deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-configuration-service-provider.md
huaping yu 81398ba666 resolve the conflcit
2019-06-26 11:38:04 -07:00

430 KiB
Raw Blame History

title, description, ms.assetid, ms.reviewer, manager, ms.author, ms.topic, ms.prod, ms.technology, author, ms.date
title description ms.assetid ms.reviewer manager ms.author ms.topic ms.prod ms.technology author ms.date
Policy CSP Policy CSP 4F3A1134-D401-44FC-A583-6EDD3070BA4F dansimp dansimp article w10 windows manikadhiman 05/01/2019

Policy CSP

The Policy configuration service provider enables the enterprise to configure policies on Windows 10. Use this configuration service provider to configure any company policies.

The Policy configuration service provider has the following sub-categories:

  • Policy/Config/AreaName Handles the policy configuration request from the server.
  • Policy/Result/AreaName Provides a read-only path to policies enforced on the device.

Important

Policy scope is the level at which a policy can be configured. Some policies can only be configured at the device level, meaning the policy will take effect independent of who is logged into the device. Other policies can be configured at the user level, meaning the policy will only take effect for that user.

The allowed scope of a specific policy is represented below its table of supported Windows editions. To configure a policy under a specific scope (user vs. device), please use the following paths:

User scope:

  • ./User/Vendor/MSFT/Policy/Config/AreaName/PolicyName to configure the policy.
  • ./User/Vendor/MSFT/Policy/Result/AreaName/PolicyName to get the result.

Device scope:

  • ./Device/Vendor/MSFT/Policy/Config/AreaName/PolicyName to configure the policy.
  • ./Device/Vendor/MSFT/Policy/Result/AreaName/PolicyName to get the result.

For device wide configuration the Device/ portion may be omitted from the path, deeming the following paths respectively equivalent:

  • ./Vendor/MSFT/Policy/Config/AreaName/PolicyName to configure the policy.
  • ./Vendor/MSFT/Policy/Result/AreaName/PolicyName to get the result.

The following diagram shows the Policy configuration service provider in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.

policy csp diagram

./Vendor/MSFT/Policy

The root node for the Policy configuration service provider.

Supported operation is Get.

Policy/Config

Node for grouping all policies configured by one source. The configuration source can use this path to set policy values and later query any policy value that it previously set. One policy can be configured by multiple configuration sources. If a configuration source wants to query the result of conflict resolution (for example, if Exchange and MDM both attempt to set a value,) the configuration source can use the Policy/Result path to retrieve the resulting value.

Supported operation is Get.

Policy/Config/AreaName

The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value.

Supported operations are Add, Get, and Delete.

Policy/Config/AreaName/PolicyName

Specifies the name/value pair used in the policy.

The following list shows some tips to help you when configuring policies:

  • Separate substring values by the Unicode  in the XML file.

Note

A query from a different caller could provide a different value as each caller could have different values for a named policy.

  • In SyncML, wrap this policy with the Atomic command so that the policy settings are treated as a single transaction.
  • Supported operations are Add, Get, Delete, and Replace.
  • Value type is string.

Policy/Result

Groups the evaluated policies from all providers that can be configured.

Supported operation is Get.

Policy/Result/AreaName

The area group that can be configured by a single technology independent of the providers.

Supported operation is Get.

Policy/Result/AreaName/PolicyName

Specifies the name/value pair used in the policy.

Supported operation is Get.

Policy/ConfigOperations

Added in Windows 10, version 1703. The root node for grouping different configuration operations.

Supported operations are Add, Get, and Delete.

Policy/ConfigOperations/ADMXInstall

Added in Windows 10, version 1703. Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see Win32 and Desktop Bridge app policy configuration.

Note

The OPAX settings that are managed by the Microsoft Office Customization Tool are not supported by MDM. For more information about this tool, see Office Customization Tool.

ADMX files that have been installed by using ConfigOperations/ADMXInstall can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}.

Supported operations are Add, Get, and Delete.

Policy/ConfigOperations/ADMXInstall/AppName

Added in Windows 10, version 1703. Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file.

Supported operations are Add, Get, and Delete.

Policy/ConfigOperations/ADMXInstall/AppName/Policy

Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app policy is to be imported.

Supported operations are Add, Get, and Delete.

Policy/ConfigOperations/ADMXInstall/AppName/Policy/UniqueID

Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the policy to import.

Supported operations are Add and Get. Does not support Delete.

Policy/ConfigOperations/ADMXInstall/AppName/Preference

Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app preference is to be imported.

Supported operations are Add, Get, and Delete.

Policy/ConfigOperations/ADMXInstall/AppName/Preference/UniqueID

Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the preference to import.

Supported operations are Add and Get. Does not support Delete.

Policies

AboveLock policies

AboveLock/AllowActionCenterNotifications
AboveLock/AllowCortanaAboveLock
AboveLock/AllowToasts

Accounts policies

Accounts/AllowAddingNonMicrosoftAccountsManually
Accounts/AllowMicrosoftAccountConnection
Accounts/AllowMicrosoftAccountSignInAssistant

ActiveXControls policies

ActiveXControls/ApprovedInstallationSites

ApplicationDefaults policies

ApplicationDefaults/DefaultAssociationsConfiguration
ApplicationDefaults/EnableAppUriHandlers

ApplicationManagement policies

ApplicationManagement/AllowAllTrustedApps
ApplicationManagement/AllowAppStoreAutoUpdate
ApplicationManagement/AllowDeveloperUnlock
ApplicationManagement/AllowGameDVR
ApplicationManagement/AllowSharedUserAppData
ApplicationManagement/AllowStore
ApplicationManagement/ApplicationRestrictions
ApplicationManagement/DisableStoreOriginatedApps
ApplicationManagement/LaunchAppAfterLogOn
ApplicationManagement/MSIAllowUserControlOverInstall
ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
ApplicationManagement/RequirePrivateStoreOnly
ApplicationManagement/RestrictAppDataToSystemVolume
ApplicationManagement/RestrictAppToSystemVolume
ApplicationManagement/ScheduleForceRestartForUpdateFailures

