deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into atp-onboarding-nonwindows

Browse Source
This commit is contained in:
Joey Caparas 2017-08-11 14:26:18 -07:00
commit fe5cecde93
25 changed files with 603 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
bcs/index.md
View File

@ -13,7 +13,7 @@ description: Learn about the product documentation and resources available for M
<div class="container">
<ul class="cardsY panelContent featuredContent">
<li>
<a href="http://www.microsoft.com/en-us/microsoft-365/business">
<a href="http://www.microsoft.com/en-us/microsoft-365/business" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -31,7 +31,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/496e690b-b75d-4ff5-bf34-cc32905d0364">
<a href="https://support.office.com/article/496e690b-b75d-4ff5-bf34-cc32905d0364" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -65,7 +65,7 @@ description: Learn about the product documentation and resources available for M
</div>
</li>
<li>
<a href="http://www.microsoft.com/en-us/microsoft-365/business">
<a href="http://www.microsoft.com/en-us/microsoft-365/business" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -84,7 +84,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="support/microsoft-365-business-faqs.md">
<a href="support/microsoft-365-business-faqs.md" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -103,7 +103,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/496e690b-b75d-4ff5-bf34-cc32905d0364">
<a href="https://support.office.com/article/496e690b-b75d-4ff5-bf34-cc32905d0364" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -132,7 +132,7 @@ description: Learn about the product documentation and resources available for M
</div>
</li>
<li>
<a href="https://support.office.com/article/96153102-1db1-4df8-bca5-38cea80b65ce">
<a href="https://support.office.com/article/96153102-1db1-4df8-bca5-38cea80b65ce" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -151,7 +151,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/d5155593-3bac-4d8d-9d8b-f4513a81479e">
<a href="https://support.office.com/article/d5155593-3bac-4d8d-9d8b-f4513a81479e" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -180,7 +180,7 @@ description: Learn about the product documentation and resources available for M
</div>
</li>
<li>
<a href="https://support.office.com/article/ed34fff3-2881-4ed4-9906-1ba6bb8dd804">
<a href="https://support.office.com/article/ed34fff3-2881-4ed4-9906-1ba6bb8dd804" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -199,7 +199,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/cbc6bfe5-565a-4fb8-95f0-b06e7b74ac46">
<a href="https://support.office.com/article/cbc6bfe5-565a-4fb8-95f0-b06e7b74ac46" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -218,7 +218,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/80bdae57-f8bc-4e40-a58c-956007117ecb">
<a href="https://support.office.com/article/80bdae57-f8bc-4e40-a58c-956007117ecb" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -237,7 +237,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/c4db6caf-74df-4734-b1dd-53e371c7a3c3">
<a href="https://support.office.com/article/c4db6caf-74df-4734-b1dd-53e371c7a3c3" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -266,7 +266,7 @@ description: Learn about the product documentation and resources available for M
</div>
</li>
<li>
<a href="https://support.office.com/article/bd66c26c-73a4-45a8-8642-3ea4ee7cd89d">
<a href="https://support.office.com/article/bd66c26c-73a4-45a8-8642-3ea4ee7cd89d" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -285,7 +285,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/6b70fa27-d171-4593-8ecf-f78bb4ed2e99">
<a href="https://support.office.com/article/6b70fa27-d171-4593-8ecf-f78bb4ed2e99" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -333,7 +333,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/365-1b3b5318-6977-42ed-b5c7-96fa74b08846">
<a href="https://support.office.com/article/365-1b3b5318-6977-42ed-b5c7-96fa74b08846" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -352,7 +352,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/FDECCEED-0702-4AF3-85BE-F2A0013937EF">
<a href="https://support.office.com/article/FDECCEED-0702-4AF3-85BE-F2A0013937EF" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -371,7 +371,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/2d7ff45e-0da0-4caa-89a9-48cabf41f193">
<a href="https://support.office.com/article/2d7ff45e-0da0-4caa-89a9-48cabf41f193" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -400,7 +400,7 @@ description: Learn about the product documentation and resources available for M
</div>
</li>
<li>
<a href="https://www.microsoft.com/solution-providers/search">
<a href="https://www.microsoft.com/solution-providers/search" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -419,7 +419,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/496e690b-b75d-4ff5-bf34-cc32905d0364#bkmk_support">
<a href="https://support.office.com/article/496e690b-b75d-4ff5-bf34-cc32905d0364#bkmk_support" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -488,7 +488,7 @@ description: Learn about the product documentation and resources available for M
</li>
-->
<li>
<a href="https://docs.microsoft.com/en-us/windows/windows-10/">
<a href="https://docs.microsoft.com/en-us/windows/windows-10/" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -507,7 +507,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://msdn.microsoft.com/partner-center/autopilot">
<a href="https://msdn.microsoft.com/partner-center/autopilot" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -536,7 +536,7 @@ description: Learn about the product documentation and resources available for M
</div>
</li>
<li>
<a href="https://support.office.com/article/1970f7d6-03b5-442f-b385-5880b9c256ec">
<a href="https://support.office.com/article/1970f7d6-03b5-442f-b385-5880b9c256ec" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -555,7 +555,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/365-2d2fa996-b760-411d-a5cc-190d63f13207">
<a href="https://support.office.com/article/365-2d2fa996-b760-411d-a5cc-190d63f13207" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -595,7 +595,7 @@ description: Learn about the product documentation and resources available for M
</li>
-->
<li>
<a href="https://support.office.com/article/74a1ef8b-3844-4d08-9980-9f8f7a36000f">
<a href="https://support.office.com/article/74a1ef8b-3844-4d08-9980-9f8f7a36000f" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -614,7 +614,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/7a5d073b-7fae-4aa5-8f96-9ecd041aba9c">
<a href="https://support.office.com/article/7a5d073b-7fae-4aa5-8f96-9ecd041aba9c" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -633,7 +633,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/ea7bf1b2-1c2f-477f-a813-313e3ce0d896">
<a href="https://support.office.com/article/ea7bf1b2-1c2f-477f-a813-313e3ce0d896" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -652,7 +652,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/a27f1a99-3557-4f85-9560-a28e3d822a40">
<a href="https://support.office.com/article/a27f1a99-3557-4f85-9560-a28e3d822a40" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -671,7 +671,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/46c667f7-5073-47b9-a75f-05a60cf77d91">
<a href="https://support.office.com/article/46c667f7-5073-47b9-a75f-05a60cf77d91" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -710,7 +710,7 @@ description: Learn about the product documentation and resources available for M
</div>
</li>
<li>
<a href="https://support.office.com/article/d868561b-d340-4c04-a973-e2575d7f09bc">
<a href="https://support.office.com/article/d868561b-d340-4c04-a973-e2575d7f09bc" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -729,9 +729,9 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/eb8244aa-a302-481a-b2b5-d34e88b18ec7">
<a href="https://support.office.com/article/eb8244aa-a302-481a-b2b5-d34e88b18ec7" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="cardPadding">
<div class="card">
<div class="cardImageOuter">
<div class="cardImage bgdAccent1">
@ -748,7 +748,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/2d7ff45e-0da0-4caa-89a9-48cabf41f193">
<a href="https://support.office.com/article/2d7ff45e-0da0-4caa-89a9-48cabf41f193" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -767,7 +767,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://support.office.com/article/2d7ff45e-0da0-4caa-89a9-48cabf41f193">
<a href="https://support.office.com/article/2d7ff45e-0da0-4caa-89a9-48cabf41f193" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -796,7 +796,7 @@ description: Learn about the product documentation and resources available for M
</div>
</li>
<li>
<a href="http://support.office.com">
<a href="http://support.office.com" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -815,7 +815,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="http://support.microsoft.com/products/windows">
<a href="http://support.microsoft.com/products/windows" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -849,7 +849,7 @@ description: Learn about the product documentation and resources available for M
</div>
</li>
<li>
<a href="http://www.microsoft.com/en-us/microsoft-365/business">
<a href="http://www.microsoft.com/en-us/microsoft-365/business" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -868,7 +868,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="support/microsoft-365-business-faqs.md">
<a href="support/microsoft-365-business-faqs.md" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -887,7 +887,7 @@ description: Learn about the product documentation and resources available for M
</a>
</li>
<li>
<a href="https://www.microsoft.com/solution-providers/search">
<a href="https://www.microsoft.com/solution-providers/search" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">

