windows-itpro-docs/windows/client-management/mdm/change-history-for-mdm-documentation.md

title, description, author, ms.author, ms.reviewer, manager, ms.topic, ms.prod, ms.technology, ms.localizationpriority, ms.date

title	description	author	ms.author	ms.reviewer	manager	ms.topic	ms.prod	ms.technology	ms.localizationpriority	ms.date
Change history for MDM documentation	This article lists new and updated articles for Mobile Device Management.	vinaypamnani-msft	vinpa		aaroncz	article	w10	windows	medium	10/19/2020

Change history for Mobile Device Management documentation

This article lists new and updated articles for the Mobile Device Management (MDM) documentation. Updated articles are those articles that had content addition, removal, or corrections—minor fixes, such as correction of typos, style, or formatting issues aren't listed.

November 2020

New or updated article	Description
Policy CSP	Added the following new policy: - Multitasking/BrowserAltTabBlowout
SurfaceHub CSP	Added the following new node: -Properties/SleepMode

October 2020

New or updated article

Description

Policy CSP

Added the following new policies - Experience/DisableCloudOptimizedContent - LocalUsersAndGroups/Configure - MixedReality/AADGroupMembershipCacheValidityInDays - MixedReality/BrightnessButtonDisabled - MixedReality/FallbackDiagnostics - MixedReality/MicrophoneDisabled - MixedReality/VolumeButtonDisabled - Update/DisableWUfBSafeguards - WindowsSandbox/AllowAudioInput - WindowsSandbox/AllowClipboardRedirection - WindowsSandbox/AllowNetworking - WindowsSandbox/AllowPrinterRedirection - WindowsSandbox/AllowVGPU - WindowsSandbox/AllowVideoInput

September 2020

New or updated article	Description
NetworkQoSPolicy CSP	Updated support information of the NetworkQoSPolicy CSP.
Policy CSP - LocalPoliciesSecurityOptions	Removed the following unsupported LocalPoliciesSecurityOptions policy settings from the documentation: - RecoveryConsole_AllowAutomaticAdministrativeLogon - DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways - DomainMember_DigitallyEncryptSecureChannelDataWhenPossible - DomainMember_DisableMachineAccountPasswordChanges - SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems

August 2020

New or updated article	Description
Policy CSP - System	Removed the following policy settings: - System/AllowDesktopAnalyticsProcessing - System/AllowMicrosoftManagedDesktopProcessing - System/AllowUpdateComplianceProcessing - System/AllowWUfBCloudProcessing

July 2020

New or updated article	Description
Policy CSP - System	Added the following new policy settings: - System/AllowDesktopAnalyticsProcessing - System/AllowMicrosoftManagedDesktopProcessing - System/AllowUpdateComplianceProcessing - System/AllowWUfBCloudProcessing Updated the following policy setting: - System/AllowCommercialDataPipeline

June 2020

New or updated article	Description
BitLocker CSP	Added SKU support table for AllowStandardUserEncryption.
Policy CSP - NetworkIsolation	Updated the description from Boolean to Integer for the following policy settings: EnterpriseIPRangesAreAuthoritative, EnterpriseProxyServersAreAuthoritative.

May 2020

New or updated article	Description
BitLocker CSP	Added the bitmask table for the Status/DeviceEncryptionStatus node.
Policy CSP - RestrictedGroups	Updated the topic with more details. Added policy timeline table.

February 2020

New or updated article	Description
CertificateStore CSP ClientCertificateInstall CSP	Added details about SubjectName value.

January 2020

New or updated article	Description
Policy CSP - Defender	Added descriptions for supported actions for Defender/ThreatSeverityDefaultAction.

November 2019

New or updated article	Description
Policy CSP - DeliveryOptimization	Added option 5 in the supported values list for DeliveryOptimization/DOGroupIdSource.
DiagnosticLog CSP	Added substantial updates to this CSP doc.

October 2019

New or updated article	Description
BitLocker CSP	Added the following new nodes: ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID.
Defender CSP	Added the following new nodes: Health/TamperProtectionEnabled, Health/IsVirtualMachine, Configuration, Configuration/TamperProtection, Configuration/EnableFileHashComputation.

September 2019

New or updated article	Description
EnterpriseModernAppManagement CSP	Added the following new node: IsStub.
Policy CSP - Defender	Updated the supported value list for Defender/ScheduleScanDay policy.
Policy CSP - DeviceInstallation	Added the following new policies: DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs, DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs.

