security by providing additional inter-service isolation
* Increased scalability by allowing per-service settings and privileges
* Improved resource management through per-service CPU, I/O and memory management and increase clear telemetry (report CPU, I/O and network usage per service).
* Improved resource management through per-service CPU, I/O and memory management and increase clear diagnostic data (report CPU, I/O and network usage per service).
>**Try This**
>

2
windows/client-management/mdm/dmclient-csp.md
View File

@ -216,7 +216,7 @@ Added in Windows 10, version 1607. Returns the hardware device ID.
Supported operation is Get.
<a href="" id="provider-providerid-commercialid"></a>**Provider/*ProviderID*/CommercialID**
Added in Windows 10, version 1607. Configures the identifier used to uniquely associate this telemetry data of this device as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its telemetry data with your organization..
Added in Windows 10, version 1607. Configures the identifier used to uniquely associate this diagnostic data of this device as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its diagnostic data with your organization..
Supported operations are Add, Get, Replace, and Delete.

18
windows/client-management/mdm/policy-csp-abovelock.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - AboveLock
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## AboveLock policies
<dl>
@ -33,7 +33,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="abovelock-allowactioncenternotifications"></a>**AboveLock/AllowActionCenterNotifications**
<!--SupportedSKUs-->
@ -84,11 +84,11 @@ The following list shows the supported values:
- 1 (default) - Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="abovelock-allowcortanaabovelock"></a>**AboveLock/AllowCortanaAboveLock**
<!--SupportedSKUs-->
@ -134,11 +134,11 @@ The following list shows the supported values:
- 1 (default) - Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="abovelock-allowtoasts"></a>**AboveLock/AllowToasts**
<!--SupportedSKUs-->
@ -186,7 +186,7 @@ The following list shows the supported values:
- 1 (default) - Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -195,5 +195,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

18
windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - AccountPoliciesAccountLockoutPolicy
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## AccountPoliciesAccountLockoutPolicy policies
<dl>
@ -35,7 +35,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="accountpoliciesaccountlockoutpolicy-accountlockoutduration"></a>**AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration**
<!--SupportedSKUs-->
@ -78,11 +78,11 @@ If an account lockout threshold is defined, the account lockout duration must be
Default: None, because this policy setting only has meaning when an Account lockout threshold is specified.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="accountpoliciesaccountlockoutpolicy-accountlockoutthreshold"></a>**AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold**
<!--SupportedSKUs-->
@ -125,11 +125,11 @@ Failed password attempts against workstations or member servers that have been l
Default: 0.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="accountpoliciesaccountlockoutpolicy-resetaccountlockoutcounterafter"></a>**AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter**
<!--SupportedSKUs-->
@ -172,7 +172,7 @@ If an account lockout threshold is defined, this reset time must be less than or
Default: None, because this policy setting only has meaning when an Account lockout threshold is specified.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -181,5 +181,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

22
windows/client-management/mdm/policy-csp-accounts.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Accounts
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Accounts policies
<dl>
@ -36,7 +36,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="accounts-allowaddingnonmicrosoftaccountsmanually"></a>**Accounts/AllowAddingNonMicrosoftAccountsManually**
<!--SupportedSKUs-->
@ -87,11 +87,11 @@ The following list shows the supported values:
- 1 (default) - Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="accounts-allowmicrosoftaccountconnection"></a>**Accounts/AllowMicrosoftAccountConnection**
<!--SupportedSKUs-->
@ -139,11 +139,11 @@ The following list shows the supported values:
- 1 (default) - Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="accounts-allowmicrosoftaccountsigninassistant"></a>**Accounts/AllowMicrosoftAccountSignInAssistant**
<!--SupportedSKUs-->
@ -189,11 +189,11 @@ The following list shows the supported values:
- 1 (default) - Manual start.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="accounts-domainnamesforemailsync"></a>**Accounts/DomainNamesForEmailSync**
<!--SupportedSKUs-->
@ -236,7 +236,7 @@ The data type is a string.
The default value is an empty string, which allows all email accounts on the device to sync email. Otherwise, the string should contain a pipe-separated list of domains that are allowed to sync email on the device. For example, "contoso.com|fabrikam.net|woodgrove.gov".
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -245,7 +245,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartHoloLens-->
## <a href="" id="hololenspolicies"></a>Accounts policies supported by Windows Holographic for Business

10
windows/client-management/mdm/policy-csp-activexcontrols.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - ActiveXControls
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## ActiveXControls policies
<dl>
@ -27,7 +27,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="activexcontrols-approvedinstallationsites"></a>**ActiveXControls/ApprovedInstallationSites**
<!--SupportedSKUs-->
@ -87,7 +87,7 @@ ADMX Info:
- GP ADMX file name: *ActiveXInstallService.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -96,5 +96,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

