deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-configuration-service-provider.md
Nicholas Brower 672bdc1c11 Merged PR 2757: fixing incorrect policy names, and deleting one that was never implemented 
fixing incorrect policy names, and deleting one that was never implemented
2017-08-17 19:12:50 +00:00

252 KiB
Raw Blame History

title, description, ms.assetid, ms.author, ms.topic, ms.prod, ms.technology, author, ms.date
title description ms.assetid ms.author ms.topic ms.prod ms.technology author ms.date
Policy CSP Policy CSP 4F3A1134-D401-44FC-A583-6EDD3070BA4F maricia article w10 windows nickbrower 08/14/2017

Policy CSP

Warning

Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

The Policy configuration service provider enables the enterprise to configure policies on Windows 10. Use this configuration service provider to configure any company policies.

The Policy configuration service provider has the following sub-categories:

  • Policy/Config/AreaName Handles the policy configuration request from the server.
  • Policy/Result/AreaName Provides a read-only path to policies enforced on the device.

The following diagram shows the Policy configuration service provider in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.

policy csp diagram

./Vendor/MSFT/Policy

The root node for the Policy configuration service provider.

Supported operation is Get.

Policy/Config

Node for grouping all policies configured by one source. The configuration source can use this path to set policy values and later query any policy value that it previously set. One policy can be configured by multiple configuration sources. If a configuration source wants to query the result of conflict resolution (for example, if Exchange and MDM both attempt to set a value,) the configuration source can use the Policy/Result path to retrieve the resulting value.

Supported operation is Get.

Policy/Config/****AreaName

The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value.

Supported operations are Add, Get, and Delete.

Policy/Config/****AreaName/PolicyName

Specifies the name/value pair used in the policy.

The following list shows some tips to help you when configuring policies:

  • Separate substring values by the Unicode  in the XML file.

Note

 A query from a different caller could provide a different value as each caller could have different values for a named policy.

  • In SyncML, wrap this policy with the Atomic command so that the policy settings are treated as a single transaction.
  • Supported operations are Add, Get, Delete, and Replace.
  • Value type is string.

Policy/Result

Groups the evaluated policies from all providers that can be configured.

Supported operation is Get.

Policy/Result/****AreaName

The area group that can be configured by a single technology independent of the providers.

Supported operation is Get.

Policy/Result/****AreaName/PolicyName

Specifies the name/value pair used in the policy.

Supported operation is Get.

Policy/ConfigOperations

Added in Windows 10, version 1703. The root node for grouping different configuration operations.

Supported operations are Add, Get, and Delete.

Policy/ConfigOperations/ADMXInstall

Added in Windows 10, version 1703. Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed polices for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: `./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md).

Note

The OPAX settings that are managed by the Microsoft Office Customization Tool are not supported by MDM. For more information about this tool, see Office Customization Tool.

ADMX files that have been installed by using **ConfigOperations/ADMXInstall** can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, `./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}`.

Supported operations are Add, Get, and Delete.

Policy/ConfigOperations/ADMXInstall/****AppName

Added in Windows 10, version 1703. Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file.

Supported operations are Add, Get, and Delete.

Policy/ConfigOperations/ADMXInstall/****AppName/Policy

Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app policy is to be imported.

Supported operations are Add, Get, and Delete.

Policy/ConfigOperations/ADMXInstall/****AppName/Policy/UniqueID

Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the policy to import.

Supported operations are Add and Get. Does not support Delete.

Policy/ConfigOperations/ADMXInstall/****AppName/Preference

Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app preference is to be imported.

Supported operations are Add, Get, and Delete.

Policy/ConfigOperations/ADMXInstall/****AppName/Preference/UniqueID

Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the preference to import.

Supported operations are Add and Get. Does not support Delete.

Note

The policies supported in Windows 10 S is the same as in Windows 10 Pro, except that policies under AppliationsDefaults are not suppported in Windows 10 S.

Policies

AboveLock policies

AboveLock/AllowActionCenterNotifications
AboveLock/AllowCortanaAboveLock
AboveLock/AllowToasts

Accounts policies

Accounts/AllowAddingNonMicrosoftAccountsManually
Accounts/AllowMicrosoftAccountConnection
Accounts/AllowMicrosoftAccountSignInAssistant
Accounts/DomainNamesForEmailSync

ActiveXControls policies

ActiveXControls/ApprovedInstallationSites

ApplicationDefaults policies

ApplicationDefaults/DefaultAssociationsConfiguration

ApplicationManagement policies

ApplicationManagement/AllowAllTrustedApps
ApplicationManagement/AllowAppStoreAutoUpdate
ApplicationManagement/AllowDeveloperUnlock
ApplicationManagement/AllowGameDVR
ApplicationManagement/AllowSharedUserAppData
ApplicationManagement/AllowStore
ApplicationManagement/ApplicationRestrictions
ApplicationManagement/DisableStoreOriginatedApps
ApplicationManagement/RequirePrivateStoreOnly
ApplicationManagement/RestrictAppDataToSystemVolume
ApplicationManagement/RestrictAppToSystemVolume