AppRuntime policies

AppRuntime/AllowMicrosoftAccountsToBeOptional

AppVirtualization policies

AppVirtualization/AllowAppVClient
AppVirtualization/AllowDynamicVirtualization
AppVirtualization/AllowPackageCleanup
AppVirtualization/AllowPackageScripts
AppVirtualization/AllowPublishingRefreshUX
AppVirtualization/AllowReportingServer
AppVirtualization/AllowRoamingFileExclusions
AppVirtualization/AllowRoamingRegistryExclusions
AppVirtualization/AllowStreamingAutoload
AppVirtualization/ClientCoexistenceAllowMigrationmode
AppVirtualization/IntegrationAllowRootGlobal
AppVirtualization/IntegrationAllowRootUser
AppVirtualization/PublishingAllowServer1
AppVirtualization/PublishingAllowServer2
AppVirtualization/PublishingAllowServer3
AppVirtualization/PublishingAllowServer4
AppVirtualization/PublishingAllowServer5
AppVirtualization/StreamingAllowCertificateFilterForClient_SSL
AppVirtualization/StreamingAllowHighCostLaunch
AppVirtualization/StreamingAllowLocationProvider
AppVirtualization/StreamingAllowPackageInstallationRoot
AppVirtualization/StreamingAllowPackageSourceRoot
AppVirtualization/StreamingAllowReestablishmentInterval
AppVirtualization/StreamingAllowReestablishmentRetries
AppVirtualization/StreamingSharedContentStoreMode
AppVirtualization/StreamingSupportBranchCache
AppVirtualization/StreamingVerifyCertificateRevocationList
AppVirtualization/VirtualComponentsAllowList

AttachmentManager policies

AttachmentManager/DoNotPreserveZoneInformation
AttachmentManager/HideZoneInfoMechanism
AttachmentManager/NotifyAntivirusPrograms

Authentication policies

Authentication/AllowAadPasswordReset
Authentication/AllowEAPCertSSO
Authentication/AllowFastReconnect
Authentication/AllowFidoDeviceSignon
Authentication/AllowSecondaryAuthenticationDevice
Authentication/EnableFastFirstSignIn (Preview mode only)
Authentication/EnableWebSignIn (Preview mode only)
Authentication/PreferredAadTenantDomainName

Autoplay policies

Autoplay/DisallowAutoplayForNonVolumeDevices
Autoplay/SetDefaultAutoRunBehavior
Autoplay/TurnOffAutoPlay

Bitlocker policies

Bitlocker/EncryptionMethod

BITS policies

BITS/BandwidthThrottlingEndTime
BITS/BandwidthThrottlingStartTime
BITS/BandwidthThrottlingTransferRate
BITS/CostedNetworkBehaviorBackgroundPriority
BITS/CostedNetworkBehaviorForegroundPriority
BITS/JobInactivityTimeout

Bluetooth policies

Bluetooth/AllowAdvertising
Bluetooth/AllowDiscoverableMode
Bluetooth/AllowPrepairing
Bluetooth/AllowPromptedProximalConnections
Bluetooth/LocalDeviceName
Bluetooth/ServicesAllowedList

Browser policies

Browser/AllowAddressBarDropdown
Browser/AllowAutofill
Browser/AllowBrowser
Browser/AllowConfigurationUpdateForBooksLibrary
Browser/AllowCookies
Browser/AllowDeveloperTools
Browser/AllowDoNotTrack
Browser/AllowExtensions
Browser/AllowFlash
Browser/AllowFlashClickToRun
Browser/AllowFullScreenMode
Browser/AllowInPrivate
Browser/AllowMicrosoftCompatibilityList
Browser/AllowPasswordManager
Browser/AllowPopups
Browser/AllowPrelaunch
Browser/AllowPrinting
Browser/AllowSavingHistory
Browser/AllowSearchEngineCustomization
Browser/AllowSearchSuggestionsinAddressBar
Browser/AllowSideloadingOfExtensions
Browser/AllowSmartScreen
Browser/AllowTabPreloading
Browser/AllowWebContentOnNewTabPage
Browser/AlwaysEnableBooksLibrary
Browser/ClearBrowsingDataOnExit
Browser/ConfigureAdditionalSearchEngines
Browser/ConfigureFavoritesBar
Browser/ConfigureHomeButton
Browser/ConfigureKioskMode
Browser/ConfigureKioskResetAfterIdleTimeout
Browser/ConfigureOpenMicrosoftEdgeWith
Browser/ConfigureTelemetryForMicrosoft365Analytics
Browser/DisableLockdownOfStartPages
Browser/EnableExtendedBooksTelemetry
Browser/EnterpriseModeSiteList
Browser/EnterpriseSiteListServiceUrl
Browser/FirstRunURL
Browser/HomePages
Browser/LockdownFavorites
Browser/PreventAccessToAboutFlagsInMicrosoftEdge
Browser/PreventCertErrorOverrides
Browser/PreventFirstRunPage
Browser/PreventLiveTileDataCollection
Browser/PreventSmartScreenPromptOverride
Browser/PreventSmartScreenPromptOverrideForFiles
Browser/PreventUsingLocalHostIPAddressForWebRTC
Browser/ProvisionFavorites
Browser/SendIntranetTraffictoInternetExplorer
Browser/SetDefaultSearchEngine
Browser/SetHomeButtonURL
Browser/SetNewTabPageURL
Browser/ShowMessageWhenOpeningSitesInInternetExplorer
Browser/SyncFavoritesBetweenIEAndMicrosoftEdge
Browser/UnlockHomeButton
Browser/UseSharedFolderForBooks

Camera policies

Camera/AllowCamera

Cellular policies

Cellular/LetAppsAccessCellularData
Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
Cellular/ShowAppCellularAccessUI

Connectivity policies

Connectivity/AllowBluetooth
Connectivity/AllowCellularData
Connectivity/AllowCellularDataRoaming
Connectivity/AllowConnectedDevices
Connectivity/AllowNFC
Connectivity/AllowPhonePCLinking
Connectivity/AllowUSBConnection
Connectivity/AllowVPNOverCellular
Connectivity/AllowVPNRoamingOverCellular
Connectivity/DiablePrintingOverHTTP
Connectivity/DisableDownloadingOfPrintDriversOverHTTP
Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
Connectivity/DisallowNetworkConnectivityActiveTests
Connectivity/HardenedUNCPaths
Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge

ControlPolicyConflict policies

ControlPolicyConflict/MDMWinsOverGP

CredentialProviders policies

CredentialProviders/AllowPINLogon
CredentialProviders/BlockPicturePassword
CredentialProviders/DisableAutomaticReDeploymentCredentials