10
windows/client-management/mdm/policy-csp-applicationdefaults.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - ApplicationDefaults
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## ApplicationDefaults policies
<dl>
@ -27,7 +27,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="applicationdefaults-defaultassociationsconfiguration"></a>**ApplicationDefaults/DefaultAssociationsConfiguration**
<!--SupportedSKUs-->
@ -122,7 +122,7 @@ Here is the SyncMl example:
```
<!--/Example-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -131,5 +131,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

50
windows/client-management/mdm/policy-csp-applicationmanagement.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - ApplicationManagement
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## ApplicationManagement policies
<dl>
@ -57,7 +57,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="applicationmanagement-allowalltrustedapps"></a>**ApplicationManagement/AllowAllTrustedApps**
<!--SupportedSKUs-->
@ -106,11 +106,11 @@ The following list shows the supported values:
- 65535 (default) - Not configured.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="applicationmanagement-allowappstoreautoupdate"></a>**ApplicationManagement/AllowAppStoreAutoUpdate**
<!--SupportedSKUs-->
@ -159,11 +159,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="applicationmanagement-allowdeveloperunlock"></a>**ApplicationManagement/AllowDeveloperUnlock**
<!--SupportedSKUs-->
@ -212,11 +212,11 @@ The following list shows the supported values:
- 65535 (default) - Not configured.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="applicationmanagement-allowgamedvr"></a>**ApplicationManagement/AllowGameDVR**
<!--SupportedSKUs-->
@ -267,11 +267,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="applicationmanagement-allowshareduserappdata"></a>**ApplicationManagement/AllowSharedUserAppData**
<!--SupportedSKUs-->
@ -319,11 +319,11 @@ The following list shows the supported values:
- 1 Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="applicationmanagement-allowstore"></a>**ApplicationManagement/AllowStore**
<!--SupportedSKUs-->
@ -371,11 +371,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="applicationmanagement-applicationrestrictions"></a>**ApplicationManagement/ApplicationRestrictions**
<!--SupportedSKUs-->
@ -436,11 +436,11 @@ Value type is chr.
Value evaluation rule - The information for PolicyManager is opaque. There is no most restricted value evaluation. Whenever there is a change to the value, the device parses the node value and enforces specified policies.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="applicationmanagement-disablestoreoriginatedapps"></a>**ApplicationManagement/DisableStoreOriginatedApps**
<!--SupportedSKUs-->
@ -486,11 +486,11 @@ The following list shows the supported values:
- 1 Disable launch of apps.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="applicationmanagement-requireprivatestoreonly"></a>**ApplicationManagement/RequirePrivateStoreOnly**
<!--SupportedSKUs-->
@ -539,11 +539,11 @@ The following list shows the supported values:
- 1 Only Private store is enabled.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="applicationmanagement-restrictappdatatosystemvolume"></a>**ApplicationManagement/RestrictAppDataToSystemVolume**
<!--SupportedSKUs-->
@ -591,11 +591,11 @@ The following list shows the supported values:
- 1 Restricted.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="applicationmanagement-restrictapptosystemvolume"></a>**ApplicationManagement/RestrictAppToSystemVolume**
<!--SupportedSKUs-->
@ -643,7 +643,7 @@ The following list shows the supported values:
- 1 Restricted.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -652,7 +652,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartHoloLens-->
## <a href="" id="hololenspolicies"></a>ApplicationManagement policies supported by Windows Holographic for Business

118
windows/client-management/mdm/policy-csp-appvirtualization.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - AppVirtualization
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## AppVirtualization policies
<dl>
@ -108,7 +108,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-allowappvclient"></a>**AppVirtualization/AllowAppVClient**
<!--SupportedSKUs-->
@ -162,11 +162,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-allowdynamicvirtualization"></a>**AppVirtualization/AllowDynamicVirtualization**
<!--SupportedSKUs-->
@ -220,11 +220,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-allowpackagecleanup"></a>**AppVirtualization/AllowPackageCleanup**
<!--SupportedSKUs-->
@ -278,11 +278,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-allowpackagescripts"></a>**AppVirtualization/AllowPackageScripts**
<!--SupportedSKUs-->
@ -336,11 +336,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-allowpublishingrefreshux"></a>**AppVirtualization/AllowPublishingRefreshUX**
<!--SupportedSKUs-->
@ -394,11 +394,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-allowreportingserver"></a>**AppVirtualization/AllowReportingServer**
<!--SupportedSKUs-->
@ -462,11 +462,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-allowroamingfileexclusions"></a>**AppVirtualization/AllowRoamingFileExclusions**
<!--SupportedSKUs-->
@ -520,11 +520,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-allowroamingregistryexclusions"></a>**AppVirtualization/AllowRoamingRegistryExclusions**
<!--SupportedSKUs-->
@ -578,11 +578,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-allowstreamingautoload"></a>**AppVirtualization/AllowStreamingAutoload**
<!--SupportedSKUs-->
@ -636,11 +636,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-clientcoexistenceallowmigrationmode"></a>**AppVirtualization/ClientCoexistenceAllowMigrationmode**
<!--SupportedSKUs-->
@ -694,11 +694,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-integrationallowrootglobal"></a>**AppVirtualization/IntegrationAllowRootGlobal**
<!--SupportedSKUs-->
@ -752,11 +752,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-integrationallowrootuser"></a>**AppVirtualization/IntegrationAllowRootUser**
<!--SupportedSKUs-->
@ -810,11 +810,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-publishingallowserver1"></a>**AppVirtualization/PublishingAllowServer1**
<!--SupportedSKUs-->
@ -886,11 +886,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-publishingallowserver2"></a>**AppVirtualization/PublishingAllowServer2**
<!--SupportedSKUs-->
@ -962,11 +962,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-publishingallowserver3"></a>**AppVirtualization/PublishingAllowServer3**
<!--SupportedSKUs-->
@ -1038,11 +1038,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-publishingallowserver4"></a>**AppVirtualization/PublishingAllowServer4**
<!--SupportedSKUs-->
@ -1114,11 +1114,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-publishingallowserver5"></a>**AppVirtualization/PublishingAllowServer5**
<!--SupportedSKUs-->
@ -1190,11 +1190,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-streamingallowcertificatefilterforclient-ssl"></a>**AppVirtualization/StreamingAllowCertificateFilterForClient_SSL**
<!--SupportedSKUs-->
@ -1248,11 +1248,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-streamingallowhighcostlaunch"></a>**AppVirtualization/StreamingAllowHighCostLaunch**
<!--SupportedSKUs-->
@ -1306,11 +1306,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-streamingallowlocationprovider"></a>**AppVirtualization/StreamingAllowLocationProvider**
<!--SupportedSKUs-->
@ -1364,11 +1364,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-streamingallowpackageinstallationroot"></a>**AppVirtualization/StreamingAllowPackageInstallationRoot**
<!--SupportedSKUs-->
@ -1422,11 +1422,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-streamingallowpackagesourceroot"></a>**AppVirtualization/StreamingAllowPackageSourceRoot**
<!--SupportedSKUs-->
@ -1480,11 +1480,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-streamingallowreestablishmentinterval"></a>**AppVirtualization/StreamingAllowReestablishmentInterval**
<!--SupportedSKUs-->
@ -1538,11 +1538,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-streamingallowreestablishmentretries"></a>**AppVirtualization/StreamingAllowReestablishmentRetries**
<!--SupportedSKUs-->
@ -1596,11 +1596,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-streamingsharedcontentstoremode"></a>**AppVirtualization/StreamingSharedContentStoreMode**
<!--SupportedSKUs-->
@ -1654,11 +1654,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-streamingsupportbranchcache"></a>**AppVirtualization/StreamingSupportBranchCache**
<!--SupportedSKUs-->
@ -1712,11 +1712,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-streamingverifycertificaterevocationlist"></a>**AppVirtualization/StreamingVerifyCertificateRevocationList**
<!--SupportedSKUs-->
@ -1770,11 +1770,11 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="appvirtualization-virtualcomponentsallowlist"></a>**AppVirtualization/VirtualComponentsAllowList**
<!--SupportedSKUs-->
@ -1828,7 +1828,7 @@ ADMX Info:
- GP ADMX file name: *appv.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -1837,5 +1837,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

18
windows/client-management/mdm/policy-csp-attachmentmanager.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - AttachmentManager
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## AttachmentManager policies
<dl>
@ -33,7 +33,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="attachmentmanager-donotpreservezoneinformation"></a>**AttachmentManager/DoNotPreserveZoneInformation**
<!--SupportedSKUs-->
@ -93,11 +93,11 @@ ADMX Info:
- GP ADMX file name: *AttachmentManager.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="attachmentmanager-hidezoneinfomechanism"></a>**AttachmentManager/HideZoneInfoMechanism**
<!--SupportedSKUs-->
@ -157,11 +157,11 @@ ADMX Info:
- GP ADMX file name: *AttachmentManager.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="attachmentmanager-notifyantivirusprograms"></a>**AttachmentManager/NotifyAntivirusPrograms**
<!--SupportedSKUs-->
@ -221,7 +221,7 @@ ADMX Info:
- GP ADMX file name: *AttachmentManager.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -230,5 +230,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

26
windows/client-management/mdm/policy-csp-authentication.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Authentication
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Authentication policies
<dl>
@ -39,7 +39,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="authentication-allowaadpasswordreset"></a>**Authentication/AllowAadPasswordReset**
<!--SupportedSKUs-->
@ -85,11 +85,11 @@ The following list shows the supported values:
- 1 Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="authentication-alloweapcertsso"></a>**Authentication/AllowEAPCertSSO**
<!--SupportedSKUs-->
@ -135,11 +135,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="authentication-allowfastreconnect"></a>**Authentication/AllowFastReconnect**
<!--SupportedSKUs-->
@ -187,11 +187,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="authentication-allowfidodevicesignon"></a>**Authentication/AllowFidoDeviceSignon**
<!--SupportedSKUs-->
@ -241,11 +241,11 @@ The following list shows the supported values:
- 1 - Allow. The FIDO device credential provider is enabled and allows usage of FIDO devices to sign into an Windows.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="authentication-allowsecondaryauthenticationdevice"></a>**Authentication/AllowSecondaryAuthenticationDevice**
<!--SupportedSKUs-->
@ -293,7 +293,7 @@ The following list shows the supported values:
- 1 Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -302,7 +302,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartHoloLens-->
## <a href="" id="hololenspolicies"></a>Authentication policies supported by Windows Holographic for Business

18
windows/client-management/mdm/policy-csp-autoplay.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Autoplay
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Autoplay policies
<dl>
@ -33,7 +33,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="autoplay-disallowautoplayfornonvolumedevices"></a>**Autoplay/DisallowAutoplayForNonVolumeDevices**
<!--SupportedSKUs-->
@ -92,11 +92,11 @@ ADMX Info:
- GP ADMX file name: *AutoPlay.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="autoplay-setdefaultautorunbehavior"></a>**Autoplay/SetDefaultAutoRunBehavior**
<!--SupportedSKUs-->
@ -164,11 +164,11 @@ ADMX Info:
- GP ADMX file name: *AutoPlay.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="autoplay-turnoffautoplay"></a>**Autoplay/TurnOffAutoPlay**
<!--SupportedSKUs-->
@ -237,7 +237,7 @@ ADMX Info:
- GP ADMX file name: *AutoPlay.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -246,5 +246,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

10
windows/client-management/mdm/policy-csp-bitlocker.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Bitlocker
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Bitlocker policies
<dl>
@ -27,7 +27,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="bitlocker-encryptionmethod"></a>**Bitlocker/EncryptionMethod**
<!--SupportedSKUs-->
@ -106,7 +106,7 @@ The following list shows the supported values:
- 7 - XTS-AES 256-bit (Desktop only)
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -115,5 +115,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

26
windows/client-management/mdm/policy-csp-bluetooth.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Bluetooth
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Bluetooth policies
<dl>
@ -39,7 +39,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="bluetooth-allowadvertising"></a>**Bluetooth/AllowAdvertising**
<!--SupportedSKUs-->
@ -89,11 +89,11 @@ The following list shows the supported values:
- 1 (default) Allowed. When set to 1, the device will send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is received by the peripheral.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="bluetooth-allowdiscoverablemode"></a>**Bluetooth/AllowDiscoverableMode**
<!--SupportedSKUs-->
@ -143,11 +143,11 @@ The following list shows the supported values:
- 1 (default) Allowed. When set to 1, other devices will be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel and verify that you can discover it.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="bluetooth-allowprepairing"></a>**Bluetooth/AllowPrepairing**
<!--SupportedSKUs-->
@ -193,11 +193,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="bluetooth-localdevicename"></a>**Bluetooth/LocalDeviceName**
<!--SupportedSKUs-->
@ -240,11 +240,11 @@ If this is set, the value that it is set to will be used as the Bluetooth device
If this policy is not set or it is deleted, the default local radio name is used.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="bluetooth-servicesallowedlist"></a>**Bluetooth/ServicesAllowedList**
<!--SupportedSKUs-->
@ -285,7 +285,7 @@ Set a list of allowable services and profiles. String hex formatted array of Blu
The default value is an empty string.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -294,7 +294,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartHoloLens-->
## <a href="" id="hololenspolicies"></a>Bluetooth policies supported by Windows Holographic for Business

164
windows/client-management/mdm/policy-csp-browser.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Browser
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Browser policies
<dl>
@ -140,7 +140,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-allowaddressbardropdown"></a>**Browser/AllowAddressBarDropdown**
<!--SupportedSKUs-->
@ -192,11 +192,11 @@ The following list shows the supported values:
- 1 (default) Allowed. Address bar drop-down is enabled.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-allowautofill"></a>**Browser/AllowAutofill**
<!--SupportedSKUs-->
@ -254,11 +254,11 @@ To verify AllowAutofill is set to 0 (not allowed):
4. Verify the setting **Save form entries** is greyed out.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-allowbrowser"></a>**Browser/AllowBrowser**
<!--SupportedSKUs-->
@ -313,11 +313,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-allowcookies"></a>**Browser/AllowCookies**
<!--SupportedSKUs-->
@ -376,11 +376,11 @@ To verify AllowCookies is set to 0 (not allowed):
4. Verify the setting **Cookies** is greyed out.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-allowdevelopertools"></a>**Browser/AllowDeveloperTools**
<!--SupportedSKUs-->
@ -433,11 +433,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-allowdonottrack"></a>**Browser/AllowDoNotTrack**
<!--SupportedSKUs-->
@ -495,11 +495,11 @@ To verify AllowDoNotTrack is set to 0 (not allowed):
4. Verify the setting **Send Do Not Track requests** is greyed out.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-allowextensions"></a>**Browser/AllowExtensions**
<!--SupportedSKUs-->
@ -546,11 +546,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-allowflash"></a>**Browser/AllowFlash**
<!--SupportedSKUs-->
@ -597,11 +597,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-allowflashclicktorun"></a>**Browser/AllowFlashClickToRun**
<!--SupportedSKUs-->
@ -648,11 +648,11 @@ The following list shows the supported values:
- 1 (default) Users must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-allowinprivate"></a>**Browser/AllowInPrivate**
<!--SupportedSKUs-->
@ -701,11 +701,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-allowmicrosoftcompatibilitylist"></a>**Browser/AllowMicrosoftCompatibilityList**
<!--SupportedSKUs-->
@ -757,11 +757,11 @@ The following list shows the supported values:
- 1 (default) Enabled.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-allowpasswordmanager"></a>**Browser/AllowPasswordManager**
<!--SupportedSKUs-->
@ -819,11 +819,11 @@ To verify AllowPasswordManager is set to 0 (not allowed):
4. Verify the settings **Offer to save password** and **Manage my saved passwords** are greyed out.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-allowpopups"></a>**Browser/AllowPopups**
<!--SupportedSKUs-->
@ -881,11 +881,11 @@ To verify AllowPopups is set to 0 (not allowed):
4. Verify the setting **Block pop-ups** is greyed out.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-allowsearchenginecustomization"></a>**Browser/AllowSearchEngineCustomization**
<!--SupportedSKUs-->
@ -936,11 +936,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-allowsearchsuggestionsinaddressbar"></a>**Browser/AllowSearchSuggestionsinAddressBar**
<!--SupportedSKUs-->
@ -989,11 +989,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-allowsmartscreen"></a>**Browser/AllowSmartScreen**
<!--SupportedSKUs-->
@ -1051,11 +1051,11 @@ To verify AllowSmartScreen is set to 0 (not allowed):
4. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is greyed out.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-alwaysenablebookslibrary"></a>**Browser/AlwaysEnableBooksLibrary**
<!--SupportedSKUs-->
@ -1102,11 +1102,11 @@ The following list shows the supported values:
- 1 - Enable. Always show the Books Library, regardless of countries or region of activation.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-clearbrowsingdataonexit"></a>**Browser/ClearBrowsingDataOnExit**
<!--SupportedSKUs-->
@ -1163,11 +1163,11 @@ To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set
3. Open Microsoft Edge and start typing the same URL in address bar. Verify that it does not auto-complete from history.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-configureadditionalsearchengines"></a>**Browser/ConfigureAdditionalSearchEngines**
<!--SupportedSKUs-->
@ -1225,11 +1225,11 @@ The following list shows the supported values:
- 1 Additional search engines are allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-disablelockdownofstartpages"></a>**Browser/DisableLockdownOfStartPages**
<!--SupportedSKUs-->
@ -1284,11 +1284,11 @@ The following list shows the supported values:
- 1 Disable lockdown of the Start pages and allow users to modify them.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-enableextendedbookstelemetry"></a>**Browser/EnableExtendedBooksTelemetry**
<!--SupportedSKUs-->
@ -1327,21 +1327,21 @@ The following list shows the supported values:
<!--Description-->
This policy setting lets you decide how much data to send to Microsoft about the book you're reading from the Books tab in Microsoft Edge.
If you enable this setting, Microsoft Edge sends additional telemetry data, on top of the basic telemetry data, from the Books tab. If you disable or don't configure this setting, Microsoft Edge only sends basic telemetry data, depending on your device configuration.
If you enable this setting, Microsoft Edge sends additional diagnostic data, on top of the basic diagnostic data, from the Books tab. If you disable or don't configure this setting, Microsoft Edge only sends basic diagnostic data, depending on your device configuration.
<!--/Description-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) - Disable. No additional telemetry.
- 1 - Enable. Additional telemetry for schools.
- 0 (default) - Disable. No additional diagnostic data.
- 1 - Enable. Additional diagnostic data for schools.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-enterprisemodesitelist"></a>**Browser/EnterpriseModeSiteList**
<!--SupportedSKUs-->
@ -1392,11 +1392,11 @@ The following list shows the supported values:
- Set to a URL location of the enterprise site list.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-enterprisesitelistserviceurl"></a>**Browser/EnterpriseSiteListServiceUrl**
<!--SupportedSKUs-->
@ -1437,11 +1437,11 @@ The following list shows the supported values:
> This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist).
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-firstrunurl"></a>**Browser/FirstRunURL**
<!--SupportedSKUs-->
@ -1489,11 +1489,11 @@ The data type is a string.
The default value is an empty string. Otherwise, the string should contain the URL of the webpage users will see the first time Microsoft Edge is run. For example, “contoso.com”.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-homepages"></a>**Browser/HomePages**
<!--SupportedSKUs-->
@ -1543,11 +1543,11 @@ Starting in Windows 10, version 1703, if you dont want to send traffic to Mi
> Turning this setting off, or not configuring it, sets your default Start pages to the webpages specified in App settings.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-lockdownfavorites"></a>**Browser/LockdownFavorites**
<!--SupportedSKUs-->
@ -1603,11 +1603,11 @@ The following list shows the supported values:
- 1 - Enabled. Lockdown Favorites.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-preventaccesstoaboutflagsinmicrosoftedge"></a>**Browser/PreventAccessToAboutFlagsInMicrosoftEdge**
<!--SupportedSKUs-->
@ -1654,11 +1654,11 @@ The following list shows the supported values:
- 1 Users can't access the about:flags page in Microsoft Edge.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-preventfirstrunpage"></a>**Browser/PreventFirstRunPage**
<!--SupportedSKUs-->
@ -1707,11 +1707,11 @@ The following list shows the supported values:
- 1 Employees don't see the First Run webpage.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-preventlivetiledatacollection"></a>**Browser/PreventLiveTileDataCollection**
<!--SupportedSKUs-->
@ -1760,11 +1760,11 @@ The following list shows the supported values:
- 1 Microsoft servers will not be contacted if a site is pinned to Start from Microsoft Edge.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-preventsmartscreenpromptoverride"></a>**Browser/PreventSmartScreenPromptOverride**
<!--SupportedSKUs-->
@ -1813,11 +1813,11 @@ The following list shows the supported values:
- 1 On.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-preventsmartscreenpromptoverrideforfiles"></a>**Browser/PreventSmartScreenPromptOverrideForFiles**
<!--SupportedSKUs-->
@ -1864,11 +1864,11 @@ The following list shows the supported values:
- 1 On.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-preventusinglocalhostipaddressforwebrtc"></a>**Browser/PreventUsingLocalHostIPAddressForWebRTC**
<!--SupportedSKUs-->
@ -1919,11 +1919,11 @@ The following list shows the supported values:
- 1 The localhost IP address is hidden.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-provisionfavorites"></a>**Browser/ProvisionFavorites**
<!--SupportedSKUs-->
@ -1976,11 +1976,11 @@ If you disable or don't configure this setting, employees will see the favorites
Data type is string.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-sendintranettraffictointernetexplorer"></a>**Browser/SendIntranetTraffictoInternetExplorer**
<!--SupportedSKUs-->
@ -2033,11 +2033,11 @@ The following list shows the supported values:
- 1 Intranet traffic is sent to Microsoft Edge.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-setdefaultsearchengine"></a>**Browser/SetDefaultSearchEngine**
<!--SupportedSKUs-->
@ -2094,11 +2094,11 @@ The following list shows the supported values:
- 1 - Allows you to configure the default search engine for your employees.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-showmessagewhenopeningsitesininternetexplorer"></a>**Browser/ShowMessageWhenOpeningSitesInInternetExplorer**
<!--SupportedSKUs-->
@ -2151,11 +2151,11 @@ The following list shows the supported values:
- 1 Interstitial pages are shown.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-syncfavoritesbetweenieandmicrosoftedge"></a>**Browser/SyncFavoritesBetweenIEAndMicrosoftEdge**
<!--SupportedSKUs-->
@ -2217,11 +2217,11 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
</ol>
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="browser-usesharedfolderforbooks"></a>**Browser/UseSharedFolderForBooks**
<!--SupportedSKUs-->
@ -2268,7 +2268,7 @@ The following list shows the supported values:
- 1 - Use a shared folder.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -2277,7 +2277,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartEAS-->
## <a href="" id="eas"></a>Browser policies that can be set using Exchange Active Sync (EAS)

10
windows/client-management/mdm/policy-csp-camera.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Camera
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Camera policies
<dl>
@ -27,7 +27,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="camera-allowcamera"></a>**Camera/AllowCamera**
<!--SupportedSKUs-->
@ -75,7 +75,7 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -84,7 +84,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartEAS-->
## <a href="" id="eas"></a>Camera policies that can be set using Exchange Active Sync (EAS)

26
windows/client-management/mdm/policy-csp-cellular.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Cellular
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Cellular policies
<dl>
@ -39,7 +39,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="cellular-letappsaccesscellulardata"></a>**Cellular/LetAppsAccessCellularData**
<!--SupportedSKUs-->
@ -98,11 +98,11 @@ The following list shows the supported values:
- 2 - Force Deny
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="cellular-letappsaccesscellulardata_forceallowtheseapps"></a>**Cellular/LetAppsAccessCellularData_ForceAllowTheseApps**
<!--SupportedSKUs-->
@ -141,11 +141,11 @@ The following list shows the supported values:
Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="cellular-letappsaccesscellulardata_forcedenytheseapps"></a>**Cellular/LetAppsAccessCellularData_ForceDenyTheseApps**
<!--SupportedSKUs-->
@ -184,11 +184,11 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="cellular-letappsaccesscellulardata_userincontroloftheseapps"></a>**Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps**
<!--SupportedSKUs-->
@ -227,11 +227,11 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="cellular-showappcellularaccessui"></a>**Cellular/ShowAppCellularAccessUI**
<!--SupportedSKUs-->
@ -294,7 +294,7 @@ ADMX Info:
- GP ADMX file name: *wwansvc.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -303,7 +303,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartEAS-->
## <a href="" id="eas"></a>Cellular policies that can be set using Exchange Active Sync (EAS)

62
windows/client-management/mdm/policy-csp-connectivity.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Connectivity
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Connectivity policies
<dl>
@ -66,7 +66,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="connectivity-allowbluetooth"></a>**Connectivity/AllowBluetooth**
<!--SupportedSKUs-->
@ -120,11 +120,11 @@ The following list shows the supported values:
- 2 (default) Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="connectivity-allowcellulardata"></a>**Connectivity/AllowCellularData**
<!--SupportedSKUs-->
@ -171,11 +171,11 @@ The following list shows the supported values:
- 2 - Allow the cellular data channel. The user cannot turn it off.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="connectivity-allowcellulardataroaming"></a>**Connectivity/AllowCellularDataRoaming**
<!--SupportedSKUs-->
@ -234,11 +234,11 @@ To validate on mobile devices, do the following:
3. On the Properties page, select **Data roaming options**.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="connectivity-allowconnecteddevices"></a>**Connectivity/AllowConnectedDevices**
<!--SupportedSKUs-->
@ -287,11 +287,11 @@ The following list shows the supported values:
- 0 - Disable (CDP service not available).
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="connectivity-allownfc"></a>**Connectivity/AllowNFC**
<!--SupportedSKUs-->
@ -343,11 +343,11 @@ The following list shows the supported values:
- 1 (default) Allow NFC capabilities.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="connectivity-allowusbconnection"></a>**Connectivity/AllowUSBConnection**
<!--SupportedSKUs-->
@ -401,11 +401,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="connectivity-allowvpnovercellular"></a>**Connectivity/AllowVPNOverCellular**
<!--SupportedSKUs-->
@ -453,11 +453,11 @@ The following list shows the supported values:
- 1 (default) VPN can use any connection, including cellular.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="connectivity-allowvpnroamingovercellular"></a>**Connectivity/AllowVPNRoamingOverCellular**
<!--SupportedSKUs-->
@ -505,11 +505,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="connectivity-diableprintingoverhttp"></a>**Connectivity/DiablePrintingOverHTTP**
<!--SupportedSKUs-->
@ -562,11 +562,11 @@ ADMX Info:
- GP ADMX file name: *ICM.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="connectivity-disabledownloadingofprintdriversoverhttp"></a>**Connectivity/DisableDownloadingOfPrintDriversOverHTTP**
<!--SupportedSKUs-->
@ -619,11 +619,11 @@ ADMX Info:
- GP ADMX file name: *ICM.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards"></a>**Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards**
<!--SupportedSKUs-->
@ -676,11 +676,11 @@ ADMX Info:
- GP ADMX file name: *ICM.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="connectivity-disallownetworkconnectivityactivetests"></a>**Connectivity/DisallowNetworkConnectivityActiveTests**
<!--SupportedSKUs-->
@ -721,11 +721,11 @@ Added in Windows 10, version 1703. Network Connection Status Indicator (NCSI) de
Value type is integer.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="connectivity-hardeneduncpaths"></a>**Connectivity/HardenedUNCPaths**
<!--SupportedSKUs-->
@ -781,11 +781,11 @@ ADMX Info:
- GP ADMX file name: *networkprovider.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="connectivity-prohibitinstallationandconfigurationofnetworkbridge"></a>**Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge**
<!--SupportedSKUs-->
@ -838,7 +838,7 @@ ADMX Info:
- GP ADMX file name: *NetworkConnections.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -847,7 +847,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartEAS-->
## <a href="" id="eas"></a>Connectivity policies that can be set using Exchange Active Sync (EAS)

10
windows/client-management/mdm/policy-csp-controlpolicyconflict.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - ControlPolicyConflict
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## ControlPolicyConflict policies
<dl>
@ -29,7 +29,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="controlpolicyconflict-mdmwinsovergp"></a>**ControlPolicyConflict/MDMWinsOverGP**
<!--SupportedSKUs-->
@ -83,7 +83,7 @@ The following list shows the supported values:
- 1 - The MDM policy is used and the GP policy is blocked.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -92,5 +92,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

18
windows/client-management/mdm/policy-csp-credentialproviders.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - CredentialProviders
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## CredentialProviders policies
<dl>
@ -33,7 +33,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="credentialproviders-allowpinlogon"></a>**CredentialProviders/AllowPINLogon**
<!--SupportedSKUs-->
@ -95,11 +95,11 @@ ADMX Info:
- GP ADMX file name: *credentialproviders.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="credentialproviders-blockpicturepassword"></a>**CredentialProviders/BlockPicturePassword**
<!--SupportedSKUs-->
@ -159,11 +159,11 @@ ADMX Info:
- GP ADMX file name: *credentialproviders.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="credentialproviders-disableautomaticredeploymentcredentials"></a>**CredentialProviders/DisableAutomaticReDeploymentCredentials**
<!--SupportedSKUs-->
@ -211,7 +211,7 @@ The following list shows the supported values:
- 1 - Disable visibility of the credentials for Windows 10 Automatic ReDeployment
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -220,7 +220,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartIoTCore-->
## <a href="" id="iotcore"></a>CredentialProviders policies supported by IoT Core

14
windows/client-management/mdm/policy-csp-credentialsui.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - CredentialsUI
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## CredentialsUI policies
<dl>
@ -30,7 +30,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="credentialsui-disablepasswordreveal"></a>**CredentialsUI/DisablePasswordReveal**
<!--SupportedSKUs-->
@ -93,11 +93,11 @@ ADMX Info:
- GP ADMX file name: *credui.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="credentialsui-enumerateadministrators"></a>**CredentialsUI/EnumerateAdministrators**
<!--SupportedSKUs-->
@ -155,7 +155,7 @@ ADMX Info:
- GP ADMX file name: *credui.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -164,5 +164,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

14
windows/client-management/mdm/policy-csp-cryptography.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Cryptography
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Cryptography policies
<dl>
@ -30,7 +30,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="cryptography-allowfipsalgorithmpolicy"></a>**Cryptography/AllowFipsAlgorithmPolicy**
<!--SupportedSKUs-->
@ -76,11 +76,11 @@ The following list shows the supported values:
- 1 Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="cryptography-tlsciphersuites"></a>**Cryptography/TLSCipherSuites**
<!--SupportedSKUs-->
@ -119,7 +119,7 @@ The following list shows the supported values:
Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -128,7 +128,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartSurfaceHub-->
## <a href="" id="surfacehubpolicies"></a>Cryptography policies supported by Microsoft Surface Hub

14
windows/client-management/mdm/policy-csp-dataprotection.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - DataProtection
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## DataProtection policies
<dl>
@ -30,7 +30,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="dataprotection-allowdirectmemoryaccess"></a>**DataProtection/AllowDirectMemoryAccess**
<!--SupportedSKUs-->
@ -78,11 +78,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="dataprotection-legacyselectivewipeid"></a>**DataProtection/LegacySelectiveWipeID**
<!--SupportedSKUs-->
@ -128,7 +128,7 @@ Setting used by Windows 8.1 Selective Wipe.
> This policy is not recommended for use in Windows 10.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -137,7 +137,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartIoTCore-->
## <a href="" id="iotcore"></a>DataProtection policies supported by IoT Core

14
windows/client-management/mdm/policy-csp-datausage.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - DataUsage
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## DataUsage policies
<dl>
@ -30,7 +30,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="datausage-setcost3g"></a>**DataUsage/SetCost3G**
<!--SupportedSKUs-->
@ -94,11 +94,11 @@ ADMX Info:
- GP ADMX file name: *wwansvc.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="datausage-setcost4g"></a>**DataUsage/SetCost4G**
<!--SupportedSKUs-->
@ -162,7 +162,7 @@ ADMX Info:
- GP ADMX file name: *wwansvc.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -171,5 +171,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

146
windows/client-management/mdm/policy-csp-defender.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Defender
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Defender policies
<dl>
@ -129,7 +129,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-allowarchivescanning"></a>**Defender/AllowArchiveScanning**
<!--SupportedSKUs-->
@ -179,11 +179,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-allowbehaviormonitoring"></a>**Defender/AllowBehaviorMonitoring**
<!--SupportedSKUs-->
@ -233,11 +233,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-allowcloudprotection"></a>**Defender/AllowCloudProtection**
<!--SupportedSKUs-->
@ -287,11 +287,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-allowemailscanning"></a>**Defender/AllowEmailScanning**
<!--SupportedSKUs-->
@ -341,11 +341,11 @@ The following list shows the supported values:
- 1 Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-allowfullscanonmappednetworkdrives"></a>**Defender/AllowFullScanOnMappedNetworkDrives**
<!--SupportedSKUs-->
@ -395,11 +395,11 @@ The following list shows the supported values:
- 1 Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-allowfullscanremovabledrivescanning"></a>**Defender/AllowFullScanRemovableDriveScanning**
<!--SupportedSKUs-->
@ -449,11 +449,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-allowioavprotection"></a>**Defender/AllowIOAVProtection**
<!--SupportedSKUs-->
@ -503,11 +503,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-allowintrusionpreventionsystem"></a>**Defender/AllowIntrusionPreventionSystem**
<!--SupportedSKUs-->
@ -557,11 +557,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-allowonaccessprotection"></a>**Defender/AllowOnAccessProtection**
<!--SupportedSKUs-->
@ -611,11 +611,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-allowrealtimemonitoring"></a>**Defender/AllowRealtimeMonitoring**
<!--SupportedSKUs-->
@ -665,11 +665,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-allowscanningnetworkfiles"></a>**Defender/AllowScanningNetworkFiles**
<!--SupportedSKUs-->
@ -719,11 +719,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-allowscriptscanning"></a>**Defender/AllowScriptScanning**
<!--SupportedSKUs-->
@ -773,11 +773,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-allowuseruiaccess"></a>**Defender/AllowUserUIAccess**
<!--SupportedSKUs-->
@ -827,11 +827,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-attacksurfacereductiononlyexclusions"></a>**Defender/AttackSurfaceReductionOnlyExclusions**
<!--SupportedSKUs-->
@ -876,11 +876,11 @@ Added in Windows 10, version 1709. This policy setting allows you to prevent Att
Value type is string.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-attacksurfacereductionrules"></a>**Defender/AttackSurfaceReductionRules**
<!--SupportedSKUs-->
@ -927,11 +927,11 @@ For more information about ASR rule ID and status ID, see [Enable Attack Surface
Value type is string.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-avgcpuloadfactor"></a>**Defender/AvgCPULoadFactor**
<!--SupportedSKUs-->
@ -981,11 +981,11 @@ The default value is 50.
Valid values: 0100
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-cloudblocklevel"></a>**Defender/CloudBlockLevel**
<!--SupportedSKUs-->
@ -1044,11 +1044,11 @@ The following list shows the supported values:
- 0x6 - Zero tolerance blocking level block all unknown executables
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-cloudextendedtimeout"></a>**Defender/CloudExtendedTimeout**
<!--SupportedSKUs-->
@ -1097,11 +1097,11 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se
> This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required".
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-controlledfolderaccessallowedapplications"></a>**Defender/ControlledFolderAccessAllowedApplications**
<!--SupportedSKUs-->
@ -1143,11 +1143,11 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se
Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the | as the substring separator.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-controlledfolderaccessprotectedfolders"></a>**Defender/ControlledFolderAccessProtectedFolders**
<!--SupportedSKUs-->
@ -1189,11 +1189,11 @@ Added in Windows 10, version 1709. This policy setting allows user-specified app
Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the | as the substring separator.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-daystoretaincleanedmalware"></a>**Defender/DaysToRetainCleanedMalware**
<!--SupportedSKUs-->
@ -1243,11 +1243,11 @@ The default value is 0, which keeps items in quarantine, and does not automatica
Valid values: 090
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-enablecontrolledfolderaccess"></a>**Defender/EnableControlledFolderAccess**
<!--SupportedSKUs-->
@ -1297,11 +1297,11 @@ The following list shows the supported values:
- 2 - Audit Mode
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-enablenetworkprotection"></a>**Defender/EnableNetworkProtection**
<!--SupportedSKUs-->
@ -1357,11 +1357,11 @@ The following list shows the supported values:
- 2 - Enabled (audit mode)
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-excludedextensions"></a>**Defender/ExcludedExtensions**
<!--SupportedSKUs-->
@ -1404,11 +1404,11 @@ The following list shows the supported values:
Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj".
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-excludedpaths"></a>**Defender/ExcludedPaths**
<!--SupportedSKUs-->
@ -1451,11 +1451,11 @@ Allows an administrator to specify a list of file type extensions to ignore duri
Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a **|**. For example, "C:\\Example|C:\\Example1".
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-excludedprocesses"></a>**Defender/ExcludedProcesses**
<!--SupportedSKUs-->
@ -1504,11 +1504,11 @@ Allows an administrator to specify a list of files opened by processes to ignore
Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe".
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-puaprotection"></a>**Defender/PUAProtection**
<!--SupportedSKUs-->
@ -1559,11 +1559,11 @@ The following list shows the supported values:
- 2 Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-realtimescandirection"></a>**Defender/RealTimeScanDirection**
<!--SupportedSKUs-->
@ -1617,11 +1617,11 @@ The following list shows the supported values:
- 2 Monitor outgoing files.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-scanparameter"></a>**Defender/ScanParameter**
<!--SupportedSKUs-->
@ -1671,11 +1671,11 @@ The following list shows the supported values:
- 2 Full scan
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-schedulequickscantime"></a>**Defender/ScheduleQuickScanTime**
<!--SupportedSKUs-->
@ -1731,11 +1731,11 @@ The default value is 120
Valid values: 01380
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-schedulescanday"></a>**Defender/ScheduleScanDay**
<!--SupportedSKUs-->
@ -1795,11 +1795,11 @@ The following list shows the supported values:
- 8 No scheduled scan
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-schedulescantime"></a>**Defender/ScheduleScanTime**
<!--SupportedSKUs-->
@ -1855,11 +1855,11 @@ The default value is 120.
Valid values: 01380.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-signatureupdateinterval"></a>**Defender/SignatureUpdateInterval**
<!--SupportedSKUs-->
@ -1911,11 +1911,11 @@ The default value is 8.
Valid values: 024.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-submitsamplesconsent"></a>**Defender/SubmitSamplesConsent**
<!--SupportedSKUs-->
@ -1967,11 +1967,11 @@ The following list shows the supported values:
- 3 Send all samples automatically.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="defender-threatseveritydefaultaction"></a>**Defender/ThreatSeverityDefaultAction**
<!--SupportedSKUs-->
@ -2032,7 +2032,7 @@ The following list shows the supported values for possible actions:
- 10 Block
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -2041,7 +2041,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartSurfaceHub-->
## <a href="" id="surfacehubpolicies"></a>Defender policies supported by Microsoft Surface Hub

102
windows/client-management/mdm/policy-csp-deliveryoptimization.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - DeliveryOptimization
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## DeliveryOptimization policies
<dl>
@ -98,7 +98,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-doabsolutemaxcachesize"></a>**DeliveryOptimization/DOAbsoluteMaxCacheSize**
<!--SupportedSKUs-->
@ -143,11 +143,11 @@ Added in Windows 10, version 1607. Specifies the maximum size in GB of Delivery
The default value is 10.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-doallowvpnpeercaching"></a>**DeliveryOptimization/DOAllowVPNPeerCaching**
<!--SupportedSKUs-->
@ -197,11 +197,11 @@ The following list shows the supported values:
- 1 - Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-dodelaybackgrounddownloadfromhttp"></a>**DeliveryOptimization/DODelayBackgroundDownloadFromHttp**
<!--SupportedSKUs-->
@ -242,11 +242,11 @@ Added in Windows 10, next major update. This policy allows you to delay the use
After the max delay is reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from peers. Note that a download that is waiting for peer sources, will appear to be stuck for the end user. The recommended value is 1 hour (3600).
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-dodelayforegrounddownloadfromhttp"></a>**DeliveryOptimization/DODelayForegroundDownloadFromHttp**
<!--SupportedSKUs-->
@ -299,11 +299,11 @@ The following list shows the supported values as number of seconds:
- Default is not configured.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-dodownloadmode"></a>**DeliveryOptimization/DODownloadMode**
<!--SupportedSKUs-->
@ -357,11 +357,11 @@ The following list shows the supported values:
- 100 - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-dogroupid"></a>**DeliveryOptimization/DOGroupId**
<!--SupportedSKUs-->
@ -407,11 +407,11 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this
> You must use a GUID as the group ID.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-dogroupidsource"></a>**DeliveryOptimization/DOGroupIdSource**
<!--SupportedSKUs-->
@ -467,11 +467,11 @@ The following list shows the supported values:
- 4 - DNS suffix
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-domaxcacheage"></a>**DeliveryOptimization/DOMaxCacheAge**
<!--SupportedSKUs-->
@ -516,11 +516,11 @@ Specifies the maximum time in seconds that each file is held in the Delivery Opt
The default value is 259200 seconds (3 days).
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-domaxcachesize"></a>**DeliveryOptimization/DOMaxCacheSize**
<!--SupportedSKUs-->
@ -565,11 +565,11 @@ Specifies the maximum cache size that Delivery Optimization can utilize, as a pe
The default value is 20.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-domaxdownloadbandwidth"></a>**DeliveryOptimization/DOMaxDownloadBandwidth**
<!--SupportedSKUs-->
@ -614,11 +614,11 @@ Added in Windows 10, version 1607. Specifies the maximum download bandwidth in
The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-domaxuploadbandwidth"></a>**DeliveryOptimization/DOMaxUploadBandwidth**
<!--SupportedSKUs-->
@ -663,11 +663,11 @@ Specifies the maximum upload bandwidth in KiloBytes/second that a device will us
The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth).
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-dominbackgroundqos"></a>**DeliveryOptimization/DOMinBackgroundQos**
<!--SupportedSKUs-->
@ -712,11 +712,11 @@ Added in Windows 10, version 1607. Specifies the minimum download QoS (Quality
The default value is 500.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-dominbatterypercentageallowedtoupload"></a>**DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload**
<!--SupportedSKUs-->
@ -760,11 +760,11 @@ Added in Windows 10, version 1703. Specifies any value between 1 and 100 (in pe
The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-domindisksizeallowedtopeer"></a>**DeliveryOptimization/DOMinDiskSizeAllowedToPeer**
<!--SupportedSKUs-->
@ -812,11 +812,11 @@ Added in Windows 10, version 1703. Specifies the required minimum disk size (cap
The default value is 32 GB.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-dominfilesizetocache"></a>**DeliveryOptimization/DOMinFileSizeToCache**
<!--SupportedSKUs-->
@ -861,11 +861,11 @@ Added in Windows 10, version 1703. Specifies the minimum content file size in MB
The default value is 100 MB.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-dominramallowedtopeer"></a>**DeliveryOptimization/DOMinRAMAllowedToPeer**
<!--SupportedSKUs-->
@ -910,11 +910,11 @@ Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required
The default value is 4 GB.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-domodifycachedrive"></a>**DeliveryOptimization/DOModifyCacheDrive**
<!--SupportedSKUs-->
@ -959,11 +959,11 @@ Added in Windows 10, version 1607. Specifies the drive that Delivery Optimizati
By default, %SystemDrive% is used to store the cache.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-domonthlyuploaddatacap"></a>**DeliveryOptimization/DOMonthlyUploadDataCap**
<!--SupportedSKUs-->
@ -1010,11 +1010,11 @@ The value 0 (zero) means "unlimited"; No monthly upload limit is applied if 0 is
The default value is 20.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-dopercentagemaxbackdownloadbandwidth"></a>**DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth**
<!--SupportedSKUs-->
@ -1055,22 +1055,22 @@ Added in Windows 10, next major update. Specifies the maximum background downloa
Note that downloads from LAN peers will not be throttled even when this policy is set.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-dopercentagemaxdownloadbandwidth"></a>**DeliveryOptimization/DOPercentageMaxDownloadBandwidth**
<!--Description-->
This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryoptimization-dopercentagemaxforedownloadbandwidth) and [DOPercentageMaxBackDownloadBandwidth](#deliveryoptimization-dopercentagemaxbackdownloadbandwidth) policies instead.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-dopercentagemaxforedownloadbandwidth"></a>**DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth**
<!--SupportedSKUs-->
@ -1111,11 +1111,11 @@ Added in Windows 10, next major update. Specifies the maximum foreground downloa
Note that downloads from LAN peers will not be throttled even when this policy is set.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-dorestrictpeerselectionby"></a>**DeliveryOptimization/DORestrictPeerSelectionBy**
<!--SupportedSKUs-->
@ -1163,11 +1163,11 @@ The following list shows the supported values:
- 1 - Subnet mask.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth"></a>**DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth**
<!--SupportedSKUs-->
@ -1216,11 +1216,11 @@ This policy allows an IT Admin to define the following:
- % of throttle for foreground traffic outside of business hours
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth"></a>**DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth**
<!--SupportedSKUs-->
@ -1269,7 +1269,7 @@ This policy allows an IT Admin to define the following:
- % of throttle for foreground traffic outside of business hours
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -1278,7 +1278,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartSurfaceHub-->
## <a href="" id="surfacehubpolicies"></a>DeliveryOptimization policies supported by Microsoft Surface Hub

10
windows/client-management/mdm/policy-csp-desktop.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Desktop
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Desktop policies
<dl>
@ -27,7 +27,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="desktop-preventuserredirectionofprofilefolders"></a>**Desktop/PreventUserRedirectionOfProfileFolders**
<!--SupportedSKUs-->
@ -85,7 +85,7 @@ ADMX Info:
- GP ADMX file name: *desktop.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -94,7 +94,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartSurfaceHub-->
## <a href="" id="surfacehubpolicies"></a>Desktop policies supported by Microsoft Surface Hub

18
windows/client-management/mdm/policy-csp-deviceguard.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - DeviceGuard
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## DeviceGuard policies
<dl>
@ -33,7 +33,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deviceguard-enablevirtualizationbasedsecurity"></a>**DeviceGuard/EnableVirtualizationBasedSecurity**
<!--SupportedSKUs-->
@ -79,11 +79,11 @@ The following list shows the supported values:
- 1 - enable virtualization based security.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deviceguard-lsacfgflags"></a>**DeviceGuard/LsaCfgFlags**
<!--SupportedSKUs-->
@ -130,11 +130,11 @@ The following list shows the supported values:
- 2 - (Enabled without lock) Turns on Credential Guard without UEFI lock.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deviceguard-requireplatformsecurityfeatures"></a>**DeviceGuard/RequirePlatformSecurityFeatures**
<!--SupportedSKUs-->
@ -180,7 +180,7 @@ The following list shows the supported values:
- 3 - Turns on VBS with Secure Boot and direct memory access (DMA). DMA requires hardware support.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -189,5 +189,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

14
windows/client-management/mdm/policy-csp-deviceinstallation.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - DeviceInstallation
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## DeviceInstallation policies
<dl>
@ -30,7 +30,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deviceinstallation-preventinstallationofmatchingdeviceids"></a>**DeviceInstallation/PreventInstallationOfMatchingDeviceIDs**
<!--SupportedSKUs-->
@ -88,11 +88,11 @@ ADMX Info:
- GP ADMX file name: *deviceinstallation.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="deviceinstallation-preventinstallationofmatchingdevicesetupclasses"></a>**DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses**
<!--SupportedSKUs-->
@ -150,7 +150,7 @@ ADMX Info:
- GP ADMX file name: *deviceinstallation.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -159,5 +159,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

74
windows/client-management/mdm/policy-csp-devicelock.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - DeviceLock
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## DeviceLock policies
<dl>
@ -77,7 +77,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="devicelock-allowidlereturnwithoutpassword"></a>**DeviceLock/AllowIdleReturnWithoutPassword**
<!--SupportedSKUs-->
@ -130,11 +130,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="devicelock-allowscreentimeoutwhilelockeduserconfig"></a>**DeviceLock/AllowScreenTimeoutWhileLockedUserConfig**
<!--SupportedSKUs-->
@ -192,11 +192,11 @@ The following list shows the supported values:
- 1 Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="devicelock-allowsimpledevicepassword"></a>**DeviceLock/AllowSimpleDevicePassword**
<!--SupportedSKUs-->
@ -249,11 +249,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="devicelock-alphanumericdevicepasswordrequired"></a>**DeviceLock/AlphanumericDevicePasswordRequired**
<!--SupportedSKUs-->
@ -312,11 +312,11 @@ The following list shows the supported values:
- 2 (default) Users can choose: Numeric PIN or password, or Alphanumeric PIN or password.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="devicelock-devicepasswordenabled"></a>**DeviceLock/DevicePasswordEnabled**
<!--SupportedSKUs-->
@ -403,11 +403,11 @@ The following list shows the supported values:
- 1 Disabled
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="devicelock-devicepasswordexpiration"></a>**DeviceLock/DevicePasswordExpiration**
<!--SupportedSKUs-->
@ -462,11 +462,11 @@ The following list shows the supported values:
- 0 (default) - Passwords do not expire.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="devicelock-devicepasswordhistory"></a>**DeviceLock/DevicePasswordHistory**
<!--SupportedSKUs-->
@ -523,11 +523,11 @@ The following list shows the supported values:
- 0 (default)
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="devicelock-enforcelockscreenandlogonimage"></a>**DeviceLock/EnforceLockScreenAndLogonImage**
<!--SupportedSKUs-->
@ -572,11 +572,11 @@ Added in Windows 10, version 1607. Specifies the default lock screen and logon
Value type is a string, which is the full image filepath and filename.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="devicelock-enforcelockscreenprovider"></a>**DeviceLock/EnforceLockScreenProvider**
<!--SupportedSKUs-->
@ -621,11 +621,11 @@ Added in Windows 10, version 1607. Restricts lock screen image to a specific lo
Value type is a string, which is the AppID.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="devicelock-maxdevicepasswordfailedattempts"></a>**DeviceLock/MaxDevicePasswordFailedAttempts**
<!--SupportedSKUs-->
@ -687,11 +687,11 @@ The following list shows the supported values:
- 0 (default) - The device is never wiped after an incorrect PIN or password is entered.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="devicelock-maxinactivitytimedevicelock"></a>**DeviceLock/MaxInactivityTimeDeviceLock**
<!--SupportedSKUs-->
@ -744,11 +744,11 @@ The following list shows the supported values:
- 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined."
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="devicelock-maxinactivitytimedevicelockwithexternaldisplay"></a>**DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay**
<!--SupportedSKUs-->
@ -797,11 +797,11 @@ The following list shows the supported values:
- 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined."
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="devicelock-mindevicepasswordcomplexcharacters"></a>**DeviceLock/MinDevicePasswordComplexCharacters**
<!--SupportedSKUs-->
@ -911,11 +911,11 @@ The enforcement of policies for Microsoft accounts happen on the server, and the
For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca).
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="devicelock-mindevicepasswordlength"></a>**DeviceLock/MinDevicePasswordLength**
<!--SupportedSKUs-->
@ -973,11 +973,11 @@ The following list shows the supported values:
- The default value is 4 for mobile devices and desktop devices.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="devicelock-minimumpasswordage"></a>**DeviceLock/MinimumPasswordAge**
<!--SupportedSKUs-->
@ -1020,11 +1020,11 @@ The minimum password age must be less than the Maximum password age, unless the
Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="devicelock-preventlockscreenslideshow"></a>**DeviceLock/PreventLockScreenSlideShow**
<!--SupportedSKUs-->
@ -1082,11 +1082,11 @@ ADMX Info:
- GP ADMX file name: *ControlPanelDisplay.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="devicelock-screentimeoutwhilelocked"></a>**DeviceLock/ScreenTimeoutWhileLocked**
<!--SupportedSKUs-->
@ -1136,7 +1136,7 @@ The default value is 10.
Most restricted value is 0.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -1145,7 +1145,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartEAS-->
## <a href="" id="eas"></a>DeviceLock policies that can be set using Exchange Active Sync (EAS)

14
windows/client-management/mdm/policy-csp-display.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Display
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Display policies
<dl>
@ -30,7 +30,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="display-turnoffgdidpiscalingforapps"></a>**Display/TurnOffGdiDPIScalingForApps**
<!--SupportedSKUs-->
@ -84,11 +84,11 @@ To validate on Desktop, do the following:
2. Run the app and observe blurry text.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="display-turnongdidpiscalingforapps"></a>**Display/TurnOnGdiDPIScalingForApps**
<!--SupportedSKUs-->
@ -142,7 +142,7 @@ To validate on Desktop, do the following:
2. Run the app and observe crisp text.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -151,5 +151,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

18
windows/client-management/mdm/policy-csp-education.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Education
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Education policies
<dl>
@ -33,7 +33,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="education-defaultprintername"></a>**Education/DefaultPrinterName**
<!--SupportedSKUs-->
@ -74,11 +74,11 @@ Added in Windows 10, version 1709. This policy allows IT Admins to set the user
The policy value is expected to be the name (network host name) of an installed printer.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="education-preventaddingnewprinters"></a>**Education/PreventAddingNewPrinters**
<!--SupportedSKUs-->
@ -124,11 +124,11 @@ The following list shows the supported values:
- 1 Prevent user installation.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="education-printernames"></a>**Education/PrinterNames**
<!--SupportedSKUs-->
@ -169,7 +169,7 @@ Added in Windows 10, version 1709. Allows IT Admins to automatically provision
The policy value is expected to be a ```&#xF000;``` seperated list of printer names. The OS will attempt to search and install the matching printer driver for each listed printer.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -178,5 +178,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

30
windows/client-management/mdm/policy-csp-enterprisecloudprint.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - EnterpriseCloudPrint
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## EnterpriseCloudPrint policies
<dl>
@ -42,7 +42,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="enterprisecloudprint-cloudprintoauthauthority"></a>**EnterpriseCloudPrint/CloudPrintOAuthAuthority**
<!--SupportedSKUs-->
@ -85,11 +85,11 @@ The datatype is a string.
The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https:<span></span>//azuretenant.contoso.com/adfs".
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="enterprisecloudprint-cloudprintoauthclientid"></a>**EnterpriseCloudPrint/CloudPrintOAuthClientId**
<!--SupportedSKUs-->
@ -132,11 +132,11 @@ The datatype is a string.
The default value is an empty string. Otherwise, the value should contain a GUID. For example, "E1CF1107-FF90-4228-93BF-26052DD2C714".
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="enterprisecloudprint-cloudprintresourceid"></a>**EnterpriseCloudPrint/CloudPrintResourceId**
<!--SupportedSKUs-->
@ -179,11 +179,11 @@ The datatype is a string.
The default value is an empty string. Otherwise, the value should contain a URL. For example, "http:<span></span>//MicrosoftEnterpriseCloudPrint/CloudPrint".
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="enterprisecloudprint-cloudprinterdiscoveryendpoint"></a>**EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint**
<!--SupportedSKUs-->
@ -226,11 +226,11 @@ The datatype is a string.
The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https:<span></span>//cloudprinterdiscovery.contoso.com".
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="enterprisecloudprint-discoverymaxprinterlimit"></a>**EnterpriseCloudPrint/DiscoveryMaxPrinterLimit**
<!--SupportedSKUs-->
@ -273,11 +273,11 @@ The datatype is an integer.
For Windows Mobile, the default value is 20.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="enterprisecloudprint-mopriadiscoveryresourceid"></a>**EnterpriseCloudPrint/MopriaDiscoveryResourceId**
<!--SupportedSKUs-->
@ -320,7 +320,7 @@ The datatype is a string.
The default value is an empty string. Otherwise, the value should contain a URL. For example, "http:<span></span>//MopriaDiscoveryService/CloudPrint".
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -329,5 +329,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

26
windows/client-management/mdm/policy-csp-errorreporting.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - ErrorReporting
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## ErrorReporting policies
<dl>
@ -39,7 +39,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="errorreporting-customizeconsentsettings"></a>**ErrorReporting/CustomizeConsentSettings**
<!--SupportedSKUs-->
@ -107,11 +107,11 @@ ADMX Info:
- GP ADMX file name: *ErrorReporting.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="errorreporting-disablewindowserrorreporting"></a>**ErrorReporting/DisableWindowsErrorReporting**
<!--SupportedSKUs-->
@ -169,11 +169,11 @@ ADMX Info:
- GP ADMX file name: *ErrorReporting.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="errorreporting-displayerrornotification"></a>**ErrorReporting/DisplayErrorNotification**
<!--SupportedSKUs-->
@ -235,11 +235,11 @@ ADMX Info:
- GP ADMX file name: *ErrorReporting.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="errorreporting-donotsendadditionaldata"></a>**ErrorReporting/DoNotSendAdditionalData**
<!--SupportedSKUs-->
@ -297,11 +297,11 @@ ADMX Info:
- GP ADMX file name: *ErrorReporting.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="errorreporting-preventcriticalerrordisplay"></a>**ErrorReporting/PreventCriticalErrorDisplay**
<!--SupportedSKUs-->
@ -359,7 +359,7 @@ ADMX Info:
- GP ADMX file name: *ErrorReporting.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -368,5 +368,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

22
windows/client-management/mdm/policy-csp-eventlogservice.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - EventLogService
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## EventLogService policies
<dl>
@ -36,7 +36,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="eventlogservice-controleventlogbehavior"></a>**EventLogService/ControlEventLogBehavior**
<!--SupportedSKUs-->
@ -96,11 +96,11 @@ ADMX Info:
- GP ADMX file name: *eventlog.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="eventlogservice-specifymaximumfilesizeapplicationlog"></a>**EventLogService/SpecifyMaximumFileSizeApplicationLog**
<!--SupportedSKUs-->
@ -158,11 +158,11 @@ ADMX Info:
- GP ADMX file name: *eventlog.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="eventlogservice-specifymaximumfilesizesecuritylog"></a>**EventLogService/SpecifyMaximumFileSizeSecurityLog**
<!--SupportedSKUs-->
@ -220,11 +220,11 @@ ADMX Info:
- GP ADMX file name: *eventlog.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="eventlogservice-specifymaximumfilesizesystemlog"></a>**EventLogService/SpecifyMaximumFileSizeSystemLog**
<!--SupportedSKUs-->
@ -282,7 +282,7 @@ ADMX Info:
- GP ADMX file name: *eventlog.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -291,5 +291,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

90
windows/client-management/mdm/policy-csp-experience.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Experience
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Experience policies
<dl>
@ -89,7 +89,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowcopypaste"></a>**Experience/AllowCopyPaste**
<!--SupportedSKUs-->
@ -140,11 +140,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowcortana"></a>**Experience/AllowCortana**
<!--SupportedSKUs-->
@ -192,11 +192,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowdevicediscovery"></a>**Experience/AllowDeviceDiscovery**
<!--SupportedSKUs-->
@ -246,11 +246,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowfindmydevice"></a>**Experience/AllowFindMyDevice**
<!--SupportedSKUs-->
@ -300,11 +300,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowmanualmdmunenrollment"></a>**Experience/AllowManualMDMUnenrollment**
<!--SupportedSKUs-->
@ -356,11 +356,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowsimerrordialogpromptwhennosim"></a>**Experience/AllowSIMErrorDialogPromptWhenNoSIM**
<!--SupportedSKUs-->
@ -410,22 +410,22 @@ The following list shows the supported values:
- 1 (default) SIM card dialog prompt is displayed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowsaveasofofficefiles"></a>**Experience/AllowSaveAsOfOfficeFiles**
<!--Description-->
This policy is deprecated.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowscreencapture"></a>**Experience/AllowScreenCapture**
<!--SupportedSKUs-->
@ -477,22 +477,22 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowsharingofofficefiles"></a>**Experience/AllowSharingOfOfficeFiles**
<!--Description-->
This policy is deprecated.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowsyncmysettings"></a>**Experience/AllowSyncMySettings**
<!--SupportedSKUs-->
@ -538,11 +538,11 @@ The following list shows the supported values:
- 1 (default) Sync settings allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowtailoredexperienceswithdiagnosticdata"></a>**Experience/AllowTailoredExperiencesWithDiagnosticData**
<!--SupportedSKUs-->
@ -597,11 +597,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowtaskswitcher"></a>**Experience/AllowTaskSwitcher**
<!--SupportedSKUs-->
@ -651,11 +651,11 @@ The following list shows the supported values:
- 1 (default) Task switching allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowthirdpartysuggestionsinwindowsspotlight"></a>**Experience/AllowThirdPartySuggestionsInWindowsSpotlight**
<!--SupportedSKUs-->
@ -705,11 +705,11 @@ The following list shows the supported values:
- 1 (default) Third-party suggestions allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowvoicerecording"></a>**Experience/AllowVoiceRecording**
<!--SupportedSKUs-->
@ -761,11 +761,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowwindowsconsumerfeatures"></a>**Experience/AllowWindowsConsumerFeatures**
<!--SupportedSKUs-->
@ -817,11 +817,11 @@ The following list shows the supported values:
- 1 Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowwindowsspotlight"></a>**Experience/AllowWindowsSpotlight**
<!--SupportedSKUs-->
@ -873,11 +873,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowwindowsspotlightonactioncenter"></a>**Experience/AllowWindowsSpotlightOnActionCenter**
<!--SupportedSKUs-->
@ -928,11 +928,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowwindowsspotlightwindowswelcomeexperience"></a>**Experience/AllowWindowsSpotlightWindowsWelcomeExperience**
<!--SupportedSKUs-->
@ -984,11 +984,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-allowwindowstips"></a>**Experience/AllowWindowsTips**
<!--SupportedSKUs-->
@ -1034,11 +1034,11 @@ The following list shows the supported values:
- 1 (default) Enabled.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-configurewindowsspotlightonlockscreen"></a>**Experience/ConfigureWindowsSpotlightOnLockScreen**
<!--SupportedSKUs-->
@ -1089,11 +1089,11 @@ The following list shows the supported values:
- 2 placeholder only for future extension. Using this value has no effect.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="experience-donotshowfeedbacknotifications"></a>**Experience/DoNotShowFeedbackNotifications**
<!--SupportedSKUs-->
@ -1143,7 +1143,7 @@ The following list shows the supported values:
- 1 Feedback notifications are disabled.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -1152,7 +1152,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartHoloLens-->
## <a href="" id="hololenspolicies"></a>Experience policies supported by Windows Holographic for Business

10
windows/client-management/mdm/policy-csp-exploitguard.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - ExploitGuard
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## ExploitGuard policies
<dl>
@ -27,7 +27,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="exploitguard-exploitprotectionsettings"></a>**ExploitGuard/ExploitProtectionSettings**
<!--SupportedSKUs-->
@ -95,7 +95,7 @@ Here is an example:
```
<!--/Example-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -104,5 +104,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

