deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 13:53:39 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into wdav-missed

Browse Source
This commit is contained in:
Denise Vangel-MSFT
2020-01-31 14:49:40 -08:00
parent 873fffc872 9e66cbdf6d
commit fd056ac5b2
198 changed files with 4609 additions and 6904 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
View File

@ -35,7 +35,7 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro
> [!NOTE]
> - Bulk-join is not supported in Azure Active Directory Join.
> - Bulk enrollment does not work in Intune standalone environment.
> - Bulk enrollment works in System Center Configuration Manager (SCCM) + Intune hybrid environment where the ppkg is generated from the SCCM console.
> - Bulk enrollment works in Microsoft Endpoint Configuration Manager where the ppkg is generated from the Configuration Manager console.
> - To change bulk enrollment settings, login to **AAD**, then **Devices**, and then click **Device Settings**. Change the number under **Maximum number of devices per user**.
## What you need

42
windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md
View File

@ -15,7 +15,7 @@ ms.date: 06/26/2017
# Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices
Like any Windows devices, Windows 10 Mobile devices use Microsoft Update by default to download updates over the Internet. However, in some enterprise environments, devices may not be able to access the Internet to retrieve their updates. Because of network restrictions or other enterprise policies, devices must download their updates from an internal location. This document describes how to enable offline updates using System Center Configuration Manager.
Like any Windows devices, Windows 10 Mobile devices use Microsoft Update by default to download updates over the Internet. However, in some enterprise environments, devices may not be able to access the Internet to retrieve their updates. Because of network restrictions or other enterprise policies, devices must download their updates from an internal location. This document describes how to enable offline updates using Microsoft Endpoint Configuration Manager.
Here is a table of update path to Windows 10 Mobile.
@ -79,7 +79,7 @@ Down the road, after the upgrade to Windows 10 is complete, if you decide to pus
**Requirements:**
- The test device must be same as the other production devices that are receiving the updates.
- Your test device must be enrolled with System Center Configuration Manager.
- Your test device must be enrolled with Microsoft Endpoint Configuration Manager.
- Your device can connect to the Internet.
- Your device must have an SD card with at least 0.5 GB of free space.
- Ensure that the settings app and PhoneUpdate applet are available via Assigned Access.
@ -93,7 +93,7 @@ The following diagram is a high-level overview of the process.
Define the baseline update set that will be applied to other devices. Use a device that is running the most recent image as the test device.
Trigger the device to check for updates either manually or using System Center Configuration Manager.
Trigger the device to check for updates either manually or using Microsoft Endpoint Configuration Manager.
**Manually**
@ -104,19 +104,19 @@ Trigger the device to check for updates either manually or using System Center C
> **Note**  There is a bug in all OS versions up to GDR2 where the CSP will not set the assigned value. There is no way to change or set this until GDR2 is deployed onto the device.
**Using System Center Configuration Manager**
**Using Microsoft Endpoint Configuration Manager**
1. Remotely trigger a scan of the test device by deploying a Trigger Scan Configuration Baseline.
![device scan using sccm](images/windowsembedded-update2.png)
![device scan using Configuration Manager](images/windowsembedded-update2.png)
2. Set the value of this OMA-URI by browsing to the settings of this Configuration Item and selecting the newly created Trigger Scan settings from the previous step.
![device scan using sccm](images/windowsembedded-update3.png)
![device scan using Configuration Manager](images/windowsembedded-update3.png)
3. Ensure that the value that is specified for this URI is greater than the value on the device(s) and that the Remediate noncompliant rules when supported option is checked. For the first time, any value that is greater than 0 will work, but for subsequent configurations, ensure that you specify an incremented value.
![device scan using sccm](images/windowsembedded-update4.png)
![device scan using Configuration Manager](images/windowsembedded-update4.png)
4. Create a Configuration Baseline for TriggerScan and Deploy. It is recommended that this Configuration Baseline be deployed after the Controlled Updates Baseline has been applied to the device (the corresponding files are deployed on the device through a device sync session).
5. Follow the prompts for downloading the updates, but do not install the updates on the device.
@ -132,16 +132,16 @@ There are two ways to retrieve this file from the device; one pre-GDR1 and one p
1. Create a Configuration Item using ConfigMgr to look at the registry entry ./Vendor/MSFT/EnterpriseExt/DeviceUpdate/ApprovedUpdatesXml.
> **Note**  In System Center Configuration Manager, you may see an error about exceeding the file limit when using ApprovedUpdatesXml. However, the process still completes even if the file is large.