2
browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
View File

@ -23,7 +23,7 @@ ms.sitesec: library
You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode. You can add and remove sites from your XML list as frequently as you want, changing which sites should render in Enterprise Mode for your employees. For information about turning on Enterprise Mode and using site lists, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
The information in this topic only covers HTTP protocol. We strongly recommend that you use HTTP protocol instead of file protocol due to increased performance.
The information in this topic only covers HTTPS protocol. We strongly recommend that you use HTTPS protocol instead of file protocol due to increased performance.
**How Internet Explorer 11 looks for an updated site list**

BIN
browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-grouppolicysitelist.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 30 KiB

After

Width:  |  Height:  |  Size: 39 KiB

BIN
browsers/internet-explorer/ie11-deploy-guide/images/ie-emie-registrysitelist.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 14 KiB

After

Width:  |  Height:  |  Size: 18 KiB

6
browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
View File

@ -23,8 +23,8 @@ ms.sitesec: library
Before you can use a site list with Enterprise Mode, you need to turn the functionality on and set up the system for centralized control. By allowing centralized control, you can create one global list of websites that render using Enterprise Mode. Approximately 65 seconds after Internet Explorer 11 starts, it looks for a properly formatted site list. If a new site list if found, with a different version number than the active list, IE11 loads and uses the newer version. After the initial check, IE11 wont look for an updated list again until you restart the browser.
**Note**<br>
We recommend that you store and download your website list from a secure web sever (https://), to help protect against data tampering. After the list is downloaded, it's stored locally on your employees computers so if the centralized file location is unavailable, they can still use Enterprise Mode.
>[!NOTE]
>We recommend that you store and download your website list from a secure web server (https://), to help protect against data tampering. After the list is downloaded, it's stored locally on your employees' computers so if the centralized file location is unavailable, they can still use Enterprise Mode.
**To turn on Enterprise Mode using Group Policy**
@ -45,7 +45,7 @@ Turning this setting on also requires you to create and store a site list. For m
![enterprise mode with site list in the registry](images/ie-emie-registrysitelist.png)
- **HTTP location**: `"SiteList"="http://localhost:8080/sites.xml"`
- **HTTPS location**: `"SiteList"="https://localhost:8080/sites.xml"`
- **Local network:** `"SiteList"="\\network\shares\sites.xml"`