10
windows/client-management/mdm/policy-csp-games.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Games
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Games policies
<dl>
@ -27,7 +27,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="games-allowadvancedgamingservices"></a>**Games/AllowAdvancedGamingServices**
<!--SupportedSKUs-->
@ -73,7 +73,7 @@ The following list shows the supported values:
- 1 (default) - Allowed
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -82,5 +82,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

10
windows/client-management/mdm/policy-csp-handwriting.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Handwriting
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Handwriting policies
<dl>
@ -27,7 +27,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="handwriting-paneldefaultmodedocked"></a>**Handwriting/PanelDefaultModeDocked**
<!--SupportedSKUs-->
@ -79,7 +79,7 @@ The following list shows the supported values:
- 1 - Enabled.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -88,5 +88,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

978
windows/client-management/mdm/policy-csp-internetexplorer.md
View File

File diff suppressed because it is too large Load Diff

26
windows/client-management/mdm/policy-csp-kerberos.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Kerberos
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Kerberos policies
<dl>
@ -39,7 +39,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="kerberos-allowforestsearchorder"></a>**Kerberos/AllowForestSearchOrder**
<!--SupportedSKUs-->
@ -97,11 +97,11 @@ ADMX Info:
- GP ADMX file name: *Kerberos.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="kerberos-kerberosclientsupportsclaimscompoundarmor"></a>**Kerberos/KerberosClientSupportsClaimsCompoundArmor**
<!--SupportedSKUs-->
@ -158,11 +158,11 @@ ADMX Info:
- GP ADMX file name: *Kerberos.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="kerberos-requirekerberosarmoring"></a>**Kerberos/RequireKerberosArmoring**
<!--SupportedSKUs-->
@ -224,11 +224,11 @@ ADMX Info:
- GP ADMX file name: *Kerberos.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="kerberos-requirestrictkdcvalidation"></a>**Kerberos/RequireStrictKDCValidation**
<!--SupportedSKUs-->
@ -286,11 +286,11 @@ ADMX Info:
- GP ADMX file name: *Kerberos.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="kerberos-setmaximumcontexttokensize"></a>**Kerberos/SetMaximumContextTokenSize**
<!--SupportedSKUs-->
@ -352,7 +352,7 @@ ADMX Info:
- GP ADMX file name: *Kerberos.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -361,5 +361,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

30
windows/client-management/mdm/policy-csp-kioskbrowser.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - KioskBrowser
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## KioskBrowser policies
<dl>
@ -44,7 +44,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="kioskbrowser-blockedurlexceptions"></a>**KioskBrowser/BlockedUrlExceptions**
<!--SupportedSKUs-->
@ -84,11 +84,11 @@ ms.date: 01/29/2018
Added in Windows 10, next major update. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="kioskbrowser-blockedurls"></a>**KioskBrowser/BlockedUrls**
<!--SupportedSKUs-->
@ -128,11 +128,11 @@ Added in Windows 10, next major update. List of exceptions to the blocked websit
Added in Windows 10, next major update. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="kioskbrowser-defaulturl"></a>**KioskBrowser/DefaultURL**
<!--SupportedSKUs-->
@ -172,11 +172,11 @@ Added in Windows 10, next major update. List of blocked website URLs (with wildc
Added in Windows 10, next major update. Configures the default URL kiosk browsers to navigate on launch and restart.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="kioskbrowser-enablehomebutton"></a>**KioskBrowser/EnableHomeButton**
<!--SupportedSKUs-->
@ -216,11 +216,11 @@ Added in Windows 10, next major update. Configures the default URL kiosk browser
Added in Windows 10, next major update. Enable/disable kiosk browser's home button.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="kioskbrowser-enablenavigationbuttons"></a>**KioskBrowser/EnableNavigationButtons**
<!--SupportedSKUs-->
@ -260,11 +260,11 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's home butt
Added in Windows 10, next major update. Enable/disable kiosk browser's navigation buttons (forward/back).
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="kioskbrowser-restartonidletime"></a>**KioskBrowser/RestartOnIdleTime**
<!--SupportedSKUs-->
@ -306,7 +306,7 @@ Added in Windows 10, next major update. Amount of time in minutes the session is
The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -315,5 +315,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

14
windows/client-management/mdm/policy-csp-licensing.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Licensing
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Licensing policies
<dl>
@ -30,7 +30,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="licensing-allowwindowsentitlementreactivation"></a>**Licensing/AllowWindowsEntitlementReactivation**
<!--SupportedSKUs-->
@ -76,11 +76,11 @@ The following list shows the supported values:
- 1 (default) Enable Windows license reactivation on managed devices.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="licensing-disallowkmsclientonlineavsvalidation"></a>**Licensing/DisallowKMSClientOnlineAVSValidation**
<!--SupportedSKUs-->
@ -126,7 +126,7 @@ The following list shows the supported values:
- 1 Enabled.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -135,5 +135,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

226
windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - LocalPoliciesSecurityOptions
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## LocalPoliciesSecurityOptions policies
<dl>
@ -191,7 +191,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-accounts-blockmicrosoftaccounts"></a>**LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts**
<!--SupportedSKUs-->
@ -245,11 +245,11 @@ The following list shows the supported values:
- 1 - enabled (users cannot add Microsoft accounts).
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-accounts-enableadministratoraccountstatus"></a>**LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus**
<!--SupportedSKUs-->
@ -303,11 +303,11 @@ Valid values:
- 1 - local Administrator account is enabled
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-accounts-enableguestaccountstatus"></a>**LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus**
<!--SupportedSKUs-->
@ -358,11 +358,11 @@ Valid values:
- 1 - local Guest account is enabled
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly"></a>**LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly**
<!--SupportedSKUs-->
@ -421,11 +421,11 @@ Valid values:
- 1 - enabled - local accounts that are not password protected will only be able to log on at the computer's keyboard
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-accounts-renameadministratoraccount"></a>**LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount**
<!--SupportedSKUs-->
@ -470,11 +470,11 @@ Default: Administrator.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-accounts-renameguestaccount"></a>**LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount**
<!--SupportedSKUs-->
@ -519,11 +519,11 @@ Default: Guest.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-devices-allowundockwithouthavingtologon"></a>**LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon**
<!--SupportedSKUs-->
@ -569,11 +569,11 @@ Caution:
Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-devices-allowedtoformatandejectremovablemedia"></a>**LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia**
<!--SupportedSKUs-->
@ -619,11 +619,11 @@ This security setting determines who is allowed to format and eject removable NT
Default: This policy is not defined and only Administrators have this ability.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-devices-preventusersfrominstallingprinterdriverswhenconnectingtosharedprinters"></a>**LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters**
<!--SupportedSKUs-->
@ -671,11 +671,11 @@ Note
This setting does not affect the ability to add a local printer. This setting does not affect Administrators.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly"></a>**LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly**
<!--SupportedSKUs-->
@ -720,11 +720,11 @@ If this policy is enabled, it allows only the interactively logged-on user to ac
Default: This policy is not defined and CD-ROM access is not restricted to the locally logged-on user.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways"></a>**LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways**
<!--SupportedSKUs-->
@ -780,11 +780,11 @@ If this policy is enabled, the policy Domain member: Digitally sign secure chann
Logon information transmitted over the secure channel is always encrypted regardless of whether encryption of ALL other secure channel traffic is negotiated or not.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible"></a>**LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible**
<!--SupportedSKUs-->
@ -837,11 +837,11 @@ There is no known reason for disabling this setting. Besides unnecessarily reduc
Note: Domain controllers are also domain members and establish secure channels with other domain controllers in the same domain as well as domain controllers in trusted domains.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-domainmember-digitallysignsecurechanneldatawhenpossible"></a>**LocalPoliciesSecurityOptions/DomainMember_DigitallySignSecureChannelDataWhenPossible**
<!--SupportedSKUs-->
@ -888,11 +888,11 @@ This setting determines whether or not the domain member attempts to negotiate s
Default: Enabled.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges"></a>**LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges**
<!--SupportedSKUs-->
@ -940,11 +940,11 @@ This security setting should not be enabled. Computer account passwords are used
This setting should not be used in an attempt to support dual-boot scenarios that use the same computer account. If you want to dual-boot two installations that are joined to the same domain, give the two installations different computer names.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-domainmember-maximummachineaccountpasswordage"></a>**LocalPoliciesSecurityOptions/DomainMember_MaximumMachineAccountPasswordAge**
<!--SupportedSKUs-->
@ -991,11 +991,11 @@ Important
This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-domainmember-requirestrongsessionkey"></a>**LocalPoliciesSecurityOptions/DomainMember_RequireStrongSessionKey**
<!--SupportedSKUs-->
@ -1053,11 +1053,11 @@ In order to take advantage of this policy on member workstations and servers, al
In order to take advantage of this policy on domain controllers, all domain controllers in the same domain as well as all trusted domains must run Windows 2000 or later.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked**
<!--SupportedSKUs-->
@ -1106,11 +1106,11 @@ Valid values:
- 3 - Do not display user information
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn**
<!--SupportedSKUs-->
@ -1164,11 +1164,11 @@ Valid values:
- 1 - enabled (username will not be shown)
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-interactivelogon-donotdisplayusernameatsignin"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn**
<!--SupportedSKUs-->
@ -1223,11 +1223,11 @@ Valid values:
- 1 - enabled (username will not be shown)
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-interactivelogon-donotrequirectrlaltdel"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL**
<!--SupportedSKUs-->
@ -1283,11 +1283,11 @@ Valid values:
- 1 - enabled (a user is not required to press CTRL+ALT+DEL to log on)
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-interactivelogon-machineinactivitylimit"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit**
<!--SupportedSKUs-->
@ -1338,11 +1338,11 @@ Valid values:
- 1 - enabled (session will lock after amount of inactive time exceeds the inactivity limit)
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-interactivelogon-messagetextforusersattemptingtologon"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn**
<!--SupportedSKUs-->
@ -1389,11 +1389,11 @@ Default: No message.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-interactivelogon-messagetitleforusersattemptingtologon"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn**
<!--SupportedSKUs-->
@ -1438,11 +1438,11 @@ Default: No message.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior**
<!--SupportedSKUs-->
@ -1502,11 +1502,11 @@ Default: This policy is not defined, which means that the system treats it as No
On Windows Vista and above: For this setting to work, the Smart Card Removal Policy service must be started.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsalways"></a>**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways**
<!--SupportedSKUs-->
@ -1567,11 +1567,11 @@ SMB packet signing can significantly degrade SMB performance, depending on diale
For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees"></a>**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees**
<!--SupportedSKUs-->
@ -1629,11 +1629,11 @@ SMB packet signing can significantly degrade SMB performance, depending on diale
For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers"></a>**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers**
<!--SupportedSKUs-->
@ -1678,11 +1678,11 @@ Sending unencrypted passwords is a security risk.
Default: Disabled.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession"></a>**LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession**
<!--SupportedSKUs-->
@ -1729,11 +1729,11 @@ For this policy setting, a value of 0 means to disconnect an idle session as qui
Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways"></a>**LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways**
<!--SupportedSKUs-->
@ -1803,11 +1803,11 @@ HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecurity
For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsifclientagrees"></a>**LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees**
<!--SupportedSKUs-->
@ -1869,11 +1869,11 @@ SMB packet signing can significantly degrade SMB performance, depending on diale
For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccounts"></a>**LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts**
<!--SupportedSKUs-->
@ -1928,11 +1928,11 @@ Important
This policy has no impact on domain controllers.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccountsandshares"></a>**LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares**
<!--SupportedSKUs-->
@ -1977,11 +1977,11 @@ Windows allows anonymous users to perform certain activities, such as enumeratin
Default: Disabled.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-networkaccess-leteveryonepermissionsapplytoanonymoususers"></a>**LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers**
<!--SupportedSKUs-->
@ -2028,11 +2028,11 @@ If this policy is enabled, the Everyone SID is added to the token that is create
Default: Disabled.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-networkaccess-restrictanonymousaccesstonamedpipesandshares"></a>**LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares**
<!--SupportedSKUs-->
@ -2077,11 +2077,11 @@ Network access: Shares that can be accessed anonymously
Default: Enabled.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam"></a>**LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM**
<!--SupportedSKUs-->
@ -2126,11 +2126,11 @@ If not selected, the default security descriptor will be used.
This policy is supported on at least Windows Server 2016.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-networksecurity-allowlocalsystemtousecomputeridentityforntlm"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM**
<!--SupportedSKUs-->
@ -2183,11 +2183,11 @@ This policy is supported on at least Windows Vista or Windows Server 2008.
Note: Windows Vista or Windows Server 2008 do not expose this setting in Group Policy.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests**
<!--SupportedSKUs-->
@ -2237,11 +2237,11 @@ Valid values:
- 1 - enabled (allow PKU2U authentication requests to this computer to use online identities.)
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-networksecurity-donotstorelanmanagerhashvalueonnextpasswordchange"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange**
<!--SupportedSKUs-->
@ -2291,11 +2291,11 @@ Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authenticat
This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel**
<!--SupportedSKUs-->
@ -2360,11 +2360,11 @@ Windows Server 2003: Send NTLM response only
Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedclients"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients**
<!--SupportedSKUs-->
@ -2414,11 +2414,11 @@ Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows
Windows 7 and Windows Server 2008 R2: Require 128-bit encryption
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers**
<!--SupportedSKUs-->
@ -2468,11 +2468,11 @@ Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows
Windows 7 and Windows Server 2008 R2: Require 128-bit encryption
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-recoveryconsole-allowautomaticadministrativelogon"></a>**LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon**
<!--SupportedSKUs-->
@ -2514,11 +2514,11 @@ Valid values:
- 1 - enabled (allow automatic administrative logon)
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon"></a>**LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn**
<!--SupportedSKUs-->
@ -2574,11 +2574,11 @@ Valid values:
- 1 - enabled (allow system to be shut down without having to log on)
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile"></a>**LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile**
<!--SupportedSKUs-->
@ -2625,11 +2625,11 @@ When this policy is enabled, it causes the system pagefile to be cleared upon cl
Default: Disabled.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-systemobjects-requirecaseinsensitivityfornonwindowssubsystems"></a>**LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems**
<!--SupportedSKUs-->
@ -2674,11 +2674,11 @@ If this setting is enabled, case insensitivity is enforced for all directory obj
Default: Enabled.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation"></a>**LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation**
<!--SupportedSKUs-->
@ -2733,11 +2733,11 @@ Valid values:
- 1 - enabled (allow UIAccess applications to prompt for elevation without using the secure desktop)
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforadministrators"></a>**LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators**
<!--SupportedSKUs-->
@ -2794,11 +2794,11 @@ The options are:
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers"></a>**LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers**
<!--SupportedSKUs-->
@ -2848,11 +2848,11 @@ The following list shows the supported values:
- 3 (Default) - Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-useraccountcontrol-detectapplicationinstallationsandpromptforelevation"></a>**LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation**
<!--SupportedSKUs-->
@ -2899,11 +2899,11 @@ Enabled: (Default) When an application installation package is detected that req
Disabled: Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-useraccountcontrol-onlyelevateexecutablefilesthataresignedandvalidated"></a>**LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated**
<!--SupportedSKUs-->
@ -2950,11 +2950,11 @@ The options are:
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-useraccountcontrol-onlyelevateuiaccessapplicationsthatareinstalledinsecurelocations"></a>**LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations**
<!--SupportedSKUs-->
@ -3007,11 +3007,11 @@ The options are:
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-useraccountcontrol-runalladministratorsinadminapprovalmode"></a>**LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode**
<!--SupportedSKUs-->
@ -3059,11 +3059,11 @@ The options are:
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-useraccountcontrol-switchtothesecuredesktopwhenpromptingforelevation"></a>**LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation**
<!--SupportedSKUs-->
@ -3110,11 +3110,11 @@ The options are:
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-useraccountcontrol-useadminapprovalmode"></a>**LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode**
<!--SupportedSKUs-->
@ -3161,11 +3161,11 @@ The options are:
• Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-useraccountcontrol-virtualizefileandregistrywritefailurestoperuserlocations"></a>**LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations**
<!--SupportedSKUs-->
@ -3215,7 +3215,7 @@ The following list shows the supported values:
- 1 - Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -3224,5 +3224,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

10
windows/client-management/mdm/policy-csp-location.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Location
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Location policies
<dl>
@ -27,7 +27,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="location-enablelocation"></a>**Location/EnableLocation**
<!--SupportedSKUs-->
@ -83,7 +83,7 @@ To validate on Desktop, do the following:
2. Use Windows Maps Application (or similar) to see if a location can or cannot be obtained.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -92,5 +92,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

10
windows/client-management/mdm/policy-csp-lockdown.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - LockDown
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## LockDown policies
<dl>
@ -27,7 +27,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="lockdown-allowedgeswipe"></a>**LockDown/AllowEdgeSwipe**
<!--SupportedSKUs-->
@ -75,7 +75,7 @@ The following list shows the supported values:
- 1 (default, not configured) - allow edge swipe.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -84,5 +84,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

14
windows/client-management/mdm/policy-csp-maps.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Maps
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Maps policies
<dl>
@ -30,7 +30,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="maps-allowofflinemapsdownloadovermeteredconnection"></a>**Maps/AllowOfflineMapsDownloadOverMeteredConnection**
<!--SupportedSKUs-->
@ -79,11 +79,11 @@ The following list shows the supported values:
- 65535 (default) Not configured. User's choice.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="maps-enableofflinemapsautoupdate"></a>**Maps/EnableOfflineMapsAutoUpdate**
<!--SupportedSKUs-->
@ -132,7 +132,7 @@ The following list shows the supported values:
- 65535 (default) Not configured. User's choice.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -141,5 +141,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

18
windows/client-management/mdm/policy-csp-messaging.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Messaging
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Messaging policies
<dl>
@ -33,7 +33,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="messaging-allowmms"></a>**Messaging/AllowMMS**
<!--SupportedSKUs-->
@ -82,11 +82,11 @@ The following list shows the supported values:
- 1 (default) - Enabled.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="messaging-allowmessagesync"></a>**Messaging/AllowMessageSync**
<!--SupportedSKUs-->
@ -132,11 +132,11 @@ The following list shows the supported values:
- 1 - message sync is allowed. The user can change this setting.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="messaging-allowrcs"></a>**Messaging/AllowRCS**
<!--SupportedSKUs-->
@ -185,7 +185,7 @@ The following list shows the supported values:
- 1 (default) - Enabled.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -194,5 +194,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