> **Note**  In Microsoft Endpoint Configuration Manager, you may see an error about exceeding the file limit when using ApprovedUpdatesXml. However, the process still completes even if the file is large.
If the XML file is greater than 32K you can also use ./Vendor/MSFT/FileSystem/<*filename*>.
2. Set a baseline for this Configuration Item with a “dummy” value (such as zzz), and ensure that you do not remediate it.
The dummy value is not be set; it is only used for comparison.
3. After the report XML is sent to the device, System Center Configuration Manager displays a compliance log that contains the report information. The log can contain significant amount of data.
3. After the report XML is sent to the device, Microsoft Endpoint Configuration Manager displays a compliance log that contains the report information. The log can contain significant amount of data.
4. Parse this log for the report XML content.
For a step-by-step walkthrough, see [How to retrieve a device update report using System Center Configuration Manager logs](#how-to-retrieve-a-device-update-report-using-system-center-configuration-manager-logs).
For a step-by-step walkthrough, see [How to retrieve a device update report using Microsoft Endpoint Configuration Manager logs](#how-to-retrieve-a-device-update-report-using-microsoft-endpoint-configuration-manager-logs).
**Post-GDR1: Retrieve the report xml file using an SD card**
@ -228,7 +228,7 @@ This process has three parts:
1. Create a configuration item and specify that file path and name on the device as `NonPersistent\DUCustomContentURIs.xml`
2. Check the box **Remediate noncompliant settings**.
![embedded device upate](images/windowsembedded-update21.png)
![embedded device update](images/windowsembedded-update21.png)
3. Click **OK**.
@ -238,11 +238,11 @@ This process has three parts:
1. Create a configuration baseline item and give it a name (such as ControlledUpdates).
2. Add the DUControlledUpdates and DUCustomContentURIs configuration items, and then click **OK**.
![embedded device upate](images/windowsembedded-update22.png)
![embedded device update](images/windowsembedded-update22.png)
3. Deploy the configuration baseline to the appropriate device or device collection.
![embedded device upate](images/windowsembedded-update23.png)
![embedded device update](images/windowsembedded-update23.png)
4. Click **OK**.
@ -252,7 +252,7 @@ Now that the other "production" or "in-store" devices have the necessary informa
### Use this process for unmanaged devices
If the update policy of the device is not managed or restricted by System Center Configuration Manager, an update process can be initiated on the device in one of the following ways:
If the update policy of the device is not managed or restricted by Microsoft Endpoint Configuration Manager, an update process can be initiated on the device in one of the following ways:
- Initiated by a periodic scan that the device automatically performs.
- Initiated manually through **Settings** -> **Phone Update** -> **Check for Updates**.
@ -261,14 +261,14 @@ If the update policy of the device is not managed or restricted by System Center
If the update policy of the device is managed or restricted by MDM, an update process can be initiated on the device in one of the following ways:
- Trigger the device to scan for updates through System Center Configuration Manager.
- Trigger the device to scan for updates through Microsoft Endpoint Configuration Manager.
Ensure that the trigger scan has successfully executed, and then remove the trigger scan configuration baseline.
> **Note**  Ensure that the PhoneUpdateRestriction Policy is set to a value of 0, to ensure that the device will not perform an automatic scan.
- Trigger the device to scan as part of a Maintenance Window defined by the IT Admin in System Center Configuration Manager.
- Trigger the device to scan as part of a Maintenance Window defined by the IT Admin in Microsoft Endpoint Configuration Manager.
After the installation of updates is completed, the IT Admin can use the DUReport generated in the production devices to determine if the device successfully installed the list of updates. If the device did not, error codes are provided in the DUReport.xml. To retrieve the device update report from a device, perform the same steps defined in [Step 2](#step2).
@ -456,7 +456,7 @@ DownloadFiles $inputFile $downloadCache $localCacheURL
```
<a href="" id="how-to-retrieve"></a>
## How to retrieve a device update report using System Center Configuration Manager logs
## How to retrieve a device update report using Microsoft Endpoint Configuration Manager logs
Use this procedure for pre-GDR1 devices.
@ -465,17 +465,17 @@ Use this procedure for pre-GDR1 devices.
1. Trigger a device scan. Go to **Settings** -&gt; **Phone Update** -&gt; **Check for Updates**.
Since the DUReport settings have not been remedied, you should see a non-compliance.
2. In System Center Configuration Manager under **Assets and Compliance** &gt; **Compliance Settings**, right-click on **Configuration Items**.
2. In Microsoft Endpoint Configuration Manager under **Assets and Compliance** &gt; **Compliance Settings**, right-click on **Configuration Items**.