CredentialsDelegation policies

CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials

CredentialsUI policies

CredentialsUI/DisablePasswordReveal
CredentialsUI/EnumerateAdministrators

Cryptography policies

Cryptography/AllowFipsAlgorithmPolicy
Cryptography/TLSCipherSuites

DataProtection policies

DataProtection/AllowDirectMemoryAccess
DataProtection/LegacySelectiveWipeID

DataUsage policies

DataUsage/SetCost3G
DataUsage/SetCost4G

Defender policies

Defender/AllowArchiveScanning
Defender/AllowBehaviorMonitoring
Defender/AllowCloudProtection
Defender/AllowEmailScanning
Defender/AllowFullScanOnMappedNetworkDrives
Defender/AllowFullScanRemovableDriveScanning
Defender/AllowIOAVProtection
Defender/AllowIntrusionPreventionSystem
Defender/AllowOnAccessProtection
Defender/AllowRealtimeMonitoring
Defender/AllowScanningNetworkFiles
Defender/AllowScriptScanning
Defender/AllowUserUIAccess
Defender/AttackSurfaceReductionOnlyExclusions
Defender/AttackSurfaceReductionRules
Defender/AvgCPULoadFactor
Defender/CheckForSignaturesBeforeRunningScan
Defender/CloudBlockLevel
Defender/CloudExtendedTimeout
Defender/ControlledFolderAccessAllowedApplications
Defender/ControlledFolderAccessProtectedFolders
Defender/DaysToRetainCleanedMalware
Defender/DisableCatchupFullScan
Defender/DisableCatchupQuickScan
Defender/EnableControlledFolderAccess
Defender/EnableLowCPUPriority
Defender/EnableNetworkProtection
Defender/ExcludedExtensions
Defender/ExcludedPaths
Defender/ExcludedProcesses
Defender/PUAProtection
Defender/RealTimeScanDirection
Defender/ScanParameter
Defender/ScheduleQuickScanTime
Defender/ScheduleScanDay
Defender/ScheduleScanTime
Defender/SignatureUpdateFallbackOrder
Defender/SignatureUpdateFileSharesSources
Defender/SignatureUpdateInterval
Defender/SubmitSamplesConsent
Defender/ThreatSeverityDefaultAction

DeliveryOptimization policies

DeliveryOptimization/DOAbsoluteMaxCacheSize
DeliveryOptimization/DOAllowVPNPeerCaching
DeliveryOptimization/DOCacheHost
DeliveryOptimization/DODelayBackgroundDownloadFromHttp
DeliveryOptimization/DODelayForegroundDownloadFromHttp
DeliveryOptimization/DODelayCacheServerFallbackBackground
DeliveryOptimization/DODelayCacheServerFallbackForeground
DeliveryOptimization/DODownloadMode
DeliveryOptimization/DOGroupId
DeliveryOptimization/DOGroupIdSource
DeliveryOptimization/DOMaxCacheAge
DeliveryOptimization/DOMaxCacheSize
DeliveryOptimization/DOMaxDownloadBandwidth
DeliveryOptimization/DOMaxUploadBandwidth
DeliveryOptimization/DOMinBackgroundQos
DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload
DeliveryOptimization/DOMinDiskSizeAllowedToPeer
DeliveryOptimization/DOMinFileSizeToCache
DeliveryOptimization/DOMinRAMAllowedToPeer
DeliveryOptimization/DOModifyCacheDrive
DeliveryOptimization/DOMonthlyUploadDataCap
DeliveryOptimization/DOPercentageMaxBackgroundBandwidth
DeliveryOptimization/DOPercentageMaxDownloadBandwidth
DeliveryOptimization/DOPercentageMaxForegroundBandwidth
DeliveryOptimization/DORestrictPeerSelectionBy
DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth

Desktop policies

Desktop/PreventUserRedirectionOfProfileFolders

DeviceGuard policies

DeviceGuard/ConfigureSystemGuardLaunch
DeviceGuard/EnableVirtualizationBasedSecurity
DeviceGuard/LsaCfgFlags
DeviceGuard/RequirePlatformSecurityFeatures

DeviceHealthMonitoring policies

DeviceHealthMonitoring/AllowDeviceHealthMonitoring
DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope
DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination

DeviceInstallation policies

DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
DeviceInstallation/PreventDeviceMetadataFromNetwork
DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
DeviceInstallation/PreventInstallationOfMatchingDeviceIDs
DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses

DeviceLock policies

DeviceLock/AllowIdleReturnWithoutPassword
DeviceLock/AllowScreenTimeoutWhileLockedUserConfig
DeviceLock/AllowSimpleDevicePassword
DeviceLock/AlphanumericDevicePasswordRequired
DeviceLock/DevicePasswordEnabled
DeviceLock/DevicePasswordExpiration
DeviceLock/DevicePasswordHistory
DeviceLock/EnforceLockScreenAndLogonImage
DeviceLock/EnforceLockScreenProvider
DeviceLock/MaxDevicePasswordFailedAttempts
DeviceLock/MaxInactivityTimeDeviceLock
DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay
DeviceLock/MinDevicePasswordComplexCharacters
DeviceLock/MinDevicePasswordLength
DeviceLock/MinimumPasswordAge
DeviceLock/PreventEnablingLockScreenCamera
DeviceLock/PreventLockScreenSlideShow
DeviceLock/ScreenTimeoutWhileLocked

Display policies

Display/DisablePerProcessDpiForApps
Display/EnablePerProcessDpi
Display/EnablePerProcessDpiForApps
Display/TurnOffGdiDPIScalingForApps
Display/TurnOnGdiDPIScalingForApps

DmaGuard policies

DmaGuard/DeviceEnumerationPolicy

Education policies

Education/DefaultPrinterName
Education/PreventAddingNewPrinters
Education/PrinterNames

EnterpriseCloudPrint policies

EnterpriseCloudPrint/CloudPrintOAuthAuthority
EnterpriseCloudPrint/CloudPrintOAuthClientId
EnterpriseCloudPrint/CloudPrintResourceId
EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint
EnterpriseCloudPrint/DiscoveryMaxPrinterLimit
EnterpriseCloudPrint/MopriaDiscoveryResourceId

ErrorReporting policies

ErrorReporting/CustomizeConsentSettings
ErrorReporting/DisableWindowsErrorReporting
ErrorReporting/DisplayErrorNotification
ErrorReporting/DoNotSendAdditionalData
ErrorReporting/PreventCriticalErrorDisplay

EventLogService policies

EventLogService/ControlEventLogBehavior
EventLogService/SpecifyMaximumFileSizeApplicationLog
EventLogService/SpecifyMaximumFileSizeSecurityLog
EventLogService/SpecifyMaximumFileSizeSystemLog