38
windows/client-management/mdm/policy-csp-networkisolation.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - NetworkIsolation
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## NetworkIsolation policies
<dl>
@ -48,7 +48,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="networkisolation-enterprisecloudresources"></a>**NetworkIsolation/EnterpriseCloudResources**
<!--SupportedSKUs-->
@ -87,11 +87,11 @@ ms.date: 01/29/2018
Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the **EnterpriseInternalProxyServers** policy. This domain list is a pipe-separated list of cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address. For example, **&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;,&lt;*proxy*&gt;|&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;,&lt;*proxy*&gt;|**.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="networkisolation-enterpriseiprange"></a>**NetworkIsolation/EnterpriseIPRange**
<!--SupportedSKUs-->
@ -143,11 +143,11 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
```
<!--/Example-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="networkisolation-enterpriseiprangesareauthoritative"></a>**NetworkIsolation/EnterpriseIPRangesAreAuthoritative**
<!--SupportedSKUs-->
@ -186,11 +186,11 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="networkisolation-enterpriseinternalproxyservers"></a>**NetworkIsolation/EnterpriseInternalProxyServers**
<!--SupportedSKUs-->
@ -229,11 +229,11 @@ Boolean value that tells the client to accept the configured list and not to use
This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="networkisolation-enterprisenetworkdomainnames"></a>**NetworkIsolation/EnterpriseNetworkDomainNames**
<!--SupportedSKUs-->
@ -282,11 +282,11 @@ Here are the steps to create canonical domain names:
3. Call [IdnToUnicode](https://msdn.microsoft.com/library/windows/desktop/dd318151.aspx) with no flags set (dwFlags = 0).
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="networkisolation-enterpriseproxyservers"></a>**NetworkIsolation/EnterpriseProxyServers**
<!--SupportedSKUs-->
@ -325,11 +325,11 @@ Here are the steps to create canonical domain names:
This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59".
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="networkisolation-enterpriseproxyserversareauthoritative"></a>**NetworkIsolation/EnterpriseProxyServersAreAuthoritative**
<!--SupportedSKUs-->
@ -368,11 +368,11 @@ This is a comma-separated list of proxy servers. Any server on this list is cons
Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="networkisolation-neutralresources"></a>**NetworkIsolation/NeutralResources**
<!--SupportedSKUs-->
@ -411,7 +411,7 @@ Boolean value that tells the client to accept the configured list of proxies and
List of domain names that can used for work or personal resource.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -420,5 +420,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

10
windows/client-management/mdm/policy-csp-notifications.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Notifications
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Notifications policies
<dl>
@ -27,7 +27,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="notifications-disallownotificationmirroring"></a>**Notifications/DisallowNotificationMirroring**
<!--SupportedSKUs-->
@ -77,7 +77,7 @@ The following list shows the supported values:
- 1 - disable notification mirroring.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -86,5 +86,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

42
windows/client-management/mdm/policy-csp-power.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Power
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Power policies
<dl>
@ -51,7 +51,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="power-allowstandbywhensleepingpluggedin"></a>**Power/AllowStandbyWhenSleepingPluggedIn**
<!--SupportedSKUs-->
@ -109,11 +109,11 @@ ADMX Info:
- GP ADMX file name: *power.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="power-displayofftimeoutonbattery"></a>**Power/DisplayOffTimeoutOnBattery**
<!--SupportedSKUs-->
@ -173,11 +173,11 @@ ADMX Info:
- GP ADMX file name: *power.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="power-displayofftimeoutpluggedin"></a>**Power/DisplayOffTimeoutPluggedIn**
<!--SupportedSKUs-->
@ -237,11 +237,11 @@ ADMX Info:
- GP ADMX file name: *power.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="power-hibernatetimeoutonbattery"></a>**Power/HibernateTimeoutOnBattery**
<!--SupportedSKUs-->
@ -302,11 +302,11 @@ ADMX Info:
- GP ADMX file name: *power.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="power-hibernatetimeoutpluggedin"></a>**Power/HibernateTimeoutPluggedIn**
<!--SupportedSKUs-->
@ -366,11 +366,11 @@ ADMX Info:
- GP ADMX file name: *power.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="power-requirepasswordwhencomputerwakesonbattery"></a>**Power/RequirePasswordWhenComputerWakesOnBattery**
<!--SupportedSKUs-->
@ -428,11 +428,11 @@ ADMX Info:
- GP ADMX file name: *power.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="power-requirepasswordwhencomputerwakespluggedin"></a>**Power/RequirePasswordWhenComputerWakesPluggedIn**
<!--SupportedSKUs-->
@ -490,11 +490,11 @@ ADMX Info:
- GP ADMX file name: *power.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="power-standbytimeoutonbattery"></a>**Power/StandbyTimeoutOnBattery**
<!--SupportedSKUs-->
@ -554,11 +554,11 @@ ADMX Info:
- GP ADMX file name: *power.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="power-standbytimeoutpluggedin"></a>**Power/StandbyTimeoutPluggedIn**
<!--SupportedSKUs-->
@ -618,7 +618,7 @@ ADMX Info:
- GP ADMX file name: *power.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -627,5 +627,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

18
windows/client-management/mdm/policy-csp-printers.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Printers
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Printers policies
<dl>
@ -33,7 +33,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="printers-pointandprintrestrictions"></a>**Printers/PointAndPrintRestrictions**
<!--SupportedSKUs-->
@ -104,11 +104,11 @@ ADMX Info:
- GP ADMX file name: *Printing.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="printers-pointandprintrestrictions-user"></a>**Printers/PointAndPrintRestrictions_User**
<!--SupportedSKUs-->
@ -179,11 +179,11 @@ ADMX Info:
- GP ADMX file name: *Printing.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="printers-publishprinters"></a>**Printers/PublishPrinters**
<!--SupportedSKUs-->
@ -243,7 +243,7 @@ ADMX Info:
- GP ADMX file name: *Printing2.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -252,5 +252,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

314
windows/client-management/mdm/policy-csp-privacy.md
View File

File diff suppressed because it is too large Load Diff

22
windows/client-management/mdm/policy-csp-remoteassistance.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - RemoteAssistance
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## RemoteAssistance policies
<dl>
@ -36,7 +36,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remoteassistance-customizewarningmessages"></a>**RemoteAssistance/CustomizeWarningMessages**
<!--SupportedSKUs-->
@ -100,11 +100,11 @@ ADMX Info:
- GP ADMX file name: *remoteassistance.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remoteassistance-sessionlogging"></a>**RemoteAssistance/SessionLogging**
<!--SupportedSKUs-->
@ -164,11 +164,11 @@ ADMX Info:
- GP ADMX file name: *remoteassistance.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remoteassistance-solicitedremoteassistance"></a>**RemoteAssistance/SolicitedRemoteAssistance**
<!--SupportedSKUs-->
@ -236,11 +236,11 @@ ADMX Info:
- GP ADMX file name: *remoteassistance.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remoteassistance-unsolicitedremoteassistance"></a>**RemoteAssistance/UnsolicitedRemoteAssistance**
<!--SupportedSKUs-->
@ -331,7 +331,7 @@ ADMX Info:
- GP ADMX file name: *remoteassistance.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -340,5 +340,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

30
windows/client-management/mdm/policy-csp-remotedesktopservices.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - RemoteDesktopServices
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## RemoteDesktopServices policies
<dl>
@ -42,7 +42,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotedesktopservices-allowuserstoconnectremotely"></a>**RemoteDesktopServices/AllowUsersToConnectRemotely**
<!--SupportedSKUs-->
@ -106,11 +106,11 @@ ADMX Info:
- GP ADMX file name: *terminalserver.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotedesktopservices-clientconnectionencryptionlevel"></a>**RemoteDesktopServices/ClientConnectionEncryptionLevel**
<!--SupportedSKUs-->
@ -178,11 +178,11 @@ ADMX Info:
- GP ADMX file name: *terminalserver.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotedesktopservices-donotallowdriveredirection"></a>**RemoteDesktopServices/DoNotAllowDriveRedirection**
<!--SupportedSKUs-->
@ -244,11 +244,11 @@ ADMX Info:
- GP ADMX file name: *terminalserver.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotedesktopservices-donotallowpasswordsaving"></a>**RemoteDesktopServices/DoNotAllowPasswordSaving**
<!--SupportedSKUs-->
@ -306,11 +306,11 @@ ADMX Info:
- GP ADMX file name: *terminalserver.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotedesktopservices-promptforpassworduponconnection"></a>**RemoteDesktopServices/PromptForPasswordUponConnection**
<!--SupportedSKUs-->
@ -374,11 +374,11 @@ ADMX Info:
- GP ADMX file name: *terminalserver.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotedesktopservices-requiresecurerpccommunication"></a>**RemoteDesktopServices/RequireSecureRPCCommunication**
<!--SupportedSKUs-->
@ -442,7 +442,7 @@ ADMX Info:
- GP ADMX file name: *terminalserver.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -451,5 +451,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

66
windows/client-management/mdm/policy-csp-remotemanagement.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - RemoteManagement
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## RemoteManagement policies
<dl>
@ -69,7 +69,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotemanagement-allowbasicauthentication-client"></a>**RemoteManagement/AllowBasicAuthentication_Client**
<!--SupportedSKUs-->
@ -122,11 +122,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotemanagement-allowbasicauthentication-service"></a>**RemoteManagement/AllowBasicAuthentication_Service**
<!--SupportedSKUs-->
@ -179,11 +179,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotemanagement-allowcredsspauthenticationclient"></a>**RemoteManagement/AllowCredSSPAuthenticationClient**
<!--SupportedSKUs-->
@ -236,11 +236,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotemanagement-allowcredsspauthenticationservice"></a>**RemoteManagement/AllowCredSSPAuthenticationService**
<!--SupportedSKUs-->
@ -293,11 +293,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotemanagement-allowremoteservermanagement"></a>**RemoteManagement/AllowRemoteServerManagement**
<!--SupportedSKUs-->
@ -350,11 +350,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotemanagement-allowunencryptedtraffic-client"></a>**RemoteManagement/AllowUnencryptedTraffic_Client**
<!--SupportedSKUs-->
@ -407,11 +407,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotemanagement-allowunencryptedtraffic-service"></a>**RemoteManagement/AllowUnencryptedTraffic_Service**
<!--SupportedSKUs-->
@ -464,11 +464,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotemanagement-disallowdigestauthentication"></a>**RemoteManagement/DisallowDigestAuthentication**
<!--SupportedSKUs-->
@ -521,11 +521,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotemanagement-disallownegotiateauthenticationclient"></a>**RemoteManagement/DisallowNegotiateAuthenticationClient**
<!--SupportedSKUs-->
@ -578,11 +578,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotemanagement-disallownegotiateauthenticationservice"></a>**RemoteManagement/DisallowNegotiateAuthenticationService**
<!--SupportedSKUs-->
@ -635,11 +635,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotemanagement-disallowstoringofrunascredentials"></a>**RemoteManagement/DisallowStoringOfRunAsCredentials**
<!--SupportedSKUs-->
@ -692,11 +692,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotemanagement-specifychannelbindingtokenhardeninglevel"></a>**RemoteManagement/SpecifyChannelBindingTokenHardeningLevel**
<!--SupportedSKUs-->
@ -749,11 +749,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotemanagement-trustedhosts"></a>**RemoteManagement/TrustedHosts**
<!--SupportedSKUs-->
@ -806,11 +806,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotemanagement-turnoncompatibilityhttplistener"></a>**RemoteManagement/TurnOnCompatibilityHTTPListener**
<!--SupportedSKUs-->
@ -863,11 +863,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remotemanagement-turnoncompatibilityhttpslistener"></a>**RemoteManagement/TurnOnCompatibilityHTTPSListener**
<!--SupportedSKUs-->
@ -920,7 +920,7 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -929,5 +929,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

14
windows/client-management/mdm/policy-csp-remoteprocedurecall.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - RemoteProcedureCall
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## RemoteProcedureCall policies
<dl>
@ -30,7 +30,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remoteprocedurecall-rpcendpointmapperclientauthentication"></a>**RemoteProcedureCall/RPCEndpointMapperClientAuthentication**
<!--SupportedSKUs-->
@ -92,11 +92,11 @@ ADMX Info:
- GP ADMX file name: *rpc.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remoteprocedurecall-restrictunauthenticatedrpcclients"></a>**RemoteProcedureCall/RestrictUnauthenticatedRPCClients**
<!--SupportedSKUs-->
@ -166,7 +166,7 @@ ADMX Info:
- GP ADMX file name: *rpc.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -175,5 +175,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

34
windows/client-management/mdm/policy-csp-remoteshell.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - RemoteShell
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## RemoteShell policies
<dl>
@ -45,7 +45,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remoteshell-allowremoteshellaccess"></a>**RemoteShell/AllowRemoteShellAccess**
<!--SupportedSKUs-->
@ -98,11 +98,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteShell.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remoteshell-maxconcurrentusers"></a>**RemoteShell/MaxConcurrentUsers**
<!--SupportedSKUs-->
@ -155,11 +155,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteShell.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remoteshell-specifyidletimeout"></a>**RemoteShell/SpecifyIdleTimeout**
<!--SupportedSKUs-->
@ -212,11 +212,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteShell.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remoteshell-specifymaxmemory"></a>**RemoteShell/SpecifyMaxMemory**
<!--SupportedSKUs-->
@ -269,11 +269,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteShell.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remoteshell-specifymaxprocesses"></a>**RemoteShell/SpecifyMaxProcesses**
<!--SupportedSKUs-->
@ -326,11 +326,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteShell.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remoteshell-specifymaxremoteshells"></a>**RemoteShell/SpecifyMaxRemoteShells**
<!--SupportedSKUs-->
@ -383,11 +383,11 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteShell.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="remoteshell-specifyshelltimeout"></a>**RemoteShell/SpecifyShellTimeout**
<!--SupportedSKUs-->
@ -440,7 +440,7 @@ ADMX Info:
- GP ADMX file name: *WindowsRemoteShell.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -449,5 +449,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

62
windows/client-management/mdm/policy-csp-search.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Search
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Search policies
<dl>
@ -68,7 +68,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="search-allowcloudsearch"></a>**Search/AllowCloudSearch**
<!--SupportedSKUs-->
@ -114,11 +114,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="search-allowcortanainaad"></a>**Search/AllowCortanaInAAD**
<!--SupportedSKUs-->
@ -164,11 +164,11 @@ The following list shows the supported values:
- 1 - Allowed. The Cortana consent page will appear in Azure AAD OOBE during setup.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="search-allowindexingencryptedstoresoritems"></a>**Search/AllowIndexingEncryptedStoresOrItems**
<!--SupportedSKUs-->
@ -220,11 +220,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="search-allowsearchtouselocation"></a>**Search/AllowSearchToUseLocation**
<!--SupportedSKUs-->
@ -272,11 +272,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="search-allowstoringimagesfromvisionsearch"></a>**Search/AllowStoringImagesFromVisionSearch**
<!--Scope-->
@ -292,11 +292,11 @@ The following list shows the supported values:
This policy has been deprecated.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="search-allowusingdiacritics"></a>**Search/AllowUsingDiacritics**
<!--SupportedSKUs-->
@ -345,11 +345,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="search-allowwindowsindexer"></a>**Search/AllowWindowsIndexer**
<!--SupportedSKUs-->
@ -388,11 +388,11 @@ The following list shows the supported values:
Allow Windows indexer. Value type is integer.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="search-alwaysuseautolangdetection"></a>**Search/AlwaysUseAutoLangDetection**
<!--SupportedSKUs-->
@ -441,11 +441,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="search-disablebackoff"></a>**Search/DisableBackoff**
<!--SupportedSKUs-->
@ -491,11 +491,11 @@ The following list shows the supported values:
- 1 Enable.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="search-disableremovabledriveindexing"></a>**Search/DisableRemovableDriveIndexing**
<!--SupportedSKUs-->
@ -545,11 +545,11 @@ The following list shows the supported values:
- 1 Enable.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="search-donotusewebresults"></a>**Search/DoNotUseWebResults**
<!--SupportedSKUs-->
@ -600,11 +600,11 @@ The following list shows the supported values:
- 1 (default) - Allowed. Queries will be performed on the web and web results will be displayed when a user performs a query in Search.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="search-preventindexinglowdiskspacemb"></a>**Search/PreventIndexingLowDiskSpaceMB**
<!--SupportedSKUs-->
@ -654,11 +654,11 @@ The following list shows the supported values:
- 1 (default) Enable.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="search-preventremotequeries"></a>**Search/PreventRemoteQueries**
<!--SupportedSKUs-->
@ -704,11 +704,11 @@ The following list shows the supported values:
- 1 (default) Enable.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="search-safesearchpermissions"></a>**Search/SafeSearchPermissions**
<!--SupportedSKUs-->
@ -761,7 +761,7 @@ The following list shows the supported values:
- 1 (default) Moderate filtering against adult content (valid search results will not be filtered).
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -770,7 +770,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartEAS-->
## <a href="" id="eas"></a>Search policies that can be set using Exchange Active Sync (EAS)

50
windows/client-management/mdm/policy-csp-security.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Security
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Security policies
<dl>
@ -59,7 +59,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="security-allowaddprovisioningpackage"></a>**Security/AllowAddProvisioningPackage**
<!--SupportedSKUs-->
@ -105,11 +105,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="security-allowautomaticdeviceencryptionforazureadjoineddevices"></a>**Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices**
<!--SupportedSKUs-->
@ -155,11 +155,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="security-allowmanualrootcertificateinstallation"></a>**Security/AllowManualRootCertificateInstallation**
<!--SupportedSKUs-->
@ -211,11 +211,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="security-allowremoveprovisioningpackage"></a>**Security/AllowRemoveProvisioningPackage**
<!--SupportedSKUs-->
@ -261,11 +261,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="security-antitheftmode"></a>**Security/AntiTheftMode**
<!--SupportedSKUs-->
@ -315,11 +315,11 @@ The following list shows the supported values:
- 1 (default) Anti Theft Mode will follow the default device configuration (region-dependent).
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="security-cleartpmifnotready"></a>**Security/ClearTPMIfNotReady**
<!--SupportedSKUs-->
@ -368,11 +368,11 @@ The following list shows the supported values:
- 1 Will prompt to clear the TPM if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="security-configurewindowspasswords"></a>**Security/ConfigureWindowsPasswords**
<!--SupportedSKUs-->
@ -422,11 +422,11 @@ The following list shows the supported values:
- 2- Default (Feature defaults as per SKU and device capabilities. Windows 10 S devices will exhibit "Disallow passwords" default, and all other devices will default to "Allow passwords")
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="security-preventautomaticdeviceencryptionforazureadjoineddevices"></a>**Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices**
<!--SupportedSKUs-->
@ -478,11 +478,11 @@ The following list shows the supported values:
- 1 Encryption disabled.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="security-requiredeviceencryption"></a>**Security/RequireDeviceEncryption**
<!--SupportedSKUs-->
@ -534,11 +534,11 @@ The following list shows the supported values:
- 1 Encryption is required.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="security-requireprovisioningpackagesignature"></a>**Security/RequireProvisioningPackageSignature**
<!--SupportedSKUs-->
@ -584,11 +584,11 @@ The following list shows the supported values:
- 1 Required.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="security-requireretrievehealthcertificateonboot"></a>**Security/RequireRetrieveHealthCertificateOnBoot**
<!--SupportedSKUs-->
@ -646,7 +646,7 @@ The following list shows the supported values:
- 1 Required.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -655,7 +655,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartEAS-->
## <a href="" id="eas"></a>Security policies that can be set using Exchange Active Sync (EAS)

62
windows/client-management/mdm/policy-csp-settings.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Settings
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Settings policies
<dl>
@ -68,7 +68,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="settings-allowautoplay"></a>**Settings/AllowAutoPlay**
<!--SupportedSKUs-->
@ -121,11 +121,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="settings-allowdatasense"></a>**Settings/AllowDataSense**
<!--SupportedSKUs-->
@ -171,11 +171,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="settings-allowdatetime"></a>**Settings/AllowDateTime**
<!--SupportedSKUs-->
@ -221,11 +221,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="settings-alloweditdevicename"></a>**Settings/AllowEditDeviceName**
<!--SupportedSKUs-->
@ -271,11 +271,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="settings-allowlanguage"></a>**Settings/AllowLanguage**
<!--SupportedSKUs-->
@ -325,11 +325,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="settings-allowonlinetips"></a>**Settings/AllowOnlineTips**
<!--SupportedSKUs-->
@ -370,11 +370,11 @@ Enables or disables the retrieval of online tips and help for the Settings app.
If disabled, Settings will not contact Microsoft content services to retrieve tips and help content.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="settings-allowpowersleep"></a>**Settings/AllowPowerSleep**
<!--SupportedSKUs-->
@ -424,11 +424,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="settings-allowregion"></a>**Settings/AllowRegion**
<!--SupportedSKUs-->
@ -478,11 +478,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="settings-allowsigninoptions"></a>**Settings/AllowSignInOptions**
<!--SupportedSKUs-->
@ -532,11 +532,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="settings-allowvpn"></a>**Settings/AllowVPN**
<!--SupportedSKUs-->
@ -582,11 +582,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="settings-allowworkplace"></a>**Settings/AllowWorkplace**
<!--SupportedSKUs-->
@ -636,11 +636,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="settings-allowyouraccount"></a>**Settings/AllowYourAccount**
<!--SupportedSKUs-->
@ -686,11 +686,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="settings-configuretaskbarcalendar"></a>**Settings/ConfigureTaskbarCalendar**
<!--SupportedSKUs-->
@ -738,11 +738,11 @@ The following list shows the supported values:
- 3 - Traditional Chinese (Lunar).
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="settings-pagevisibilitylist"></a>**Settings/PageVisibilityList**
<!--SupportedSKUs-->
@ -813,7 +813,7 @@ To validate on Desktop, do the following:
3. Open System Settings again and verify that the About page is no longer accessible.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -822,7 +822,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartHoloLens-->
## <a href="" id="hololenspolicies"></a>Settings policies supported by Windows Holographic for Business

18
windows/client-management/mdm/policy-csp-smartscreen.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - SmartScreen
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## SmartScreen policies
<dl>
@ -33,7 +33,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="smartscreen-enableappinstallcontrol"></a>**SmartScreen/EnableAppInstallControl**
<!--SupportedSKUs-->
@ -79,11 +79,11 @@ The following list shows the supported values:
- 1 Turns on Application Installation Control, allowing users to only install apps from the Store.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="smartscreen-enablesmartscreeninshell"></a>**SmartScreen/EnableSmartScreenInShell**
<!--SupportedSKUs-->
@ -129,11 +129,11 @@ The following list shows the supported values:
- 1 Turns on SmartScreen in Windows.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="smartscreen-preventoverrideforfilesinshell"></a>**SmartScreen/PreventOverrideForFilesInShell**
<!--SupportedSKUs-->
@ -179,7 +179,7 @@ The following list shows the supported values:
- 1 Employees cannot ignore SmartScreen warnings and run malicious files.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -188,5 +188,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

10
windows/client-management/mdm/policy-csp-speech.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Speech
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Speech policies
<dl>
@ -27,7 +27,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="speech-allowspeechmodelupdate"></a>**Speech/AllowSpeechModelUpdate**
<!--SupportedSKUs-->
@ -73,7 +73,7 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -82,5 +82,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

122
windows/client-management/mdm/policy-csp-start.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Start
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Start policies
<dl>
@ -111,7 +111,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-allowpinnedfolderdocuments"></a>**Start/AllowPinnedFolderDocuments**
<!--SupportedSKUs-->
@ -158,11 +158,11 @@ The following list shows the supported values:
- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-allowpinnedfolderdownloads"></a>**Start/AllowPinnedFolderDownloads**
<!--SupportedSKUs-->
@ -209,11 +209,11 @@ The following list shows the supported values:
- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-allowpinnedfolderfileexplorer"></a>**Start/AllowPinnedFolderFileExplorer**
<!--SupportedSKUs-->
@ -260,11 +260,11 @@ The following list shows the supported values:
- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-allowpinnedfolderhomegroup"></a>**Start/AllowPinnedFolderHomeGroup**
<!--SupportedSKUs-->
@ -311,11 +311,11 @@ The following list shows the supported values:
- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-allowpinnedfoldermusic"></a>**Start/AllowPinnedFolderMusic**
<!--SupportedSKUs-->
@ -362,11 +362,11 @@ The following list shows the supported values:
- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-allowpinnedfoldernetwork"></a>**Start/AllowPinnedFolderNetwork**
<!--SupportedSKUs-->
@ -413,11 +413,11 @@ The following list shows the supported values:
- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-allowpinnedfolderpersonalfolder"></a>**Start/AllowPinnedFolderPersonalFolder**
<!--SupportedSKUs-->
@ -464,11 +464,11 @@ The following list shows the supported values:
- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-allowpinnedfolderpictures"></a>**Start/AllowPinnedFolderPictures**
<!--SupportedSKUs-->
@ -515,11 +515,11 @@ The following list shows the supported values:
- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-allowpinnedfoldersettings"></a>**Start/AllowPinnedFolderSettings**
<!--SupportedSKUs-->
@ -566,11 +566,11 @@ The following list shows the supported values:
- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-allowpinnedfoldervideos"></a>**Start/AllowPinnedFolderVideos**
<!--SupportedSKUs-->
@ -617,11 +617,11 @@ The following list shows the supported values:
- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-forcestartsize"></a>**Start/ForceStartSize**
<!--SupportedSKUs-->
@ -675,11 +675,11 @@ The following list shows the supported values:
- 2 - Force a fullscreen size of Start.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-hideapplist"></a>**Start/HideAppList**
<!--SupportedSKUs-->
@ -741,11 +741,11 @@ The following list shows the supported values:
- 3 - Hide all apps list, remove all apps button, and Disable "Show app list in Start menu" in Settings app.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-hidechangeaccountsettings"></a>**Start/HideChangeAccountSettings**
<!--SupportedSKUs-->
@ -798,11 +798,11 @@ To validate on Desktop, do the following:
2. Open Start, click on the user tile, and verify that "Change account settings" is not available.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-hidefrequentlyusedapps"></a>**Start/HideFrequentlyUsedApps**
<!--SupportedSKUs-->
@ -862,11 +862,11 @@ To validate on Desktop, do the following:
6. Check that most used apps do not appear in Start.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-hidehibernate"></a>**Start/HideHibernate**
<!--SupportedSKUs-->
@ -923,11 +923,11 @@ To validate on Laptop, do the following:
2. Open Start, click on the Power button, and verify "Hibernate" is not available.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-hidelock"></a>**Start/HideLock**
<!--SupportedSKUs-->
@ -980,11 +980,11 @@ To validate on Desktop, do the following:
2. Open Start, click on the user tile, and verify "Lock" is not available.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-hidepeoplebar"></a>**Start/HidePeopleBar**
<!--SupportedSKUs-->
@ -1025,11 +1025,11 @@ Added in Windows 10, version 1709. Enabling this policy removes the people icon
Value type is integer.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-hidepowerbutton"></a>**Start/HidePowerButton**
<!--SupportedSKUs-->
@ -1085,11 +1085,11 @@ To validate on Desktop, do the following:
2. Open Start, and verify the power button is not available.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-hiderecentjumplists"></a>**Start/HideRecentJumplists**
<!--SupportedSKUs-->
@ -1152,11 +1152,11 @@ To validate on Desktop, do the following:
9. Right Click pinned photos app and verify that there is no jumplist of recent items.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-hiderecentlyaddedapps"></a>**Start/HideRecentlyAddedApps**
<!--SupportedSKUs-->
@ -1216,11 +1216,11 @@ To validate on Desktop, do the following:
6. Check that recently added apps do not appear in Start.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-hiderestart"></a>**Start/HideRestart**
<!--SupportedSKUs-->
@ -1273,11 +1273,11 @@ To validate on Desktop, do the following:
2. Open Start, click on the Power button, and verify "Restart" and "Update and restart" are not available.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-hideshutdown"></a>**Start/HideShutDown**
<!--SupportedSKUs-->
@ -1330,11 +1330,11 @@ To validate on Desktop, do the following:
2. Open Start, click on the Power button, and verify "Shut down" and "Update and shut down" are not available.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-hidesignout"></a>**Start/HideSignOut**
<!--SupportedSKUs-->
@ -1387,11 +1387,11 @@ To validate on Desktop, do the following:
2. Open Start, click on the user tile, and verify "Sign out" is not available.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-hidesleep"></a>**Start/HideSleep**
<!--SupportedSKUs-->
@ -1444,11 +1444,11 @@ To validate on Desktop, do the following:
2. Open Start, click on the Power button, and verify that "Sleep" is not available.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-hideswitchaccount"></a>**Start/HideSwitchAccount**
<!--SupportedSKUs-->
@ -1501,11 +1501,11 @@ To validate on Desktop, do the following:
2. Open Start, click on the user tile, and verify that "Switch account" is not available.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-hideusertile"></a>**Start/HideUserTile**
<!--SupportedSKUs-->
@ -1562,11 +1562,11 @@ To validate on Desktop, do the following:
3. Log in, and verify that the user tile is gone from Start.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-importedgeassets"></a>**Start/ImportEdgeAssets**
<!--SupportedSKUs-->
@ -1622,11 +1622,11 @@ To validate on Desktop, do the following:
4. Verify that all Edge assets defined in XML show up in %LOCALAPPDATA%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState path.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-nopinningtotaskbar"></a>**Start/NoPinningToTaskbar**
<!--SupportedSKUs-->
@ -1682,11 +1682,11 @@ To validate on Desktop, do the following:
5. Verify that More->Pin to taskbar menu does not show.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="start-startlayout"></a>**Start/StartLayout**
<!--SupportedSKUs-->
@ -1731,7 +1731,7 @@ Allows you to override the default Start layout and prevents the user from chang
For further details on how to customize the Start layout, please see [Customize and export Start layout](https://docs.microsoft.com/en-us/windows/configuration/customize-and-export-start-layout) and [Configure Windows 10 taskbar](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-10-taskbar).
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -1740,5 +1740,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

14
windows/client-management/mdm/policy-csp-storage.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Storage
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Storage policies
<dl>
@ -30,7 +30,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="storage-allowdiskhealthmodelupdates"></a>**Storage/AllowDiskHealthModelUpdates**
<!--SupportedSKUs-->
@ -80,11 +80,11 @@ The following list shows the supported values:
- 1 (default) - Allow
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="storage-enhancedstoragedevices"></a>**Storage/EnhancedStorageDevices**
<!--SupportedSKUs-->
@ -142,7 +142,7 @@ ADMX Info:
- GP ADMX file name: *enhancedstorage.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -151,5 +151,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

66
windows/client-management/mdm/policy-csp-system.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - System
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## System policies
<dl>
@ -71,7 +71,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="system-allowbuildpreview"></a>**System/AllowBuildPreview**
<!--SupportedSKUs-->
@ -124,11 +124,11 @@ The following list shows the supported values:
- 2 (default) Not configured. Users can make their devices available for downloading and installing preview software.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="system-allowembeddedmode"></a>**System/AllowEmbeddedMode**
<!--SupportedSKUs-->
@ -176,11 +176,11 @@ The following list shows the supported values:
- 1 Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="system-allowexperimentation"></a>**System/AllowExperimentation**
<!--SupportedSKUs-->
@ -233,11 +233,11 @@ The following list shows the supported values:
- 2 Allows Microsoft to conduct full experimentations.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="system-allowfontproviders"></a>**System/AllowFontProviders**
<!--SupportedSKUs-->
@ -296,11 +296,11 @@ To verify if System/AllowFontProviders is set to true:
- After a client machine is rebooted, check whether there is any network traffic from client machine to fs.microsoft.com.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="system-allowlocation"></a>**System/AllowLocation**
<!--SupportedSKUs-->
@ -356,11 +356,11 @@ The following list shows the supported values:
- 2 Force Location On. All Location Privacy settings are toggled on and greyed out. Users cannot change the settings and all consent permissions will be automatically suppressed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="system-allowstoragecard"></a>**System/AllowStorageCard**
<!--SupportedSKUs-->
@ -408,11 +408,11 @@ The following list shows the supported values:
- 1 (default) Allow a storage card.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="system-allowtelemetry"></a>**System/AllowTelemetry**
<!--SupportedSKUs-->
@ -527,11 +527,11 @@ Windows 10 Values:
Most restricted value is 0.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="system-allowusertoresetphone"></a>**System/AllowUserToResetPhone**
<!--SupportedSKUs-->
@ -580,11 +580,11 @@ orted values:
- 1 (default) Allowed to reset to factory default settings.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="system-bootstartdriverinitialization"></a>**System/BootStartDriverInitialization**
<!--SupportedSKUs-->
@ -636,11 +636,11 @@ ADMX Info:
- GP ADMX file name: *earlylauncham.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="system-disableenterpriseauthproxy"></a>**System/DisableEnterpriseAuthProxy**
<!--SupportedSKUs-->
@ -679,11 +679,11 @@ ADMX Info:
This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="system-disableonedrivefilesync"></a>**System/DisableOneDriveFileSync**
<!--SupportedSKUs-->
@ -745,11 +745,11 @@ To validate on Desktop, do the following:
3. Verify that OneDrive.exe is not running in Task Manager.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="system-disablesystemrestore"></a>**System/DisableSystemRestore**
<!--SupportedSKUs-->
@ -813,11 +813,11 @@ ADMX Info:
- GP ADMX file name: *systemrestore.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="system-feedbackhubalwayssavediagnosticslocally"></a>**System/FeedbackHubAlwaysSaveDiagnosticsLocally**
<!--SupportedSKUs-->
@ -863,11 +863,11 @@ The following list shows the supported values:
- 1 - True. The Feedback Hub should always save a local copy of diagnostics that may be created when a feedback is submitted.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="system-limitenhanceddiagnosticdatawindowsanalytics"></a>**System/LimitEnhancedDiagnosticDataWindowsAnalytics**
<!--SupportedSKUs-->
@ -919,11 +919,11 @@ Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combina
If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="system-telemetryproxy"></a>**System/TelemetryProxy**
<!--SupportedSKUs-->
@ -964,7 +964,7 @@ Allows you to specify the fully qualified domain name (FQDN) or IP address of a
If you disable or do not configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -973,7 +973,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartEAS-->
## <a href="" id="eas"></a>System policies that can be set using Exchange Active Sync (EAS)

30
windows/client-management/mdm/policy-csp-systemservices.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - SystemServices
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## SystemServices policies
<dl>
@ -44,7 +44,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="systemservices-configurehomegrouplistenerservicestartupmode"></a>**SystemServices/ConfigureHomeGroupListenerServiceStartupMode**
<!--SupportedSKUs-->
@ -83,11 +83,11 @@ ms.date: 01/29/2018
Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="systemservices-configurehomegroupproviderservicestartupmode"></a>**SystemServices/ConfigureHomeGroupProviderServiceStartupMode**
<!--SupportedSKUs-->
@ -126,11 +126,11 @@ Added in Windows 10, next major update. This setting determines whether the serv
Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="systemservices-configurexboxaccessorymanagementservicestartupmode"></a>**SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode**
<!--SupportedSKUs-->
@ -169,11 +169,11 @@ Added in Windows 10, next major update. This setting determines whether the serv
Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="systemservices-configurexboxliveauthmanagerservicestartupmode"></a>**SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode**
<!--SupportedSKUs-->
@ -212,11 +212,11 @@ Added in Windows 10, next major update. This setting determines whether the serv
Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="systemservices-configurexboxlivegamesaveservicestartupmode"></a>**SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode**
<!--SupportedSKUs-->
@ -255,11 +255,11 @@ Added in Windows 10, next major update. This setting determines whether the serv
Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="systemservices-configurexboxlivenetworkingservicestartupmode"></a>**SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode**
<!--SupportedSKUs-->
@ -298,7 +298,7 @@ Added in Windows 10, next major update. This setting determines whether the serv
Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -307,5 +307,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

10
windows/client-management/mdm/policy-csp-taskscheduler.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - TaskScheduler
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## TaskScheduler policies
<dl>
@ -29,7 +29,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="taskscheduler-enablexboxgamesavetask"></a>**TaskScheduler/EnableXboxGameSaveTask**
<!--SupportedSKUs-->
@ -68,7 +68,7 @@ ms.date: 01/29/2018
Added in Windows 10, next major update. This setting determines whether the specific task is enabled (1) or disabled (0). Default: Enabled.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -77,5 +77,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

62
windows/client-management/mdm/policy-csp-textinput.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - TextInput
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## TextInput policies
<dl>
@ -68,7 +68,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="textinput-allowimelogging"></a>**TextInput/AllowIMELogging**
<!--SupportedSKUs-->
@ -120,11 +120,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="textinput-allowimenetworkaccess"></a>**TextInput/AllowIMENetworkAccess**
<!--SupportedSKUs-->
@ -176,11 +176,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="textinput-allowinputpanel"></a>**TextInput/AllowInputPanel**
<!--SupportedSKUs-->
@ -232,11 +232,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="textinput-allowjapaneseimesurrogatepaircharacters"></a>**TextInput/AllowJapaneseIMESurrogatePairCharacters**
<!--SupportedSKUs-->
@ -289,11 +289,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="textinput-allowjapaneseivscharacters"></a>**TextInput/AllowJapaneseIVSCharacters**
<!--SupportedSKUs-->
@ -345,11 +345,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="textinput-allowjapanesenonpublishingstandardglyph"></a>**TextInput/AllowJapaneseNonPublishingStandardGlyph**
<!--SupportedSKUs-->
@ -401,11 +401,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="textinput-allowjapaneseuserdictionary"></a>**TextInput/AllowJapaneseUserDictionary**
<!--SupportedSKUs-->
@ -457,11 +457,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="textinput-allowkeyboardtextsuggestions"></a>**TextInput/AllowKeyboardTextSuggestions**
<!--SupportedSKUs-->
@ -520,22 +520,22 @@ To validate that text prediction is disabled on Windows 10 for desktop, do the f
3. Launch the handwriting tool from the touch keyboard. Verify that text prediction is disabled when you write using the tool.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="textinput-allowkoreanextendedhanja"></a>**TextInput/AllowKoreanExtendedHanja**
<!--Description-->
This policy has been deprecated.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="textinput-allowlanguagefeaturesuninstall"></a>**TextInput/AllowLanguageFeaturesUninstall**
<!--SupportedSKUs-->
@ -587,11 +587,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="textinput-enabletouchkeyboardautoinvokeindesktopmode"></a>**TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode**
<!--SupportedSKUs-->
@ -643,11 +643,11 @@ The following list shows the supported values:
- 1 - Enabled.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="textinput-excludejapaneseimeexceptjis0208"></a>**TextInput/ExcludeJapaneseIMEExceptJIS0208**
<!--SupportedSKUs-->
@ -697,11 +697,11 @@ The following list shows the supported values:
- 1 All characters except JIS0208 are filtered.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="textinput-excludejapaneseimeexceptjis0208andeudc"></a>**TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC**
<!--SupportedSKUs-->
@ -751,11 +751,11 @@ The following list shows the supported values:
- 1 All characters except JIS0208 and EUDC are filtered.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="textinput-excludejapaneseimeexceptshiftjis"></a>**TextInput/ExcludeJapaneseIMEExceptShiftJIS**
<!--SupportedSKUs-->
@ -805,7 +805,7 @@ The following list shows the supported values:
- 1 All characters except ShiftJIS are filtered.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -814,7 +814,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartSurfaceHub-->
## <a href="" id="surfacehubpolicies"></a>TextInput policies supported by Microsoft Surface Hub

10
windows/client-management/mdm/policy-csp-timelanguagesettings.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - TimeLanguageSettings
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## TimeLanguageSettings policies
<dl>
@ -27,7 +27,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="timelanguagesettings-allowset24hourclock"></a>**TimeLanguageSettings/AllowSet24HourClock**
<!--SupportedSKUs-->
@ -73,7 +73,7 @@ The following list shows the supported values:
- 1 (default) Set 24 hour clock.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -82,5 +82,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

198
windows/client-management/mdm/policy-csp-update.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Update
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Update policies
<dl>
@ -170,7 +170,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-activehoursend"></a>**Update/ActiveHoursEnd**
<!--SupportedSKUs-->
@ -216,11 +216,11 @@ Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
The default is 17 (5 PM).
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-activehoursmaxrange"></a>**Update/ActiveHoursMaxRange**
<!--SupportedSKUs-->
@ -263,11 +263,11 @@ Supported values are 8-18.
The default value is 18 (hours).
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-activehoursstart"></a>**Update/ActiveHoursStart**
<!--SupportedSKUs-->
@ -313,11 +313,11 @@ Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
The default value is 8 (8 AM).
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-allowautoupdate"></a>**Update/AllowAutoUpdate**
<!--SupportedSKUs-->
@ -376,11 +376,11 @@ The following list shows the supported values:
- 5 Turn off automatic updates.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-allowautowindowsupdatedownloadovermeterednetwork"></a>**Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork**
<!--SupportedSKUs-->
@ -430,11 +430,11 @@ The following list shows the supported values:
- 1 - Allowed
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-allowmuupdateservice"></a>**Update/AllowMUUpdateService**
<!--SupportedSKUs-->
@ -480,11 +480,11 @@ The following list shows the supported values:
- 1 Allowed. Accepts updates received through Microsoft Update.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-allownonmicrosoftsignedupdate"></a>**Update/AllowNonMicrosoftSignedUpdate**
<!--SupportedSKUs-->
@ -534,11 +534,11 @@ The following list shows the supported values:
- 1 Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-allowupdateservice"></a>**Update/AllowUpdateService**
<!--SupportedSKUs-->
@ -591,11 +591,11 @@ The following list shows the supported values:
- 1 (default) Update service is allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-autorestartdeadlineperiodindays"></a>**Update/AutoRestartDeadlinePeriodInDays**
<!--SupportedSKUs-->
@ -638,11 +638,11 @@ Supported values are 2-30 days.
The default value is 7 days.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-autorestartnotificationschedule"></a>**Update/AutoRestartNotificationSchedule**
<!--SupportedSKUs-->
@ -687,11 +687,11 @@ The default value is 15 (minutes).
Supported values are 15, 30, 60, 120, and 240 (minutes).
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-autorestartrequirednotificationdismissal"></a>**Update/AutoRestartRequiredNotificationDismissal**
<!--SupportedSKUs-->
@ -737,11 +737,11 @@ The following list shows the supported values:
- 2 User Dismissal.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-branchreadinesslevel"></a>**Update/BranchReadinessLevel**
<!--SupportedSKUs-->
@ -790,11 +790,11 @@ The following list shows the supported values:
- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-configurefeatureupdateuninstallperiod"></a>**Update/ConfigureFeatureUpdateUninstallPeriod**
<!--SupportedSKUs-->
@ -824,11 +824,11 @@ The following list shows the supported values:
Added in Windows 10, next major update. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-deferfeatureupdatesperiodindays"></a>**Update/DeferFeatureUpdatesPeriodInDays**
<!--SupportedSKUs-->
@ -874,11 +874,11 @@ Supported values are 0-365 days.
> The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-deferqualityupdatesperiodindays"></a>**Update/DeferQualityUpdatesPeriodInDays**
<!--SupportedSKUs-->
@ -919,11 +919,11 @@ Added in Windows 10, version 1607. Defers Quality Updates for the specified num
Supported values are 0-30.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-deferupdateperiod"></a>**Update/DeferUpdatePeriod**
<!--SupportedSKUs-->
@ -1055,11 +1055,11 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
</table>-->
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-deferupgradeperiod"></a>**Update/DeferUpgradePeriod**
<!--SupportedSKUs-->
@ -1110,11 +1110,11 @@ If the "Specify intranet Microsoft update service location" policy is enabled, t
If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-detectionfrequency"></a>**Update/DetectionFrequency**
<!--SupportedSKUs-->
@ -1153,11 +1153,11 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th
Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-disabledualscan"></a>**Update/DisableDualScan**
<!--SupportedSKUs-->
@ -1209,11 +1209,11 @@ The following list shows the supported values:
- 1 - do not allow update deferral policies to cause scans against Windows Update
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-engagedrestartdeadline"></a>**Update/EngagedRestartDeadline**
<!--SupportedSKUs-->
@ -1256,11 +1256,11 @@ Supported values are 2-30 days.
The default value is 0 days (not specified).
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-engagedrestartsnoozeschedule"></a>**Update/EngagedRestartSnoozeSchedule**
<!--SupportedSKUs-->
@ -1303,11 +1303,11 @@ Supported values are 1-3 days.
The default value is 3 days.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-engagedrestarttransitionschedule"></a>**Update/EngagedRestartTransitionSchedule**
<!--SupportedSKUs-->
@ -1350,11 +1350,11 @@ Supported values are 2-30 days.
The default value is 7 days.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-excludewudriversinqualityupdate"></a>**Update/ExcludeWUDriversInQualityUpdate**
<!--SupportedSKUs-->
@ -1403,11 +1403,11 @@ The following list shows the supported values:
- 1 Exclude Windows Update drivers.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-fillemptycontenturls"></a>**Update/FillEmptyContentUrls**
<!--SupportedSKUs-->
@ -1456,11 +1456,11 @@ The following list shows the supported values:
- 1 Enabled.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-ignoremoappdownloadlimit"></a>**Update/IgnoreMOAppDownloadLimit**
<!--SupportedSKUs-->
@ -1521,11 +1521,11 @@ To validate this policy:
3. Verify that any downloads that are above the download size limit will complete without being paused.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-ignoremoupdatedownloadlimit"></a>**Update/IgnoreMOUpdateDownloadLimit**
<!--SupportedSKUs-->
@ -1586,11 +1586,11 @@ To validate this policy:
2. Run the scheduled task on phone to check for OS updates in the background. For example, on a mobile device, run the following commands in TShell:
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-managepreviewbuilds"></a>**Update/ManagePreviewBuilds**
<!--SupportedSKUs-->
@ -1637,11 +1637,11 @@ The following list shows the supported values:
- 2 - Enable Preview builds
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-pausedeferrals"></a>**Update/PauseDeferrals**
<!--SupportedSKUs-->
@ -1696,11 +1696,11 @@ The following list shows the supported values:
- 1 Deferrals are paused.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-pausefeatureupdates"></a>**Update/PauseFeatureUpdates**
<!--SupportedSKUs-->
@ -1749,11 +1749,11 @@ The following list shows the supported values:
- 1 Feature Updates are paused for 60 days or until value set to back to 0, whichever is sooner.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-pausefeatureupdatesstarttime"></a>**Update/PauseFeatureUpdatesStartTime**
<!--SupportedSKUs-->
@ -1794,11 +1794,11 @@ Added in Windows 10, version 1703. Specifies the date and time when the IT admi
Value type is string. Supported operations are Add, Get, Delete, and Replace.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-pausequalityupdates"></a>**Update/PauseQualityUpdates**
<!--SupportedSKUs-->
@ -1844,11 +1844,11 @@ The following list shows the supported values:
- 1 Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-pausequalityupdatesstarttime"></a>**Update/PauseQualityUpdatesStartTime**
<!--SupportedSKUs-->
@ -1889,22 +1889,22 @@ Added in Windows 10, version 1703. Specifies the date and time when the IT admi
Value type is string. Supported operations are Add, Get, Delete, and Replace.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-phoneupdaterestrictions"></a>**Update/PhoneUpdateRestrictions**
<!--Description-->
This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-requiredeferupgrade"></a>**Update/RequireDeferUpgrade**
<!--SupportedSKUs-->
@ -1954,11 +1954,11 @@ The following list shows the supported values:
- 1 User gets upgrades from Semi-Annual Channel.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-requireupdateapproval"></a>**Update/RequireUpdateApproval**
<!--SupportedSKUs-->
@ -2010,11 +2010,11 @@ The following list shows the supported values:
- 1 The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-scheduleimminentrestartwarning"></a>**Update/ScheduleImminentRestartWarning**
<!--SupportedSKUs-->
@ -2059,11 +2059,11 @@ The default value is 15 (minutes).
Supported values are 15, 30, or 60 (minutes).
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-schedulerestartwarning"></a>**Update/ScheduleRestartWarning**
<!--SupportedSKUs-->
@ -2112,11 +2112,11 @@ The default value is 4 (hours).
Supported values are 2, 4, 8, 12, or 24 (hours).
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-scheduledinstallday"></a>**Update/ScheduledInstallDay**
<!--SupportedSKUs-->
@ -2172,11 +2172,11 @@ The following list shows the supported values:
- 7 Saturday
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-scheduledinstalleveryweek"></a>**Update/ScheduledInstallEveryWeek**
<!--SupportedSKUs-->
@ -2219,11 +2219,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
</ul>
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-scheduledinstallfirstweek"></a>**Update/ScheduledInstallFirstWeek**
<!--SupportedSKUs-->
@ -2266,11 +2266,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
</ul>
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-scheduledinstallfourthweek"></a>**Update/ScheduledInstallFourthWeek**
<!--SupportedSKUs-->
@ -2313,11 +2313,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
</ul>
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-scheduledinstallsecondweek"></a>**Update/ScheduledInstallSecondWeek**
<!--SupportedSKUs-->
@ -2360,11 +2360,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
</ul>
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-scheduledinstallthirdweek"></a>**Update/ScheduledInstallThirdWeek**
<!--SupportedSKUs-->
@ -2407,11 +2407,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
</ul>
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-scheduledinstalltime"></a>**Update/ScheduledInstallTime**
<!--SupportedSKUs-->
@ -2462,11 +2462,11 @@ Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM.
The default value is 3.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-setautorestartnotificationdisable"></a>**Update/SetAutoRestartNotificationDisable**
<!--SupportedSKUs-->
@ -2512,11 +2512,11 @@ The following list shows the supported values:
- 1 Disabled
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-setedurestart"></a>**Update/SetEDURestart**
<!--SupportedSKUs-->
@ -2562,11 +2562,11 @@ The following list shows the supported values:
- 1 - configured
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-updateserviceurl"></a>**Update/UpdateServiceUrl**
<!--SupportedSKUs-->
@ -2637,11 +2637,11 @@ Example
```
<!--/Example-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="update-updateserviceurlalternate"></a>**Update/UpdateServiceUrlAlternate**
<!--SupportedSKUs-->
@ -2691,7 +2691,7 @@ Value type is string and the default value is an empty string, "". If the settin
> This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -2700,7 +2700,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartHoloLens-->
## <a href="" id="hololenspolicies"></a>Update policies supported by Windows Holographic for Business