August 2019

New or updated article	Description
DiagnosticLog CSP DiagnosticLog DDF	Added version 1.4 of the CSP in Windows 10, version 1903. Added the new 1.4 version of the DDF. Added the following new nodes: Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelName/MaximumFileSize, Policy/Channels/ChannelName/SDDL, Policy/Channels/ChannelName/ActionWhenFull, Policy/Channels/ChannelName/Enabled, DiagnosticArchive, DiagnosticArchive/ArchiveDefinition, DiagnosticArchive/ArchiveResults.
Enroll a Windows 10 device automatically using Group Policy	Enhanced the article to include more reference links and the following two topics: Verify auto-enrollment requirements and settings, Troubleshoot auto-enrollment of devices.

July 2019

New or updated article	Description
Policy CSP	Added the following list: Policies supported by HoloLens 2
ApplicationControl CSP	Added new CSP in Windows 10, version 1903.
PassportForWork CSP	Added the following new nodes in Windows 10, version 1903: SecurityKey, SecurityKey/UseSecurityKeyForSignin
Policy CSP - Privacy	Added the following new policies: LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock
Create a custom configuration service provider	Deleted the following documents from the CSP reference because extensibility via CSPs isn't currently supported: Create a custom configuration service provider Design a custom configuration service provider IConfigServiceProvider2 IConfigServiceProvider2::ConfigManagerNotification IConfigServiceProvider2::GetNode ICSPNode ICSPNode::Add ICSPNode::Clear ICSPNode::Copy ICSPNode::DeleteChild ICSPNode::DeleteProperty ICSPNode::Execute ICSPNode::GetChildNodeNames ICSPNode::GetProperty ICSPNode::GetPropertyIdentifiers ICSPNode::GetValue ICSPNode::Move ICSPNode::SetProperty ICSPNode::SetValue ICSPNodeTransactioning ICSPValidate Samples for writing a custom configuration service provider.

June 2019

New or updated article	Description
Policy CSP - DeviceHealthMonitoring	Added the following new policies: AllowDeviceHealthMonitoring, ConfigDeviceHealthMonitoringScope, ConfigDeviceHealthMonitoringUploadDestination.
Policy CSP - TimeLanguageSettings	Added the following new policy: ConfigureTimeZone.

May 2019

New or updated article	Description
DeviceStatus CSP	Updated description of the following nodes: DeviceStatus/Antivirus/SignatureStatus, DeviceStatus/Antispyware/SignatureStatus.
EnrollmentStatusTracking CSP	Added new CSP in Windows 10, version 1903.
Policy CSP - DeliveryOptimization	Added the following new policies: DODelayCacheServerFallbackBackground, DODelayCacheServerFallbackForeground. Updated description of the following policies: DOMinRAMAllowedToPeer, DOMinFileSizeToCache, DOMinDiskSizeAllowedToPeer.
Policy CSP - Experience	Added the following new policy: ShowLockOnUserTile.
Policy CSP - InternetExplorer	Added the following new policies: AllowEnhancedSuggestionsInAddressBar, DisableActiveXVersionListAutoDownload, DisableCompatView, DisableFeedsBackgroundSync, DisableGeolocation, DisableWebAddressAutoComplete, NewTabDefaultPage.
Policy CSP - Power	Added the following new policies: EnergySaverBatteryThresholdOnBattery, EnergySaverBatteryThresholdPluggedIn, SelectLidCloseActionOnBattery, SelectLidCloseActionPluggedIn, SelectPowerButtonActionOnBattery, SelectPowerButtonActionPluggedIn, SelectSleepButtonActionOnBattery, SelectSleepButtonActionPluggedIn, TurnOffHybridSleepOnBattery, TurnOffHybridSleepPluggedIn, UnattendedSleepTimeoutOnBattery, UnattendedSleepTimeoutPluggedIn.
Policy CSP - Search	Added the following new policy: AllowFindMyFiles.
Policy CSP - ServiceControlManager	Added the following new policy: SvchostProcessMitigation.
Policy CSP - System	Added the following new policies: AllowCommercialDataPipeline, TurnOffFileHistory.
Policy CSP - Troubleshooting	Added the following new policy: AllowRecommendations.
Policy CSP - Update	Added the following new policies: AutomaticMaintenanceWakeUp, ConfigureDeadlineForFeatureUpdates, ConfigureDeadlineForQualityUpdates, ConfigureDeadlineGracePeriod, ConfigureDeadlineNoAutoReboot.
Policy CSP - WindowsLogon	Added the following new policies: AllowAutomaticRestartSignOn, ConfigAutomaticRestartSignOn, EnableFirstLogonAnimation. Removed the following policy: SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart. This policy is replaced by AllowAutomaticRestartSignOn.