AppVirtualization policies

AppVirtualization/AllowAppVClient
AppVirtualization/AllowDynamicVirtualization
AppVirtualization/AllowPackageCleanup
AppVirtualization/AllowPackageScripts
AppVirtualization/AllowPublishingRefreshUX
AppVirtualization/AllowReportingServer
AppVirtualization/AllowRoamingFileExclusions
AppVirtualization/AllowRoamingRegistryExclusions
AppVirtualization/AllowStreamingAutoload
AppVirtualization/ClientCoexistenceAllowMigrationmode
AppVirtualization/IntegrationAllowRootGlobal
AppVirtualization/IntegrationAllowRootUser
AppVirtualization/PublishingAllowServer1
AppVirtualization/PublishingAllowServer2
AppVirtualization/PublishingAllowServer3
AppVirtualization/PublishingAllowServer4
AppVirtualization/PublishingAllowServer5
AppVirtualization/StreamingAllowCertificateFilterForClient_SSL
AppVirtualization/StreamingAllowHighCostLaunch
AppVirtualization/StreamingAllowLocationProvider
AppVirtualization/StreamingAllowPackageInstallationRoot
AppVirtualization/StreamingAllowPackageSourceRoot
AppVirtualization/StreamingAllowReestablishmentInterval
AppVirtualization/StreamingAllowReestablishmentRetries
AppVirtualization/StreamingSharedContentStoreMode
AppVirtualization/StreamingSupportBranchCache
AppVirtualization/StreamingVerifyCertificateRevocationList
AppVirtualization/VirtualComponentsAllowList

AttachmentManager policies

AttachmentManager/DoNotPreserveZoneInformation
AttachmentManager/HideZoneInfoMechanism
AttachmentManager/NotifyAntivirusPrograms

Authentication policies

Authentication/AllowEAPCertSSO
Authentication/AllowFastReconnect
Authentication/AllowSecondaryAuthenticationDevice

Autoplay policies

Autoplay/DisallowAutoplayForNonVolumeDevices
Autoplay/SetDefaultAutoRunBehavior
Autoplay/TurnOffAutoPlay

Bitlocker policies

Bitlocker/EncryptionMethod
BitLocker/EncryptionMethodByDriveType in BitLocker CSP
BitLocker/FixedDrivesRecoveryOptions in BitLocker CSP
BitLocker/FixedDrivesRequireEncryption in BitLocker CSP
BitLocker/RemovableDrivesRequireEncryption in BitLocker CSP
BitLocker/SystemDrivesMinimumPINLength in BitLocker CSP
BitLocker/SystemDrivesRecoveryMessage in BitLocker CSP
BitLocker/SystemDrivesRecoveryOptions in BitLocker CSP
BitLocker/SystemDrivesRequireStartupAuthentication in BitLocker CSP

Bluetooth policies

Bluetooth/AllowAdvertising
Bluetooth/AllowDiscoverableMode
Bluetooth/AllowPrepairing
Bluetooth/LocalDeviceName
Bluetooth/ServicesAllowedList

Browser policies

Browser/AllowAddressBarDropdown
Browser/AllowAutofill
Browser/AllowBrowser
Browser/AllowCookies
Browser/AllowDeveloperTools
Browser/AllowDoNotTrack
Browser/AllowExtensions
Browser/AllowFlash
Browser/AllowFlashClickToRun
Browser/AllowInPrivate
Browser/AllowMicrosoftCompatibilityList
Browser/AllowPasswordManager
Browser/AllowPopups
Browser/AllowSearchEngineCustomization
Browser/AllowSearchSuggestionsinAddressBar
Browser/AllowSmartScreen
Browser/ClearBrowsingDataOnExit
Browser/ConfigureAdditionalSearchEngines
Browser/DisableLockdownOfStartPages
Browser/EnterpriseModeSiteList
Browser/EnterpriseSiteListServiceUrl
Browser/FirstRunURL
Browser/HomePages
Browser/PreventAccessToAboutFlagsInMicrosoftEdge
Browser/PreventFirstRunPage
Browser/PreventLiveTileDataCollection
Browser/PreventSmartScreenPromptOverride
Browser/PreventSmartScreenPromptOverrideForFiles
Browser/PreventUsingLocalHostIPAddressForWebRTC
Browser/SendIntranetTraffictoInternetExplorer
Browser/SetDefaultSearchEngine
Browser/ShowMessageWhenOpeningSitesInInternetExplorer
Browser/SyncFavoritesBetweenIEAndMicrosoftEdge

Camera policies

Camera/AllowCamera

Cellular policies

Cellular/ShowAppCellularAccessUI

Connectivity policies

Connectivity/AllowBluetooth
Connectivity/AllowCellularData
Connectivity/AllowCellularDataRoaming
Connectivity/AllowConnectedDevices
Connectivity/AllowNFC
Connectivity/AllowUSBConnection
Connectivity/AllowVPNOverCellular
Connectivity/AllowVPNRoamingOverCellular
Connectivity/DiablePrintingOverHTTP
Connectivity/DisableDownloadingOfPrintDriversOverHTTP
Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
Connectivity/HardenedUNCPaths
Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge

CredentialProviders policies

CredentialProviders/AllowPINLogon
CredentialProviders/BlockPicturePassword
CredentialProviders/DisableAutomaticReDeploymentCredentials