122
windows/client-management/mdm/policy-csp-userrights.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - UserRights
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## UserRights policies
<dl>
@ -113,7 +113,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-accesscredentialmanagerastrustedcaller"></a>**UserRights/AccessCredentialManagerAsTrustedCaller**
<!--SupportedSKUs-->
@ -152,11 +152,11 @@ ms.date: 01/29/2018
This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-accessfromnetwork"></a>**UserRights/AccessFromNetwork**
<!--SupportedSKUs-->
@ -195,11 +195,11 @@ This user right is used by Credential Manager during Backup/Restore. No accounts
This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right.Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-actaspartoftheoperatingsystem"></a>**UserRights/ActAsPartOfTheOperatingSystem**
<!--SupportedSKUs-->
@ -238,11 +238,11 @@ This user right determines which users and groups are allowed to connect to the
This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separate user account with this privilege specially assigned. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-allowlocallogon"></a>**UserRights/AllowLocalLogOn**
<!--SupportedSKUs-->
@ -281,11 +281,11 @@ This user right allows a process to impersonate any user without authentication.
This user right determines which users can log on to the computer. Note: Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-backupfilesanddirectories"></a>**UserRights/BackupFilesAndDirectories**
<!--SupportedSKUs-->
@ -324,11 +324,11 @@ This user right determines which users can log on to the computer. Note: Modifyi
This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories.Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Read. Caution: Assigning this user right can be a security risk. Since users with this user right can read any registry settings and files, only assign this user right to trusted users
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-changesystemtime"></a>**UserRights/ChangeSystemTime**
<!--SupportedSKUs-->
@ -367,11 +367,11 @@ This user right determines which users can bypass file, directory, registry, and
This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-createglobalobjects"></a>**UserRights/CreateGlobalObjects**
<!--SupportedSKUs-->
@ -410,11 +410,11 @@ This user right determines which users and groups can change the time and date o
This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. Caution: Assigning this user right can be a security risk. Assign this user right only to trusted users.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-createpagefile"></a>**UserRights/CreatePageFile**
<!--SupportedSKUs-->
@ -453,11 +453,11 @@ This security setting determines whether users can create global objects that ar
This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-createpermanentsharedobjects"></a>**UserRights/CreatePermanentSharedObjects**
<!--SupportedSKUs-->
@ -496,11 +496,11 @@ This user right determines which users and groups can call an internal applicati
This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it is not necessary to specifically assign it.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-createsymboliclinks"></a>**UserRights/CreateSymbolicLinks**
<!--SupportedSKUs-->
@ -539,11 +539,11 @@ This user right determines which accounts can be used by processes to create a d
This user right determines if the user can create a symbolic link from the computer he is logged on to. Caution: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. Note: This setting can be used in conjunction a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type 'fsutil behavior set symlinkevaluation /?' at the command line to get more information about fsutil and symbolic links.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-createtoken"></a>**UserRights/CreateToken**
<!--SupportedSKUs-->
@ -582,11 +582,11 @@ This user right determines if the user can create a symbolic link from the compu
This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-debugprograms"></a>**UserRights/DebugPrograms**
<!--SupportedSKUs-->
@ -625,11 +625,11 @@ This user right determines which accounts can be used by processes to create a t
This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-denyaccessfromnetwork"></a>**UserRights/DenyAccessFromNetwork**
<!--SupportedSKUs-->
@ -668,11 +668,11 @@ This user right determines which users can attach a debugger to any process or t
This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-denylocallogon"></a>**UserRights/DenyLocalLogOn**
<!--SupportedSKUs-->
@ -711,11 +711,11 @@ This user right determines which users are prevented from accessing a computer o
This security setting determines which service accounts are prevented from registering a process as a service. Note: This security setting does not apply to the System, Local Service, or Network Service accounts.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-denyremotedesktopserviceslogon"></a>**UserRights/DenyRemoteDesktopServicesLogOn**
<!--SupportedSKUs-->
@ -754,11 +754,11 @@ This security setting determines which service accounts are prevented from regis
This user right determines which users and groups are prohibited from logging on as a Remote Desktop Services client.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-enabledelegation"></a>**UserRights/EnableDelegation**
<!--SupportedSKUs-->
@ -797,11 +797,11 @@ This user right determines which users and groups are prohibited from logging on
This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account does not have the Account cannot be delegated account control flag set. Caution: Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-generatesecurityaudits"></a>**UserRights/GenerateSecurityAudits**
<!--SupportedSKUs-->
@ -840,11 +840,11 @@ This user right determines which users can set the Trusted for Delegation settin
This user right determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causing a denial of service. Shut down system immediately if unable to log security audits security policy setting is enabled.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-impersonateclient"></a>**UserRights/ImpersonateClient**
<!--SupportedSKUs-->
@ -887,11 +887,11 @@ Assigning this user right to a user allows programs running on behalf of that us
Because of these factors, users do not usually need this user right. Warning: If you enable this setting, programs that previously had the Impersonate privilege may lose it, and they may not run.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-increaseschedulingpriority"></a>**UserRights/IncreaseSchedulingPriority**
<!--SupportedSKUs-->
@ -930,11 +930,11 @@ Because of these factors, users do not usually need this user right. Warning: If
This user right determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-loadunloaddevicedrivers"></a>**UserRights/LoadUnloadDeviceDrivers**
<!--SupportedSKUs-->
@ -973,11 +973,11 @@ This user right determines which accounts can use a process with Write Property
This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-lockmemory"></a>**UserRights/LockMemory**
<!--SupportedSKUs-->
@ -1016,11 +1016,11 @@ This user right determines which users can dynamically load and unload device dr
This user right determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM).
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-manageauditingandsecuritylog"></a>**UserRights/ManageAuditingAndSecurityLog**
<!--SupportedSKUs-->
@ -1059,11 +1059,11 @@ This user right determines which accounts can use a process to keep data in phys
This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-managevolume"></a>**UserRights/ManageVolume**
<!--SupportedSKUs-->
@ -1102,11 +1102,11 @@ This user right determines which users can specify object access auditing option
This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-modifyfirmwareenvironment"></a>**UserRights/ModifyFirmwareEnvironment**
<!--SupportedSKUs-->
@ -1145,11 +1145,11 @@ This user right determines which users and groups can run maintenance tasks on a
This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor.On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows.Note: This security setting does not affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-modifyobjectlabel"></a>**UserRights/ModifyObjectLabel**
<!--SupportedSKUs-->
@ -1188,11 +1188,11 @@ This user right determines who can modify firmware environment values. Firmware
This user right determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-profilesingleprocess"></a>**UserRights/ProfileSingleProcess**
<!--SupportedSKUs-->
@ -1231,11 +1231,11 @@ This user right determines which user accounts can modify the integrity label of
This user right determines which users can use performance monitoring tools to monitor the performance of system processes.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-remoteshutdown"></a>**UserRights/RemoteShutdown**
<!--SupportedSKUs-->
@ -1274,11 +1274,11 @@ This user right determines which users can use performance monitoring tools to m
This user right determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-restorefilesanddirectories"></a>**UserRights/RestoreFilesAndDirectories**
<!--SupportedSKUs-->
@ -1317,11 +1317,11 @@ This user right determines which users are allowed to shut down a computer from
This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Write. Caution: Assigning this user right can be a security risk. Since users with this user right can overwrite registry settings, hide data, and gain ownership of system objects, only assign this user right to trusted users.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="userrights-takeownership"></a>**UserRights/TakeOwnership**
<!--SupportedSKUs-->
@ -1360,7 +1360,7 @@ This user right determines which users can bypass file, directory, registry, and
This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Caution: Assigning this user right can be a security risk. Since owners of objects have full control of them, only assign this user right to trusted users.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -1369,5 +1369,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

34
windows/client-management/mdm/policy-csp-wifi.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - Wifi
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## Wifi policies
<dl>
@ -45,18 +45,18 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="wifi-allowwifihotspotreporting"></a>**WiFi/AllowWiFiHotSpotReporting**
<!--Description-->
This policy has been deprecated.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="wifi-allowautoconnecttowifisensehotspots"></a>**Wifi/AllowAutoConnectToWiFiSenseHotspots**
<!--SupportedSKUs-->
@ -104,11 +104,11 @@ The following list shows the supported values:
- 1 (default) Allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="wifi-allowinternetsharing"></a>**Wifi/AllowInternetSharing**
<!--SupportedSKUs-->
@ -156,11 +156,11 @@ The following list shows the supported values:
- 1 (default) Allow the use of Internet Sharing.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="wifi-allowmanualwificonfiguration"></a>**Wifi/AllowManualWiFiConfiguration**
<!--SupportedSKUs-->
@ -211,11 +211,11 @@ The following list shows the supported values:
- 1 (default) Adding new network SSIDs beyond the already MDM provisioned ones is allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="wifi-allowwifi"></a>**Wifi/AllowWiFi**
<!--SupportedSKUs-->
@ -263,11 +263,11 @@ The following list shows the supported values:
- 1 (default) WiFi connection is allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="wifi-allowwifidirect"></a>**Wifi/AllowWiFiDirect**
<!--SupportedSKUs-->
@ -313,11 +313,11 @@ The following list shows the supported values:
- 1 - WiFi Direct connection is allowed.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="wifi-wlanscanmode"></a>**Wifi/WLANScanMode**
<!--SupportedSKUs-->
@ -362,7 +362,7 @@ The default value is 0.
Supported operations are Add, Delete, Get, and Replace.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -371,7 +371,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->
<!--StartEAS-->
## <a href="" id="eas"></a>Wifi policies that can be set using Exchange Active Sync (EAS)