April 2019

New or updated article	Description
Win32 and Desktop Bridge app policy configuration	Added the following warning at the end of the Overview section: Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it doesn't. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined.
Policy CSP - UserRights	Added a note stating if you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag () to wrap the data fields.

March 2019

New or updated article	Description
Policy CSP - Storage	Updated ADMX Info of the following policies: AllowStorageSenseGlobal, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseCloudContentDehydrationThreshold, ConfigStorageSenseDownloadsCleanupThreshold, ConfigStorageSenseGlobalCadence, ConfigStorageSenseRecycleBinCleanupThreshold. Updated description of ConfigStorageSenseDownloadsCleanupThreshold.

February 2019

New or updated article	Description
Policy CSP	Updated supported policies for Holographic.

January 2019

New or updated article	Description
Policy CSP - Storage	Added the following new policies: AllowStorageSenseGlobal, ConfigStorageSenseGlobalCadence, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseRecycleBinCleanupThreshold, ConfigStorageSenseDownloadsCleanupThreshold, and ConfigStorageSenseCloudContentCleanupThreshold.
SharedPC CSP	Updated values and supported operations.
Mobile device management	Updated information about MDM Security Baseline.

December 2018

New or updated article	Description
BitLocker CSP	Updated AllowWarningForOtherDiskEncryption policy description to describe silent and non-silent encryption scenarios, as well as where and how the recovery key is backed up for each scenario.

September 2018

New or updated article	Description
Policy CSP - DeviceGuard	Updated ConfigureSystemGuardLaunch policy and replaced EnableSystemGuard with it.

August 2018

New or updated article	Description
BitLocker CSP	Added support for Windows 10 Pro starting in the version 1809.
Office CSP	Added FinalStatus setting in Windows 10, version 1809.
RemoteWipe CSP	Added new settings in Windows 10, version 1809.
TenantLockdown CSP	Added new CSP in Windows 10, version 1809.
WindowsDefenderApplicationGuard CSP	Added new settings in Windows 10, version 1809.
Policy DDF file	Posted an updated version of the Policy DDF for Windows 10, version 1809.
Policy CSP	Added the following new policies in Windows 10, version 1809: Browser/AllowFullScreenMode Browser/AllowPrelaunch Browser/AllowPrinting Browser/AllowSavingHistory Browser/AllowSideloadingOfExtensions Browser/AllowTabPreloading Browser/AllowWebContentOnNewTabPage Browser/ConfigureFavoritesBar Browser/ConfigureHomeButton Browser/ConfigureKioskMode Browser/ConfigureKioskResetAfterIdleTimeout Browser/ConfigureOpenMicrosoftEdgeWith Browser/ConfigureTelemetryForMicrosoft365Analytics Browser/PreventCertErrorOverrides Browser/SetHomeButtonURL Browser/SetNewTabPageURL Browser/UnlockHomeButton Experience/DoNotSyncBrowserSettings Experience/PreventUsersFromTurningOnBrowserSyncing Kerberos/UPNNameHints Privacy/AllowCrossDeviceClipboard Privacy DisablePrivacyExperience Privacy/UploadUserActivities System/AllowDeviceNameInDiagnosticData System/ConfigureMicrosoft365UploadEndpoint System/DisableDeviceDelete System/DisableDiagnosticDataViewer Storage/RemovableDiskDenyWriteAccess Update/UpdateNotificationLevel Start/DisableContextMenus - added in Windows 10, version 1803. RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.

