deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-23 14:23:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into nimishasatapathy-4872162-removeIoTENT

Browse Source
This commit is contained in:
Nimisha Satapathy
2021-03-05 08:51:58 +05:30
committed by GitHub
parent f7ada526c0 a4ac2ba444
commit f93122619a
482 changed files with 1681 additions and 1188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
windows/client-management/mandatory-user-profile.md
View File

@ -82,22 +82,30 @@ First, you create a default user profile with the customizations that you want,
1. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the set up, and then sign in to the computer using an account that has local administrator privileges.
1. Right-click Start, go to **Control Panel** (view by large or small icons) > **System** > **Advanced system settings**, and click **Settings** in the **User Profiles** section.
1. Right-click **Start**, go to **Control Panel** (view by large or small icons) > **System** > **Advanced system settings**, and click **Settings** in the **User Profiles** section. Alternatively, starting in Windows 10, version 2004, open the **Settings** app and select **Advanced system settings**.
Starting in Windows 10 version (2004) Open the Settings app and click on Advanced system settings
1. In **User Profiles**, click **Default Profile**, and then click **Copy To**.
![Example of UI](images/copy-to.png)
1. In **Copy To**, under **Permitted to use**, click **Change**.
![Example of UI](images/copy-to-change.png)
1. In **Select User or Group**, in the **Enter the object name to select** field, type `everyone`, click **Check Names**, and then click **OK**.
1. In **Select User or Group**, in the **Enter the object name to select** field, type `everyone` or the group of users that the profile will be assigned to, click **Check Names**, and then click **OK**.
1. In **Copy To**, in the **Copy profile to** field, enter the path and folder name where you want to store the mandatory profile. The folder name must use the correct [extension](#profile-extension-for-each-windows-version) for the operating system version. For example, the folder name must end with ".v6" to identify it as a user profile folder for Windows 10, version 1607.
- If the device is joined to the domain and you are signed in with an account that has permissions to write to a shared folder on the network, you can enter the shared folder path.
![Example of UI](images/copy-to-path.png)
- If the device is not joined to the domain, you can save the profile locally and then copy it to the shared folder location.
- Optionally, you can check the **Mandatory profile** checkbox. This step is not required but will set permissions that are more restrictive and we recommend doing so.
![Example of UI](images/copy-to-path.png)

10
windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
View File

@ -112,8 +112,8 @@ Example: Export the Debug logs
</SyncML>
```
## Collect logs from Windows 10 Mobile devices
<!--## Collect logs from Windows 10 Mobile devices-->
<!--
Since there is no Event Viewer in Windows 10 Mobile, you can use the [Field Medic](https://www.microsoft.com/p/field-medic/9wzdncrfjb82?activetab=pivot%3aoverviewtab) app to collect logs.
**To collect logs manually**
@ -182,11 +182,11 @@ The following table contains a list of common providers and their corresponding
| e5fc4a0f-7198-492f-9b0f-88fdcbfded48 | Microsoft-Windows Networking VPN |
| e5c16d49-2464-4382-bb20-97a4b5465db9 | Microsoft-Windows-WiFiNetworkManager |
 
--> 
## Collect logs remotely from Windows 10 Holographic or Windows 10 Mobile devices
## Collect logs remotely from Windows 10 Holographic
For holographic or mobile devices already enrolled in MDM, you can remotely collect MDM logs through the MDM channel using the [DiagnosticLog CSP](diagnosticlog-csp.md).
For holographic already enrolled in MDM, you can remotely collect MDM logs through the MDM channel using the [DiagnosticLog CSP](diagnosticlog-csp.md).
You can use the DiagnosticLog CSP to enable the ETW provider. The provider ID is 3DA494E4-0FE2-415C-B895-FB5265C5C83B. The following examples show how to enable the ETW provider:

30
windows/client-management/mdm/euiccs-csp.md
View File

@ -38,6 +38,36 @@ Required. Indicates whether this eUICC is physically present and active. Updated
Supported operation is Get. Value type is boolean.