CredentialsUI policies

CredentialsUI/DisablePasswordReveal
CredentialsUI/EnumerateAdministrators

Cryptography policies

Cryptography/AllowFipsAlgorithmPolicy
Cryptography/TLSCipherSuites

DataProtection policies

DataProtection/AllowDirectMemoryAccess
DataProtection/LegacySelectiveWipeID

DataUsage policies

DataUsage/SetCost3G
DataUsage/SetCost4G

Defender policies

Defender/AllowArchiveScanning
Defender/AllowBehaviorMonitoring
Defender/AllowCloudProtection
Defender/AllowEmailScanning
Defender/AllowFullScanOnMappedNetworkDrives
Defender/AllowFullScanRemovableDriveScanning
Defender/AllowIOAVProtection
Defender/AllowIntrusionPreventionSystem
Defender/AllowOnAccessProtection
Defender/AllowRealtimeMonitoring
Defender/AllowScanningNetworkFiles
Defender/AllowScriptScanning
Defender/AllowUserUIAccess
Defender/AttackSurfaceReductionOnlyExclusions
Defender/AttackSurfaceReductionRules
Defender/AvgCPULoadFactor
Defender/CloudBlockLevel
Defender/CloudExtendedTimeout
Defender/DaysToRetainCleanedMalware
Defender/EnableGuardMyFolders
Defender/EnableNetworkProtection
Defender/ExcludedExtensions
Defender/ExcludedPaths
Defender/ExcludedProcesses
Defender/GuardedFoldersAllowedApplications
Defender/GuardedFoldersList
Defender/PUAProtection
Defender/RealTimeScanDirection
Defender/ScanParameter
Defender/ScheduleQuickScanTime
Defender/ScheduleScanDay
Defender/ScheduleScanTime
Defender/SignatureUpdateInterval
Defender/SubmitSamplesConsent
Defender/ThreatSeverityDefaultAction

DeliveryOptimization policies

DeliveryOptimization/DOAbsoluteMaxCacheSize
DeliveryOptimization/DOAllowVPNPeerCaching
DeliveryOptimization/DODownloadMode
DeliveryOptimization/DOGroupId
DeliveryOptimization/DOMaxCacheAge
DeliveryOptimization/DOMaxCacheSize
DeliveryOptimization/DOMaxDownloadBandwidth
DeliveryOptimization/DOMaxUploadBandwidth
DeliveryOptimization/DOMinBackgroundQos
DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload
DeliveryOptimization/DOMinDiskSizeAllowedToPeer
DeliveryOptimization/DOMinFileSizeToCache
DeliveryOptimization/DOMinRAMAllowedToPeer
DeliveryOptimization/DOModifyCacheDrive
DeliveryOptimization/DOMonthlyUploadDataCap
DeliveryOptimization/DOPercentageMaxDownloadBandwidth

Desktop policies

Desktop/PreventUserRedirectionOfProfileFolders

DeviceGuard policies

DeviceGuard/EnableVirtualizationBasedSecurity
DeviceGuard/LsaCfgFlags
DeviceGuard/RequirePlatformSecurityFeatures

DeviceInstallation policies

DeviceInstallation/PreventInstallationOfMatchingDeviceIDs
DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses

DeviceLock policies

DeviceLock/AllowIdleReturnWithoutPassword
DeviceLock/AllowScreenTimeoutWhileLockedUserConfig
DeviceLock/AllowSimpleDevicePassword
DeviceLock/AlphanumericDevicePasswordRequired
DeviceLock/DevicePasswordEnabled
DeviceLock/DevicePasswordExpiration
DeviceLock/DevicePasswordHistory
DeviceLock/EnforceLockScreenAndLogonImage
DeviceLock/EnforceLockScreenProvider
DeviceLock/MaxDevicePasswordFailedAttempts
DeviceLock/MaxInactivityTimeDeviceLock
DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay
DeviceLock/MinDevicePasswordComplexCharacters
DeviceLock/MinDevicePasswordLength
DeviceLock/PreventLockScreenSlideShow
DeviceLock/ScreenTimeoutWhileLocked

Display policies

Display/TurnOffGdiDPIScalingForApps
Display/TurnOnGdiDPIScalingForApps

Education policies

Education/DefaultPrinterName
Education/PreventAddingNewPrinters
Education/PrinterNames

EnterpriseCloudPrint policies

EnterpriseCloudPrint/CloudPrintOAuthAuthority
EnterpriseCloudPrint/CloudPrintOAuthClientId
EnterpriseCloudPrint/CloudPrintResourceId
EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint
EnterpriseCloudPrint/DiscoveryMaxPrinterLimit
EnterpriseCloudPrint/MopriaDiscoveryResourceId

ErrorReporting policies

ErrorReporting/CustomizeConsentSettings
ErrorReporting/DisableWindowsErrorReporting
ErrorReporting/DisplayErrorNotification
ErrorReporting/DoNotSendAdditionalData
ErrorReporting/PreventCriticalErrorDisplay

EventLogService policies

EventLogService/ControlEventLogBehavior
EventLogService/SpecifyMaximumFileSizeApplicationLog
EventLogService/SpecifyMaximumFileSizeSecurityLog
EventLogService/SpecifyMaximumFileSizeSystemLog