3. Select **Create Configuration Item**.
![device update using sccm](images/windowsembedded-update5.png)
![device update using Configuration Manager](images/windowsembedded-update5.png)
4. Enter a filename (such as GetDUReport) and then choose **Mobile Device**.
5. In the **Mobile Device Settings** page, check the box **Configure Additional Settings that are not in the default settings group**, and the click **Next**.
![device update using sccm](images/windowsembedded-update6.png)
![device update using Configuration Manager](images/windowsembedded-update6.png)
6. In the **Additional Settings** page, click **Add**.
![device update using sccm](images/windowsembedded-update7.png)
![device update using Configuration Manager](images/windowsembedded-update7.png)
7. In the **Browse Settings** page, click **Create Setting**.
![device update](images/windowsembedded-update8.png)

4
windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
View File

@ -279,7 +279,7 @@ There are a few instances where your device may not be able to connect to work,
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
| Your device is already connected to your organizations cloud. | Your device is already connected to either Azure AD, a work or school account, or an AD domain. |
| We could not find your identity in your organizations cloud. | The username you entered was not found on your Azure AD tenant. |
| Your device is already being managed by an organization. | Your device is either already managed by MDM or System Center Configuration Manager. |
| Your device is already being managed by an organization. | Your device is either already managed by MDM or Microsoft Endpoint Configuration Manager. |
| You dont have the right privileges to perform this operation. Please talk to your admin. | You cannot enroll your device into MDM as a standard user. You must be on an administrator account. |
| We couldnt auto-discover a management endpoint matching the username entered. Please check your username and try again. If you know the URL to your management endpoint, please enter it. | You need to provide the server URL for your MDM or check the spelling of the username you entered. |
@ -359,7 +359,7 @@ The **Info** button can be found on work or school connections involving MDM. Th
Clicking the **Info** button will open a new page in the Settings app that provides details about your MDM connection. Youll be able to view your organizations support information (if configured) on this page. Youll also be able to start a sync session which will force your device to communicate to the MDM server and fetch any updates to policies if needed.
Starting in Windows 10, version 1709, clicking the **Info** button will show a list of policies and line-of-business apps installed by your organization. Here is an example screehshot.
Starting in Windows 10, version 1709, clicking the **Info** button will show a list of policies and line-of-business apps installed by your organization. Here is an example screenshot.
![work or school info](images/unifiedenrollment-rs1-35-b.png)

16
windows/client-management/mdm/policy-ddf-file.md
View File

@ -1657,10 +1657,10 @@ If disabled or not configured, extensions defined as part of this policy get ign
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager (https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows)</Description>
<DFFormat>
<chr/>
@ -11034,10 +11034,10 @@ If disabled or not configured, extensions defined as part of this policy get ign
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager (https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows)</Description>
<DFFormat>
<chr/>
@ -23032,10 +23032,10 @@ If disabled or not configured, extensions defined as part of this policy get ign
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager (https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows)</Description>
<DFFormat>
<chr/>
@ -51686,10 +51686,10 @@ If disabled or not configured, extensions defined as part of this policy get ign
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager (https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows)</Description>
<DFFormat>
<chr/>

23
windows/client-management/windows-10-mobile-and-mdm.md
View File

@ -37,7 +37,7 @@ Windows 10 supports end-to-end device lifecycle management to give companies con
## Deploy
Windows 10 Mobile has a built-in device management client to deploy, configure, maintain, and support smartphones. Common to all editions of the Windows 10 operating system, including desktop, mobile, and Internet of Things (IoT), this client provides a single interface through which Mobile Device Management (MDM) solutions can manage any device that runs Windows 10. Because the MDM client integrates with identity management, the effort required to manage devices throughout the lifecycle is greatly reduced.
Windows 10 includes comprehensive MDM capabilities that can be managed by Microsoft management solutions, such as Microsoft Intune or System Center Configuration Manager, as well as many third-party MDM solutions. There is no need to install an additional, custom MDM app to enroll devices and bring them under MDM control. All MDM system vendors have equal access to Windows 10 Mobile device management application programming interfaces (APIs), giving IT organizations the freedom to select whichever system best fits their management requirements, whether Microsoft Intune or a third-party MDM product. For more information about Windows 10 Mobile device management APIs, see [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=734050).
Windows 10 includes comprehensive MDM capabilities that can be managed by Microsoft management solutions, such as Microsoft Intune or Microsoft Endpoint Configuration Manager, as well as many third-party MDM solutions. There is no need to install an additional, custom MDM app to enroll devices and bring them under MDM control. All MDM system vendors have equal access to Windows 10 Mobile device management application programming interfaces (APIs), giving IT organizations the freedom to select whichever system best fits their management requirements, whether Microsoft Intune or a third-party MDM product. For more information about Windows 10 Mobile device management APIs, see [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=734050).