4
education/windows/use-set-up-school-pcs-app.md
View File

@ -233,7 +233,7 @@ The **Set up School PCs** app guides you through the configuration choices for t
![Select the USB drive and save the provisioning package](images/suspc_savepackage_insertusb.png)
11. When the provisioning package is ready, you will see the name of the file and you can remove the USB drive. Click **Next** if you're done, or click **Add a USB** to save the same provisioning package to another USB drive.
11. <a name="suspc_pkgready"></a>When the provisioning package is ready, you will see the name of the file and you can remove the USB drive. Click **Next** if you're done, or click **Add a USB** to save the same provisioning package to another USB drive.
**Figure 9** - Provisioning package is ready
@ -246,7 +246,7 @@ The **Set up School PCs** app guides you through the configuration choices for t
![Line up the student PCs and get them ready for setup](images/suspc_runpackage_getpcsready.png)
13. Click **Next**.
14. In the **Install the package** page, follow the instructions in [Apply the provisioning package to the student PCs](#apply-the-provisioning-package-to-the-student-pcs) to set up the student PCs.
14. <a name="suspc_installpkg"></a>In the **Install the package** page, follow the instructions in [Apply the provisioning package to the student PCs](#apply-the-provisioning-package-to-the-student-pcs) to set up the student PCs.
Select **Create new package** if you need to create a new provisioning package. Otherwise, you can remove the USB drive if you're completely done creating the package.

2
windows/application-management/TOC.md
View File

@ -100,5 +100,5 @@
#### [Viewing App-V Server Publishing Metadata](app-v/appv-viewing-appv-server-publishing-metadata.md)
#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md)
## [Service Host process refactoring](svchost-service-refactoring.md)
## [Deploy app updgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md)
## [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md)
## [Change history for Application management](change-history-for-application-management.md)

1
windows/client-management/mdm/TOC.md
View File

@ -6,6 +6,7 @@
### [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md)
### [On-premise authentication device enrollment](on-premise-authentication-device-enrollment.md)
## [Understanding ADMX-backed policies](understanding-admx-backed-policies.md)
## [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md)
## [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md)
## [Implement server-side support for mobile application management on Windows](implement-server-side-mobile-application-management.md)
## [Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)

66
windows/client-management/mdm/applocker-csp.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 06/19/2017
ms.date: 08/10/2017
---
# AppLocker CSP
@ -791,8 +791,70 @@ The following list shows the apps that may be included in the inbox.
 
## Whitelist example
## Whitelist examples
The following example disables the calendar application.
``` syntax
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Add>
<CmdID>$CmdID$</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
<Type xmlns="syncml:metinf">text/plain</Type>
</Meta>
<Data>&lt;AppPolicy Version="1" xmlns="http://schemas.microsoft.com/phone/2013/policy"&gt;&lt;Deny&gt;&lt;App ProductId="{a558feba-85d7-4665-b5d8-a2ff9c19799b}"/&gt;&lt;/Deny&gt;&lt;/AppPolicy&gt;
</Data>
</Item>
</Add>
<Final/>
</SyncBody>
</SyncML>
```
The following example blocks the usage of the map application.
``` syntax
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Add>
<CmdID>$CmdID$</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/AppLockerPhoneGroup0/StoreApps/Policy</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>
&lt;RuleCollection Type="Appx" EnforcementMode="Enabled"&gt;
&lt;FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed Appx packages" Description="Allows members of the Everyone group to run Appx packages that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
&lt;Conditions&gt;
&lt;FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"&gt;
&lt;BinaryVersionRange LowSection="0.0.0.0" HighSection="*" /&gt;
&lt;/FilePublisherCondition&gt;
&lt;/Conditions&gt;
&lt;/FilePublisherRule&gt;
&lt;FilePublisherRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="Deny Splash appmaps" Description="Deny members of the local Administrators group to run maps." UserOrGroupSid="S-1-1-0" Action="Deny"&gt;
&lt;Conditions&gt;
&lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsMaps" BinaryName="*" /&gt;
&lt;/Conditions&gt;
&lt;/FilePublisherRule&gt;
&lt;/RuleCollection&gt;
</Data>
</Item>
</Add>
<Final/>
</SyncBody>
</SyncML>
```
The following example for Windows 10 Mobile denies all apps and allows the following apps:

22
windows/client-management/mdm/devicemanageability-csp.md
View File

@ -7,12 +7,15 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 06/19/2017
ms.date: 08/10/2017
---
# DeviceManageability CSP
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The DeviceManageability configuration service provider (CSP) is used retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607.
For performance reasons DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that the both paths return the same information.
@ -30,11 +33,24 @@ Interior node.
<a href="" id="capabilities-cspversions"></a>**Capabilities/CSPVersions**
Returns the versions of all configuration service providers supported on the device for the MDM service.
<a href="" id="capabilities"></a>**Provider**
Added in Windows 10, version 1709. Interior node.
<a href="" id="capabilities-cspversions"></a>**Provider/_ProviderID_**
Added in Windows 10, version 1709. Provider ID of the configuration source.
 
<a href="" id="capabilities-cspversions"></a>**Provider/_ProviderID_/ConfigInfo**
Added in Windows 10, version 1709. Configuration information string value set by the configuration source. Recommended to be used during sync session.
The MDM server can query ConfigInfo to determine the settings of the traditional PC management system. The MDM can also configure ConfigInfo with its own device management information.
Data type is string. Supported operations are Add, Get, Delete, and Replace.
<a href="" id="capabilities-cspversions"></a>**Provider/_ProviderID_/EnrollmentInfo**
Added in Windows 10, version 1709. Enrollment information string value set by the configuration source. Recommended to send to server during MDM enrollment.
Data type is string. Supported operations are Add, Get, Delete, and Replace. 
 