82
windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - WindowsDefenderSecurityCenter
@ -17,7 +17,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## WindowsDefenderSecurityCenter policies
<dl>
@ -83,7 +83,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-companyname"></a>**WindowsDefenderSecurityCenter/CompanyName**
<!--SupportedSKUs-->
@ -124,11 +124,11 @@ Added in Windows 10, version 1709. The company name that is displayed to the use
Value type is string. Supported operations are Add, Get, Replace and Delete.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-disableaccountprotectionui"></a>**WindowsDefenderSecurityCenter/DisableAccountProtectionUI**
<!--SupportedSKUs-->
@ -174,11 +174,11 @@ Valid values:
- 1 - (Enable) The users cannot see the display of the Account protection area in Windows Defender Security Center.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-disableappbrowserui"></a>**WindowsDefenderSecurityCenter/DisableAppBrowserUI**
<!--SupportedSKUs-->
@ -226,11 +226,11 @@ The following list shows the supported values:
- 1 - (Enable) The users cannot see the display of the app and browser protection area in Windows Defender Security Center.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-disabledevicesecurityui"></a>**WindowsDefenderSecurityCenter/DisableDeviceSecurityUI**
<!--SupportedSKUs-->
@ -276,11 +276,11 @@ Valid values:
- 1 - (Enable) The users cannot see the display of the Device secuirty area in Windows Defender Security Center.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-disableenhancednotifications"></a>**WindowsDefenderSecurityCenter/DisableEnhancedNotifications**
<!--SupportedSKUs-->
@ -331,11 +331,11 @@ The following list shows the supported values:
- 1 - (Enable) Windows Defender Security Center only display notifications which are considered critical on clients.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-disablefamilyui"></a>**WindowsDefenderSecurityCenter/DisableFamilyUI**
<!--SupportedSKUs-->
@ -383,11 +383,11 @@ The following list shows the supported values:
- 1 - (Enable) The users cannot see the display of the family options area in Windows Defender Security Center.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-disablehealthui"></a>**WindowsDefenderSecurityCenter/DisableHealthUI**
<!--SupportedSKUs-->
@ -435,11 +435,11 @@ The following list shows the supported values:
- 1 - (Enable) The users cannot see the display of the device performance and health area in Windows Defender Security Center.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-disablenetworkui"></a>**WindowsDefenderSecurityCenter/DisableNetworkUI**
<!--SupportedSKUs-->
@ -487,11 +487,11 @@ The following list shows the supported values:
- 1 - (Enable) The users cannot see the display of the firewall and network protection area in Windows Defender Security Center.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-disablenotifications"></a>**WindowsDefenderSecurityCenter/DisableNotifications**
<!--SupportedSKUs-->
@ -539,11 +539,11 @@ The following list shows the supported values:
- 1 - (Enable) The users cannot see the display of Windows Defender Security Center notifications.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-disablevirusui"></a>**WindowsDefenderSecurityCenter/DisableVirusUI**
<!--SupportedSKUs-->
@ -591,11 +591,11 @@ The following list shows the supported values:
- 1 - (Enable) The users cannot see the display of the virus and threat protection area in Windows Defender Security Center.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-disallowexploitprotectionoverride"></a>**WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride**
<!--SupportedSKUs-->
@ -643,11 +643,11 @@ The following list shows the supported values:
- 1 - (Enable) Local users cannot make changes in the exploit protection settings area.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-email"></a>**WindowsDefenderSecurityCenter/Email**
<!--SupportedSKUs-->
@ -688,11 +688,11 @@ Added in Windows 10, version 1709. The email address that is displayed to users.
Value type is string. Supported operations are Add, Get, Replace and Delete.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-enablecustomizedtoasts"></a>**WindowsDefenderSecurityCenter/EnableCustomizedToasts**
<!--SupportedSKUs-->
@ -740,11 +740,11 @@ The following list shows the supported values:
- 1 - (Enable) Notifications contain the company name and contact options.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-enableinappcustomization"></a>**WindowsDefenderSecurityCenter/EnableInAppCustomization**
<!--SupportedSKUs-->
@ -792,11 +792,11 @@ The following list shows the supported values:
- 1 - (Enable) Display the company name and contact options in the card fly out notification.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-hideransomwaredatarecovery"></a>**WindowsDefenderSecurityCenter/HideRansomwareDataRecovery**
<!--SupportedSKUs-->
@ -842,11 +842,11 @@ Valid values:
- 1 - (Enable) The Ransomware data recovery area is hidden.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-hidesecureboot"></a>**WindowsDefenderSecurityCenter/HideSecureBoot**
<!--SupportedSKUs-->
@ -892,11 +892,11 @@ Valid values:
- 1 - (Enable) The Secure boot area is hidden.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-hidetpmtroubleshooting"></a>**WindowsDefenderSecurityCenter/HideTPMTroubleshooting**
<!--SupportedSKUs-->
@ -942,11 +942,11 @@ Valid values:
- 1 - (Enable) The Security processor (TPM) troubleshooting area is hidden.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-phone"></a>**WindowsDefenderSecurityCenter/Phone**
<!--SupportedSKUs-->
@ -987,11 +987,11 @@ Added in Windows 10, version 1709. The phone number or Skype ID that is displaye
Value type is string. Supported operations are Add, Get, Replace, and Delete.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsdefendersecuritycenter-url"></a>**WindowsDefenderSecurityCenter/URL**
<!--SupportedSKUs-->
@ -1032,7 +1032,7 @@ Added in Windows 10, version 1709. The help portal URL this is displayed to user
Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete.
<!--/Description-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -1041,5 +1041,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

14
windows/client-management/mdm/policy-csp-windowsinkworkspace.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - WindowsInkWorkspace
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## WindowsInkWorkspace policies
<dl>
@ -30,7 +30,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace"></a>**WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace**
<!--SupportedSKUs-->
@ -76,11 +76,11 @@ The following list shows the supported values:
- 1 (default) -allow app suggestions.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowsinkworkspace-allowwindowsinkworkspace"></a>**WindowsInkWorkspace/AllowWindowsInkWorkspace**
<!--SupportedSKUs-->
@ -127,7 +127,7 @@ Value type is int. The following list shows the supported values:
- 2 (default) - ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -136,5 +136,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

18
windows/client-management/mdm/policy-csp-windowslogon.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - WindowsLogon
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## WindowsLogon policies
<dl>
@ -33,7 +33,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowslogon-disablelockscreenappnotifications"></a>**WindowsLogon/DisableLockScreenAppNotifications**
<!--SupportedSKUs-->
@ -91,11 +91,11 @@ ADMX Info:
- GP ADMX file name: *logon.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowslogon-dontdisplaynetworkselectionui"></a>**WindowsLogon/DontDisplayNetworkSelectionUI**
<!--SupportedSKUs-->
@ -153,11 +153,11 @@ ADMX Info:
- GP ADMX file name: *logon.admx*
<!--/ADMX-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="windowslogon-hidefastuserswitching"></a>**WindowsLogon/HideFastUserSwitching**
<!--SupportedSKUs-->
@ -210,7 +210,7 @@ To validate on Desktop, do the following:
2. Verify that the Switch account button in Start is hidden.
<!--/Validation-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -219,5 +219,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

38
windows/client-management/mdm/policy-csp-wirelessdisplay.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 01/29/2018
ms.date: 01/30/2018
---
# Policy CSP - WirelessDisplay
@ -15,7 +15,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicies-->
<!--Policies-->
## WirelessDisplay policies
<dl>
@ -48,7 +48,7 @@ ms.date: 01/29/2018
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="wirelessdisplay-allowmdnsadvertisement"></a>**WirelessDisplay/AllowMdnsAdvertisement**
<!--SupportedSKUs-->
@ -94,11 +94,11 @@ The following list shows the supported values:
- 1 - Allow
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="wirelessdisplay-allowmdnsdiscovery"></a>**WirelessDisplay/AllowMdnsDiscovery**
<!--SupportedSKUs-->
@ -144,11 +144,11 @@ The following list shows the supported values:
- 1 - Allow
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="wirelessdisplay-allowprojectionfrompc"></a>**WirelessDisplay/AllowProjectionFromPC**
<!--SupportedSKUs-->
@ -194,11 +194,11 @@ The following list shows the supported values:
- 1 - your PC can discover and project to other devices
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="wirelessdisplay-allowprojectionfrompcoverinfrastructure"></a>**WirelessDisplay/AllowProjectionFromPCOverInfrastructure**
<!--SupportedSKUs-->
@ -244,11 +244,11 @@ The following list shows the supported values:
- 1 - your PC can discover and project to other devices over infrastructure.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="wirelessdisplay-allowprojectiontopc"></a>**WirelessDisplay/AllowProjectionToPC**
<!--SupportedSKUs-->
@ -298,11 +298,11 @@ The following list shows the supported values:
- 1 (default) - projection to PC is allowed. Enabled only above the lock screen.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="wirelessdisplay-allowprojectiontopcoverinfrastructure"></a>**WirelessDisplay/AllowProjectionToPCOverInfrastructure**
<!--SupportedSKUs-->
@ -348,11 +348,11 @@ The following list shows the supported values:
- 1 - your PC is discoverable and other devices can project to it over infrastructure.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="wirelessdisplay-allowuserinputfromwirelessdisplayreceiver"></a>**WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver**
<!--Scope-->
@ -375,11 +375,11 @@ The following list shows the supported values:
- 1 (default) - Wireless display input enabled.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
<!--StartPolicy-->
<!--Policy-->
<a href="" id="wirelessdisplay-requirepinforpairing"></a>**WirelessDisplay/RequirePinForPairing**
<!--SupportedSKUs-->
@ -429,7 +429,7 @@ The following list shows the supported values:
- 1 - PIN is required.
<!--/SupportedValues-->
<!--EndPolicy-->
<!--/Policy-->
<hr/>
Footnote:
@ -438,5 +438,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->
<!--/Policies-->

4
windows/client-management/mdm/tpmpolicy-csp.md
View File

@ -12,7 +12,7 @@ ms.date: 11/01/2017
# TPMPolicy CSP
The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (telemetry or otherwise, such as downloading background images, Windows Updates, etc.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval.
The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, etc.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval.
The TPMPolicy CSP was added in Windows 10, version 1703.
@ -30,7 +30,7 @@ The following diagram shows the TPMPolicy configuration service provider in tree
<li>There should be no traffic when machine is on idle. When the user is not interacting with the system/device, no traffic is expected. </li>
<li>There should be no traffic during installation of Windows and first logon when local ID is used.</li>
<li>Launching and using a local app (Notepad, Paint, etc.) should not send any traffic. Similarly, performing common tasks (clicking on start menu, browsing folders, etc.) should not send any traffic.</li>
<li>Launching and using Internet enabled apps should not send any unexpected traffic (for maintenance, diagnostic, telemetry, etc.) to Microsoft.</li>
<li>Launching and using Internet enabled apps should not send any unexpected traffic (for maintenance, diagnostic data, etc.) to Microsoft.</li>
</ul>
Here is an example:

2
windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
View File

@ -77,7 +77,7 @@ The following list describes the characteristics and parameters.
<p style="margin-left: 20px">Supported operations are Get and Replace.
<a href="" id="configuration-telemetryreportingfrequency"></a>**Configuration/TelemetryReportingFrequency**
<p style="margin-left: 20px">Added in Windows 10, version 1703. Returns or sets the Windows Defender Advanced Threat Protection telemetry reporting frequency.
<p style="margin-left: 20px">Added in Windows 10, version 1703. Returns or sets the Windows Defender Advanced Threat Protection diagnostic data reporting frequency.
<p style="margin-left: 20px">The following list shows the supported values:

2
windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
View File

@ -227,7 +227,7 @@ The XML below is the current version for this CSP.
<Replace />
</AccessType>
<DefaultValue>1</DefaultValue>
<Description>Return or set Windows Defender Advanced Threat Protection telemetry reporting frequency. Allowed values are: 1 - Normal, 2 - Expedite</Description>
<Description>Return or set Windows Defender Advanced Threat Protection diagnostic data reporting frequency. Allowed values are: 1 - Normal, 2 - Expedite</Description>
<DFFormat>
<int />
</DFFormat>

21
windows/client-management/windows-10-mobile-and-mdm.md
View File

@ -2,7 +2,7 @@
title: Windows 10 Mobile deployment and management guide (Windows 10)
description: This guide helps IT professionals plan for and deploy Windows 10 Mobile devices.
ms.assetid: 6CAA1004-CB65-4FEC-9B84-61AAD2125E5E
keywords: Mobile, telemetry, BYOD, MDM
keywords: Mobile, diagnostic data, BYOD, MDM
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@ -14,7 +14,8 @@ ms.date: 09/21/2017
# Windows 10 Mobile deployment and management guide
*Applies to: Windows 10 Mobile, version 1511 and Windows 10 Mobile, version 1607*
**Applies to:**
- Windows 10 Mobile, version 1511 and Windows 10 Mobile, version 1607
This guide helps IT professionals plan for and deploy Windows 10 Mobile devices.
@ -189,7 +190,7 @@ Multiple MDM systems support Windows 10 and most support personal and corporate
In addition, Microsoft recently added MDM capabilities powered by Intune to Office 365. MDM for Office 365 supports mobile devices only, such as those running Windows 10 Mobile, iOS, and Android. MDM for Office 365 offers a subset of the management capabilities found in Intune, including the ability to remotely wipe a device, block a device from accessing Exchange Server email, and configure device policies (e.g., passcode requirements). For more information about MDM for Office 365 capabilities, see [Overview of Mobile Device Management for Office 365](http://technet.microsoft.com/en-us/library/ms.o365.cc.devicepolicy.aspx).
**Cloud services**
On mobile devices that run Windows 10 Mobile, users can easily connect to cloud services that provide user notifications and collect telemetry (usage data). Windows 10 Mobile enables organizations to manage how devices consume these cloud services.
On mobile devices that run Windows 10 Mobile, users can easily connect to cloud services that provide user notifications and collect diagnostic and usage data. Windows 10 Mobile enables organizations to manage how devices consume these cloud services.
**Windows Push Notification Services**
The Windows Push Notification Services enable software developers to send toast, tile, badge, and raw updates from their cloud services. It provides a mechanism to deliver updates to users in a power-efficient and dependable way.
@ -795,9 +796,9 @@ While Windows 10 Mobile provides updates directly to user devices from Windows U
Upgrading to Windows 10 Mobile Enterprise edition provides additional device and app management capabilities for organizations that want to:
- **Defer, approve and deploy feature and quality updates:** Windows 10 Mobile devices get updates directly from Windows Update. If you want to curate updates prior to deploying them, an upgrade to Windows 10 Mobile Enterprise edition is required. Once Enterprise edition is enabled, the phone can be set to the Current Branch for Business servicing option, giving IT additional time to test updates before they are released.
- **Deploy an unlimited number of self-signed LOB apps to a single device:** To use an MDM system to deploy LOB apps directly to devices, you must cryptographically sign the software packages with a code signing certificate that your organizations certificate authority (CA) generates. You can deploy a maximum of 20 self-signed LOB apps to a Windows 10 Mobile device. To deploy more than 20 self-signed LOB apps, Windows 10 Mobile Enterprise is required.
- **Set the telemetry level:** Microsoft collects telemetry data to help keep Windows devices secure and to help Microsoft improve the quality of Windows and Microsoft services. An upgrade to Windows 10 Mobile Enterprise edition is required to set the telemetry level so that only telemetry information required to keep devices secured is gathered.
- **Set the diagnostic data level:** Microsoft collects diagnostic data to help keep Windows devices secure and to help Microsoft improve the quality of Windows and Microsoft services. An upgrade to Windows 10 Mobile Enterprise edition is required to set the diagnostic data level so that only diagnostic information required to keep devices secured is gathered.
To learn more about telemetry, visit [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization).
To learn more about diagnostic, see [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization).
To activate Windows 10 Mobile Enterprise, use your MDM system or a provisioning package to inject the Windows 10 Enterprise license on a Windows 10 Mobile device. Licenses can be obtained from the Volume Licensing portal. For testing purposes, you can obtain a licensing file from the MSDN download center. A valid MSDN subscription is required.
@ -1007,17 +1008,17 @@ The following list shows examples of the Windows 10 Mobile software and hardware
- **Secure Boot state** Indicates whether Secure Boot is enabled
- **Enterprise encryption policy compliance** Indicates whether the device is encrypted
### <a href="" id="manage-telemetry"></a>Manage telemetry
### <a href="" id="manage-telemetry"></a>Manage diagnostic data
*Applies to: Corporate devices with Windows 10 Mobile Enterprise edition*
Microsoft uses telemetry (diagnostics, performance, and usage data) from Windows devices to help inform decisions and focus efforts to provide the most robust and valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Telemetry helps keep Windows devices healthy, improve the operating system, and personalize features and services.
Microsoft uses diagnostics, performance, and usage data from Windows devices to help inform decisions and focus efforts to provide the most robust and valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Diagnostic data helps keep Windows devices healthy, improve the operating system, and personalize features and services.
You can control the level of data that telemetry systems collect. To configure devices, specify one of these levels in the Allow Telemetry setting with your MDM system.
You can control the level of data that diagnostic data systems collect. To configure devices, specify one of these levels in the Allow Telemetry setting with your MDM system.
For more information, see [Configure Windows telemetry in Your organization](/windows/configuration/configure-windows-telemetry-in-your-organization).
For more information, see [Configure Windows diagnostic data in Your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization).
>**Note:** Telemetry can only be managed when the device is upgraded to Windows 10 Mobile Enterprise edition.
>**Note:** Diagnostic data can only be managed when the device is upgraded to Windows 10 Mobile Enterprise edition.
### <a href="" id="mremote-assistance"></a>Remote assistance

6
windows/configuration/TOC.md
View File

@ -1,10 +1,10 @@
# [Configure Windows 10](index.md)
## [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md)
## [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
## [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md)
## [Windows 10, version 1709 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md)
## [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](enhanced-telemetry-windows-analytics-events-and-fields.md)
## [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)
## [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
## [Windows 10 diagnostic data for the Full telemetry level](windows-diagnostic-data-1703.md)
## [Windows 10 diagnostic data for the Full diagnostic data level](windows-diagnostic-data-1703.md)
## [Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)
## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
## [Manage Windows 10 connection endpoints](manage-windows-endpoints-version-1709.md)

84
windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md
View File

@ -1,7 +1,7 @@
---
description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level.
title: Windows 10, version 1703 basic diagnostic events and fields (Windows 10)
keywords: privacy, telemetry
keywords: privacy, diagnostic data
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@ -24,7 +24,7 @@ The Basic level gathers a limited set of information that is critical for unders
Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data. You can learn more about Windows functional and diagnostic data through these articles:
- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
- [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md)
- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
>[!Note]
>Updated November 2017 to document new and modified events. Weve added some new events and also added new fields to existing events to prepare for upgrades to the next release of Windows.
@ -88,12 +88,12 @@ The following fields are available:
- **epoch** Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server.
- **seqNum** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue.  The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server.
- **iKey** Represents an ID for applications or other logical groupings of events.
- **flags** Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency.
- **flags** Represents a collection of bits that describe how the event should be processed by the Connected User Experiences and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency.
- **os** Represents the operating system name.
- **osVer** Represents the OS version, and its format is OS dependent.
- **appId** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application.
- **appVer** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app.
- **cV** Represents the Correlation Vector: A single field for tracking partial order of related telemetry events across component boundaries.
- **cV** Represents the Correlation Vector: A single field for tracking partial order of related diagnostic data events across component boundaries.
### Common Data Extensions.OS
@ -135,7 +135,7 @@ The following fields are available:
### Common Data Extensions.Consent UI Event
This User Account Control (UAC) telemetry point collects information on elevations that originate from low integrity levels. This occurs when a process running at low integrity level (IL) requires higher (administrator) privileges, and therefore requests for elevation via UAC (consent.exe). By better understanding the processes requesting these elevations, Microsoft can in turn improve the detection and handling of potentially malicious behavior in this path.
This User Account Control (UAC) diagnostic data point collects information on elevations that originate from low integrity levels. This occurs when a process running at low integrity level (IL) requires higher (administrator) privileges, and therefore requests for elevation via UAC (consent.exe). By better understanding the processes requesting these elevations, Microsoft can in turn improve the detection and handling of potentially malicious behavior in this path.
The following fields are available:
@ -198,7 +198,7 @@ The following fields are available:
- **HKCU_FlipAhead.HRESULT** The error code returned when trying to query Flip Ahead for the current user.
- **HKLM_TailoredExperiences.TailoredExperiencesWithDiagnosticDataEnabled** Is Tailored Experiences with Diagnostics Data enabled for the current user after the feature update had completed?
- **HKCU_TailoredExperiences.HRESULT** The error code returned when trying to query Tailored Experiences with Diagnostics Data for the current user.
- **HKLM_AdvertisingID.Enabled** Is the adveristing ID enabled for the device?
- **HKLM_AdvertisingID.Enabled** Is the adverising ID enabled for the device?
- **HKLM_AdvertisingID.HRESULT** The error code returned when trying to query the state of the advertising ID for the device.
- **HKCU_AdvertisingID.Enabled** Is the adveristing ID enabled for the current user?
- **HKCU_AdvertisingID.HRESULT** The error code returned when trying to query the state of the advertising ID for the user.
@ -332,7 +332,7 @@ The following fields are available:
- **HasCitData** Is the file present in CIT data?
- **HasUpgradeExe** Does the anti-virus app have an upgrade.exe file?
- **IsAv** Is the file an anti-virus reporting EXE?
- **ResolveAttempted** This will always be an empty string when sending telemetry.
- **ResolveAttempted** This will always be an empty string when sending diagnostic data.
- **SdbEntries** An array of fields that indicates the SDB entries that apply to this file.
@ -1032,7 +1032,7 @@ The following fields are available:
- **AppraiserBranch** The source branch in which the currently running version of Appraiser was built.
- **AppraiserVersion** The version of the Appraiser file generating the events.
- **Context** Indicates what mode Appraiser is running in. Example: Setup or Telemetry.
- **Context** Indicates what mode Appraiser is running in. Example: Setup or Diagnostic Data.
- **Time** The client time of the event.
- **AppraiserProcess** The name of the process that launched Appraiser.
- **PCFP** An ID for the system calculated by hashing hardware identifiers.
@ -1354,35 +1354,35 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.TelemetryRunHealth
A summary event indicating the parameters and result of a telemetry run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date.
A summary event indicating the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date.
The following fields are available:
- **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal.
- **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability.
- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability.
- **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app.
- **Time** The client time of the event.
- **RunDate** The date that the telemetry run was stated, expressed as a filetime.
- **RunDate** The date that the diagnostic data run was stated, expressed as a filetime.
- **AppraiserProcess** The name of the process that launched Appraiser.
- **AppraiserVersion** The file version (major, minor and build) of the Appraiser DLL, concatenated without dots.
- **SendingUtc** Indicates if the Appraiser client is sending events during the current telemetry run.
- **SendingUtc** Indicates if the Appraiser client is sending events during the current diagnostic data run.
- **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan.
- **AppraiserBranch** The source branch in which the version of Appraiser that is running was built.
- **EnterpriseRun** Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic.
- **EnterpriseRun** Indicates if the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic.
- **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row.
- **AuxFinal** Obsolete, always set to false
- **StoreHandleIsNotNull** Obsolete, always set to false
- **VerboseMode** Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging.
- **AppraiserDataVersion** The version of the data files being used by the Appraiser telemetry run.
- **AppraiserDataVersion** The version of the data files being used by the Appraiser diagnostic data run.
- **FullSync** Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent.
- **InventoryFullSync** Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent.
- **PCFP** An ID for the system calculated by hashing hardware identifiers.
- **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information.
- **TelementrySent** Indicates if telemetry was successfully sent.
- **TelementrySent** Indicates if diagnostic data was successfully sent.
- **WhyFullSyncWithoutTablePrefix** Indicates the reason or reasons that a full sync was generated.
- **RunResult** The hresult of the Appraiser telemetry run.
- **RunResult** The hresult of the Appraiser diagnostic data run.
### Microsoft.Windows.Appraiser.General.WmdrmAdd
@ -1502,14 +1502,14 @@ The following fields are available:
- **MSA_Accounts** Represents a list of hashed IDs of the Microsoft Accounts that are flighting (pre-release builds) on this device.
- **IsFlightsDisabled** Represents if the device is participating in the Windows Insider program.
- **FlightingBranchName** The name of the Windows Insider branch currently used by the device.
- **DeviceSampleRate** The telemetry sample rate assigned to the device.
- **DeviceSampleRate** The diagnostic data sample rate assigned to the device.
- **EnablePreviewBuilds** Used to enable Windows Insider builds on a device.
- **SSRK** Retrieves the mobile targeting settings.
### Census.Hardware
This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support, to help keep Windows up-to-date.
This event sends data about the device, including hardware type, OEM brand, model line, model, diagnostic data level setting, and TPM support, to help keep Windows up-to-date.
The following fields are available:
@ -1532,8 +1532,8 @@ The following fields are available:
- **PowerPlatformRole** The OEM preferred power management profile. It's used to help to identify the basic form factor of the device.
- **TPMVersion** The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0.
- **StudyID** Used to identify retail and non-retail device.
- **TelemetryLevel** The telemetry level the user has opted into, such as Basic or Enhanced.
- **TelemetrySettingAuthority** Determines who set the telemetry level, such as GP, MDM, or the user.
- **TelemetryLevel** The diagnostic data level the user has opted into, such as Basic or Enhanced.
- **TelemetrySettingAuthority** Determines who set the diagnostic data level, such as GP, MDM, or the user.
- **DeviceForm** Indicates the form as per the device classification.
- **DigitizerSupport** Is a digitizer supported?
- **OEMModelBaseBoard** The baseboard model used by the OEM.
@ -1545,7 +1545,7 @@ The following fields are available:
- **Gyroscope** Indicates whether the device has a gyroscope.
- **Magnetometer** Indicates whether the device has a magnetometer.
- **NFCProximity** Indicates whether the device supports NFC.
- **TelemetryLevelLimitEnhanced** The telemetry level for Windows Analytics-based solutions.
- **TelemetryLevelLimitEnhanced** The diagnostic data level for Windows Analytics-based solutions.
### Census.Memory
@ -1784,45 +1784,45 @@ This event provides information on about security settings used to help keep Win
### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
This event sends data indicating that a device has undergone a change of telemetry opt-in level during the runtime of the device (not at UTC boot or offline), to help keep Windows up to date.
This event sends data indicating that a device has undergone a change of diagnostic data opt-in level during the runtime of the device (not at UTC boot or offline), to help keep Windows up to date.
The following fields are available:
- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups.
- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism.
- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto diagnostic data from the OS provider groups.
- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS diagnostic data. Non-OS diagnostic data is responsible for providing its own opt-in mechanism.
- **CanCollectCoreTelemetry** True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA.
- **CanCollectHeartbeats** True if UTC is allowed to collect heartbeats.
- **CanCollectOsTelemetry** True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry).
- **CanCollectOsTelemetry** True if UTC is allowed to collect diagnostic data from the OS provider groups.
- **CanPerformDiagnosticEscalations** True if UTC is allowed to perform all scenario escalations.
- **CanPerformScripting** True if UTC is allowed to perform scripting.
- **CanPerformTraceEscalations** True if UTC is allowed to perform scenario escalations with tracing actions.
- **CanReportScenarios** True if UTC is allowed to load and report scenario completion, failure, and cancellation events.
- **TransitionFromEverythingOff** True if this transition is moving from not allowing core telemetry to allowing core telemetry.
- **PreviousPermissions** Bitmask representing the previously configured permissions since the telemetry opt-in level was last changed.
- **TransitionFromEverythingOff** True if this transition is moving from not allowing core diagnostic data to allowing core diagnostic data.
- **PreviousPermissions** Bitmask representing the previously configured permissions since the diagnostic data opt-in level was last changed.
### TelClientSynthetic.AuthorizationInfo_Startup
This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date.
This event sends data indicating that a device has undergone a change of diagnostic data opt-in level detected at UTC startup, to help keep Windows up to date.
The following fields are available:
- **TransitionFromEverythingOff** True if this transition is moving from not allowing core telemetry to allowing core telemetry.
- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism.
- **TransitionFromEverythingOff** True if this transition is moving from not allowing core diagnostic data to allowing core diagnostic data.
- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS diagnostic data. Non-OS diagnostic data is responsible for providing its own opt-in mechanism.
- **CanCollectHeartbeats** True if UTC is allowed to collect heartbeats.
- **CanCollectCoreTelemetry** True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA.
- **CanCollectOsTelemetry** True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry).
- **CanCollectOsTelemetry** True if UTC is allowed to collect diagnostic data from the OS provider groups.
- **CanReportScenarios** True if UTC is allowed to load and report scenario completion, failure, and cancellation events.
- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups.
- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto diagnostic data from the OS provider groups.
- **CanPerformTraceEscalations** True if UTC is allowed to perform scenario escalations with tracing actions.
- **CanPerformDiagnosticEscalations** True if UTC is allowed to perform all scenario escalations.
- **CanPerformScripting** True if UTC is allowed to perform scripting.
- **PreviousPermissions** Bitmask representing the previously configured permissions since the telemetry client was last started.
- **PreviousPermissions** Bitmask representing the previously configured permissions since the diagnostic data client was last started.
### TelClientSynthetic.ConnectivityHeartBeat_0
This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network.
This event sends data about the connectivity status of the Connected User Experiences and Telemetry component that uploads diagnostic data events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network.
The following fields are available:
@ -1838,13 +1838,13 @@ The following fields are available:
### TelClientSynthetic.HeartBeat_5
This event sends data about the health and quality of the telemetry data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
This event sends data about the health and quality of the diagnostic data data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
The following fields are available:
- **PreviousHeartBeatTime** The time of last heartbeat event. This allows chaining of events.
- **EtwDroppedCount** The number of events dropped by the ETW layer of the telemetry client.
- **ConsumerDroppedCount** The number of events dropped by the consumer layer of the telemetry client.
- **EtwDroppedCount** The number of events dropped by the ETW layer of the diagnostic data client.
- **ConsumerDroppedCount** The number of events dropped by the consumer layer of the diagnostic data client.
- **DecodingDroppedCount** The number of events dropped because of decoding failures.
- **ThrottledDroppedCount** The number of events dropped due to throttling of noisy providers.
- **DbDroppedCount** The number of events that were dropped because the database was full.
@ -1852,10 +1852,10 @@ The following fields are available:
- **EventSubStoreResetSizeSum** The total size of the event database across all resets reports in this instance.
- **CriticalOverflowEntersCounter** The number of times a critical overflow mode was entered into the event database.
- **EnteringCriticalOverflowDroppedCounter** The number of events that was dropped because a critical overflow mode was initiated.
- **UploaderDroppedCount** The number of events dropped by the uploader layer of the telemetry client.
- **UploaderDroppedCount** The number of events dropped by the uploader layer of the diagnostic data client.
- **InvalidHttpCodeCount** The number of invalid HTTP codes received from Vortex.
- **LastInvalidHttpCode** The last invalid HTTP code received from Vortex.
- **MaxInUseScenarioCounter** The soft maximum number of scenarios loaded by the Connected User Experience and Telemetry component.
- **MaxInUseScenarioCounter** The soft maximum number of scenarios loaded by the Connected User Experiences and Telemetry component.
- **LastEventSizeOffender** The name of the last event that exceeded the maximum event size.
- **SettingsHttpAttempts** The number of attempts to contact the OneSettings service.
- **SettingsHttpFailures** The number of failures from contacting the OneSettings service.
@ -1957,7 +1957,7 @@ The following fields are available:
- **ProcessArchitecture** Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
- **ReportId** A GUID used to identify the report. This can used to track the report across Watson.
- **Flags** Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting.
- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend.
- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the diagnostic data backend.
- **TargetAppId** The kernel reported AppId of the application being reported.
- **TargetAppVer** The specific version of the application being reported
- **TargetAsId** The sequence number for the hanging process.
@ -1982,7 +1982,7 @@ The following fields are available:
- **ProcessArchitecture** Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
- **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application id of the package.
- **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it is waiting.
- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the telemetry backend.
- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the diagnostic data backend.
- **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting.
- **PackageFullName** Store application identity.
- **AppVersion** The version of the app that has hung.