Experience policies

Experience/AllowCopyPaste
Experience/AllowCortana
Experience/AllowDeviceDiscovery
Experience/AllowFindMyDevice
Experience/AllowManualMDMUnenrollment
Experience/AllowSIMErrorDialogPromptWhenNoSIM
Experience/AllowScreenCapture
Experience/AllowSyncMySettings
Experience/AllowTailoredExperiencesWithDiagnosticData
Experience/AllowTaskSwitcher
Experience/AllowThirdPartySuggestionsInWindowsSpotlight
Experience/AllowVoiceRecording
Experience/AllowWindowsConsumerFeatures
Experience/AllowWindowsSpotlight
Experience/AllowWindowsSpotlightOnActionCenter
Experience/AllowWindowsSpotlightWindowsWelcomeExperience
Experience/AllowWindowsTips
Experience/ConfigureWindowsSpotlightOnLockScreen
Experience/DoNotShowFeedbackNotifications

ExploitGuard policies

ExploitGuard/ExploitProtectionSettings

Games policies

Games/AllowAdvancedGamingServices

InternetExplorer policies

InternetExplorer/AddSearchProvider
InternetExplorer/AllowActiveXFiltering
InternetExplorer/AllowAddOnList
InternetExplorer/AllowAutoComplete
InternetExplorer/AllowCertificateAddressMismatchWarning
InternetExplorer/AllowDeletingBrowsingHistoryOnExit
InternetExplorer/AllowEnhancedProtectedMode
InternetExplorer/AllowEnterpriseModeFromToolsMenu
InternetExplorer/AllowEnterpriseModeSiteList
InternetExplorer/AllowFallbackToSSL3
InternetExplorer/AllowInternetExplorer7PolicyList
InternetExplorer/AllowInternetExplorerStandardsMode
InternetExplorer/AllowInternetZoneTemplate
InternetExplorer/AllowIntranetZoneTemplate
InternetExplorer/AllowLocalMachineZoneTemplate
InternetExplorer/AllowLockedDownInternetZoneTemplate
InternetExplorer/AllowLockedDownIntranetZoneTemplate
InternetExplorer/AllowLockedDownLocalMachineZoneTemplate
InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate
InternetExplorer/AllowOneWordEntry
InternetExplorer/AllowSiteToZoneAssignmentList
InternetExplorer/AllowSoftwareWhenSignatureIsInvalid
InternetExplorer/AllowSuggestedSites
InternetExplorer/AllowTrustedSitesZoneTemplate
InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate
InternetExplorer/AllowsRestrictedSitesZoneTemplate
InternetExplorer/CheckServerCertificateRevocation
InternetExplorer/CheckSignaturesOnDownloadedPrograms
InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses
InternetExplorer/DisableAdobeFlash
InternetExplorer/DisableBlockingOfOutdatedActiveXControls
InternetExplorer/DisableBypassOfSmartScreenWarnings
InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles
InternetExplorer/DisableConfiguringHistory
InternetExplorer/DisableCrashDetection
InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation
InternetExplorer/DisableDeletingUserVisitedWebsites
InternetExplorer/DisableEnclosureDownloading
InternetExplorer/DisableEncryptionSupport
InternetExplorer/DisableFirstRunWizard
InternetExplorer/DisableFlipAheadFeature
InternetExplorer/DisableHomePageChange
InternetExplorer/DisableIgnoringCertificateErrors
InternetExplorer/DisableInPrivateBrowsing
InternetExplorer/DisableProcessesInEnhancedProtectedMode
InternetExplorer/DisableProxyChange
InternetExplorer/DisableSearchProviderChange
InternetExplorer/DisableSecondaryHomePageChange
InternetExplorer/DisableSecuritySettingsCheck
InternetExplorer/DisableUpdateCheck
InternetExplorer/DoNotAllowActiveXControlsInProtectedMode
InternetExplorer/DoNotAllowUsersToAddSites
InternetExplorer/DoNotAllowUsersToChangePolicies
InternetExplorer/DoNotBlockOutdatedActiveXControls
InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains
InternetExplorer/IncludeAllLocalSites
InternetExplorer/IncludeAllNetworkPaths
InternetExplorer/InternetZoneAllowAccessToDataSources
InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/InternetZoneAllowCopyPasteViaScript
InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles
InternetExplorer/InternetZoneAllowFontDownloads
InternetExplorer/InternetZoneAllowLessPrivilegedSites
InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles
InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents
InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls
InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
InternetExplorer/InternetZoneAllowScriptInitiatedWindows
InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls
InternetExplorer/InternetZoneAllowScriptlets
InternetExplorer/InternetZoneAllowSmartScreenIE
InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript
InternetExplorer/InternetZoneAllowUserDataPersistence
InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls
InternetExplorer/InternetZoneDownloadSignedActiveXControls
InternetExplorer/InternetZoneDownloadUnsignedActiveXControls
InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter
InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
InternetExplorer/InternetZoneEnableMIMESniffing
InternetExplorer/InternetZoneEnableProtectedMode
InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer
InternetExplorer/InternetZoneInitializeAndScriptActiveXControls
InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
InternetExplorer/InternetZoneJavaPermissions
InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME
InternetExplorer/InternetZoneLogonOptions
InternetExplorer/InternetZoneNavigateWindowsAndFrames
InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode
InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles
InternetExplorer/InternetZoneUsePopupBlocker
InternetExplorer/InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone
InternetExplorer/IntranetZoneAllowAccessToDataSources
InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/IntranetZoneAllowFontDownloads
InternetExplorer/IntranetZoneAllowLessPrivilegedSites
InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents
InternetExplorer/IntranetZoneAllowScriptlets
InternetExplorer/IntranetZoneAllowSmartScreenIE
InternetExplorer/IntranetZoneAllowUserDataPersistence
InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls
InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls
InternetExplorer/IntranetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
InternetExplorer/IntranetZoneJavaPermissions
InternetExplorer/IntranetZoneNavigateWindowsAndFrames
InternetExplorer/LocalMachineZoneAllowAccessToDataSources
InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/LocalMachineZoneAllowFontDownloads
InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites
InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents
InternetExplorer/LocalMachineZoneAllowScriptlets
InternetExplorer/LocalMachineZoneAllowSmartScreenIE
InternetExplorer/LocalMachineZoneAllowUserDataPersistence
InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls
InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls
InternetExplorer/LocalMachineZoneJavaPermissions
InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames
InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources
InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/LockedDownInternetZoneAllowFontDownloads
InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites
InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents
InternetExplorer/LockedDownInternetZoneAllowScriptlets
InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE
InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence
InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls
InternetExplorer/LockedDownInternetZoneJavaPermissions
InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames
InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources
InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/LockedDownIntranetZoneAllowFontDownloads
InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites
InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents
InternetExplorer/LockedDownIntranetZoneAllowScriptlets
InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE
InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence
InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls
InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames
InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources
InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads
InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites
InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents
InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets
InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE
InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence
InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls
InternetExplorer/LockedDownLocalMachineZoneJavaPermissions
InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames
InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources
InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads
InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites
InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents
InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets
InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE
InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence
InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls
InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions
InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames
InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources
InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads
InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites
InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents
InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets
InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE
InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence
InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls
InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions
InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames
InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses
InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses
InternetExplorer/NotificationBarInternetExplorerProcesses
InternetExplorer/PreventManagingSmartScreenFilter
InternetExplorer/PreventPerUserInstallationOfActiveXControls
InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses
InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls
InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses
InternetExplorer/RestrictFileDownloadInternetExplorerProcesses
InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources
InternetExplorer/RestrictedSitesZoneAllowActiveScripting
InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors
InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript
InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles
InternetExplorer/RestrictedSitesZoneAllowFileDownloads
InternetExplorer/RestrictedSitesZoneAllowFontDownloads
InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites
InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles
InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH
InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents
InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls
InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows
InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls
InternetExplorer/RestrictedSitesZoneAllowScriptlets
InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE
InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript
InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence
InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls
InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls
InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter
InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
InternetExplorer/RestrictedSitesZoneEnableMIMESniffing
InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer
InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls
InternetExplorer/RestrictedSitesZoneJavaPermissions
InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME
InternetExplorer/RestrictedSitesZoneLogonOptions
InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames
InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains
InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins
InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting
InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets
InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles
InternetExplorer/RestrictedSitesZoneTurnOnCrossSiteScriptingFilter
InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode
InternetExplorer/RestrictedSitesZoneUsePopupBlocker
InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses
InternetExplorer/SearchProviderList
InternetExplorer/SecurityZonesUseOnlyMachineSettings
InternetExplorer/SpecifyUseOfActiveXInstallerService
InternetExplorer/TrustedSitesZoneAllowAccessToDataSources
InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer/TrustedSitesZoneAllowFontDownloads
InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites
InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents
InternetExplorer/TrustedSitesZoneAllowScriptlets
InternetExplorer/TrustedSitesZoneAllowSmartScreenIE
InternetExplorer/TrustedSitesZoneAllowUserDataPersistence
InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
InternetExplorer/TrustedSitesZoneDontRunAntimalwareProgramsAgainstActiveXControls
InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls
InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedAsSafe
InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedSafe
InternetExplorer/TrustedSitesZoneJavaPermissions
InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames

Kerberos policies

Kerberos/AllowForestSearchOrder
Kerberos/KerberosClientSupportsClaimsCompoundArmor
Kerberos/RequireKerberosArmoring
Kerberos/RequireStrictKDCValidation
Kerberos/SetMaximumContextTokenSize

Licensing policies

Licensing/AllowWindowsEntitlementReactivation
Licensing/DisallowKMSClientOnlineAVSValidation

LocalPoliciesSecurityOptions policies

LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus
LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus
LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn
LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn
LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL
LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon
LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations

Location policies

Location/EnableLocation

LockDown policies

LockDown/AllowEdgeSwipe

Maps policies

Maps/AllowOfflineMapsDownloadOverMeteredConnection
Maps/EnableOfflineMapsAutoUpdate