107
windows/client-management/mdm/devicemanageability-ddf.md
View File

@ -7,12 +7,15 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 06/19/2017
ms.date: 08/10/2017
---
# DeviceManageability DDF
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic shows the OMA DM device description framework (DDF) for the DeviceManageability configuration service provider. This CSP was added in Windows 10, version 1607.
You can download the DDF files from the links below:
@ -20,7 +23,7 @@ You can download the DDF files from the links below:
- [Download all the DDF files for Windows 10, version 1703](http://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1607](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip)
The XML below is the current version for this CSP.
The XML below is for Windows 10, version 1709.
``` syntax
<?xml version="1.0" encoding="UTF-8"?>
@ -46,7 +49,7 @@ The XML below is the current version for this CSP.
<Permanent />
</Scope>
<DFType>
<MIME>com.microsoft/1.0/MDM/DeviceManageability</MIME>
<MIME>com.microsoft/1.1/MDM/DeviceManageability</MIME>
</DFType>
</DFProperties>
<Node>
@ -90,9 +93,105 @@ The XML below is the current version for this CSP.
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Provider</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Provider</DFTitle>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName></NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
</AccessType>
<Description>Provider ID String of the Configuration Source</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>ProviderID</DFTitle>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>ConfigInfo</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
<Add />
<Delete />
</AccessType>
<Description>Configuration Info string value set by the config source. Recommended to be used during sync session.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>ConfigInfo</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>EnrollmentInfo</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<Description>Enrollment Info string value set by the config source. Recommended to sent to server during MDM enrollment.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>EnrollmentInfo</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
</Node>
</MgmtTree>
```
 

300
windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md Normal file
View File