Experience policies

Experience/AllowClipboardHistory
Experience/AllowCopyPaste
Experience/AllowCortana
Experience/AllowDeviceDiscovery
Experience/AllowFindMyDevice
Experience/AllowManualMDMUnenrollment
Experience/AllowSIMErrorDialogPromptWhenNoSIM
Experience/AllowSaveAsOfOfficeFiles
Experience/AllowScreenCapture
Experience/AllowSharingOfOfficeFiles
Experience/AllowSyncMySettings
Experience/AllowTailoredExperiencesWithDiagnosticData
Experience/AllowTaskSwitcher
Experience/AllowThirdPartySuggestionsInWindowsSpotlight
Experience/AllowVoiceRecording
Experience/AllowWindowsConsumerFeatures
Experience/AllowWindowsSpotlight
Experience/AllowWindowsSpotlightOnActionCenter
Experience/AllowWindowsSpotlightOnSettings
Experience/AllowWindowsSpotlightWindowsWelcomeExperience
Experience/AllowWindowsTips
Experience/ConfigureWindowsSpotlightOnLockScreen
Experience/DoNotShowFeedbackNotifications
Experience/DoNotSyncBrowserSettings
Experience/PreventUsersFromTurningOnBrowserSyncing
Experience/ShowLockOnUserTile

ExploitGuard policies

ExploitGuard/ExploitProtectionSettings

FileExplorer policies

FileExplorer/TurnOffDataExecutionPreventionForExplorer
FileExplorer/TurnOffHeapTerminationOnCorruption

Games policies

Games/AllowAdvancedGamingServices

Handwriting policies

Handwriting/PanelDefaultModeDocked

InternetExplorer policies

InternetExplorer/AddSearchProvider
InternetExplorer/AllowActiveXFiltering
InternetExplorer/AllowAddOnList
InternetExplorer/AllowAutoComplete
InternetExplorer/AllowCertificateAddressMismatchWarning
InternetExplorer/AllowDeletingBrowsingHistoryOnExit
InternetExplorer/AllowEnhancedProtectedMode
InternetExplorer/AllowEnhancedSuggestionsInAddressBar
InternetExplorer/AllowEnterpriseModeFromToolsMenu
InternetExplorer/AllowEnterpriseModeSiteList
InternetExplorer/AllowFallbackToSSL3
InternetExplorer/AllowInternetExplorer7PolicyList
InternetExplorer/AllowInternetExplorerStandardsMode
InternetExplorer/AllowInternetZoneTemplate
InternetExplorer/AllowIntranetZoneTemplate
InternetExplorer/AllowLocalMachineZoneTemplate
InternetExplorer/AllowLockedDownInternetZoneTemplate
InternetExplorer/AllowLockedDownIntranetZoneTemplate
InternetExplorer/AllowLockedDownLocalMachineZoneTemplate
InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate
InternetExplorer/AllowOneWordEntry
InternetExplorer/AllowSiteToZoneAssignmentList
InternetExplorer/AllowSoftwareWhenSignatureIsInvalid
InternetExplorer/AllowSuggestedSites
InternetExplorer/AllowTrustedSitesZoneTemplate
InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate
InternetExplorer/AllowsRestrictedSitesZoneTemplate
InternetExplorer/CheckServerCertificateRevocation
InternetExplorer/CheckSignaturesOnDownloadedPrograms
InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses
InternetExplorer/DisableActiveXVersionListAutoDownload

InternetExplorer/DisableAdobeFlash
InternetExplorer/DisableBypassOfSmartScreenWarnings
InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles
InternetExplorer/DisableCompatView
InternetExplorer/DisableConfiguringHistory
InternetExplorer/DisableCrashDetection
InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation
InternetExplorer/DisableDeletingUserVisitedWebsites
InternetExplorer/DisableEnclosureDownloading
InternetExplorer/DisableEncryptionSupport
InternetExplorer/DisableFeedsBackgroundSync
InternetExplorer/DisableFirstRunWizard
InternetExplorer/DisableFlipAheadFeature
InternetExplorer/DisableGeolocation
InternetExplorer/DisableHomePageChange
InternetExplorer/DisableIgnoringCertificateErrors
InternetExplorer/DisableInPrivateBrowsing
InternetExplorer/DisableProcessesInEnhancedProtectedMode
InternetExplorer/DisableProxyChange
InternetExplorer/DisableSearchProviderChange
InternetExplorer/DisableSecondaryHomePageChange
InternetExplorer/DisableSecuritySettingsCheck
InternetExplorer/DisableUpdateCheck
InternetExplorer/DisableWebAddressAutoComplete
InternetExplorer/DoNotAllowActiveXControlsInProtectedMode
InternetExplorer/DoNotAllowUsersToAddSites
InternetExplorer/DoNotAllowUsersToChangePolicies
InternetExplorer/DoNotBlockOutdatedActiveXControls
InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains
InternetExplorer/IncludeAllLocalSites
InternetExplorer/IncludeAllNetworkPaths
InternetExplorer/InternetZoneAllowAccessToDataSources
InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/InternetZoneAllowCopyPasteViaScript
InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles
InternetExplorer/InternetZoneAllowFontDownloads
InternetExplorer/InternetZoneAllowLessPrivilegedSites
InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles
InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents
InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls
InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
InternetExplorer/InternetZoneAllowScriptInitiatedWindows
InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls
InternetExplorer/InternetZoneAllowScriptlets
InternetExplorer/InternetZoneAllowSmartScreenIE
InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript
InternetExplorer/InternetZoneAllowUserDataPersistence
InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer
InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls
InternetExplorer/InternetZoneDownloadSignedActiveXControls
InternetExplorer/InternetZoneDownloadUnsignedActiveXControls
InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter
InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
InternetExplorer/InternetZoneEnableMIMESniffing
InternetExplorer/InternetZoneEnableProtectedMode
InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer
InternetExplorer/InternetZoneInitializeAndScriptActiveXControls
InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
InternetExplorer/InternetZoneJavaPermissions
InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME
InternetExplorer/InternetZoneLogonOptions
InternetExplorer/InternetZoneNavigateWindowsAndFrames
InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles
InternetExplorer/InternetZoneUsePopupBlocker
InternetExplorer/IntranetZoneAllowAccessToDataSources
InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/IntranetZoneAllowFontDownloads
InternetExplorer/IntranetZoneAllowLessPrivilegedSites
InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents
InternetExplorer/IntranetZoneAllowScriptlets
InternetExplorer/IntranetZoneAllowSmartScreenIE
InternetExplorer/IntranetZoneAllowUserDataPersistence
InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls
InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls
InternetExplorer/IntranetZoneJavaPermissions
InternetExplorer/IntranetZoneNavigateWindowsAndFrames
InternetExplorer/LocalMachineZoneAllowAccessToDataSources
InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/LocalMachineZoneAllowFontDownloads
InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites
InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents
InternetExplorer/LocalMachineZoneAllowScriptlets
InternetExplorer/LocalMachineZoneAllowSmartScreenIE
InternetExplorer/LocalMachineZoneAllowUserDataPersistence
InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls
InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls
InternetExplorer/LocalMachineZoneJavaPermissions
InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames
InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources
InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/LockedDownInternetZoneAllowFontDownloads
InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites
InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents
InternetExplorer/LockedDownInternetZoneAllowScriptlets
InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE
InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence
InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls
InternetExplorer/LockedDownInternetZoneJavaPermissions
InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames
InternetExplorer/LockedDownIntranetJavaPermissions
InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources
InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/LockedDownIntranetZoneAllowFontDownloads
InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites
InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents
InternetExplorer/LockedDownIntranetZoneAllowScriptlets
InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE
InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence
InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls
InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames
InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources
InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads
InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites
InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents
InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets
InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE
InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence
InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls
InternetExplorer/LockedDownLocalMachineZoneJavaPermissions
InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames
InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources
InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads
InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites
InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents
InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets
InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE
InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence
InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls
InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions
InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames
InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources
InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads
InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites
InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents
InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets
InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE
InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence
InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls
InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions
InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames
InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses
InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses
InternetExplorer/NewTabDefaultPage
InternetExplorer/NotificationBarInternetExplorerProcesses
InternetExplorer/PreventManagingSmartScreenFilter
InternetExplorer/PreventPerUserInstallationOfActiveXControls
InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses
InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls
InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses
InternetExplorer/RestrictFileDownloadInternetExplorerProcesses
InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources
InternetExplorer/RestrictedSitesZoneAllowActiveScripting
InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors
InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript
InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles
InternetExplorer/RestrictedSitesZoneAllowFileDownloads
InternetExplorer/RestrictedSitesZoneAllowFontDownloads
InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites
InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles
InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH
InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents
InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls
InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows
InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls
InternetExplorer/RestrictedSitesZoneAllowScriptlets
InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE
InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript
InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence
InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer
InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls
InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls
InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter
InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
InternetExplorer/RestrictedSitesZoneEnableMIMESniffing
InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer
InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls
InternetExplorer/RestrictedSitesZoneJavaPermissions
InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME
InternetExplorer/RestrictedSitesZoneLogonOptions
InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames
InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins
InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting
InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets
InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles
InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode
InternetExplorer/RestrictedSitesZoneUsePopupBlocker
InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses
InternetExplorer/SearchProviderList
InternetExplorer/SecurityZonesUseOnlyMachineSettings
InternetExplorer/SpecifyUseOfActiveXInstallerService
InternetExplorer/TrustedSitesZoneAllowAccessToDataSources
InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/TrustedSitesZoneAllowFontDownloads
InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites
InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents
InternetExplorer/TrustedSitesZoneAllowScriptlets
InternetExplorer/TrustedSitesZoneAllowSmartScreenIE
InternetExplorer/TrustedSitesZoneAllowUserDataPersistence
InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls
InternetExplorer/TrustedSitesZoneJavaPermissions
InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames

Kerberos policies

Kerberos/AllowForestSearchOrder
Kerberos/KerberosClientSupportsClaimsCompoundArmor
Kerberos/RequireKerberosArmoring
Kerberos/RequireStrictKDCValidation
Kerberos/SetMaximumContextTokenSize
Kerberos/UPNNameHints

KioskBrowser policies

KioskBrowser/BlockedUrlExceptions
KioskBrowser/BlockedUrls
KioskBrowser/DefaultURL
KioskBrowser/EnableEndSessionButton
KioskBrowser/EnableHomeButton
KioskBrowser/EnableNavigationButtons
KioskBrowser/RestartOnIdleTime

LanmanWorkstation policies

LanmanWorkstation/EnableInsecureGuestLogons

Licensing policies

Licensing/AllowWindowsEntitlementReactivation
Licensing/DisallowKMSClientOnlineAVSValidation

LocalPoliciesSecurityOptions policies

LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways
LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible
LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges
LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn
LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn
LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL
LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways
LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession
LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM
LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients
LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication
LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic
LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic
LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers
LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon
LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems
LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations

LockDown policies

LockDown/AllowEdgeSwipe

Maps policies

Maps/AllowOfflineMapsDownloadOverMeteredConnection
Maps/EnableOfflineMapsAutoUpdate

Messaging policies

Messaging/AllowMMS
Messaging/AllowMessageSync
Messaging/AllowRCS

MSSecurityGuide policies

MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon
MSSecurityGuide/ConfigureSMBV1ClientDriver
MSSecurityGuide/ConfigureSMBV1Server
MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection
MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications
MSSecurityGuide/WDigestAuthentication

MSSLegacy policies

MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes
MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers
MSSLegacy/IPSourceRoutingProtectionLevel
MSSLegacy/IPv6SourceRoutingProtectionLevel

NetworkIsolation policies

NetworkIsolation/EnterpriseCloudResources
NetworkIsolation/EnterpriseIPRange
NetworkIsolation/EnterpriseIPRangesAreAuthoritative
NetworkIsolation/EnterpriseInternalProxyServers
NetworkIsolation/EnterpriseNetworkDomainNames
NetworkIsolation/EnterpriseProxyServers
NetworkIsolation/EnterpriseProxyServersAreAuthoritative
NetworkIsolation/NeutralResources

Notifications policies

Notifications/DisallowCloudNotification
Notifications/DisallowNotificationMirroring
Notifications/DisallowTileNotification

Power policies

Power/AllowStandbyStatesWhenSleepingOnBattery
Power/AllowStandbyWhenSleepingPluggedIn
Power/DisplayOffTimeoutOnBattery
Power/DisplayOffTimeoutPluggedIn
Power/EnergySaverBatteryThresholdOnBattery
Power/EnergySaverBatteryThresholdPluggedIn
Power/HibernateTimeoutOnBattery
Power/HibernateTimeoutPluggedIn
Power/RequirePasswordWhenComputerWakesOnBattery
Power/RequirePasswordWhenComputerWakesPluggedIn
Power/SelectLidCloseActionOnBattery
Power/SelectLidCloseActionPluggedIn
Power/SelectPowerButtonActionOnBattery
Power/SelectPowerButtonActionPluggedIn
Power/SelectSleepButtonActionOnBattery
Power/SelectSleepButtonActionPluggedIn
Power/StandbyTimeoutOnBattery
Power/StandbyTimeoutPluggedIn
Power/TurnOffHybridSleepOnBattery
Power/TurnOffHybridSleepPluggedIn
Power/UnattendedSleepTimeoutOnBattery
Power/UnattendedSleepTimeoutPluggedIn