Messaging policies

Messaging/AllowMMS
Messaging/AllowMessageSync
Messaging/AllowRCS

NetworkIsolation policies

NetworkIsolation/EnterpriseCloudResources
NetworkIsolation/EnterpriseIPRange
NetworkIsolation/EnterpriseIPRangesAreAuthoritative
NetworkIsolation/EnterpriseInternalProxyServers
NetworkIsolation/EnterpriseNetworkDomainNames
NetworkIsolation/EnterpriseProxyServers
NetworkIsolation/EnterpriseProxyServersAreAuthoritative
NetworkIsolation/NeutralResources

Notifications policies

Notifications/DisallowNotificationMirroring

Power policies

Power/AllowStandbyWhenSleepingPluggedIn
Power/DisplayOffTimeoutOnBattery
Power/DisplayOffTimeoutPluggedIn
Power/HibernateTimeoutOnBattery
Power/HibernateTimeoutPluggedIn
Power/RequirePasswordWhenComputerWakesOnBattery
Power/RequirePasswordWhenComputerWakesPluggedIn
Power/StandbyTimeoutOnBattery
Power/StandbyTimeoutPluggedIn

Printers policies

Printers/PointAndPrintRestrictions
Printers/PointAndPrintRestrictions_User
Printers/PublishPrinters

Privacy policies

Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
Privacy/AllowInputPersonalization
Privacy/DisableAdvertisingId
Privacy/LetAppsAccessAccountInfo
Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps
Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps
Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps
Privacy/LetAppsAccessCalendar
Privacy/LetAppsAccessCalendar_ForceAllowTheseApps
Privacy/LetAppsAccessCalendar_ForceDenyTheseApps
Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps
Privacy/LetAppsAccessCallHistory
Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps
Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps
Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps
Privacy/LetAppsAccessCamera
Privacy/LetAppsAccessCamera_ForceAllowTheseApps
Privacy/LetAppsAccessCamera_ForceDenyTheseApps
Privacy/LetAppsAccessCamera_UserInControlOfTheseApps
Privacy/LetAppsAccessContacts
Privacy/LetAppsAccessContacts_ForceAllowTheseApps
Privacy/LetAppsAccessContacts_ForceDenyTheseApps
Privacy/LetAppsAccessContacts_UserInControlOfTheseApps
Privacy/LetAppsAccessEmail
Privacy/LetAppsAccessEmail_ForceAllowTheseApps
Privacy/LetAppsAccessEmail_ForceDenyTheseApps
Privacy/LetAppsAccessEmail_UserInControlOfTheseApps
Privacy/LetAppsAccessLocation
Privacy/LetAppsAccessLocation_ForceAllowTheseApps
Privacy/LetAppsAccessLocation_ForceDenyTheseApps
Privacy/LetAppsAccessLocation_UserInControlOfTheseApps
Privacy/LetAppsAccessMessaging
Privacy/LetAppsAccessMessaging_ForceAllowTheseApps
Privacy/LetAppsAccessMessaging_ForceDenyTheseApps
Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps
Privacy/LetAppsAccessMicrophone
Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps
Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps
Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps
Privacy/LetAppsAccessMotion
Privacy/LetAppsAccessMotion_ForceAllowTheseApps
Privacy/LetAppsAccessMotion_ForceDenyTheseApps
Privacy/LetAppsAccessMotion_UserInControlOfTheseApps
Privacy/LetAppsAccessNotifications
Privacy/LetAppsAccessNotifications_ForceAllowTheseApps
Privacy/LetAppsAccessNotifications_ForceDenyTheseApps
Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps
Privacy/LetAppsAccessPhone
Privacy/LetAppsAccessPhone_ForceAllowTheseApps
Privacy/LetAppsAccessPhone_ForceDenyTheseApps
Privacy/LetAppsAccessPhone_UserInControlOfTheseApps
Privacy/LetAppsAccessRadios
Privacy/LetAppsAccessRadios_ForceAllowTheseApps
Privacy/LetAppsAccessRadios_ForceDenyTheseApps
Privacy/LetAppsAccessRadios_UserInControlOfTheseApps
Privacy/LetAppsAccessTasks
Privacy/LetAppsAccessTasks_ForceAllowTheseApps
Privacy/LetAppsAccessTasks_ForceDenyTheseApps
Privacy/LetAppsAccessTasks_UserInControlOfTheseApps
Privacy/LetAppsAccessTrustedDevices
Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps
Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps
Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps
Privacy/LetAppsGetDiagnosticInfo
Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps
Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps
Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps
Privacy/LetAppsRunInBackground
Privacy/LetAppsRunInBackground_ForceAllowTheseApps
Privacy/LetAppsRunInBackground_ForceDenyTheseApps
Privacy/LetAppsRunInBackground_UserInControlOfTheseApps
Privacy/LetAppsSyncWithDevices
Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps
Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps
Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps

RemoteAssistance policies

RemoteAssistance/CustomizeWarningMessages
RemoteAssistance/SessionLogging
RemoteAssistance/SolicitedRemoteAssistance
RemoteAssistance/UnsolicitedRemoteAssistance