@ -0,0 +1,300 @@
---
title: Enable ADMX-backed policies in MDM
description: Guide to configuring ADMX-backed policies in MDM
ms.author: maricia
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 08/11/2017
---
# Enable ADMX-backed policies in MDM
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This is a step-by-step guide to configuring ADMX-backed policies in MDM.
Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support expanded to allow access of select Group Policy administrative templates (ADMX-backed policies) for Windows PCs via the [Policy configuration service provider (CSP)](policy-configuration-service-provider.md). Configuring ADMX-backed policies in Policy CSP is different from the typical way you configure a traditional MDM policy.
Summary of steps to enable a policy:
- Find the policy from the list ADMX-backed policies.
- Find the Group Policy related information from the MDM policy description.
- Use the Group Policy Editor to determine whether there are parameters necessary to enable the policy.
- Create the data payload for the SyncML.
## Enable a policy
1. Find the policy from the list [ADMX-backed policies](policy-configuration-service-provider.md#admx-backed-policies). You need the following information listed in the policy description.
- GP English name
- GP name
- GP ADMX file name
- GP path
2. Use the Group Policy Editor to determine whether you need additional information to enable the policy. Run GPEdit.msc
1. Click **Start**, then in the text box type **gpedit**.
2. Under **Best match**, click **Edit group policy** to launch it.
![GPEdit search](images/admx-gpedit-search.png)
3. In **Local Computer Policy** navigate to the policy you want to configure.
In this example, navigate to **Administrative Templates > System > App-V**.
![App-V policies](images/admx-appv.png)
4. Double-click **Enable App-V Client**.
The **Options** section is empty, which means there are no parameters necessary to enable the policy. If the **Options** section is not empty, follow the procedure in [Enable a policy that requires parameters](#enable-a-policy-that-requires-parameters)
![Enable App-V client](images/admx-appv-enableapp-vclient.png)
3. Create the SyncML to enable the policy that does not require any parameter.
In this example you configure **Enable App-V Client** to **Enabled**.
> [!Note]
> The \<Data> payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
``` syntax
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Meta>
<Format>chr</Format>
<Type>text/plain</Type>
</Meta>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/AllowAppVClient </LocURI>
</Target>
<Data>&lt;Enabled/&gt;</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
```
## Enable a policy that requires parameters
1. Create the SyncML to enable the policy that requires parameters.
In this example, the policy is in **Administrative Templates > System > App-V > Publishing**.
1. Double-click **Publishing Server 2 Settings** to see the parameters you need to configure when you enable this policy.
![Enable publishing server 2 policy](images/admx-appv-publishingserver2.png)
![Enable publishing server 2 settings](images/admx-app-v-enablepublishingserver2settings.png)
2. Find the variable names of the parameters in the ADMX file.
You can find the ADMX file name in the policy description in Policy CSP. In this example, the filename appv.admx is listed in [AppVirtualization/PublishingAllowServer2](policy-configuration-service-provider.md#appvirtualization-publishingallowserver2).
![Publishing server 2 policy description](images/admx-appv-policy-description.png)
3. Navigate to **C:\Windows\PolicyDefinitions** (default location of the admx files) and open appv.admx.
4. Search for GP name **Publishing_Server2_policy**.
5. Under **policy name="Publishing_Server2_Policy"** you can see the \<elements> listed. The text id and enum id represents the data id you need to include in the SyncML data payload. They correspond to the fields you see in GP Editor.
Here is the snippet from appv.admx:
``` syntax
<!-- Publishing Server 2 -->
<policy name="Publishing_Server2_Policy" class="Machine" displayName="$(string.PublishingServer2)"
explainText="$(string.Publishing_Server_Help)" presentation="$(presentation.Publishing_Server2)"
key="SOFTWARE\Policies\Microsoft\AppV\Client\Publishing\Servers\2">
<parentCategory ref="CAT_Publishing" />
<supportedOn ref="windows:SUPPORTED_Windows7" />
<elements>
<text id="Publishing_Server2_Name_Prompt" valueName="Name" required="true"/>
<text id="Publishing_Server_URL_Prompt" valueName="URL" required="true"/>
<enum id="Global_Publishing_Refresh_Options" valueName="GlobalEnabled">
<item displayName="$(string.False)">
<value>
<decimal value="0"/>
</value>
</item>
<item displayName="$(string.True)">
<value>
<decimal value="1"/>
</value>
</item>
</enum>
<enum id="Global_Refresh_OnLogon_Options" valueName="GlobalLogonRefresh">
<item displayName="$(string.False)">
<value>
<decimal value="0"/>
</value>
</item>
<item displayName="$(string.True)">
<value>
<decimal value="1"/>
</value>
</item>
</enum>
<decimal id="Global_Refresh_Interval_Prompt" valueName="GlobalPeriodicRefreshInterval" minValue="0" maxValue="31"/>
<enum id="Global_Refresh_Unit_Options" valueName="GlobalPeriodicRefreshIntervalUnit">
<item displayName="$(string.Hour)">
<value>
<decimal value="0"/>
</value>
</item>
<item displayName="$(string.Day)">
<value>
<decimal value="1"/>
</value>
</item>
</enum>
<enum id="User_Publishing_Refresh_Options" valueName="UserEnabled">
<item displayName="$(string.False)">
<value>
<decimal value="0"/>
</value>
</item>
<item displayName="$(string.True)">
<value>
<decimal value="1"/>
</value>
</item>
</enum>
<enum id="User_Refresh_OnLogon_Options" valueName="UserLogonRefresh">
<item displayName="$(string.False)">
<value>
<decimal value="0"/>
</value>
</item>
<item displayName="$(string.True)">
<value>
<decimal value="1"/>
</value>
</item>
</enum>
<decimal id="User_Refresh_Interval_Prompt" valueName="UserPeriodicRefreshInterval" minValue="0" maxValue="31"/>
<enum id="User_Refresh_Unit_Options" valueName="UserPeriodicRefreshIntervalUnit">
<item displayName="$(string.Hour)">
<value>
<decimal value="0"/>
</value>
</item>
<item displayName="$(string.Day)">
<value>
<decimal value="1"/>
</value>
</item>
</enum>
</elements>
</policy>
```
6. From the \<elements> tag, copy all the text id and enum id and create an XML with data id and value fields. The value field contains the configuration settings you would enter in the GP Editor.
Here is the example XML for Publishing_Server2_Policy :
``` syntax
<data id="Publishing_Server2_Name_Prompt" value="Name"/>
<data id="Publishing_Server_URL_Prompt" value="http://someuri"/>
<data id="Global_Publishing_Refresh_Options" value="1"/>
<data id="Global_Refresh_OnLogon_Options" value="0"/>
<data id="Global_Refresh_Interval_Prompt" value="15"/>
<data id="Global_Refresh_Unit_Options" value="0"/>
<data id="User_Publishing_Refresh_Options" value="0"/>
<data id="User_Refresh_OnLogon_Options" value="0"/>
<data id="User_Refresh_Interval_Prompt" value="15"/>
<data id="User_Refresh_Unit_Options" value="1"/>
```
7. Create the SyncML to enable the policy. Payload contains \<enabled/> and name/value pairs.
Here is the example for **AppVirtualization/PublishingAllowServer2**:
> [!Note]
> The \<Data> payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
``` syntax
<?xml version="1.0" encoding="utf-8"?>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Meta>
<Format>chr</Format>
<Type>text/plain</Type>
</Meta>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/PublishingAllowServer2</LocURI>
</Target>
<![CDATA[<enabled/><data id="Publishing_Server2_Name_Prompt" value="name prompt"/><data
id="Publishing_Server_URL_Prompt" value="URL prompt"/><data
id="Global_Publishing_Refresh_Options" value="1"/><data
id="Global_Refresh_OnLogon_Options" value="0"/><data
id="Global_Refresh_Interval_Prompt" value="15"/><data
id="Global_Refresh_Unit_Options" value="0"/><data
id="User_Publishing_Refresh_Options" value="0"/><data
id="User_Refresh_OnLogon_Options" value="0"/><data
id="User_Refresh_Interval_Prompt" value="15"/><data
id="User_Refresh_Unit_Options" value="1"/>]]>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
```
## Disable a policy
The \<Data> payload is \<disabled/>. Here is an example to disable AppVirtualization/PublishingAllowServer2.
``` syntax
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Meta>
<Format>chr</Format>
<Type>text/plain</Type>
</Meta>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/PublishingAllowServer2</LocURI>
</Target>
<Data>&lt;disabled/&gt;</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
```
## Setting a policy to not configured
The \<Data> payload is empty. Here an example to set AppVirtualization/PublishingAllowServer2 to "Not Configured."
``` syntax
<?xml version="1.0" encoding="utf-8"?>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Delete>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/PublishingAllowServer2</LocURI>
</Target>
</Item>
</Delete>
<Final/>
</SyncBody>
</SyncML>
```

BIN
windows/client-management/mdm/images/admx-app-v-enablepublishingserver2settings.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 45 KiB