<a href="" id="euicc-isactive"></a>**_eUICC_/PPR1Allowed**
Required. Indicates whether the download of a profile with PPR1 is allowed. If the eUICC already has a profile (regardless of its origin and policy rules associated with it), the download of a profile with PPR1 is not allowed.
Supported operation is Get. Value type is boolean.
<a href="" id="euicc-isactive"></a>**_eUICC_/PPR1AlreadySet**
Required. Indicates whether the eUICC already has a profile with PPR1.
Supported operation is Get. Value type is boolean.
<a href="" id="euicc-profiles"></a>**_eUICC_/DownloadServers**
Interior node. Represents default SM-DP+ discovery requests.
Supported operation is Get.
<a href="" id="euicc-profiles-iccid"></a>**_eUICC_/DownloadServers/_ServerName_**
Interior node. Optional. Node specifying the server name for a discovery operation. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request.
Supported operations are Add, Get, and Delete.
<a href="" id="euicc-profiles-iccid-state"></a>**_eUICC_/DownloadServers/_ServerName_/DiscoveryState**
Required. Current state of the discovery operation for the parent ServerName (Requested = 1, Executing = 2, Completed = 3, Failed = 4). Queried by the CSP and only updated by the LPA.
Supported operation is Get. Value type is integer. Default value is 1.
<a href="" id="euicc-profiles-iccid-isenabled"></a>**_eUICC_/DownloadServers/_ServerName_/AutoEnable**
Required. Indicates whether the discovered profile must be enabled automatically after install. This must be set by the MDM when the ServerName subtree is created.
Supported operations are Add, Get, and Replace. Value type is bool.
<a href="" id="euicc-profiles"></a>**_eUICC_/Profiles**
Interior node. Required. Represents all enterprise-owned profiles.

206
windows/client-management/mdm/euiccs-ddf-file.md
View File

@ -49,7 +49,7 @@ The XML below if for Windows 10, version 1803.
<CIS />
</CaseSense>
<DFType>
<MIME>com.microsoft/1.1/MDM/eUICCs</MIME>
<MIME>com.microsoft/1.2/MDM/eUICCs</MIME>
</DFType>
</DFProperties>
<Node>
@ -58,7 +58,7 @@ The XML below if for Windows 10, version 1803.
<AccessType>
<Get />
</AccessType>
<Description>Represents information associated with an eUICC. There is one subtree for each known eUICC, created by the Local Profile Assistant (LPA) when the eUICC is first seen. The node name is meaningful only to the LPA (which associates it with an eUICC ID (EID) in an implementation-specific manner, e.g., this could be a SHA-256 hash of the EID). The node name "Default" represents the currently active eUICC.</Description>
<Description>Represents information associated with an eUICC. There is one subtree for each known eUICC, created by the Local Profile Assistant (LPA) when the eUICC is first seen. The node name is the eUICC ID (EID). The node name "Default" represents the currently active eUICC.</Description>
<DFFormat>
<node />
</DFFormat>
@ -79,7 +79,7 @@ The XML below if for Windows 10, version 1803.
<AccessType>
<Get />
</AccessType>
<Description>Identifies an eUICC in an implementation-specific manner, e.g., this could be a SHA-256 hash of the EID.</Description>
<Description>The EID.</Description>
<DFFormat>
<chr />
</DFFormat>
@ -118,6 +118,139 @@ The XML below if for Windows 10, version 1803.
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>PPR1Allowed</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Indicates whether the download of a profile with PPR1 is allowed. If the eUICC already has a profile (regardless of its origin and policy rules associated with it), the download of a profile with PPR1 is not allowed.</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>PPR1AlreadySet</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Indicates whether the eUICC already has a profile with PPR1.</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>DownloadServers</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Represents default SM-DP+ discovery requests.</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName></NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Node specifying the server name for a discovery operation. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request.</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<ZeroOrMore />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>ServerName</DFTitle>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>DiscoveryState</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>1</DefaultValue>
<Description>Current state of the discovery operation for the parent ServerName (Requested = 1, Executing = 2, Completed = 3, Failed = 4). Queried by the CSP and only updated by the LPA.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>AutoEnable</NodeName>
<DFProperties>
<AccessType>
<Add />
<Get />
<Replace />
</AccessType>
<Description>Indicates whether the discovered profile must be enabled automatically after install. This must be set by the MDM when the ServerName subtree is created.</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
<Node>
<NodeName>Profiles</NodeName>
<DFProperties>
@ -145,6 +278,7 @@ The XML below if for Windows 10, version 1803.