July 2018

New or updated article	Description
AssignedAccess CSP	Added the following note: You can only assign one single app kiosk profile to an individual user account on a device. The single app profile doesn't support domain groups.
PassportForWork CSP	Added new settings in Windows 10, version 1809.
EnterpriseModernAppManagement CSP	Added NonRemovable setting under AppManagement node in Windows 10, version 1809.
Win32CompatibilityAppraiser CSP	Added new configuration service provider in Windows 10, version 1809.
WindowsLicensing CSP	Added S mode settings and SyncML examples in Windows 10, version 1809.
SUPL CSP	Added three new certificate nodes in Windows 10, version 1809.
Defender CSP	Added a new node Health/ProductStatus in Windows 10, version 1809.
BitLocker CSP	Added a new node AllowStandardUserEncryption in Windows 10, version 1809.
DevDetail CSP	Added a new node SMBIOSSerialNumber in Windows 10, version 1809.
Policy CSP	Added the following new policies in Windows 10, version 1809: ApplicationManagement/LaunchAppAfterLogOn ApplicationManagement/ScheduleForceRestartForUpdateFailures Authentication/EnableFastFirstSignIn (Preview mode only) Authentication/EnableWebSignIn (Preview mode only) Authentication/PreferredAadTenantDomainName Defender/CheckForSignaturesBeforeRunningScan Defender/DisableCatchupFullScan Defender/DisableCatchupQuickScan Defender/EnableLowCPUPriority Defender/SignatureUpdateFallbackOrder Defender/SignatureUpdateFileSharesSources DeviceGuard/ConfigureSystemGuardLaunch DeviceInstallation/AllowInstallationOfMatchingDeviceIDs DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses DeviceInstallation/PreventDeviceMetadataFromNetwork DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings DmaGuard/DeviceEnumerationPolicy Experience/AllowClipboardHistory Security/RecoveryEnvironmentAuthentication TaskManager/AllowEndTask WindowsDefenderSecurityCenter/DisableClearTpmButton WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl WindowsLogon/DontDisplayNetworkSelectionUI Recent changes: DataUsage/SetCost3G - deprecated in Windows 10, version 1809.

June 2018

New or updated article	Description
Wifi CSP	Added a new node WifiCost in Windows 10, version 1809.
Diagnose MDM failures in Windows 10	Recent changes: Added procedure for collecting logs remotely from Windows 10 Holographic. Added procedure for downloading the MDM Diagnostic Information log.
BitLocker CSP	Added new node AllowStandardUserEncryption in Windows 10, version 1809.
Policy CSP	Recent changes: AccountPoliciesAccountLockoutPolicy AccountLockoutDuration - removed from docs. Not supported. AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported. AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported. LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported. System/AllowFontProviders isn't supported in HoloLens (first gen) Commercial Suite. Security/RequireDeviceEncryption is supported in the Home SKU. Start/StartLayout - added a table of SKU support information. Start/ImportEdgeAssets - added a table of SKU support information. Added the following new policies in Windows 10, version 1809: Update/EngagedRestartDeadlineForFeatureUpdates Update/EngagedRestartSnoozeScheduleForFeatureUpdates Update/EngagedRestartTransitionScheduleForFeatureUpdates Update/SetDisablePauseUXAccess Update/SetDisableUXWUAccess
WiredNetwork CSP	New CSP added in Windows 10, version 1809.

May 2018

New or updated article	Description
Policy DDF file	Updated the DDF files in the Windows 10 version 1703 and 1709. Download the Policy DDF file for Windows 10, version 1709 Download the Policy DDF file for Windows 10, version 1703

April 2018

New or updated article	Description
WindowsDefenderApplicationGuard CSP	Added the following node in Windows 10, version 1803: Settings/AllowVirtualGPU Settings/SaveFilesToHost
NetworkProxy CSP	Added the following node in Windows 10, version 1803: ProxySettingsPerUser
Accounts CSP	Added a new CSP in Windows 10, version 1803.
CSP DDF files download	Added the DDF download of Windows 10, version 1803 configuration service providers.
Policy CSP	Added the following new policies for Windows 10, version 1803: Bluetooth/AllowPromptedProximalConnections KioskBrowser/EnableEndSessionButton LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers

March 2018

New or updated article	Description
eUICCs CSP	Added the following node in Windows 10, version 1803: IsEnabled
DeviceStatus CSP	Added the following node in Windows 10, version 1803: OS/Mode
Understanding ADMX-backed policies	Added the following videos: How to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune How to import a custom ADMX file to a device using Intune
AccountManagement CSP	Added a new CSP in Windows 10, version 1803.
RootCATrustedCertificates CSP	Added the following node in Windows 10, version 1803: UntrustedCertificates
Policy CSP	Added the following new policies for Windows 10, version 1803: ApplicationDefaults/EnableAppUriHandlers ApplicationManagement/MSIAllowUserControlOverInstall ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges Connectivity/AllowPhonePCLinking Notifications/DisallowCloudNotification Notifications/DisallowTileNotification RestrictedGroups/ConfigureGroupMembership The following existing policies were updated: Browser/AllowCookies - updated the supported values. There are three values - 0, 1, 2. InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion. Added a new section: [Policies in Policy CSP supported by Group Policy - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.
Policy CSP - Bluetooth	Added new section ServicesAllowedList usage guide.
MultiSIM CSP	Added SyncML examples and updated the settings descriptions.
RemoteWipe CSP	Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.