BIN
windows/client-management/mdm/images/admx-appv-enableapp-vclient.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
windows/client-management/mdm/images/admx-appv-policy-description.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 85 KiB

BIN
windows/client-management/mdm/images/admx-appv-publishing.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
windows/client-management/mdm/images/admx-appv-publishingserver2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

BIN
windows/client-management/mdm/images/admx-appv.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 50 KiB

BIN
windows/client-management/mdm/images/admx-gpedit-search.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

BIN
windows/client-management/mdm/images/provisioning-csp-devicemanageability.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 3.3 KiB

After

Width:  |  Height:  |  Size: 12 KiB

26
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -10,7 +10,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 08/04/2017
ms.date: 08/10/2017
---
# What's new in MDM enrollment and management
@ -960,9 +960,17 @@ For details about Microsoft mobile device management protocols for Windows 10 s
</td></tr>
<tr class="even">
<td style="vertical-align:top">[AssignedAccess CSP](assignedaccess-csp.md)</td>
<td style="vertical-align:top"><p>Here are the changes in Windows 10, version 1709.</p>
<td style="vertical-align:top"><p>Added the following setting in Windows 10, version 1709.</p>
<ul>
<li>Added Configuration node</li>
<li>Configuration</li>
</ul>
</td></tr>
<tr class="odd">
<td style="vertical-align:top">[DeviceManageability CSP](devicemanageability-csp.md)</td>
<td style="vertical-align:top"><p>Added the following settings in Windows 10, version 1709:</p>
<ul>
<li>Provider/_ProviderID_/ConfigInfo</li>
<li> Provider/_ProviderID_/EnrollmentInfo</li>
</ul>
</td></tr>
<tr class="odd">
@ -1332,6 +1340,18 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<li> 3 Hides overrides (encrypt, prompt but hide overrides, and audit).</li>
</ul>
</td></tr>
<tr class="odd">
<td style="vertical-align:top">[AppLocker CSP](applocker-csp.md)</td>
<td style="vertical-align:top"><p>Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in [Whitelist examples](applocker-csp.md#whitelist-examples).</p>
</td></tr>
<tr class="odd">
<td style="vertical-align:top">[DeviceManageability CSP](devicemanageability-csp.md)</td>
<td style="vertical-align:top"><p>Added the following settings in Windows 10, version 1709:</p>
<ul>
<li>Provider/_ProviderID_/ConfigInfo</li>
<li> Provider/_ProviderID_/EnrollmentInfo</li>
</ul>
</td></tr>
<tr class="even">
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>

