deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-networklistmanager.md
Nimisha Satapathy 1a41dd2059
Update windows/client-management/mdm/policy-csp-networklistmanager.md 
Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
2021-12-10 11:04:29 +05:30

3.0 KiB
Raw Blame History

title, description, ms.author, ms.topic, ms.prod, ms.technology, author, ms.localizationpriority, ms.date, ms.reviewer, manager
title description ms.author ms.topic ms.prod ms.technology author ms.localizationpriority ms.date ms.reviewer manager
Policy CSP - NetworkListManager The Policy CSP - NetworkListManager setting creates a new MDM policy that allows admins to configure a list of URIs of HTTPS endpoints that are considered secure. v-nsatapathy article w10 windows nimishasatapathy medium 7/10/2021 dansimp

Policy CSP - NetworkListManager

NetworkListManager policies

NetworkListManager/AllowedTlsAuthenticationEndpoints
NetworkListManager/ConfiguredTLSAuthenticationNetworkName

NetworkListManager/AllowedTlsAuthenticationEndpoints

Edition Windows 10 Windows 11
Home No No
Pro No No
Business No No
Enterprise Yes Yes
Education Yes Yes

Scope:

[!div class = "checklist"]

  • Machine

This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated.
When entering a list of TLS Endpoints in MEM (Microsoft Endpoint Management), you must follow this format even in the UI:
<![CDATA[https://nls.corp.contoso.com&#xF000;https://nls.corp.fabricam.com]]>

  • The HTTPS endpoint must not have any additional authentication checks, such as login or multifactor authentication.
  • The HTTPS endpoint must be an internal address not accessible from outside the corporate network.
  • The client must trust the server certificate, so the CA cert the HTTPS server cert chains to must be present in the client machines root certificate store.
  • A certificate should not be a public certificate.

NetworkListManager/ConfiguredTLSAuthenticationNetworkName

Edition Windows 10 Windows 11
Home No No
Pro No No
Business No No
Enterprise Yes Yes
Education Yes Yes

Scope:

[!div class = "checklist"]

  • Machine

This policy setting provides the string to be used to name the network authenticated against one of the endpoints listed in NetworkListManager/AllowedTlsAuthenticationEndpoints policy. If this setting is used for Trusted Network Detection in an Always On VPN profile, it must be the DNS suffix configured in the TrustedNetworkDetection attribute.