78
windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
View File

@ -1,7 +1,7 @@
---
description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level.
title: Windows 10, version 1709 basic diagnostic events and fields (Windows 10)
keywords: privacy, telemetry
keywords: privacy, diagnostic data
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@ -32,7 +32,7 @@ You can learn more about Windows functional and diagnostic data through these ar
- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
- [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md)
- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
@ -106,7 +106,7 @@ The following fields are available:
- **osVer** Represents the OS version, and its format is OS dependent.
- **appId** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application.
- **appVer** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app.
- **cV** Represents the Correlation Vector: A single field for tracking partial order of related telemetry events across component boundaries.
- **cV** Represents the Correlation Vector: A single field for tracking partial order of related diagnostic data events across component boundaries.
### Common Data Extensions.OS
@ -148,7 +148,7 @@ The following fields are available:
### Common Data Extensions.Consent UI Event
This User Account Control (UAC) telemetry point collects information on elevations that originate from low integrity levels. This occurs when a process running at low integrity level (IL) requires higher (administrator) privileges, and therefore requests for elevation via UAC (consent.exe). By better understanding the processes requesting these elevations, Microsoft can in turn improve the detection and handling of potentially malicious behavior in this path.
This User Account Control (UAC) diagnostic data point collects information on elevations that originate from low integrity levels. This occurs when a process running at low integrity level (IL) requires higher (administrator) privileges, and therefore requests for elevation via UAC (consent.exe). By better understanding the processes requesting these elevations, Microsoft can in turn improve the detection and handling of potentially malicious behavior in this path.
The following fields are available:
@ -262,39 +262,39 @@ The following fields are available:
- **AppraiserBranch** The source branch in which the currently running version of Appraiser was built.
- **AppraiserProcess** The name of the process that launched Appraiser.
- **AppraiserVersion** The version of the Appraiser file generating the events.
- **Context** Indicates what mode Appraiser is running in. Example: Setup or Telemetry.
- **Context** Indicates what mode Appraiser is running in. Example: Setup or Diagnostic Data.
- **PCFP** An ID for the system calculated by hashing hardware identifiers.
- **Time** The client time of the event.
### Microsoft.Windows.Appraiser.General.TelemetryRunHealth
A summary event indicating the parameters and result of a telemetry run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date.
A summary event indicating the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date.
The following fields are available:
- **AppraiserBranch** The source branch in which the version of Appraiser that is running was built.
- **AppraiserDataVersion** The version of the data files being used by the Appraiser telemetry run.
- **AppraiserDataVersion** The version of the data files being used by the Appraiser diagnostic data run.
- **AppraiserProcess** The name of the process that launched Appraiser.
- **AppraiserVersion** The file version (major, minor and build) of the Appraiser DLL, concatenated without dots.
- **AuxFinal** Obsolete, always set to false
- **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app.
- **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan.
- **EnterpriseRun** Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
- **EnterpriseRun** Indicates if the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
- **FullSync** Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent.
- **InventoryFullSync** Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent.
- **PCFP** An ID for the system calculated by hashing hardware identifiers.
- **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal.
- **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row.
- **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
- **RunDate** The date that the telemetry run was stated, expressed as a filetime.
- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic.
- **RunDate** The date that the diagnostic data run was stated, expressed as a filetime.
- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic.
- **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information.
- **RunResult** The hresult of the Appraiser telemetry run.
- **SendingUtc** Indicates if the Appraiser client is sending events during the current telemetry run.
- **RunResult** The hresult of the Appraiser diagnostic data run.
- **SendingUtc** Indicates if the Appraiser client is sending events during the current diagnostic data run.
- **StoreHandleIsNotNull** Obsolete, always set to false
- **TelementrySent** Indicates if telemetry was successfully sent.
- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability.
- **TelementrySent** Indicates if diagnostic data was successfully sent.
- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability.
- **Time** The client time of the event.
- **VerboseMode** Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging.
- **WhyFullSyncWithoutTablePrefix** Indicates the reason or reasons that a full sync was generated.
@ -1461,7 +1461,7 @@ This event sends Windows Insider data from customers participating in improvemen
The following fields are available:
- **DeviceSampleRate** The telemetry sample rate assigned to the device.
- **DeviceSampleRate** The diagnostic data sample rate assigned to the device.
- **EnablePreviewBuilds** Used to enable Windows Insider builds on a device.
- **FlightIds** A list of the different Windows Insider builds on this device.
- **FlightingBranchName** The name of the Windows Insider branch currently used by the device.
@ -1472,7 +1472,7 @@ The following fields are available:
### Census.Hardware
This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support, to help keep Windows up-to-date.
This event sends data about the device, including hardware type, OEM brand, model line, model, diagnostic data level setting, and TPM support, to help keep Windows up-to-date.
The following fields are available:
@ -1504,9 +1504,9 @@ The following fields are available:
- **PowerPlatformRole** The OEM preferred power management profile. It's used to help to identify the basic form factor of the device.
- **SoCName** The firmware manufacturer of the device.
- **StudyID** Used to identify retail and non-retail device.
- **TelemetryLevel** The telemetry level the user has opted into, such as Basic or Enhanced.
- **TelemetryLevelLimitEnhanced** The telemetry level for Windows Analytics-based solutions.
- **TelemetrySettingAuthority** Determines who set the telemetry level, such as GP, MDM, or the user.
- **TelemetryLevel** The diagnostic data level the user has opted into, such as Basic or Enhanced.
- **TelemetryLevelLimitEnhanced** The diagnostic data level for Windows Analytics-based solutions.
- **TelemetrySettingAuthority** Determines who set the diagnostic data level, such as GP, MDM, or the user.
- **TPMVersion** The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0.
- **VoiceSupported** Does the device have a cellular radio capable of making voice calls?
@ -1729,45 +1729,45 @@ This event provides information on about security settings used to help keep Win
### TelClientSynthetic.AuthorizationInfo_Startup
This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date.
This event sends data indicating that a device has undergone a change of diagnostic data opt-in level detected at UTC startup, to help keep Windows up to date.
The following fields are available:
- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups.
- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism.
- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto diagnostic data from the OS provider groups.
- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS diagnostic data. Non-OS diagnostic data is responsible for providing its own opt-in mechanism.
- **CanCollectCoreTelemetry** True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA.
- **CanCollectHeartbeats** True if UTC is allowed to collect heartbeats.
- **CanCollectOsTelemetry** True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry).
- **CanCollectOsTelemetry** True if UTC is allowed to collect diagnostic data from the OS provider groups.
- **CanPerformDiagnosticEscalations** True if UTC is allowed to perform all scenario escalations.
- **CanPerformScripting** True if UTC is allowed to perform scripting.
- **CanPerformTraceEscalations** True if UTC is allowed to perform scenario escalations with tracing actions.
- **CanReportScenarios** True if UTC is allowed to load and report scenario completion, failure, and cancellation events.
- **PreviousPermissions** Bitmask representing the previously configured permissions since the telemetry client was last started.
- **TransitionFromEverythingOff** True if this transition is moving from not allowing core telemetry to allowing core telemetry.
- **PreviousPermissions** Bitmask representing the previously configured permissions since the diagnostic data client was last started.
- **TransitionFromEverythingOff** True if this transition is moving from not allowing core diagnostic data to allowing core diagnostic data.
### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
This event sends data indicating that a device has undergone a change of telemetry opt-in level during the runtime of the device (not at UTC boot or offline), to help keep Windows up to date.
This event sends data indicating that a device has undergone a change of diagnostic data opt-in level during the runtime of the device (not at UTC boot or offline), to help keep Windows up to date.
The following fields are available:
- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups.
- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism.
- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto diagnostic data from the OS provider groups.
- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS diagnostic data. Non-OS diagnostic data is responsible for providing its own opt-in mechanism.
- **CanCollectCoreTelemetry** True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA.
- **CanCollectHeartbeats** True if UTC is allowed to collect heartbeats.
- **CanCollectOsTelemetry** True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry).
- **CanCollectOsTelemetry** True if UTC is allowed to collect diagnostic data from the OS provider groups.
- **CanPerformDiagnosticEscalations** True if UTC is allowed to perform all scenario escalations.
- **CanPerformScripting** True if UTC is allowed to perform scripting.
- **CanPerformTraceEscalations** True if UTC is allowed to perform scenario escalations with tracing actions.
- **CanReportScenarios** True if UTC is allowed to load and report scenario completion, failure, and cancellation events.
- **PreviousPermissions** Bitmask representing the previously configured permissions since the telemetry opt-in level was last changed.
- **TransitionFromEverythingOff** True if this transition is moving from not allowing core telemetry to allowing core telemetry.
- **PreviousPermissions** Bitmask representing the previously configured permissions since the diagnostic data opt-in level was last changed.
- **TransitionFromEverythingOff** True if this transition is moving from not allowing core diagnostic data to allowing core diagnostic data.
### TelClientSynthetic.ConnectivityHeartBeat_0
This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network.
This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads diagnostic data events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network.
The following fields are available:
@ -1783,7 +1783,7 @@ The following fields are available:
### TelClientSynthetic.HeartBeat_5
This event sends data about the health and quality of the telemetry data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
This event sends data about the health and quality of the diagnostic data data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
The following fields are available:
@ -1791,7 +1791,7 @@ The following fields are available:
- **CensusExitCode** The last exit code of the Census task.
- **CensusStartTime** The time of the last Census run.
- **CensusTaskEnabled** Indicates whether Census is enabled.
- **ConsumerDroppedCount** The number of events dropped by the consumer layer of the telemetry client.
- **ConsumerDroppedCount** The number of events dropped by the consumer layer of the diagnostic data client.
- **CriticalDataDbDroppedCount** The number of critical data sampled events that were dropped at the database layer.
- **CriticalDataThrottleDroppedCount** The number of critical data sampled events that were dropped because of throttling.
- **CriticalOverflowEntersCounter** The number of times a critical overflow mode was entered into the event database.
@ -1800,7 +1800,7 @@ The following fields are available:
- **DecodingDroppedCount** The number of events dropped because of decoding failures.
- **EnteringCriticalOverflowDroppedCounter** The number of events that was dropped because a critical overflow mode was initiated.
- **EtwDroppedBufferCount** The number of buffers dropped in the CUET ETW session.
- **EtwDroppedCount** The number of events dropped by the ETW layer of the telemetry client.
- **EtwDroppedCount** The number of events dropped by the ETW layer of the diagnostic data client.
- **EventSubStoreResetCounter** The number of times the event database was reset.
- **EventSubStoreResetSizeSum** The total size of the event database across all resets reports in this instance.
- **EventsUploaded** The number of events that have been uploaded.
@ -1817,7 +1817,7 @@ The following fields are available:
- **SettingsHttpAttempts** The number of attempts to contact the OneSettings service.
- **SettingsHttpFailures** The number of failures from contacting the OneSettings service.
- **ThrottledDroppedCount** The number of events dropped due to throttling of noisy providers.
- **UploaderDroppedCount** The number of events dropped by the uploader layer of the telemetry client.
- **UploaderDroppedCount** The number of events dropped by the uploader layer of the diagnostic data client.
- **VortexFailuresTimeout** The number of timeout failures received from Vortex.
- **VortexHttpAttempts** The number of attempts to contact the Vortex service.
- **VortexHttpFailures4xx** The number of 400-499 error codes received from Vortex.
@ -1888,7 +1888,7 @@ The following fields are available:
The following fields are available:
- **AppName** The name of the app that has crashed.
- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend.
- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the diagnostic data backend.
- **AppTimeStamp** The date/time stamp of the app.
- **AppVersion** The version of the app that has crashed.
- **ExceptionCode** The exception code returned by the process that has crashed.
@ -1938,7 +1938,7 @@ This event sends data about hangs for both native and managed applications, to h
The following fields are available:
- **AppName** The name of the app that has hung.
- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the telemetry backend.
- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the diagnostic data backend.
- **AppVersion** The version of the app that has hung.
- **PackageFullName** Store application identity.
- **PackageRelativeAppId** Store application identity.
@ -3185,7 +3185,7 @@ The following fields are available:
### Microsoft.Windows.UpdateNotificationPipeline.JavascriptJavascriptCriticalGenericMessage
This event indicates that Javascript is reporting a schema and a set of values for critical telemetry
This event indicates that Javascript is reporting a schema and a set of values for critical diagnostic data.
The following fields are available:

2
windows/configuration/change-history-for-configure-windows-10.md
View File

@ -48,7 +48,7 @@ The topics in this library have been updated for Windows 10, version 1709 (also
- [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md)
- [Multi-app kiosk XML reference](multi-app-kiosk-xml.md)
- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md)
- [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](enhanced-telemetry-windows-analytics-events-and-fields.md)
- [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)
## September 2017

158
windows/configuration/configure-windows-telemetry-in-your-organization.md → windows/configuration/configure-windows-diagnostic-data-in-your-organization.md
View File