February 2018

New or updated article	Description
Policy CSP	Added the following new policies for Windows 10, version 1803: Display/DisablePerProcessDpiForApps Display/EnablePerProcessDpi Display/EnablePerProcessDpiForApps Experience/AllowWindowsSpotlightOnSettings TextInput/ForceTouchKeyboardDockedState TextInput/TouchKeyboardDictationButtonAvailability TextInput/TouchKeyboardEmojiButtonAvailability TextInput/TouchKeyboardFullModeAvailability TextInput/TouchKeyboardHandwritingModeAvailability TextInput/TouchKeyboardNarrowModeAvailability TextInput/TouchKeyboardSplitModeAvailability TextInput/TouchKeyboardWideModeAvailability
VPNv2 ProfileXML XSD	Updated the XSD and Plug-in profile example for VPNv2 CSP.
AssignedAccess CSP	Added the following nodes in Windows 10, version 1803: Status ShellLauncher StatusConfiguration Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (first gen) Commercial Suite. Added example for HoloLens (first gen) Commercial Suite.
MultiSIM CSP	Added a new CSP in Windows 10, version 1803.
EnterpriseModernAppManagement CSP	Added the following node in Windows 10, version 1803: MaintainProcessorArchitectureOnUpdate

January 2018

New or updated article	Description
Policy CSP	Added the following new policies for Windows 10, version 1803: Browser/AllowConfigurationUpdateForBooksLibrary Browser/AlwaysEnableBooksLibrary Browser/EnableExtendedBooksTelemetry Browser/UseSharedFolderForBooks DeliveryOptimization/DODelayBackgroundDownloadFromHttp DeliveryOptimization/DODelayForegroundDownloadFromHttp DeliveryOptimization/DOGroupIdSource DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth DeliveryOptimization/DORestrictPeerSelectionBy DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth KioskBrowser/BlockedUrlExceptions KioskBrowser/BlockedUrls KioskBrowser/DefaultURL KioskBrowser/EnableHomeButton KioskBrowser/EnableNavigationButtons KioskBrowser/RestartOnIdleTime LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode RestrictedGroups/ConfigureGroupMembership Search/AllowCortanaInAAD Search/DoNotUseWebResults Security/ConfigureWindowsPasswords System/FeedbackHubAlwaysSaveDiagnosticsLocally SystemServices/ConfigureHomeGroupListenerServiceStartupMode SystemServices/ConfigureHomeGroupProviderServiceStartupMode SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode TaskScheduler/EnableXboxGameSaveTask TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode Update/ConfigureFeatureUpdateUninstallPeriod UserRights/AccessCredentialManagerAsTrustedCaller UserRights/AccessFromNetwork UserRights/ActAsPartOfTheOperatingSystem UserRights/AllowLocalLogOn UserRights/BackupFilesAndDirectories UserRights/ChangeSystemTime UserRights/CreateGlobalObjects UserRights/CreatePageFile UserRights/CreatePermanentSharedObjects UserRights/CreateSymbolicLinks UserRights/CreateToken UserRights/DebugPrograms UserRights/DenyAccessFromNetwork UserRights/DenyLocalLogOn UserRights/DenyRemoteDesktopServicesLogOn UserRights/EnableDelegation UserRights/GenerateSecurityAudits UserRights/ImpersonateClient UserRights/IncreaseSchedulingPriority UserRights/LoadUnloadDeviceDrivers UserRights/LockMemory UserRights/ManageAuditingAndSecurityLog UserRights/ManageVolume UserRights/ModifyFirmwareEnvironment UserRights/ModifyObjectLabel UserRights/ProfileSingleProcess UserRights/RemoteShutdown UserRights/RestoreFilesAndDirectories UserRights/TakeOwnership WindowsDefenderSecurityCenter/DisableAccountProtectionUI WindowsDefenderSecurityCenter/DisableDeviceSecurityUI WindowsDefenderSecurityCenter/HideRansomwareDataRecovery WindowsDefenderSecurityCenter/HideSecureBoot WindowsDefenderSecurityCenter/HideTPMTroubleshooting Added the following policies in Windows 10, version 1709 DeviceLock/MinimumPasswordAge Settings/AllowOnlineTips System/DisableEnterpriseAuthProxy Security/RequireDeviceEncryption - updated to show it's supported in desktop.
BitLocker CSP	Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.
EnterpriseModernAppManagement CSP	Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.
DMClient CSP	Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803: AADSendDeviceToken BlockInStatusPage AllowCollectLogsButton CustomErrorText SkipDeviceStatusPage SkipUserStatusPage
Defender CSP	Added new node (OfflineScan) in Windows 10, version 1803.
UEFI CSP	Added a new CSP in Windows 10, version 1803.
Update CSP	Added the following nodes in Windows 10, version 1803: Rollback Rollback/FeatureUpdate Rollback/QualityUpdateStatus Rollback/FeatureUpdateStatus