### <a href="" id="deployment-scenarios"></a>Deployment scenarios
@ -187,7 +187,6 @@ Azure AD is a cloud-based directory service that provides identity and access ma
**Mobile Device Management**
Microsoft [Intune](https://www.microsoft.com/server-cloud/products/microsoft-intune/overview.aspx), part of the Enterprise Mobility + Security, is a cloud-based MDM system that manages devices off premises. Like Office 365, Intune uses Azure AD for identity management so employees use the same credentials to enroll devices in Intune that they use to sign into Office 365. Intune supports devices that run other operating systems, such as iOS and Android, to provide a complete MDM solution.
You can also integrate Intune with Configuration Manager to gain a single console for managing all devices in the cloud and on premises, mobile or PC. For more information, see [Manage Mobile Devices with Configuration Manager and Microsoft Intune](https://technet.microsoft.com/library/jj884158.aspx). For guidance on choosing between a stand-alone Intune installation and Intune integrated with System Center Configuration Manager, see Choose between Intune by itself or integrating Intune with System Center Configuration Manager.
Multiple MDM systems support Windows 10 and most support personal and corporate device deployment scenarios. MDM providers that support Windows 10 Mobile currently include: AirWatch, Citrix, MobileIron, SOTI, Blackberry and others. Most industry-leading MDM vendors already support integration with Azure AD. You can find the MDM vendors that support Azure AD in [Azure Marketplace](https://azure.microsoft.com/marketplace/). If your organization doesnt use Azure AD, the user must use an MSA during OOBE before enrolling the device in your MDM using a corporate account.
>**Note:** Although not covered in this guide, you can use Exchange ActiveSync (EAS) to manage mobile devices instead of using a full-featured MDM system. EAS is available in Microsoft Exchange Server 2010 or later and Office 365.
@ -280,7 +279,7 @@ Employees are usually allowed to change certain personal device settings that yo
*Applies to: Corporate devices*
Windows 10 Mobile devices use state-of-the-art technology that includes popular hardware features such as cameras, global positioning system (GPS) sensors, microphones, speakers, near-field communication (NFC) radios, storage card slots, USB interfaces, Bluetooth interfaces, cellular radios, and Wi Fi. You can use hardware restrictions to control the availability of these features.
Windows 10 Mobile devices use state-of-the-art technology that includes popular hardware features such as cameras, global positioning system (GPS) sensors, microphones, speakers, near-field communication (NFC) radios, storage card slots, USB interfaces, Bluetooth interfaces, cellular radios, and Wi-Fi. You can use hardware restrictions to control the availability of these features.
The following lists the MDM settings that Windows 10 Mobile supports to configure hardware restrictions.
@ -303,12 +302,12 @@ The following lists the MDM settings that Windows 10 Mobile supports to configur
*Applies to: Personal and corporate devices*
Certificates help improve security by providing account authentication, Wi Fi authentication, VPN encryption, and SSL encryption of web content. Although users can manage certificates on devices manually, its a best practice to use your MDM system to manage those certificates throughout their entire lifecycle from enrollment through renewal and revocation.
Certificates help improve security by providing account authentication, Wi-Fi authentication, VPN encryption, and SSL encryption of web content. Although users can manage certificates on devices manually, its a best practice to use your MDM system to manage those certificates throughout their entire lifecycle from enrollment through renewal and revocation.
To install certificates manually, you can post them on Microsoft Edge website or send them directly via email, which is ideal for testing purposes.
Using SCEP and MDM systems, certificate management is completely transparent and requires no user intervention, helping improve user productivity, and reduce support calls. Your MDM system can automatically deploy these certificates to the devices certificate stores after you enroll the device (as long as the MDM system supports the Simple Certificate Enrollment Protocol (SCEP) or Personal Information Exchange (PFX)). The MDM server can also query and delete SCEP enrolled client certificate (including user installed certificates), or trigger a new enrollment request before the current certificate is expired.
In addition to SCEP certificate management, Windows 10 Mobile supports deployment of PFX certificates. The table below lists the Windows 10 Mobile PFX certificate deployment settings.
Get more detailed information about MDM certificate management in the [Client Certificate Install CSP](https://msdn.microsoft.com/library/windows/hardware/dn920023(v=vs.85).aspx) and [Install digital certificates on Windows 10 Mobile](/windows/access-protection/installing-digital-certificates-on-windows-10-mobile).