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Node representing an enterprise-owned eUICC profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).</Description>
<DFFormat>
@ -167,6 +301,7 @@ The XML below if for Windows 10, version 1803.
<AccessType>
<Add />
<Get />
<Replace />
</AccessType>
<Description>Fully qualified domain name of the SM-DP+ that can download this profile. Must be set by the MDM when the ICCID subtree is created.</Description>
<DFFormat>
@ -192,6 +327,7 @@ The XML below if for Windows 10, version 1803.
<AccessType>
<Add />
<Get />
<Replace />
</AccessType>
<Description>Matching ID (activation code token) for profile download. Must be set by the MDM when the ICCID subtree is created.</Description>
<DFFormat>
@ -256,6 +392,70 @@ The XML below if for Windows 10, version 1803.
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>PPR1Set</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>This profile policy rule indicates whether disabling of this profile is not allowed (true if not allowed, false otherwise).</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>PPR2Set</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>This profile policy rule indicates whether deletion of this profile is not allowed (true if not allowed, false otherwise).</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ErrorDetail</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>Detailed error if the profile download and install procedure failed (None = 0, CardGeneralFailure = 1, ConfirmationCodeMissing = 3, ForbiddenByPolicy = 5, InvalidMatchingId = 6, NoEligibleProfileForThisDevice = 7, NotEnoughSpaceOnCard = 8, ProfileEidMismatch = 10, ProfileNotAvailableForNewBinding = 11, ProfileNotReleasedByOperator = 12, RemoteServerGeneralFailure = 13, RemoteServerUnreachable = 14).</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
<Node>

72
windows/client-management/mdm/policy-csp-browser.md
View File

@ -177,6 +177,10 @@ ms.localizationpriority: medium
<dd>
<a href="#browser-showmessagewhenopeningsitesininternetexplorer">Browser/ShowMessageWhenOpeningSitesInInternetExplorer</a>
</dd>
<dd>
<a href="#browser-suppressedgedeprecationnotification">Browser/SuppressEdgeDeprecationNotification</a>
</dd>
<dd>
<a href="#browser-syncfavoritesbetweenieandmicrosoftedge">Browser/SyncFavoritesBetweenIEAndMicrosoftEdge</a>
</dd>
@ -4069,6 +4073,74 @@ Most restricted value: 0
<hr/>
<!--Policy-->
<a href="" id="browser-suppressedgedeprecationnotification"></a>**Browser/SuppressEdgeDeprecationNotification**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy allows Enterprise Admins to turn off the notification for company devices that the Edge Legacy browser is no longer supported after 3/9/2021 to avoid confusion for their enterprise users and reduce help desk calls.
By default, a notification will be presented to the user informing them of this upon application startup.
With this policy, you can either allow (default) or suppress this notification.
> [!NOTE]
> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Suppress Edge Deprecation Notification*
- GP name: *SuppressEdgeDeprecationNotification*
- GP path: *Windows Components/Microsoft Edge*
- GP ADMX file name: *MicrosoftEdge.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
Supported values:
- 0 (default) Allowed. Notification will be shown at application startup.
- 1 Prevented/not allowed.
<hr/>
<!--Policy-->
<a href="" id="browser-syncfavoritesbetweenieandmicrosoftedge"></a>**Browser/SyncFavoritesBetweenIEAndMicrosoftEdge**

4
windows/client-management/mdm/policy-csp-timelanguagesettings.md
View File

@ -78,7 +78,8 @@ Specifies the time zone to be applied to the device. This is the standard Window
<!--/Description-->
<!--SupportedValues-->
Value type is String. Supported values:
- Name of Standard Time Zone - for example, Pacific Standard Time, Mountain Standard Time.
<!--/SupportedValues-->
<!--Example-->
@ -101,4 +102,3 @@ Footnotes:
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->