RemoteDesktopServices policies

RemoteDesktopServices/AllowUsersToConnectRemotely
RemoteDesktopServices/ClientConnectionEncryptionLevel
RemoteDesktopServices/DoNotAllowDriveRedirection
RemoteDesktopServices/DoNotAllowPasswordSaving
RemoteDesktopServices/PromptForPasswordUponConnection
RemoteDesktopServices/RequireSecureRPCCommunication

RemoteManagement policies

RemoteManagement/AllowBasicAuthentication_Client
RemoteManagement/AllowBasicAuthentication_Service
RemoteManagement/AllowCredSSPAuthenticationClient
RemoteManagement/AllowCredSSPAuthenticationService
RemoteManagement/AllowRemoteServerManagement
RemoteManagement/AllowUnencryptedTraffic_Client
RemoteManagement/AllowUnencryptedTraffic_Service
RemoteManagement/DisallowDigestAuthentication
RemoteManagement/DisallowNegotiateAuthenticationClient
RemoteManagement/DisallowNegotiateAuthenticationService
RemoteManagement/DisallowStoringOfRunAsCredentials
RemoteManagement/SpecifyChannelBindingTokenHardeningLevel
RemoteManagement/TrustedHosts
RemoteManagement/TurnOnCompatibilityHTTPListener
RemoteManagement/TurnOnCompatibilityHTTPSListener

RemoteProcedureCall policies

RemoteProcedureCall/RPCEndpointMapperClientAuthentication
RemoteProcedureCall/RestrictUnauthenticatedRPCClients

RemoteShell policies

RemoteShell/AllowRemoteShellAccess
RemoteShell/MaxConcurrentUsers
RemoteShell/SpecifyIdleTimeout
RemoteShell/SpecifyMaxMemory
RemoteShell/SpecifyMaxProcesses
RemoteShell/SpecifyMaxRemoteShells
RemoteShell/SpecifyShellTimeout

Search policies

Search/AllowIndexingEncryptedStoresOrItems
Search/AllowSearchToUseLocation
Search/AllowUsingDiacritics
Search/AlwaysUseAutoLangDetection
Search/DisableBackoff
Search/DisableRemovableDriveIndexing
Search/PreventIndexingLowDiskSpaceMB
Search/PreventRemoteQueries
Search/SafeSearchPermissions

Security policies

Security/AllowAddProvisioningPackage
Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices
Security/AllowManualRootCertificateInstallation
Security/AllowRemoveProvisioningPackage
Security/AntiTheftMode
Security/ClearTPMIfNotReady
Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices
Security/RequireDeviceEncryption
Security/RequireProvisioningPackageSignature
Security/RequireRetrieveHealthCertificateOnBoot

Settings policies

Settings/AllowAutoPlay
Settings/AllowDataSense
Settings/AllowDateTime
Settings/AllowEditDeviceName
Settings/AllowLanguage
Settings/AllowPowerSleep
Settings/AllowRegion
Settings/AllowSignInOptions
Settings/AllowVPN
Settings/AllowWorkplace
Settings/AllowYourAccount
Settings/ConfigureTaskbarCalendar
Settings/PageVisibilityList

SmartScreen policies

SmartScreen/EnableAppInstallControl
SmartScreen/EnableSmartScreenInShell
SmartScreen/PreventOverrideForFilesInShell

Speech policies

Speech/AllowSpeechModelUpdate

Start policies

Start/AllowPinnedFolderDocuments
Start/AllowPinnedFolderDownloads
Start/AllowPinnedFolderFileExplorer
Start/AllowPinnedFolderHomeGroup
Start/AllowPinnedFolderMusic
Start/AllowPinnedFolderNetwork
Start/AllowPinnedFolderPersonalFolder
Start/AllowPinnedFolderPictures
Start/AllowPinnedFolderSettings
Start/AllowPinnedFolderVideos
Start/ForceStartSize
Start/HideAppList
Start/HideChangeAccountSettings
Start/HideFrequentlyUsedApps
Start/HideHibernate
Start/HideLock
Start/HidePowerButton
Start/HideRecentJumplists
Start/HideRecentlyAddedApps
Start/HideRestart
Start/HideShutDown
Start/HideSignOut
Start/HideSleep
Start/HideSwitchAccount
Start/HideUserTile
Start/ImportEdgeAssets
Start/NoPinningToTaskbar
Start/StartLayout

Storage policies

Storage/EnhancedStorageDevices

System policies

System/AllowBuildPreview
System/AllowEmbeddedMode
System/AllowExperimentation
System/AllowFontProviders
System/AllowLocation
System/AllowStorageCard
System/AllowTelemetry
System/AllowUserToResetPhone
System/BootStartDriverInitialization
System/DisableOneDriveFileSync
System/DisableSystemRestore
System/TelemetryProxy

TextInput policies

TextInput/AllowIMELogging
TextInput/AllowIMENetworkAccess
TextInput/AllowInputPanel
TextInput/AllowJapaneseIMESurrogatePairCharacters
TextInput/AllowJapaneseIVSCharacters
TextInput/AllowJapaneseNonPublishingStandardGlyph
TextInput/AllowJapaneseUserDictionary
TextInput/AllowKeyboardTextSuggestions
TextInput/AllowKoreanExtendedHanja
TextInput/AllowLanguageFeaturesUninstall
TextInput/ExcludeJapaneseIMEExceptJIS0208
TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC
TextInput/ExcludeJapaneseIMEExceptShiftJIS