Use the Allow Manual Root Certificate Installation setting to prevent users from manually installing root and intermediate CA certificates intentionally or accidently.
Use the Allow Manual Root Certificate Installation setting to prevent users from manually installing root and intermediate CA certificates intentionally or accidentally.
> **Note:** To diagnose certificate-related issues on Windows 10 Mobile devices, use the free Certificates app in Microsoft Store. This Windows 10 Mobile app can help you:
> - View a summary of all personal certificates
@ -322,11 +321,11 @@ Use the Allow Manual Root Certificate Installation setting to prevent users from
*Applies to: Corporate and personal devices*
Wi-Fi is used on mobile devices as much as, or more than, cellular data connections. Most corporate Wi Fi networks require certificates and other complex information to restrict and secure user access. This advanced Wi Fi information is difficult for typical users to configure, but MDM systems can fully configure these Wi-Fi profiles without user intervention.
Wi-Fi is used on mobile devices as much as, or more than, cellular data connections. Most corporate Wi-Fi networks require certificates and other complex information to restrict and secure user access. This advanced Wi-Fi information is difficult for typical users to configure, but MDM systems can fully configure these Wi-Fi profiles without user intervention.
You can create multiple Wi-Fi profiles in your MDM system. The below table lists the Windows 10 Mobile Wi Fi connection profile settings that can be configured by administrators.
- **SSID** The case-sensitive name of the Wi Fi network Service Set Identifier
- **Security type** The type of security the Wi Fi network uses; can be one of the following authentication types:
- **SSID** The case-sensitive name of the Wi-Fi network Service Set Identifier
- **Security type** The type of security the Wi-Fi network uses; can be one of the following authentication types:
- Open 802.11
- Shared 802.11
- WPA-Enterprise 802.11
@ -341,13 +340,13 @@ You can create multiple Wi-Fi profiles in your MDM system. The below table lists
- **Extensible Authentication Protocol Transport Layer Security (EAP-TLS)** WPA-Enterprise 802.11 and WPA2-Enterprise 802.11 security types can use EAP-TLS with certificates for authentication
- **Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MSCHAPv2)** WPA-Enterprise 802.11 and WPA2-Enterprise 802.11 security types can use PEAP-MSCHAPv2 with a user name and password for authentication
- **Shared key** WPA-Personal 802.11 and WPA2-Personal 802.11 security types can use a shared key for authentication.
- **Proxy** The configuration of any network proxy that the Wi Fi connection requires (to specify the proxy server, use its fully qualified domain name [FQDN], Internet Protocol version 4 [IPv4] address, IP version 6 [IPv6] address, or IPvFuture address)
- **Disable Internet connectivity checks** Whether the Wi Fi connection should check for Internet connectivity
- **Proxy** The configuration of any network proxy that the Wi-Fi connection requires (to specify the proxy server, use its fully qualified domain name [FQDN], Internet Protocol version 4 [IPv4] address, IP version 6 [IPv6] address, or IPvFuture address)
- **Disable Internet connectivity checks** Whether the Wi-Fi connection should check for Internet connectivity
- **Proxy auto-configuration URL** A URL that specifies the proxy auto-configuration file
- **Enable Web Proxy Auto-Discovery Protocol (WPAD)** Specifies whether WPAD is enabled
In addition, you can set a few device wide Wi-Fi settings.
- **Allow Auto Connect to Wi Fi Sense Hotspots** Whether the device will automatically detect and connect to Wi-Fi networks
- **Allow Auto Connect to Wi-Fi Sense Hotspots** Whether the device will automatically detect and connect to Wi-Fi networks
- **Allow Manual Wi-Fi Configuration** Whether the user can manually configure Wi-Fi settings
- **Allow Wi-Fi** Whether the Wi-Fi hardware is enabled
- **Allow Internet Sharing** Allow or disallow Internet sharing
@ -958,7 +957,7 @@ DHA-enabled device management solutions help IT managers create a unified securi
For more information about health attestation in Windows 10 Mobile, see the [Windows 10 Mobile security guide](/windows/device-security/windows-10-mobile-security-guide).
Thisis a lists of attributes that are supported by DHA and can trigger the corrective actions mentioned above.
This is a list of attributes that are supported by DHA and can trigger the corrective actions mentioned above.
- **Attestation Identity Key (AIK) present** Indicates that an AIK is present (i.e., the device can be trusted more than a device without an AIK).
- **Data Execution Prevention (DEP) enabled** Whether a DEP policy is enabled for the device, indicating that the device can be trusted more than a device without a DEP policy.
- **BitLocker status** BitLocker helps protect the storage on the device. A device with BitLocker can be trusted more than a device without BitLocker.