30
windows/client-management/mdm/policy-csp-appvirtualization.md
View File

@ -60,6 +60,7 @@ This policy setting allows you to enable or disable Microsoft Application Virtua
ADMX Info:
- GP english name: *Enable App-V Client*
- GP name: *EnableAppV*
- GP path: *Administrative Templates/System/App-V*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -105,6 +106,7 @@ Enables Dynamic Virtualization of supported shell extensions, browser helper obj
ADMX Info:
- GP english name: *Enable Dynamic Virtualization*
- GP name: *Virtualization_JITVEnable*
- GP path: *Administrative Templates/System/App-V/Virtualization*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -150,6 +152,7 @@ Enables automatic cleanup of appv packages that were added after Windows10 anniv
ADMX Info:
- GP english name: *Enable automatic cleanup of unused appv packages*
- GP name: *PackageManagement_AutoCleanupEnable*
- GP path: *Administrative Templates/System/App-V/PackageManagement*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -195,6 +198,7 @@ Enables scripts defined in the package manifest of configuration files that shou
ADMX Info:
- GP english name: *Enable Package Scripts*
- GP name: *Scripting_Enable_Package_Scripts*
- GP path: *Administrative Templates/System/App-V/Scripting*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -240,6 +244,7 @@ Enables a UX to display to the user when a publishing refresh is performed on th
ADMX Info:
- GP english name: *Enable Publishing Refresh UX*
- GP name: *Enable_Publishing_Refresh_UX*
- GP path: *Administrative Templates/System/App-V/Publishing*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -295,6 +300,7 @@ Data Block Size: This value specifies the maximum size in bytes to transmit to t
ADMX Info:
- GP english name: *Reporting Server*
- GP name: *Reporting_Server_Policy*
- GP path: *Administrative Templates/System/App-V/Reporting*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -340,6 +346,7 @@ Specifies the file paths relative to %userprofile% that do not roam with a user'
ADMX Info:
- GP english name: *Roaming File Exclusions*
- GP name: *Integration_Roaming_File_Exclusions*
- GP path: *Administrative Templates/System/App-V/Integration*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -385,6 +392,7 @@ Specifies the registry paths that do not roam with a user profile. Example usage
ADMX Info:
- GP english name: *Roaming Registry Exclusions*
- GP name: *Integration_Roaming_Registry_Exclusions*
- GP path: *Administrative Templates/System/App-V/Integration*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -430,6 +438,7 @@ Specifies how new packages should be loaded automatically by App-V on a specific
ADMX Info:
- GP english name: *Specify what to load in background (aka AutoLoad)*
- GP name: *Steaming_Autoload*
- GP path: *Administrative Templates/System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -475,6 +484,7 @@ Migration mode allows the App-V client to modify shortcuts and FTA's for package
ADMX Info:
- GP english name: *Enable Migration Mode*
- GP name: *Client_Coexistence_Enable_Migration_mode*
- GP path: *Administrative Templates/System/App-V/Client Coexistence*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -520,6 +530,7 @@ Specifies the location where symbolic links are created to the current version o
ADMX Info:
- GP english name: *Integration Root User*
- GP name: *Integration_Root_User*
- GP path: *Administrative Templates/System/App-V/Integration*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -565,6 +576,7 @@ Specifies the location where symbolic links are created to the current version o
ADMX Info:
- GP english name: *Integration Root Global*
- GP name: *Integration_Root_Global*
- GP path: *Administrative Templates/System/App-V/Integration*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -628,6 +640,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
ADMX Info:
- GP english name: *Publishing Server 1 Settings*
- GP name: *Publishing_Server1_Policy*
- GP path: *Administrative Templates/System/App-V/Publishing*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -689,8 +702,9 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
<!--StartADMX-->
ADMX Info:
- GP english name: *Publishing Server 2 Settings*
- GP English name: *Publishing Server 2 Settings*
- GP name: *Publishing_Server2_Policy*
- GP path: *Administrative Templates/System/App-V/Publishing*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -754,6 +768,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
ADMX Info:
- GP english name: *Publishing Server 3 Settings*
- GP name: *Publishing_Server3_Policy*
- GP path: *Administrative Templates/System/App-V/Publishing*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -817,6 +832,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
ADMX Info:
- GP english name: *Publishing Server 4 Settings*
- GP name: *Publishing_Server4_Policy*
- GP path: *Administrative Templates/System/App-V/Publishing*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -880,6 +896,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
ADMX Info:
- GP english name: *Publishing Server 5 Settings*
- GP name: *Publishing_Server5_Policy*
- GP path: *Administrative Templates/System/App-V/Publishing*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -925,6 +942,7 @@ Specifies the path to a valid certificate in the certificate store.
ADMX Info:
- GP english name: *Certificate Filter For Client SSL*
- GP name: *Streaming_Certificate_Filter_For_Client_SSL*
- GP path: *Administrative Templates/System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -970,6 +988,7 @@ This setting controls whether virtualized applications are launched on Windows 8
ADMX Info:
- GP english name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection*
- GP name: *Streaming_Allow_High_Cost_Launch*
- GP path: *Administrative Templates/System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -1015,6 +1034,7 @@ Specifies the CLSID for a compatible implementation of the IAppvPackageLocationP
ADMX Info:
- GP english name: *Location Provider*
- GP name: *Streaming_Location_Provider*
- GP path: *Administrative Templates/System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -1060,6 +1080,7 @@ Specifies directory where all new applications and updates will be installed.
ADMX Info:
- GP english name: *Package Installation Root*
- GP name: *Streaming_Package_Installation_Root*
- GP path: *Administrative Templates/System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -1105,6 +1126,7 @@ Overrides source location for downloading package content.
ADMX Info:
- GP english name: *Package Source Root*
- GP name: *Streaming_Package_Source_Root*
- GP path: *Administrative Templates/System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -1150,6 +1172,7 @@ Specifies the number of seconds between attempts to reestablish a dropped sessio
ADMX Info:
- GP english name: *Reestablishment Interval*
- GP name: *Streaming_Reestablishment_Interval*
- GP path: *Administrative Templates/System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -1195,6 +1218,7 @@ Specifies the number of times to retry a dropped session.
ADMX Info:
- GP english name: *Reestablishment Retries*
- GP name: *Streaming_Reestablishment_Retries*
- GP path: *Administrative Templates/System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -1240,6 +1264,7 @@ Specifies that streamed package contents will be not be saved to the local hard
ADMX Info:
- GP english name: *Shared Content Store (SCS) mode*
- GP name: *Streaming_Shared_Content_Store_Mode*
- GP path: *Administrative Templates/System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -1285,6 +1310,7 @@ If enabled, the App-V client will support BrancheCache compatible HTTP streaming
ADMX Info:
- GP english name: *Enable Support for BranchCache*
- GP name: *Streaming_Support_Branch_Cache*
- GP path: *Administrative Templates/System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -1330,6 +1356,7 @@ Verifies Server certificate revocation status before streaming using HTTPS.
ADMX Info:
- GP english name: *Verify certificate revocation list*
- GP name: *Streaming_Verify_Certificate_Revocation_List*
- GP path: *Administrative Templates/System/App-V/Streaming*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->
@ -1375,6 +1402,7 @@ Specifies a list of process paths (may contain wildcards) which are candidates f
ADMX Info:
- GP english name: *Virtual Component Process Allow List*
- GP name: *Virtualization_JITVAllowList*
- GP path: *Administrative Templates/System/App-V/Virtualization*
- GP ADMX file name: *appv.admx*
<!--EndADMX-->