Printers policies

Printers/PointAndPrintRestrictions
Printers/PointAndPrintRestrictions_User
Printers/PublishPrinters

Privacy policies

Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
Privacy/AllowCrossDeviceClipboard
Privacy/AllowInputPersonalization
Privacy/DisableAdvertisingId
Privacy/DisablePrivacyExperience
Privacy/EnableActivityFeed
Privacy/LetAppsAccessAccountInfo
Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps
Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps
Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps
Privacy/LetAppsAccessCalendar
Privacy/LetAppsAccessCalendar_ForceAllowTheseApps
Privacy/LetAppsAccessCalendar_ForceDenyTheseApps
Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps
Privacy/LetAppsAccessCallHistory
Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps
Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps
Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps
Privacy/LetAppsAccessCamera
Privacy/LetAppsAccessCamera_ForceAllowTheseApps
Privacy/LetAppsAccessCamera_ForceDenyTheseApps
Privacy/LetAppsAccessCamera_UserInControlOfTheseApps
Privacy/LetAppsAccessContacts
Privacy/LetAppsAccessContacts_ForceAllowTheseApps
Privacy/LetAppsAccessContacts_ForceDenyTheseApps
Privacy/LetAppsAccessContacts_UserInControlOfTheseApps
Privacy/LetAppsAccessEmail
Privacy/LetAppsAccessEmail_ForceAllowTheseApps
Privacy/LetAppsAccessEmail_ForceDenyTheseApps
Privacy/LetAppsAccessEmail_UserInControlOfTheseApps
Privacy/LetAppsAccessGazeInput
Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps
Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps
Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps
Privacy/LetAppsAccessLocation
Privacy/LetAppsAccessLocation_ForceAllowTheseApps
Privacy/LetAppsAccessLocation_ForceDenyTheseApps
Privacy/LetAppsAccessLocation_UserInControlOfTheseApps
Privacy/LetAppsAccessMessaging
Privacy/LetAppsAccessMessaging_ForceAllowTheseApps
Privacy/LetAppsAccessMessaging_ForceDenyTheseApps
Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps
Privacy/LetAppsAccessMicrophone
Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps
Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps
Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps
Privacy/LetAppsAccessMotion
Privacy/LetAppsAccessMotion_ForceAllowTheseApps
Privacy/LetAppsAccessMotion_ForceDenyTheseApps
Privacy/LetAppsAccessMotion_UserInControlOfTheseApps
Privacy/LetAppsAccessNotifications
Privacy/LetAppsAccessNotifications_ForceAllowTheseApps
Privacy/LetAppsAccessNotifications_ForceDenyTheseApps
Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps
Privacy/LetAppsAccessPhone
Privacy/LetAppsAccessPhone_ForceAllowTheseApps
Privacy/LetAppsAccessPhone_ForceDenyTheseApps
Privacy/LetAppsAccessPhone_UserInControlOfTheseApps
Privacy/LetAppsAccessRadios
Privacy/LetAppsAccessRadios_ForceAllowTheseApps
Privacy/LetAppsAccessRadios_ForceDenyTheseApps
Privacy/LetAppsAccessRadios_UserInControlOfTheseApps
Privacy/LetAppsAccessTasks
Privacy/LetAppsAccessTasks_ForceAllowTheseApps
Privacy/LetAppsAccessTasks_ForceDenyTheseApps
Privacy/LetAppsAccessTasks_UserInControlOfTheseApps
Privacy/LetAppsAccessTrustedDevices
Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps
Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps
Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps
Privacy/LetAppsGetDiagnosticInfo
Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps
Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps
Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps
Privacy/LetAppsRunInBackground
Privacy/LetAppsRunInBackground_ForceAllowTheseApps
Privacy/LetAppsRunInBackground_ForceDenyTheseApps
Privacy/LetAppsRunInBackground_UserInControlOfTheseApps
Privacy/LetAppsSyncWithDevices
Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps
Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps
Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps
Privacy/PublishUserActivities
Privacy/UploadUserActivities

RemoteAssistance policies

RemoteAssistance/CustomizeWarningMessages
RemoteAssistance/SessionLogging
RemoteAssistance/SolicitedRemoteAssistance
RemoteAssistance/UnsolicitedRemoteAssistance

RemoteDesktopServices policies

RemoteDesktopServices/AllowUsersToConnectRemotely
RemoteDesktopServices/ClientConnectionEncryptionLevel
RemoteDesktopServices/DoNotAllowDriveRedirection
RemoteDesktopServices/DoNotAllowPasswordSaving
RemoteDesktopServices/PromptForPasswordUponConnection
RemoteDesktopServices/RequireSecureRPCCommunication

RemoteManagement policies

RemoteManagement/AllowBasicAuthentication_Client
RemoteManagement/AllowBasicAuthentication_Service
RemoteManagement/AllowCredSSPAuthenticationClient
RemoteManagement/AllowCredSSPAuthenticationService
RemoteManagement/AllowRemoteServerManagement
RemoteManagement/AllowUnencryptedTraffic_Client
RemoteManagement/AllowUnencryptedTraffic_Service
RemoteManagement/DisallowDigestAuthentication
RemoteManagement/DisallowNegotiateAuthenticationClient
RemoteManagement/DisallowNegotiateAuthenticationService
RemoteManagement/DisallowStoringOfRunAsCredentials
RemoteManagement/SpecifyChannelBindingTokenHardeningLevel
RemoteManagement/TrustedHosts
RemoteManagement/TurnOnCompatibilityHTTPListener
RemoteManagement/TurnOnCompatibilityHTTPSListener

RemoteProcedureCall policies

RemoteProcedureCall/RPCEndpointMapperClientAuthentication
RemoteProcedureCall/RestrictUnauthenticatedRPCClients

RemoteShell policies

RemoteShell/AllowRemoteShellAccess
RemoteShell/MaxConcurrentUsers
RemoteShell/SpecifyIdleTimeout
RemoteShell/SpecifyMaxMemory
RemoteShell/SpecifyMaxProcesses
RemoteShell/SpecifyMaxRemoteShells
RemoteShell/SpecifyShellTimeout

RestrictedGroups policies

RestrictedGroups/ConfigureGroupMembership

Search policies

Search/AllowCloudSearch
Search/AllowCortanaInAAD
Search/AllowFindMyFiles
Search/AllowIndexingEncryptedStoresOrItems
Search/AllowSearchToUseLocation
Search/AllowStoringImagesFromVisionSearch
Search/AllowUsingDiacritics
Search/AllowWindowsIndexer
Search/AlwaysUseAutoLangDetection
Search/DisableBackoff
Search/DisableRemovableDriveIndexing
Search/DoNotUseWebResults
Search/PreventIndexingLowDiskSpaceMB
Search/PreventRemoteQueries
Search/SafeSearchPermissions