TimeLanguageSettings policies

TimeLanguageSettings/AllowSet24HourClock

Update policies

Update/ActiveHoursEnd
Update/ActiveHoursMaxRange
Update/ActiveHoursStart
Update/AllowAutoUpdate
Update/AllowMUUpdateService
Update/AllowNonMicrosoftSignedUpdate
Update/AllowUpdateService
Update/AutoRestartDeadlinePeriodInDays
Update/AutoRestartNotificationSchedule
Update/AutoRestartRequiredNotificationDismissal
Update/BranchReadinessLevel
Update/DeferFeatureUpdatesPeriodInDays
Update/DeferQualityUpdatesPeriodInDays
Update/DeferUpdatePeriod
Update/DeferUpgradePeriod
Update/DetectionFrequency
Update/EngagedRestartDeadline
Update/EngagedRestartSnoozeSchedule
Update/EngagedRestartTransitionSchedule
Update/ExcludeWUDriversInQualityUpdate
Update/FillEmptyContentUrls
Update/IgnoreMOAppDownloadLimit
Update/IgnoreMOUpdateDownloadLimit
Update/PauseDeferrals
Update/PauseFeatureUpdates
Update/PauseFeatureUpdatesStartTime
Update/PauseQualityUpdates
Update/PauseQualityUpdatesStartTime
Update/RequireDeferUpgrade
Update/RequireUpdateApproval
Update/ScheduleImminentRestartWarning
Update/ScheduleRestartWarning
Update/ScheduledInstallDay
Update/ScheduledInstallEveryWeek
Update/ScheduledInstallFirstWeek
Update/ScheduledInstallFourthWeek
Update/ScheduledInstallSecondWeek
Update/ScheduledInstallThirdWeek
Update/ScheduledInstallTime
Update/SetAutoRestartNotificationDisable
Update/SetEDURestart
Update/UpdateServiceUrl
Update/UpdateServiceUrlAlternate

Wifi policies

WiFi/AllowWiFiHotSpotReporting
Wifi/AllowAutoConnectToWiFiSenseHotspots
Wifi/AllowInternetSharing
Wifi/AllowManualWiFiConfiguration
Wifi/AllowWiFi
Wifi/AllowWiFiDirect
Wifi/WLANScanMode

WindowsDefenderSecurityCenter policies

WindowsDefenderSecurityCenter/CompanyName
WindowsDefenderSecurityCenter/DisableAppBrowserUI
WindowsDefenderSecurityCenter/DisableEnhancedNotifications
WindowsDefenderSecurityCenter/DisableFamilyUI
WindowsDefenderSecurityCenter/DisableHealthUI
WindowsDefenderSecurityCenter/DisableNetworkUI
WindowsDefenderSecurityCenter/DisableNotifications
WindowsDefenderSecurityCenter/DisableVirusUI
WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride
WindowsDefenderSecurityCenter/Email
WindowsDefenderSecurityCenter/EnableCustomizedToasts
WindowsDefenderSecurityCenter/EnableInAppCustomization
WindowsDefenderSecurityCenter/Phone
WindowsDefenderSecurityCenter/URL

WindowsInkWorkspace policies

WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace
WindowsInkWorkspace/AllowWindowsInkWorkspace

WindowsLogon policies

WindowsLogon/DisableLockScreenAppNotifications
WindowsLogon/DontDisplayNetworkSelectionUI
WindowsLogon/HideFastUserSwitching

WirelessDisplay policies

WirelessDisplay/AllowProjectionFromPC
WirelessDisplay/AllowProjectionFromPCOverInfrastructure
WirelessDisplay/AllowProjectionToPC
WirelessDisplay/AllowProjectionToPCOverInfrastructure
WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver
WirelessDisplay/RequirePinForPairing

ADMX-backed policies

Policies supported by IoT Core

Policies supported by Windows Holographic for Business

Policies supported by Microsoft Surface Hub

Policies that can be set using Exchange Active Sync (EAS)

Examples

Set the minimum password length to 4 characters.

<SyncML xmlns="SYNCML:SYNCML1.2">
    <SyncBody>
        <Replace>
            <CmdID>$CmdID$</CmdID>
            <Item>
                <Target>
                    <LocURI>./Vendor/MSFT/Policy/Config/DeviceLock/MinDevicePasswordLength</LocURI>
                </Target>
                <Meta>
                    <Format xmlns="syncml:metinf">int</Format>
                </Meta>
                <Data>4</Data>
            </Item>
        </Replace>
        <Final/>
    </SyncBody>
</SyncML>

Do not allow NFC.

<SyncML xmlns="SYNCML:SYNCML1.2">
    <SyncBody>
        <Replace>
            <CmdID>$CmdID$</CmdID>
            <Item>
                <Target>
                    <LocURI>./Vendor/MSFT/Policy/Config/Connectivity/AllowNFC</LocURI>
                </Target>
                <Meta>
                    <Format xmlns="syncml:metinf">int</Format>
                </Meta>
                <Data>0</Data>
            </Item>
        </Replace>
        <Final/>
    </SyncBody>
</SyncML>

Related topics

Configuration service provider reference