22
windows/client-management/mdm/understanding-admx-backed-policies.md
View File

@ -97,7 +97,7 @@ Appv.admx file:
## <a href="" id="admx-backed-policy-examples"></a>ADMX-backed policy examples
The following SyncML examples describe how to set a MDM policy that is defined by an ADMX template, specifically the Publishing_Server2_Policy Group Policy description in the application virtualization ADMX file, appv.admx. Note that the functionality that this Group Policy manages is not important; it is used to illustrate only how an MDM ISV can set an ADMX-backed policy. These SyncML examples illustrate common options and the corresponding SyncML code that can be used for testing your policies. Note that the payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coders Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
The following SyncML examples describe how to set a MDM policy that is defined by an ADMX template, specifically the Publishing_Server2_Policy Group Policy description in the application virtualization ADMX file, appv.admx. Note that the functionality that this Group Policy manages is not important; it is used to illustrate only how an MDM ISV can set an ADMX-backed policy. These SyncML examples illustrate common options and the corresponding SyncML code that can be used for testing your policies. Note that the payload of the SyncML must be XML-encoded; for this XML encoding, you can use favorite online tool. To avoid encoding the payload, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
### <a href="" id="enabling-a-policy"></a>Enabling a policy
@ -119,7 +119,7 @@ The following SyncML examples describe how to set a MDM policy that is defined b
**Request SyncML**
```XML
<?xml version="1.0" encoding="utf-8"?>
<SyncML xmlns="SYNCML:SYNCML1.1">
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
@ -169,7 +169,7 @@ The following SyncML examples describe how to set a MDM policy that is defined b
**Request SyncML**
```XML
<?xml version="1.0" encoding="utf-8"?>
<SyncML xmlns="SYNCML:SYNCML1.1">
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
@ -209,7 +209,7 @@ The following SyncML examples describe how to set a MDM policy that is defined b
**Request SyncML**
```
<?xml version="1.0" encoding="utf-8"?>
<SyncML xmlns="SYNCML:SYNCML1.1">
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Delete>
<CmdID>1</CmdID>
@ -292,7 +292,7 @@ The `text` element simply corresponds to a string and correspondingly to an edit
```XML
<?xml version="1.0" encoding="utf-8"?>
<SyncML xmlns="SYNCML:SYNCML1.1">
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>$CmdId$</CmdID>
@ -333,7 +333,7 @@ The `multiText` element simply corresponds to a REG_MULTISZ registry string and
```XML
<?xml version="1.0" encoding="utf-8"?>
<SyncML xmlns="SYNCML:SYNCML1.1">
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
@ -377,7 +377,7 @@ Variations of the `list` element are dictated by attributes. These attributes ar
#### Corresponding SyncML:
```XML
<SyncML xmlns="SYNCML:SYNCML1.1">
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
@ -409,7 +409,7 @@ Variations of the `list` element are dictated by attributes. These attributes ar
#### Corresponding SyncML:
```XML
<SyncML xmlns="SYNCML:SYNCML1.1">
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
@ -466,7 +466,7 @@ Variations of the `list` element are dictated by attributes. These attributes ar
#### Corresponding SyncML:
```XML
<SyncML xmlns="SYNCML:SYNCML1.1">
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
@ -503,7 +503,7 @@ Variations of the `list` element are dictated by attributes. These attributes ar
#### Corresponding SyncML:
```XML
<SyncML xmlns="SYNCML:SYNCML1.1">
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
@ -552,7 +552,7 @@ Variations of the `list` element are dictated by attributes. These attributes ar
```XML
<?xml version="1.0" encoding="utf-8"?>
<SyncML xmlns="SYNCML:SYNCML1.1">
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>

4
windows/device-security/device-guard/deploy-code-integrity-policies-steps.md
View File

@ -46,6 +46,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
- mshta.exe
- ntsd.exe
- rcsi.exe
- SyncAppVPublishingServer.exe
- system.management.automation.dll
- windbg.exe
@ -64,6 +65,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
|Matt Nelson | @enigma0x3|
|Oddvar Moe |@Oddvarmoe|
|Alex Ionescu | @aionescu|
|Nick Landers | @monoxgas|
<br />
@ -116,6 +118,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
<Deny ID="ID_DENY_LXSS" FriendlyName="LxssManager.dll" FileName="LxssManager.dll" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_BASH" FriendlyName="bash.exe" FileName="bash.exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_FSI" FriendlyName="fsi.exe" FileName="fsi.exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_APPVPUBSRV" FriendlyName="SyncAppVPublishingServer.exe" FileName="SyncAppVPublishingServer.exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_FSI_ANYCPU" FriendlyName="fsiAnyCpu.exe" FileName="fsiAnyCpu.exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_MSHTA" FriendlyName="mshta.exe" FileName="mshta.exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_SMA" FriendlyName="System.Management.Automation.dll" FileName="System.Management.Automation.dll" MinimumFileVersion = "10.0.16215.999" />
@ -184,6 +187,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
<FileRuleRef RuleID="ID_DENY_BASH"/>
<FileRuleRef RuleID="ID_DENY_FSI"/>
<FileRuleRef RuleID="ID_DENY_FSI_ANYCPU"/>
<FileRuleRef RuleID="ID_DENY_APPVPUBSRV"/>
<FileRuleRef RuleID="ID_DENY_MSHTA"/>
<FileRuleRef RuleID="ID_DENY_SMA"/>
<FileRuleRef RuleID="ID_DENY_D_1" />

8
windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
View File

@ -117,10 +117,12 @@ If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the
sc qc diagtrack
```
## Windows Defender signature updates are configured
The Windows Defender ATP agent depends on Windows Defenders ability to scan files and provide information about them. If Windows Defender is not the active antimalware in your organization, you may need to configure the signature updates. For more information see [Configure Windows Defender in Windows 10](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md).
## Windows Defender Antivirus signature updates are configured
The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. If Windows Defender Antivirus is not the active antimalware in your organization, you may need to configure the signature updates. For more information see [Configure Windows Defender Antivirus in Windows 10](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md).
When Windows Defender is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender goes on passive mode. For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md).
When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy.
For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md).
## Windows Defender Early Launch Antimalware (ELAM) driver is enabled
If you're running Windows Defender as the primary antimalware product on your endpoints, the Windows Defender ATP agent will successfully onboard.