Security policies

Security/AllowAddProvisioningPackage
Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices
Security/AllowManualRootCertificateInstallation
Security/AllowRemoveProvisioningPackage
Security/AntiTheftMode
Security/ClearTPMIfNotReady
Security/ConfigureWindowsPasswords
Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices
Security/RecoveryEnvironmentAuthentication
Security/RequireDeviceEncryption
Security/RequireProvisioningPackageSignature
Security/RequireRetrieveHealthCertificateOnBoot

ServiceControlManager policies

ServiceControlManager/SvchostProcessMitigation

Settings policies

Settings/AllowAutoPlay
Settings/AllowDataSense
Settings/AllowDateTime
Settings/AllowEditDeviceName
Settings/AllowLanguage
Settings/AllowOnlineTips
Settings/AllowPowerSleep
Settings/AllowRegion
Settings/AllowSignInOptions
Settings/AllowVPN
Settings/AllowWorkplace
Settings/AllowYourAccount
Settings/ConfigureTaskbarCalendar
Settings/PageVisibilityList

SmartScreen policies

SmartScreen/EnableAppInstallControl
SmartScreen/EnableSmartScreenInShell
SmartScreen/PreventOverrideForFilesInShell

Speech policies

Speech/AllowSpeechModelUpdate

Start policies

Start/AllowPinnedFolderDocuments
Start/AllowPinnedFolderDownloads
Start/AllowPinnedFolderFileExplorer
Start/AllowPinnedFolderHomeGroup
Start/AllowPinnedFolderMusic
Start/AllowPinnedFolderNetwork
Start/AllowPinnedFolderPersonalFolder
Start/AllowPinnedFolderPictures
Start/AllowPinnedFolderSettings
Start/AllowPinnedFolderVideos
Start/DisableContextMenus
Start/ForceStartSize
Start/HideAppList
Start/HideChangeAccountSettings
Start/HideFrequentlyUsedApps
Start/HideHibernate
Start/HideLock
Start/HidePeopleBar
Start/HidePowerButton
Start/HideRecentJumplists
Start/HideRecentlyAddedApps
Start/HideRestart
Start/HideShutDown
Start/HideSignOut
Start/HideSleep
Start/HideSwitchAccount
Start/HideUserTile
Start/ImportEdgeAssets
Start/NoPinningToTaskbar
Start/StartLayout

Storage policies

Storage/AllowDiskHealthModelUpdates
Storage/EnhancedStorageDevices
Storage/RemovableDiskDenyWriteAccess

System policies

System/AllowBuildPreview
System/AllowCommercialDataPipeline
System/AllowDeviceNameInDiagnosticData
System/AllowEmbeddedMode
System/AllowExperimentation
System/AllowFontProviders
System/AllowLocation
System/AllowStorageCard
System/AllowTelemetry
System/AllowUserToResetPhone
System/BootStartDriverInitialization
System/ConfigureMicrosoft365UploadEndpoint
System/ConfigureTelemetryOptInChangeNotification
System/ConfigureTelemetryOptInSettingsUx
System/DisableDeviceDelete
System/DisableDiagnosticDataViewer
System/DisableEnterpriseAuthProxy
System/DisableOneDriveFileSync
System/DisableSystemRestore
System/FeedbackHubAlwaysSaveDiagnosticsLocally
System/LimitEnhancedDiagnosticDataWindowsAnalytics
System/TelemetryProxy
System/TurnOffFileHistory

SystemServices policies

SystemServices/ConfigureHomeGroupListenerServiceStartupMode
SystemServices/ConfigureHomeGroupProviderServiceStartupMode
SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode

TaskManager policies

TaskManager/AllowEndTask

TaskScheduler policies

TaskScheduler/EnableXboxGameSaveTask

TextInput policies

TextInput/AllowHardwareKeyboardTextSuggestions
TextInput/AllowIMELogging
TextInput/AllowIMENetworkAccess
TextInput/AllowInputPanel
TextInput/AllowJapaneseIMESurrogatePairCharacters
TextInput/AllowJapaneseIVSCharacters
TextInput/AllowJapaneseNonPublishingStandardGlyph
TextInput/AllowJapaneseUserDictionary
TextInput/AllowKeyboardTextSuggestions
TextInput/AllowKoreanExtendedHanja
TextInput/AllowLanguageFeaturesUninstall
TextInput/AllowLinguisticDataCollection
TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
TextInput/ExcludeJapaneseIMEExceptJIS0208
TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC
TextInput/ExcludeJapaneseIMEExceptShiftJIS
TextInput/ForceTouchKeyboardDockedState
TextInput/TouchKeyboardDictationButtonAvailability
TextInput/TouchKeyboardEmojiButtonAvailability
TextInput/TouchKeyboardFullModeAvailability
TextInput/TouchKeyboardHandwritingModeAvailability
TextInput/TouchKeyboardNarrowModeAvailability
TextInput/TouchKeyboardSplitModeAvailability
TextInput/TouchKeyboardWideModeAvailability