@ -1,6 +1,6 @@
---
description: Use this article to make informed decisions about how you can configure telemetry in your organization.
title: Configure Windows telemetry in your organization (Windows 10)
description: Use this article to make informed decisions about how you can configure diagnostic data in your organization.
title: Configure Windows diagnostic data in your organization (Windows 10)
keywords: privacy
ms.prod: w10
ms.mktglfcycl: manage
@ -11,7 +11,7 @@ author: brianlic-msft
ms.date: 10/17/2017
---
# Configure Windows telemetry in your organization
# Configure Windows diagnostic data in your organization
**Applies to**
@ -19,54 +19,54 @@ ms.date: 10/17/2017
- Windows 10 Mobile
- Windows Server
At Microsoft, we use Windows telemetry to inform our decisions and focus our efforts in providing the most robust, most valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Telemetry gives users a voice in the operating systems development. This guide describes the importance of Windows telemetry and how we protect that data. Additionally, it differentiates between telemetry and functional data. It also describes the telemetry levels that Windows supports. Of course, you can choose how much telemetry is shared with Microsoft, and this guide demonstrates how.
At Microsoft, we use Windows diagnostic data to inform our decisions and focus our efforts in providing the most robust, most valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Diagnostic data gives users a voice in the operating systems development. This guide describes the importance of Windows diagnostic data and how we protect that data. Additionally, it differentiates between diagnostic data and functional data. It also describes the diagnostic data levels that Windows supports. Of course, you can choose how much diagnostic data is shared with Microsoft, and this guide demonstrates how.
To frame a discussion about telemetry, it is important to understand Microsofts privacy principles. We earn customer trust every day by focusing on six key privacy principles as described at [privacy.microsoft.com](https://privacy.microsoft.com/). These principles guided the implementation of the Windows telemetry system in the following ways:
To frame a discussion about diagnostic data, it is important to understand Microsofts privacy principles. We earn customer trust every day by focusing on six key privacy principles as described at [privacy.microsoft.com](https://privacy.microsoft.com/). These principles guided the implementation of the Windows diagnostic data system in the following ways:
- **Control.** We offer customers control of the telemetry they share with us by providing easy-to-use management tools.
- **Transparency.** We provide information about the telemetry that Windows and Windows Server collects so our customers can make informed decisions.
- **Security.** We encrypt telemetry in transit from your device and protect that data at our secure data centers.
- **Control.** We offer customers control of the diagnostic data they share with us by providing easy-to-use management tools.
- **Transparency.** We provide information about the diagnostic data that Windows and Windows Server collects so our customers can make informed decisions.
- **Security.** We encrypt diagnostic data in transit from your device and protect that data at our secure data centers.
- **Strong legal protections.** We respect customers local privacy laws and fight for legal protection of their privacy as a fundamental human right.
- **No content-based targeting.** We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or emails, through the Windows telemetry system. Customer content inadvertently collected is kept confidential and not used for user targeting.
- **Benefits to you.** We collect Windows telemetry to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all our customers.
- **No content-based targeting.** We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or emails, through the Windows diagnostic data system. Customer content inadvertently collected is kept confidential and not used for user targeting.
- **Benefits to you.** We collect Windows diagnostic data to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all our customers.
This article applies to Windows and Windows Server telemetry only. Other Microsoft or third-party apps, such as System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager, might send data to their cloud services in ways that are inconsistent with this guide. Their publishers are responsible for notifying users of their privacy policies, telemetry controls, and so on. This article describes the types of telemetry we may gather, the ways you might manage it in your organization, and some examples of how telemetry can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers.
This article applies to Windows and Windows Server diagnostic data only. Other Microsoft or third-party apps, such as System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager, might send data to their cloud services in ways that are inconsistent with this guide. Their publishers are responsible for notifying users of their privacy policies, diagnostic data controls, and so on. This article describes the types of diagnostic data we may gather, the ways you might manage it in your organization, and some examples of how diagnostic data can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers.
Use this article to make informed decisions about how you might configure telemetry in your organization. Telemetry is a term that means different things to different people and organizations. For this article, we discuss telemetry as system data that is uploaded by the Connected User Experience and Telemetry component. The telemetry data is used to help keep Windows devices secure by identifying malware trends and other threats and to help Microsoft improve the quality of Windows and Microsoft services.
Use this article to make informed decisions about how you might configure diagnostic data in your organization. Diagnostic data is a term that means different things to different people and organizations. For this article, we discuss diagnostic data as system data that is uploaded by the Connected User Experiences and Telemetry component. The diagnostic data data is used to help keep Windows devices secure by identifying malware trends and other threats and to help Microsoft improve the quality of Windows and Microsoft services.
We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
## Overview
In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016, you can control telemetry streams by using the Privacy option in Settings, Group Policy, or MDM.
In previous versions of Windows and Windows Server, Microsoft used diagnostic data to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016, you can control diagnostic data streams by using the Privacy option in Settings, Group Policy, or MDM.
For Windows 10, we invite IT pros to join the [Windows Insider Program](http://insider.windows.com) to give us feedback on what we can do to make Windows work better for your organization.
## Understanding Windows telemetry
## Understanding Windows diagnostic data
Windows as a Service is a fundamental change in how Microsoft plans, builds, and delivers the operating system. Historically, we released a major Windows version every few years. The effort required to deploy large and infrequent Windows versions was substantial. That effort included updating the infrastructure to support the upgrade. Windows as a Service accelerates the cadence to provide rich updates more frequently, and these updates require substantially less effort to roll out than earlier versions of Windows. Since it provides more value to organizations in a shorter timeframe, delivering Windows as a Service is a top priority for us.
The release cadence of Windows may be fast, so feedback is critical to its success. We rely on telemetry at each stage of the process to inform our decisions and prioritize our efforts.
The release cadence of Windows may be fast, so feedback is critical to its success. We rely on diagnostic data at each stage of the process to inform our decisions and prioritize our efforts.
### What is Windows telemetry?
Windows telemetry is vital technical data from Windows devices about the device and how Windows and related software are performing. It's used in the following ways:
### What is Windows diagnostic data?
Windows diagnostic data is vital technical data from Windows devices about the device and how Windows and related software are performing. It's used in the following ways:
- Keep Windows up to date
- Keep Windows secure, reliable, and performant
- Improve Windows through the aggregate analysis of the use of Windows
- Personalize Windows engagement surfaces
Here are some specific examples of Windows telemetry data:
Here are some specific examples of Windows diagnostic data data:
- Type of hardware being used
- Applications installed and usage details
- Reliability information on device drivers
### What is NOT telemetry?
### What is NOT diagnostic data?
Telemetry can sometimes be confused with functional data. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not telemetry. For example, exchanging a users location for local weather or news is not an example of telemetry—it is functional data that the app or service requires to satisfy the users request.
Diagnostic data can sometimes be confused with functional data. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not diagnostic data. For example, exchanging a users location for local weather or news is not an example of diagnostic data—it is functional data that the app or service requires to satisfy the users request.
There are subtle differences between telemetry and functional data. Windows collects and sends telemetry in the background automatically. You can control how much information is gathered by setting the telemetry level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash). On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data.
There are subtle differences between diagnostic data and functional data. Windows collects and sends diagnostic data in the background automatically. You can control how much information is gathered by setting the diagnostic data level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash). On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data.
If youre an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services).
@ -76,26 +76,26 @@ The following are specific examples of functional data:
- Bing searches
- Wallpaper and desktop settings synced across multiple devices
### Telemetry gives users a voice
### Diagnostic data gives users a voice
Windows and Windows Server telemetry gives every user a voice in the operating systems development and ongoing improvement. It helps us understand how Windows 10 and Windows Server 2016 behaves in the real world, focus on user priorities, and make informed decisions that benefit them. For our enterprise customers, representation in the dataset on which we will make future design decisions is a real benefit. The following sections offer real examples of these benefits.
Windows and Windows Server diagnostic data gives every user a voice in the operating systems development and ongoing improvement. It helps us understand how Windows 10 and Windows Server 2016 behaves in the real world, focus on user priorities, and make informed decisions that benefit them. For our enterprise customers, representation in the dataset on which we will make future design decisions is a real benefit. The following sections offer real examples of these benefits.
### Drive higher app and driver quality
Our ability to collect telemetry that drives improvements to Windows and Windows Server helps raise the bar for app and device driver quality. Telemetry helps us to quickly identify and fix critical reliability and security issues with apps and device drivers on given configurations. For example, we can identify an app that hangs on devices using a specific version of a video driver, allowing us to work with the app and device driver vendor to quickly fix the issue. The result is less downtime and reduced costs and increased productivity associated with troubleshooting these issues.
Our ability to collect diagnostic data that drives improvements to Windows and Windows Server helps raise the bar for app and device driver quality. Diagnostic data helps us to quickly identify and fix critical reliability and security issues with apps and device drivers on given configurations. For example, we can identify an app that hangs on devices using a specific version of a video driver, allowing us to work with the app and device driver vendor to quickly fix the issue. The result is less downtime and reduced costs and increased productivity associated with troubleshooting these issues.
#### Real-world example of how Windows telemetry helps
There was a version of a video driver that was crashing on some devices running Windows 10, causing the device to reboot. We detected the problem in our telemetry, and immediately contacted the third-party developer who builds the video driver. Working with the developer, we provided an updated driver to Windows Insiders within 24 hours. Based on telemetry from the Windows Insiders devices, we were able to validate the new version of the video driver, and rolled it out to the broad public as an update the next day. Telemetry helped us find, fix, and resolve this problem in just 48 hours, providing a better user experience and reducing costly support calls.
#### Real-world example of how Windows diagnostic data helps
There was a version of a video driver that was crashing on some devices running Windows 10, causing the device to reboot. We detected the problem in our diagnostic data, and immediately contacted the third-party developer who builds the video driver. Working with the developer, we provided an updated driver to Windows Insiders within 24 hours. Based on diagnostic data from the Windows Insiders devices, we were able to validate the new version of the video driver, and rolled it out to the broad public as an update the next day. Diagnostic data helped us find, fix, and resolve this problem in just 48 hours, providing a better user experience and reducing costly support calls.
### Improve end-user productivity
Windows telemetry also helps Microsoft better understand how customers use (or do not use) the operating systems features and related services. The insights we gain from this data helps us prioritize our engineering effort to directly impact our customers experiences. Examples are:
Windows diagnostic data also helps Microsoft better understand how customers use (or do not use) the operating systems features and related services. The insights we gain from this data helps us prioritize our engineering effort to directly impact our customers experiences. Examples are:
- **Start menu.** How do people change the Start menu layout? Do they pin other apps to it? Are there any apps that they frequently unpin? We use this dataset to adjust the default Start menu layout to better reflect peoples expectations when they turn on their device for the first time.
- **Cortana.** We use telemetry to monitor the scalability of our cloud service, improving search performance.
- **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between applications. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows 10 to make this feature more discoverable. Later telemetry showed significantly higher usage of this feature.
- **Cortana.** We use diagnostic data to monitor the scalability of our cloud service, improving search performance.
- **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between applications. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows 10 to make this feature more discoverable. Later diagnostic data showed significantly higher usage of this feature.
**These examples show how the use of telemetry data enables Microsoft to build or enhance features which can help organizations increase employee productivity while lowering help desk calls.**
**These examples show how the use of diagnostic data data enables Microsoft to build or enhance features which can help organizations increase employee productivity while lowering help desk calls.**
### Insights into your own organization
@ -108,7 +108,7 @@ Upgrading to new operating system versions has traditionally been a challenging,
To better help customers through this difficult process, Microsoft developed Upgrade Readiness to give enterprises the tools to plan and manage the upgrade process end to end and allowing them to adopt new Windows releases more quickly and on an ongoing basis.
With Windows telemetry enabled, Microsoft collects computer, application, and driver compatibility-related information for analysis. We then identify compatibility issues that can block your upgrade and suggest fixes when they are known to Microsoft.
With Windows diagnostic data enabled, Microsoft collects computer, application, and driver compatibility-related information for analysis. We then identify compatibility issues that can block your upgrade and suggest fixes when they are known to Microsoft.
Use Upgrade Readiness to get:
@ -122,50 +122,50 @@ Use Upgrade Readiness to get:
The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
## How is telemetry data handled by Microsoft?
## How is diagnostic data data handled by Microsoft?
### Data collection
Windows 10 and Windows Server 2016 includes the Connected User Experience and Telemetry component, which uses Event Tracing for Windows (ETW) tracelogging technology that gathers and stores telemetry events and data. The operating system and some Microsoft management solutions, such as System Center, use the same logging technology.
Windows 10 and Windows Server 2016 includes the Connected User Experiences and Telemetry component, which uses Event Tracing for Windows (ETW) tracelogging technology that gathers and stores diagnostic data events and data. The operating system and some Microsoft management solutions, such as System Center, use the same logging technology.
1. Operating system features and some management applications are instrumented to publish events and data. Examples of management applications include Virtual Machine Manager (VMM), Server Manager, and Storage Spaces.
2. Events are gathered using public operating system event logging and tracing APIs.
3. You can configure the telemetry level by using MDM policy, Group Policy, or registry settings.
4. The Connected User Experience and Telemetry component transmits the telemetry data.
3. You can configure the diagnostic data level by using MDM policy, Group Policy, or registry settings.
4. The Connected User Experiences and Telemetry component transmits the diagnostic data data.
Info collected at the Enhanced and Full levels of telemetry is typically gathered at a fractional sampling rate, which can be as low as 1% of devices reporting data at those levels.
Info collected at the Enhanced and Full levels of diagnostic data is typically gathered at a fractional sampling rate, which can be as low as 1% of devices reporting data at those levels.
### Data transmission
All telemetry data is encrypted using SSL and uses certificate pinning during transfer from the device to the Microsoft Data Management Service. With Windows 10, data is uploaded on a schedule that is sensitive to event priority, battery use, and network cost. Real-time events, such as Windows Defender Advanced Threat Protection, are always sent immediately. Normal events are not uploaded on metered networks, unless you are on a metered server connection. On a free network, normal events can be uploaded every 4 hours if on battery, or every 15 minutes if on A/C power. Diagnostic and crash data are only uploaded on A/C power and free networks.
All diagnostic data data is encrypted using SSL and uses certificate pinning during transfer from the device to the Microsoft Data Management Service. With Windows 10, data is uploaded on a schedule that is sensitive to event priority, battery use, and network cost. Real-time events, such as Windows Defender Advanced Threat Protection, are always sent immediately. Normal events are not uploaded on metered networks, unless you are on a metered server connection. On a free network, normal events can be uploaded every 4 hours if on battery, or every 15 minutes if on A/C power. Diagnostic and crash data are only uploaded on A/C power and free networks.
### Endpoints
The Microsoft Data Management Service routes data back to our secure cloud storage. Only Microsoft personnel with a valid business justification are permitted access.
The following table defines the endpoints for telemetry services:
The following table defines the endpoints for diagnostic data services:
| Service | Endpoint |
| - | - |
| Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com<br />settings-win.data.microsoft.com |
| Connected User Experiences and Telemetry component | v10.vortex-win.data.microsoft.com<br />settings-win.data.microsoft.com |
| [Windows Error Reporting](http://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com |
| [Online Crash Analysis](http://msdn.microsoft.com/library/windows/desktop/ee416349.aspx) | oca.telemetry.microsoft.com |
| OneDrive app for Windows 10 | vortex.data.microsoft.com/collect/v1 |
### Data use and access
The principle of least privileged access guides access to telemetry data. Microsoft does not share personal data of our customers with third parties, except at the customers discretion or for the limited purposes described in the [Privacy Statement](https://privacy.microsoft.com/privacystatement). Microsoft may share business reports with OEMs and third-party partners that include aggregated and anonymized telemetry information. Data-sharing decisions are made by an internal team including privacy, legal, and data management.
The principle of least privileged access guides access to diagnostic data data. Microsoft does not share personal data of our customers with third parties, except at the customers discretion or for the limited purposes described in the [Privacy Statement](https://privacy.microsoft.com/privacystatement). Microsoft may share business reports with OEMs and third-party partners that include aggregated and anonymized diagnostic data information. Data-sharing decisions are made by an internal team including privacy, legal, and data management.
### Retention
Microsoft believes in and practices information minimization. We strive to gather only the info we need and to store it only for as long as its needed to provide a service or for analysis. Much of the info about how Windows and apps are functioning is deleted within 30 days. Other info may be retained longer, such as error reporting data or Microsoft Store purchase history.
## Telemetry levels
This section explains the different telemetry levels in Windows 10, Windows Server 2016, and System Center. These levels are available on all desktop and mobile editions of Windows 10, except for the **Security** level, which is limited to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016.
## Diagnostic data levels
This section explains the different diagnostic data levels in Windows 10, Windows Server 2016, and System Center. These levels are available on all desktop and mobile editions of Windows 10, except for the **Security** level, which is limited to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016.
The telemetry data is categorized into four levels:
The diagnostic data data is categorized into four levels:
- **Security**. Information thats required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
- **Security**. Information thats required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
- **Basic**. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the **Security** level.
@ -175,20 +175,20 @@ The telemetry data is categorized into four levels:
The levels are cumulative and are illustrated in the following diagram. Also, these levels apply to all editions of Windows Server 2016.
![breakdown of telemetry levels and types of administrative controls](images/priv-telemetry-levels.png)
![breakdown of diagnostic data levels and types of administrative controls](images/priv-telemetry-levels.png)
### Security level
The Security level gathers only the telemetry info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windows IoT Core editions.
The Security level gathers only the diagnostic data info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windows IoT Core editions.
> [!NOTE]
> If your organization relies on Windows Update for updates, you shouldnt use the **Security** level. Because no Windows Update information is gathered at this level, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates.
Windows Server Update Services (WSUS) and System Center Configuration Manager functionality is not affected at this level, nor is telemetry data about Windows Server features or System Center gathered.
Windows Server Update Services (WSUS) and System Center Configuration Manager functionality is not affected at this level, nor is diagnostic data data about Windows Server features or System Center gathered.
The data gathered at this level includes:
- **Connected User Experience and Telemetry component settings**. If general telemetry data has been gathered and is queued, it is sent to Microsoft. Along with this telemetry, the Connected User Experience and Telemetry component may download a configuration settings file from Microsofts servers. This file is used to configure the Connected User Experience and Telemetry component itself. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop).
- **Connected User Experiences and Telemetry component settings**. If general diagnostic data data has been gathered and is queued, it is sent to Microsoft. Along with this diagnostic data, the Connected User Experiences and Telemetry component may download a configuration settings file from Microsofts servers. This file is used to configure the Connected User Experiences and Telemetry component itself. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop).
- **Malicious Software Removal Tool (MSRT)** The MSRT infection report contains information, including device info and IP address.
@ -202,15 +202,15 @@ The data gathered at this level includes:
Microsoft recommends that Windows Update, Windows Defender, and MSRT remain enabled unless the enterprise uses alternative solutions such as Windows Server Update Services, System Center Configuration Manager, or a third-party antimalware solution. Windows Update, Windows Defender, and MSRT provide core Windows functionality such as driver and OS updates, including security updates.
For servers with default telemetry settings and no Internet connectivity, you should set the telemetry level to **Security**. This stops data gathering for events that would not be uploaded due to the lack of Internet connectivity.
For servers with default diagnostic data settings and no Internet connectivity, you should set the diagnostic data level to **Security**. This stops data gathering for events that would not be uploaded due to the lack of Internet connectivity.
No user content, such as user files or communications, is gathered at the **Security** telemetry level, and we take steps to avoid gathering any information that directly identifies a company or user, such as name, email address, or account ID. However, in rare circumstances, MSRT information may unintentionally contain personal information. For instance, some malware may create entries in a computers registry that include information such as a username, causing it to be gathered. MSRT reporting is optional and can be turned off at any time.
No user content, such as user files or communications, is gathered at the **Security** diagnostic data level, and we take steps to avoid gathering any information that directly identifies a company or user, such as name, email address, or account ID. However, in rare circumstances, MSRT information may unintentionally contain personal information. For instance, some malware may create entries in a computers registry that include information such as a username, causing it to be gathered. MSRT reporting is optional and can be turned off at any time.
### Basic level
The Basic level gathers a limited set of data thats critical for understanding the device and its configuration. This level also includes the **Security** level data. This level helps to identify problems that can occur on a specific hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a specific driver version. The Connected User Experience and Telemetry component does not gather telemetry data about System Center, but it can transmit telemetry for other non-Windows applications if they have user consent.
The Basic level gathers a limited set of data thats critical for understanding the device and its configuration. This level also includes the **Security** level data. This level helps to identify problems that can occur on a specific hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a specific driver version. The Connected User Experiences and Telemetry component does not gather diagnostic data data about System Center, but it can transmit diagnostic data for other non-Windows applications if they have user consent.
The normal upload range for the Basic telemetry level is between 109 KB - 159 KB per day, per device.
The normal upload range for the Basic diagnostic data level is between 109 KB - 159 KB per day, per device.
The data gathered at this level includes:
@ -232,7 +232,7 @@ The data gathered at this level includes:
- Storage attributes, such as number of drives, type, and size
- **Connected User Experience and Telemetry component quality metrics**. Helps provide an understanding about how the Connected User Experience and Telemetry component is functioning, including % of uploaded events, dropped events, and the last upload time.
- **Connected User Experiences and Telemetry component quality metrics**. Helps provide an understanding about how the Connected User Experiences and Telemetry component is functioning, including % of uploaded events, dropped events, and the last upload time.
- **Quality-related information**. Helps Microsoft develop a basic understanding of how a device and its operating system are performing. Some examples are the device characteristics of a Connected Standby device, the number of crashes or hangs, and application state change details, such as how much processor time and memory were used, and the total uptime for an app.
@ -259,7 +259,7 @@ The Enhanced level gathers data about how Windows and apps are used and how they
This is the default level for Windows 10 Enterprise and Windows 10 Education editions, and the minimum level needed to quickly identify and address Windows, Windows Server, and System Center quality issues.
The normal upload range for the Enhanced telemetry level is between 239 KB - 348 KB per day, per device.
The normal upload range for the Enhanced diagnostic data level is between 239 KB - 348 KB per day, per device.
The data gathered at this level includes:
@ -271,14 +271,14 @@ The data gathered at this level includes:
- **Some crash dump types**. All crash dump types, except for heap dumps and full dumps.
If the Connected User Experience and Telemetry component detects a problem on Windows 10 that requires gathering more detailed instrumentation, the Connected User Experience and Telemetry component at the **Enhanced** telemetry level will only gather data about the events associated with the specific issue.
If the Connected User Experiences and Telemetry component detects a problem on Windows 10 that requires gathering more detailed instrumentation, the Connected User Experiences and Telemetry component at the **Enhanced** diagnostic data level will only gather data about the events associated with the specific issue.
#### Limit Enhanced diagnostic data to the minimum required by Windows Analytics
Windows Analytics Device Health reports are powered by diagnostic data not included in the **Basic** level, such as crash reports and certain operating system events. In the past, organizations sending **Enhanced** or **Full** level diagnostic data were able to participate in Device Health. However, organizations that required detailed event and field level documentation were unable to move from **Basic** to **Enhanced**.
In Windows 10, version 1709, we introduce the **Limit Enhanced diagnostic data to the minimum required by Windows Analytics** feature. When enabled, this feature lets you send only the following subset of **Enhanced** level diagnostic data. For more info about Device Health, see the [Monitor the health of devices with Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor) topic.
- **Operating system events.** Limited to a small set required for analytics reports and documented in the [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/eventname) topic.
- **Operating system events.** Limited to a small set required for analytics reports and documented in the [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/eventname) topic.
- **Some crash dump types.** All crash dump types, except for heap and full dumps.
@ -308,7 +308,7 @@ The **Full** level gathers data necessary to identify and to help fix problems,
Additionally, at this level, devices opted in to the [Windows Insider Program](http://insider.windows.com) will send events, such as reliability and app responsiveness. that can show Microsoft how pre-release binaries and features are performing. These events help us make decisions on which builds are flighted. All devices in the [Windows Insider Program](http://insider.windows.com) are automatically set to this level.
If a device experiences problems that are difficult to identify or repeat using Microsofts internal testing, additional data becomes necessary. This data can include any user content that might have triggered the problem and is gathered from a small sample of devices that have both opted into the **Full** telemetry level and have exhibited the problem.
If a device experiences problems that are difficult to identify or repeat using Microsofts internal testing, additional data becomes necessary. This data can include any user content that might have triggered the problem and is gathered from a small sample of devices that have both opted into the **Full** diagnostic data level and have exhibited the problem.
However, before more data is gathered, Microsofts privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information:
@ -320,27 +320,27 @@ However, before more data is gathered, Microsofts privacy governance team, in
## Enterprise management
Sharing telemetry data with Microsoft provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the telemetry level and managing specific components is the best option.
Sharing diagnostic data data with Microsoft provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the diagnostic data level and managing specific components is the best option.
Customers can set the telemetry level in both the user interface and with existing management tools. Users can change the telemetry level in the **Diagnostic data** setting. In the **Settings** app, it is in **Privacy\Feedback & diagnostics**. They can choose between Basic, Enhanced, and Full. The Security level is not available.
Customers can set the diagnostic data level in both the user interface and with existing management tools. Users can change the diagnostic data level in the **Diagnostic data** setting. In the **Settings** app, it is in **Privacy\Feedback & diagnostics**. They can choose between Basic, Enhanced, and Full. The Security level is not available.
IT pros can use various methods, including Group Policy and Mobile Device Management (MDM), to choose a telemetry level. If youre using Windows 10 Enterprise, Windows 10 Education, or Windows Server 2016, the Security telemetry level is available when managing the policy. Setting the telemetry level through policy overrides users choices. The remainder of this section describes how to do that.
IT pros can use various methods, including Group Policy and Mobile Device Management (MDM), to choose a diagnostic data level. If youre using Windows 10 Enterprise, Windows 10 Education, or Windows Server 2016, the Security diagnostic data level is available when managing the policy. Setting the diagnostic data level through policy overrides users choices. The remainder of this section describes how to do that.
### Manage your telemetry settings
### Manage your diagnostic data settings
We do not recommend that you turn off telemetry in your organization as valuable functionality may be impacted, but we recognize that in some scenarios this may be required. Use the steps in this section to do so for Windows, Windows Server, and System Center.
We do not recommend that you turn off diagnostic data in your organization as valuable functionality may be impacted, but we recognize that in some scenarios this may be required. Use the steps in this section to do so for Windows, Windows Server, and System Center.
> [!IMPORTANT]
> These telemetry levels only apply to Windows, Windows Server, and System Center components and apps that use the Connected User Experience and Telemetry component. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these telemetry levels. You should work with your app vendors to understand their telemetry policy, and how you can to opt in or opt out. For more information on how Microsoft Office uses telemetry, see [Overview of Office Telemetry](http://technet.microsoft.com/library/jj863580.aspx).
> These diagnostic data levels only apply to Windows, Windows Server, and System Center components and apps that use the Connected User Experiences and Telemetry component. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these diagnostic data levels. You should work with your app vendors to understand their diagnostic data policy, and how you can to opt in or opt out. For more information on how Microsoft Office uses diagnostic data, see [Overview of Office Telemetry](http://technet.microsoft.com/library/jj863580.aspx).
You can turn on or turn off System Center telemetry gathering. The default is on and the data gathered at this level represents what is gathered by default when System Center telemetry is turned on. However, setting the operating system telemetry level to **Basic** will turn off System Center telemetry, even if the System Center telemetry switch is turned on.
You can turn on or turn off System Center diagnostic data gathering. The default is on and the data gathered at this level represents what is gathered by default when System Center diagnostic data is turned on. However, setting the operating system diagnostic data level to **Basic** will turn off System Center diagnostic data, even if the System Center diagnostic data switch is turned on.
The lowest telemetry setting level supported through management policies is **Security**. The lowest telemetry setting supported through the Settings UI is **Basic**. The default telemetry setting for Windows Server 2016 is **Enhanced**.
The lowest diagnostic data setting level supported through management policies is **Security**. The lowest diagnostic data setting supported through the Settings UI is **Basic**. The default diagnostic data setting for Windows Server 2016 is **Enhanced**.
### Configure the operating system telemetry level
### Configure the operating system diagnostic data level
You can configure your operating system telemetry settings using the management tools youre already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your telemetry levels through a management policy overrides any device level settings.
You can configure your operating system diagnostic data settings using the management tools youre already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy overrides any device level settings.
Use the appropriate value in the table below when you configure the management policy.
@ -352,9 +352,9 @@ Use the appropriate value in the table below when you configure the management p
| Full | Security data, basic system and quality data, enhanced insights and advanced reliability data, and full diagnostics data. | **3** |
### Use Group Policy to set the telemetry level
### Use Group Policy to set the diagnostic data level
Use a Group Policy object to set your organizations telemetry level.
Use a Group Policy object to set your organizations diagnostic data level.
1. From the Group Policy Management Console, go to **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds**.
@ -362,11 +362,11 @@ Use a Group Policy object to set your organizations telemetry level.
3. In the **Options** box, select the level that you want to configure, and then click **OK**.
### Use MDM to set the telemetry level
### Use MDM to set the diagnostic data level
Use the [Policy Configuration Service Provider (CSP)](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) to apply the System/AllowTelemetry MDM policy.
### Use Registry Editor to set the telemetry level
### Use Registry Editor to set the diagnostic data level
Use Registry Editor to manually set the registry level on each device in your organization or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, it will override this registry setting.
@ -380,25 +380,25 @@ Use Registry Editor to manually set the registry level on each device in your or
5. Click **File** &gt; **Export**, and then save the file as a .reg file, such as **C:\\AllowTelemetry.reg**. You can run this file from a script on each device in your organization.
### Configure System Center 2016 telemetry
### Configure System Center 2016 diagnostic data
For System Center 2016 Technical Preview, you can turn off System Center telemetry by following these steps:
For System Center 2016 Technical Preview, you can turn off System Center diagnostic data by following these steps:
- Turn off telemetry by using the System Center UI Console settings workspace.
- Turn off diagnostic data by using the System Center UI Console settings workspace.
- For information about turning off telemetry for Service Management Automation and Service Provider Foundation, see [How to disable telemetry for Service Management Automation and Service Provider Foundation](https://support.microsoft.com/kb/3096505).
- For information about turning off diagnostic data for Service Management Automation and Service Provider Foundation, see [How to disable telemetry for Service Management Automation and Service Provider Foundation](https://support.microsoft.com/kb/3096505).
### Additional telemetry controls
### Additional diagnostic data controls
There are a few more settings that you can turn off that may send telemetry information:
There are a few more settings that you can turn off that may send diagnostic data information:
- To turn off Windows Update telemetry, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as [Windows Server Update Services (WSUS)](http://technet.microsoft.com/library/hh852345.aspx) or [System Center Configuration Manager](http://www.microsoft.com/server-cloud/products/system-center-2012-r2-configuration-manager/).
- To turn off Windows Update diagnostic data, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as [Windows Server Update Services (WSUS)](http://technet.microsoft.com/library/hh852345.aspx) or [System Center Configuration Manager](http://www.microsoft.com/server-cloud/products/system-center-2012-r2-configuration-manager/).
- Turn off **Windows Defender Cloud-based Protection** and **Automatic sample submission** in **Settings** &gt; **Update & security** &gt; **Windows Defender**.
- Manage the Malicious Software Removal Tool in your organization. For more info, see Microsoft KB article [891716](http://support.microsoft.com/kb/891716).
- Turn off **Linguistic Data Collection** in **Settings** &gt; **Privacy**. At telemetry levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary.
- Turn off **Linguistic Data Collection** in **Settings** &gt; **Privacy**. At diagnostic data levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary.
> [!NOTE]
> Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete the information.

10
windows/configuration/enhanced-telemetry-windows-analytics-events-and-fields.md → windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
View File

@ -1,7 +1,7 @@
---
description: Use this article to learn more about the enhanced telemetry events used by Windows Analytics
description: Use this article to learn more about the enhanced diagnostic data events used by Windows Analytics
title: Windows 10, version 1709 enhanced telemtry events and fields used by Windows Analytics (Windows 10)
keywords: privacy, telemetry
keywords: privacy, diagnostic data
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@ -13,15 +13,15 @@ ms.author: jaimeo
---
# Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics
# Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics
**Applies to**
- Windows 10, version 1709 and later
Windows Analytics Device Health reports are powered by diagnostic data not included in the Basic level. This includes crash reports and certain OS telemetry events. Organizations sending Enhanced or Full level diagnostic data were able to participate in Device Health, but some organizations which required detailed event and field level documentation were unable to move from Basic to Enhanced.
Windows Analytics Device Health reports are powered by diagnostic data not included in the Basic level. This includes crash reports and certain OS diagnostic data events. Organizations sending Enhanced or Full level diagnostic data were able to participate in Device Health, but some organizations which required detailed event and field level documentation were unable to move from Basic to Enhanced.
In Windows 10, version 1709, we introduce a new feature: "Limit Enhanced diagnostic data to the minimum required by Windows Analytics". When enabled, this feature limits the operating system telemetry events included in the Enhanced level to only those described below. Note that the Enhanced level also includes limited crash reports, which are not described below. For more information on the Enhanced level, see [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md).
In Windows 10, version 1709, we introduce a new feature: "Limit Enhanced diagnostic data to the minimum required by Windows Analytics". When enabled, this feature limits the operating system diagnostic data events included in the Enhanced level to only those described below. Note that the Enhanced level also includes limited crash reports, which are not described below. For more information on the Enhanced level, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
## KernelProcess.AppStateChangeSummary

2
windows/configuration/gdpr-win10-whitepaper.md
View File

@ -179,7 +179,7 @@ The GDPR includes explicit requirements for breach notification where a personal
As noted in the Windows Security Center white paper, [Post Breach: Dealing with Advanced Threats](http://wincom.blob.core.windows.net/documents/Post_Breach_Dealing_with_Advanced_Threats_Whitepaper.pdf), “_Unlike pre-breach, post-breach assumes a breach has already occurred acting as a flight recorder and Crime Scene Investigator (CSI). Post-breach provides security teams the information and toolset needed to identify, investigate, and respond to attacks that otherwise will stay undetected and below the radar._”
#### Insightful security telemetry
#### Insightful security diagnostic data
For nearly two decades, Microsoft has been turning threats into useful intelligence that can help fortify our platform and protect customers. Today, with the immense computing advantages afforded by the cloud, we are finding new ways to use our rich analytics engines driven by threat intelligence to protect our customers.
By applying a combination of automated and manual processes, machine learning and human experts, we can create an Intelligent Security Graph that learns from itself and evolves in real-time, reducing our collective time to detect and respond to new incidents across our products.

6
windows/configuration/index.md
View File

@ -19,11 +19,11 @@ Enterprises often need to apply custom configurations to devices for their users
| Topic | Description |
| --- | --- |
| [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md) | Use this article to make informed decisions about how you can configure Windows telemetry in your organization. |
| [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | Use this article to make informed decisions about how you can configure Windows diagnostic data in your organization. |
| [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) | Learn about diagnostic data that is collected at the basic level in Windows 10, version 1709. |
|[Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](enhanced-telemetry-windows-analytics-events-and-fields.md)|Learn about diagnostic data that is collected by Windows Analytics.|
|[Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)|Learn about diagnostic data that is collected by Windows Analytics.|
| [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) | Learn about diagnostic data that is collected at the basic level in Windows 10, version 1703. |
| [Windows 10 diagnostic data for the Full telemetry level](windows-diagnostic-data-1703.md) | Learn about the types of data that is collected at the full level in Windows 10, version 1703 and later. |
| [Windows 10 diagnostic data for the Full diagnostic data level](windows-diagnostic-data-1703.md) | Learn about the types of data that is collected at the full level in Windows 10, version 1703 and later. |
|[Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)|Learn about Windows 10 and the upcoming GDPR-compliance requirements.|
| [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Learn about the network connections that Windows components make to Microsoft and also the privacy settings that affect data that is shared with either Microsoft or apps and how they can be managed by an IT Pro. |
| [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) | Wi-Fi Sense automatically connects you to Wi-Fi, so you can get online quickly in more places. It can connect you to open Wi-Fi hotspots it knows about through crowdsourcing, or to Wi-Fi networks your contacts have shared with you by using Wi-Fi Sense. The initial settings for Wi-Fi Sense are determined by the options you chose when you first set up your PC with Windows 10. |

14
windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -19,13 +19,13 @@ ms.date: 01/29/2018
- Windows 10
- Windows Server 2016
If you're looking for content on what each telemetry level means and how to configure it in your organization, see [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md).
If you're looking for content on what each diagnostic data level means and how to configure it in your organization, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
Learn about the network connections that Windows components make to Microsoft and also the privacy settings that affect data that is shared with either Microsoft or apps and how they can be managed by an IT Pro.
If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider. You can configure telemetry at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article.
If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider. You can configure diagnostic data at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article.
You can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience.
You can configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience.
To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. You should not extract this package to the windows\\system32 folder because it will not apply correctly. Applying this baseline is equivalent to applying the Windows 10 steps covered in this article.
@ -69,7 +69,7 @@ Here's a list of changes that were made to this article for Windows 10, version
## <a href="" id="bkmk-othersettings"></a>Management options for each setting
The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all of these connections.
The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all of these connections.
If you're running Windows 10, they will be included in the next update for the Long Term Servicing Branch.
@ -362,7 +362,7 @@ Windows Insider Preview builds only apply to Windows 10 and are not available fo
> [!NOTE]
> If you upgrade a device that is configured to minimize connections from Windows to Microsoft services (that is, a device configured for zero exhaust) to a Windows Insider Preview build, the Feedback & Diagnostic setting will automatically be set to **Full**. Although the telemetry level may initially appear as **Basic**, a few hours after the UI is refreshed or the machine is rebooted, the setting will become **Full**.
> If you upgrade a device that is configured to minimize connections from Windows to Microsoft services (that is, a device configured for zero exhaust) to a Windows Insider Preview build, the Feedback & Diagnostic setting will automatically be set to **Full**. Although the diagnostic data level may initially appear as **Basic**, a few hours after the UI is refreshed or the machine is rebooted, the setting will become **Full**.
To turn off Insider Preview builds for a released version of Windows 10:
@ -886,7 +886,7 @@ To turn off **Turn on SmartScreen Filter to check web content (URLs) that Micros
To turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**:
> [!NOTE]
> If the telemetry level is set to either **Basic** or **Security**, this is turned off automatically.
> If the diagnostic data level is set to either **Basic** or **Security**, this is turned off automatically.
@ -1725,7 +1725,7 @@ For Windows 10 only, you can stop Enhanced Notifications:
- Turn off the feature in the UI.
You can also use the registry to turn off Malicious Software Reporting Tool telemetry by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1.
You can also use the registry to turn off Malicious Software Reporting Tool diagnostic data by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1.
### <a href="" id="bkmk-wmp"></a>24. Windows Media Player

50
windows/configuration/manage-windows-endpoints-version-1709.md
View File

@ -133,7 +133,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|----------------|----------|------------|
| backgroundtaskhost | HTTPS | www.bing.com/proactive/v2/spark?cc=US&setlang=en-US |
The following endpoint is used by Cortana to report diagnostic and telemetry information.
The following endpoint is used by Cortana to report diagnostic and diagnostic data information.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and won't be able to fix them.
| Source process | Protocol | Destination |
@ -175,6 +175,30 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|----------------|----------|------------|
| | | dmd.metaservices.microsoft.com.akadns.net |
## Diagnostic Data
The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| svchost | | cy2.vortex.data.microsoft.com.akadns.net |
The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| svchost | | v10.vortex-win.data.microsoft.com/collect/v1 |
The following endpoints are used by Windows Error Reporting.
To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| wermgr | | watson.telemetry.microsoft.com/Telemetry.Request |
| |TLS v1.2 |modern.watson.data.microsoft.com.akadns.net|
## Font streaming
The following endpoints are used to download fonts on demand.
@ -340,7 +364,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|----------------|----------|------------|
| dmclient | HTTPS | settings.data.microsoft.com |
The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as Windows Connected User Experience and Telemetry component and Windows Insider Program use it.
The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as Windows Connected User Experiences and Telemetry component and Windows Insider Program use it.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working.
| Source process | Protocol | Destination |
@ -355,29 +379,7 @@ The following endpoint is used to retrieve Skype configuration values. To turn o
|----------------|----------|------------|
|microsoft.windowscommunicationsapps.exe | HTTPS | config.edge.skype.com |
## Telemetry
The following endpoint is used by the Connected User Experience and Telemetry component and connects to the Microsoft Data Management service.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| svchost | | cy2.vortex.data.microsoft.com.akadns.net |
The following endpoint is used by the Connected User Experience and Telemetry component and connects to the Microsoft Data Management service.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| svchost | | v10.vortex-win.data.microsoft.com/collect/v1 |
The following endpoints are used by Windows Error Reporting.
To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| wermgr | | watson.telemetry.microsoft.com/Telemetry.Request |
| |TLS v1.2 |modern.watson.data.microsoft.com.akadns.net|
## Windows Defender

2
windows/configuration/set-up-shared-or-guest-pc.md
View File

@ -50,7 +50,7 @@ Apps can take advantage of shared PC mode with the following three APIs:
- [IsEnabled](https://docs.microsoft.com/uwp/api/windows.system.profile.sharedmodesettings) - This informs apps when the PC has been configured for shared use scenarios. For example, an app might only download content on demand on a device in shared PC mode, or might skip first run experiences.
- [ShouldAvoidLocalStorage](https://docs.microsoft.com/uwp/api/windows.system.profile.sharedmodesettings) - This informs apps when the PC has been configured to not allow the user to save to the local storage of the PC. Instead, only cloud save locations should be offered by the app or saved automatically by the app.
- [IsEducationEnvironment](https://docs.microsoft.com/uwp/api/windows.system.profile.educationsettings) - This informs apps when the PC is used in an education environment. Apps may want to handle telemetry differently or hide advertising functionality.
- [IsEducationEnvironment](https://docs.microsoft.com/uwp/api/windows.system.profile.educationsettings) - This informs apps when the PC is used in an education environment. Apps may want to handle diagnostic data differently or hide advertising functionality.
###Customization

2
windows/configuration/wcd/wcd-connectivityprofiles.md
View File

@ -166,7 +166,7 @@ The **Config** settings are initial settings that can be overwritten when settin
### SystemCapabilities
You can use these settings to configure system capabilities for Wi-Fi adapters, which is a new functionality in Windows 10. These system capabilities are added at image time to ensure that the information is at its most accurate. The capabilities allow the OS to have a better understanding of the underlying hardware that it's running on. Telemetry data is generated by the system to provide data that can be used to diagnose both software and hardware issues.
You can use these settings to configure system capabilities for Wi-Fi adapters, which is a new functionality in Windows 10. These system capabilities are added at image time to ensure that the information is at its most accurate. The capabilities allow the OS to have a better understanding of the underlying hardware that it's running on. Diagnostic data data is generated by the system to provide data that can be used to diagnose both software and hardware issues.
| Setting | Description |
| --- | --- |

Some files were not shown because too many files have changed in this diff Show More