December 2017

New or updated article	Description
Configuration service provider reference	Added new section CSP DDF files download

November 2017

New or updated article

Description

Policy CSP

Added the following policies for Windows 10, version 1709: Authentication/AllowFidoDeviceSignon Cellular/LetAppsAccessCellularData Cellular/LetAppsAccessCellularData_ForceAllowTheseApps Cellular/LetAppsAccessCellularData_ForceDenyTheseApps Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps Start/HidePeopleBar Storage/EnhancedStorageDevices Update/ManagePreviewBuilds WirelessDisplay/AllowMdnsAdvertisement WirelessDisplay/AllowMdnsDiscovery Added missing policies from previous releases: Connectivity/DisallowNetworkConnectivityActiveTest Search/AllowWindowsIndexer

October 2017

New or updated article	Description
Policy DDF file	Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709.
Policy CSP	Updated the following policies: - Defender/ControlledFolderAccessAllowedApplications - string separator is `
eUICCs CSP	Added new CSP in Windows 10, version 1709.
AssignedAccess CSP	Added SyncML examples for the new Configuration node.
DMClient CSP	Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics.

September 2017

New or updated article	Description
Policy CSP	Added the following new policies for Windows 10, version 1709: Authentication/AllowAadPasswordReset Handwriting/PanelDefaultModeDocked Search/AllowCloudSearch System/LimitEnhancedDiagnosticDataWindowsAnalytics Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.
AssignedAccess CSP	Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.
Microsoft Store for Business and Microsoft Store	Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.
The [MS-MDE2]: Mobile Device Enrollment Protocol Version 2	The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message: UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page. ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need. DomainName - fully qualified domain name if the device is domain-joined. For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.
EnterpriseAPN CSP	Added a SyncML example.
VPNv2 CSP	Added RegisterDNS setting in Windows 10, version 1709.
Enroll a Windows 10 device automatically using Group Policy	Added new topic to introduce a new Group Policy for automatic MDM enrollment.
MDM enrollment of Windows-based devices	New features in the Settings app: User sees installation progress of critical policies during MDM enrollment. User knows what policies, profiles, apps MDM has configured IT helpdesk can get detailed MDM diagnostic information using client tools For details, see Managing connections and Collecting diagnostic logs

August 2017

New or updated article	Description
Enable ADMX-backed policies in MDM	Added new step-by-step guide to enable ADMX-backed policies.
Mobile device enrollment	Added the following statement: Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.
CM_CellularEntries CSP	Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.
EnterpriseDataProtection CSP	Updated the Settings/EDPEnforcementLevel values to the following values: 0 (default) – Off / No protection (decrypts previously protected data). 1 – Silent mode (encrypt and audit only). 2 – Allow override mode (encrypt, prompt and allow overrides, and audit). 3 – Hides overrides (encrypt, prompt but hide overrides, and audit).
AppLocker CSP	Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in Allowlist examples.
DeviceManageability CSP	Added the following settings in Windows 10, version 1709: Provider/ProviderID/ConfigInfo Provider/ProviderID/EnrollmentInfo
Office CSP	Added the following setting in Windows 10, version 1709: Installation/CurrentStatus
BitLocker CSP	Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to four digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.
Firewall CSP	Updated the CSP and DDF topics. Here are the changes: Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes. Changed some data types from integer to bool. Updated the list of supported operations for some settings. Added default values.
Policy DDF file	Added another Policy DDF file download for the 8C release of Windows 10, version 1607, which added the following policies: Browser/AllowMicrosoftCompatibilityList Update/DisableDualScan Update/FillEmptyContentUrls
Policy CSP	Added the following new policies for Windows 10, version 1709: Browser/ProvisionFavorites Browser/LockdownFavorites ExploitGuard/ExploitProtectionSettings Games/AllowAdvancedGamingServices LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations Privacy/EnableActivityFeed Privacy/PublishUserActivities Update/DisableDualScan Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials. Changed the names of the following policies: Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess Added links to the extra ADMX-backed BitLocker policies. There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709: Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts Start/HideAppList