TimeLanguageSettings policies

TimeLanguageSettings/AllowSet24HourClock
TimeLanguageSettings/ConfigureTimeZone

Troubleshooting policies

Troubleshooting/AllowRecommendations

Update policies

Update/ActiveHoursEnd
Update/ActiveHoursMaxRange
Update/ActiveHoursStart
Update/AllowAutoUpdate
Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork
Update/AllowMUUpdateService
Update/AllowNonMicrosoftSignedUpdate
Update/AllowUpdateService
Update/AutoRestartDeadlinePeriodInDays
Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates
Update/AutoRestartNotificationSchedule
Update/AutoRestartRequiredNotificationDismissal
Update/AutomaticMaintenanceWakeUp
Update/BranchReadinessLevel
Update/ConfigureDeadlineForFeatureUpdates
Update/ConfigureDeadlineForQualityUpdates
Update/ConfigureDeadlineGracePeriod
Update/ConfigureDeadlineNoAutoReboot
Update/ConfigureFeatureUpdateUninstallPeriod
Update/DeferFeatureUpdatesPeriodInDays
Update/DeferQualityUpdatesPeriodInDays
Update/DeferUpdatePeriod
Update/DeferUpgradePeriod
Update/DetectionFrequency
Update/DisableDualScan
Update/EngagedRestartDeadline
Update/EngagedRestartDeadlineForFeatureUpdates
Update/EngagedRestartSnoozeSchedule
Update/EngagedRestartSnoozeScheduleForFeatureUpdates
Update/EngagedRestartTransitionSchedule
Update/EngagedRestartTransitionScheduleForFeatureUpdates
Update/ExcludeWUDriversInQualityUpdate
Update/FillEmptyContentUrls
Update/IgnoreMOAppDownloadLimit
Update/IgnoreMOUpdateDownloadLimit
Update/ManagePreviewBuilds
Update/PauseDeferrals
Update/PauseFeatureUpdates
Update/PauseFeatureUpdatesStartTime
Update/PauseQualityUpdates
Update/PauseQualityUpdatesStartTime
Update/PhoneUpdateRestrictions
Update/RequireDeferUpgrade
Update/RequireUpdateApproval
Update/ScheduleImminentRestartWarning
Update/ScheduleRestartWarning
Update/ScheduledInstallDay
Update/ScheduledInstallEveryWeek
Update/ScheduledInstallFirstWeek
Update/ScheduledInstallFourthWeek
Update/ScheduledInstallSecondWeek
Update/ScheduledInstallThirdWeek
Update/ScheduledInstallTime
Update/SetAutoRestartNotificationDisable
Update/SetDisablePauseUXAccess
Update/SetDisableUXWUAccess
Update/SetEDURestart
Update/UpdateNotificationLevel
Update/UpdateServiceUrl
Update/UpdateServiceUrlAlternate

UserRights policies

UserRights/AccessCredentialManagerAsTrustedCaller
UserRights/AccessFromNetwork
UserRights/ActAsPartOfTheOperatingSystem
UserRights/AllowLocalLogOn
UserRights/BackupFilesAndDirectories
UserRights/ChangeSystemTime
UserRights/CreateGlobalObjects
UserRights/CreatePageFile
UserRights/CreatePermanentSharedObjects
UserRights/CreateSymbolicLinks
UserRights/CreateToken
UserRights/DebugPrograms
UserRights/DenyAccessFromNetwork
UserRights/DenyLocalLogOn
UserRights/DenyRemoteDesktopServicesLogOn
UserRights/EnableDelegation
UserRights/GenerateSecurityAudits
UserRights/ImpersonateClient
UserRights/IncreaseSchedulingPriority
UserRights/LoadUnloadDeviceDrivers
UserRights/LockMemory
UserRights/ManageAuditingAndSecurityLog
UserRights/ManageVolume
UserRights/ModifyFirmwareEnvironment
UserRights/ModifyObjectLabel
UserRights/ProfileSingleProcess
UserRights/RemoteShutdown
UserRights/RestoreFilesAndDirectories
UserRights/TakeOwnership

Wifi policies

WiFi/AllowWiFiHotSpotReporting
Wifi/AllowAutoConnectToWiFiSenseHotspots
Wifi/AllowInternetSharing
Wifi/AllowManualWiFiConfiguration
Wifi/AllowWiFi
Wifi/AllowWiFiDirect
Wifi/WLANScanMode

WindowsConnectionManager policies

WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork

WindowsDefenderSecurityCenter policies

WindowsDefenderSecurityCenter/CompanyName
WindowsDefenderSecurityCenter/DisableAccountProtectionUI
WindowsDefenderSecurityCenter/DisableAppBrowserUI
WindowsDefenderSecurityCenter/DisableClearTpmButton
WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
WindowsDefenderSecurityCenter/DisableEnhancedNotifications
WindowsDefenderSecurityCenter/DisableFamilyUI
WindowsDefenderSecurityCenter/DisableHealthUI
WindowsDefenderSecurityCenter/DisableNetworkUI
WindowsDefenderSecurityCenter/DisableNotifications
WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
WindowsDefenderSecurityCenter/DisableVirusUI
WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride
WindowsDefenderSecurityCenter/Email
WindowsDefenderSecurityCenter/EnableCustomizedToasts
WindowsDefenderSecurityCenter/EnableInAppCustomization
WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
WindowsDefenderSecurityCenter/HideSecureBoot
WindowsDefenderSecurityCenter/HideTPMTroubleshooting
WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
WindowsDefenderSecurityCenter/Phone
WindowsDefenderSecurityCenter/URL

WindowsInkWorkspace policies

WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace
WindowsInkWorkspace/AllowWindowsInkWorkspace

WindowsLogon policies

WindowsLogon/AllowAutomaticRestartSignOn
WindowsLogon/ConfigAutomaticRestartSignOn
WindowsLogon/DisableLockScreenAppNotifications
WindowsLogon/DontDisplayNetworkSelectionUI
WindowsLogon/EnableFirstLogonAnimation
WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers
WindowsLogon/HideFastUserSwitching

WindowsPowerShell policies

WindowsPowerShell/TurnOnPowerShellScriptBlockLogging

WirelessDisplay policies

WirelessDisplay/AllowMdnsAdvertisement
WirelessDisplay/AllowMdnsDiscovery
WirelessDisplay/AllowProjectionFromPC
WirelessDisplay/AllowProjectionFromPCOverInfrastructure
WirelessDisplay/AllowProjectionToPC
WirelessDisplay/AllowProjectionToPCOverInfrastructure
WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver
WirelessDisplay/RequirePinForPairing

ADMX-backed policies

Policies supported by GP

Policies supported by Windows Holographic for Business

Policies supported by Windows Holographic

Policies supported by Microsoft Surface Hub

Policies supported by Windows 10 IoT Core

Policies supported by Windows 10 IoT Enterprise

Policies that can be set using Exchange Active Sync (EAS)

Examples

Set the minimum password length to 4 characters.

<SyncML xmlns="SYNCML:SYNCML1.2">
    <SyncBody>
        <Replace>
            <CmdID>$CmdID$</CmdID>
            <Item>
                <Target>
                    <LocURI>./Vendor/MSFT/Policy/Config/DeviceLock/MinDevicePasswordLength</LocURI>
                </Target>
                <Meta>
                    <Format xmlns="syncml:metinf">int</Format>
                </Meta>
                <Data>4</Data>
            </Item>
        </Replace>
        <Final/>
    </SyncBody>
</SyncML>

Do not allow NFC.

<SyncML xmlns="SYNCML:SYNCML1.2">
    <SyncBody>
        <Replace>
            <CmdID>$CmdID$</CmdID>
            <Item>
                <Target>
                    <LocURI>./Vendor/MSFT/Policy/Config/Connectivity/AllowNFC</LocURI>
                </Target>
                <Meta>
                    <Format xmlns="syncml:metinf">int</Format>
                </Meta>
                <Data>0</Data>
            </Item>
        </Replace>
        <Final/>
    </SyncBody>
</SyncML>

Related topics

Configuration service provider reference