mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-11 04:47:23 +00:00

MandiOhlinger 2d89d62a21 deleting all files in mobile-devices folder, created redirects

2021-10-26 20:59:14 -04:00

58 KiB

Raw Blame History

title, description, ms.assetid, ms.reviewer, manager, ms.author, ms.topic, ms.prod, ms.technology, author, ms.date

title	description	ms.assetid	ms.reviewer	manager	ms.author	ms.topic	ms.prod	ms.technology	author	ms.date
EnterpriseAssignedAccess CSP	Use the EnterpriseAssignedAccess configuration service provider (CSP) to configure custom layouts on a device.	5F88E567-77AA-4822-A0BC-3B31100639AA		dansimp	dansimp	article	w10	windows	manikadhiman	07/12/2017

EnterpriseAssignedAccess CSP

The EnterpriseAssignedAccess configuration service provider allows IT administrators to configure settings, such as language and themes, lock down a device, and configure custom layouts on a device. For example, the administrator can lock down a device so that only applications specified in an Allow list are available. Apps not on the Allow list remain installed on the device, but are hidden from view and blocked from launching.

Note

The EnterpriseAssignedAccess CSP is only supported in Windows 10 Mobile.

For more information about how to interact with the lockdown XML at runtime, see DeviceLockdownProfile class.

The following shows the EnterpriseAssignedAccess configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.

./Vendor/MSFT
EnterpriseAssignedAccess
----AssignedAccess
--------AssignedAccessXml
----LockScreenWallpaper
--------BGFileName
----Theme
--------ThemeBackground
--------ThemeAccentColorID
--------ThemeAccentColorValue
----Clock
--------TimeZone
----Locale
--------Language

The following list shows the characteristics and parameters.

./Vendor/MSFT/EnterpriseAssignedAccess/ The root node for the EnterpriseAssignedAccess configuration service provider. Supported operations are Add, Delete, Get and Replace.

AssignedAccess/ The parent node of assigned access XML.

AssignedAccess/AssignedAccessXml The XML code that controls the assigned access settings that will be applied to the device.

Supported operations are Add, Delete, Get and Replace.

The Apps and Settings sections of lockdown XML constitute an Allow list. Any app or setting that is not specified in AssignedAccessXML will not be available on the device to users. The following table describes the entries in lockdown XML.

Important

When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as < instead of < because it is embedded in an XML. The examples provided in the topic are formatted for readability.

When using the AssignedAccessXml in a provisioning package using the Windows Configuration Designer tool, do not use escaped characters.

Entry	Description
ActionCenter	You can enable or disable the Action Center (formerly known as Notification Center) on the device. Set to true to enable the Action Center, or set to false to disable the Action Center.
ActionCenter	Example: `<ActionCenter enabled="true"></ActionCenter>`
ActionCenter	In Windows 10, when the Action Center is disabled, Above Lock notifications and toasts are also disabled. When the Action Center is enabled, the following policies are also enabled; AboveLock/AllowActionCenterNotifications and AboveLock/AllowToasts. For more information about these policies, see Policy CSP
ActionCenter	You can also add the following optional attributes to the ActionCenter element to override the default behavior: aboveLockToastEnabled and actionCenterNotificationEnabled. Valid values are 0 (policy disabled), 1 (policy enabled), and -1 (not set, policy enabled). In this example, the Action Center is enabled and both policies are disabled.: `<ActionCenter enabled="true" aboveLockToastEnabled="0" actionCenterNotificationEnabled="0"/>`
ActionCenter	These optional attributes are independent of each other. In this example, Action Center is enabled, the notifications policy is disabled, and the toast policy is enabled by default because it is not set. `<ActionCenter enabled="true" actionCenterNotificationEnabled="0"/>`
StartScreenSize	Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions. Valid values: Small - sets the width to 4 columns on device with short axis <400epx or 6 columns on devices with short axis >=400epx. Large - sets the width to 6 columns on devices with short axis <400epx or 8 columns on devices with short axis >=400epx.
StartScreenSize	If you have existing lockdown XML, you must update it if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. Example: `<StartScreenSize>Large</StartScreenSize>`
Application	Provide the product ID for each app that will be available on the device. You can find the product ID for a locally developed app in the AppManifest.xml file of the app.
Application	To turn on the notification for a Windows app, you must include the application's AUMID in the lockdown XML. However, the user can change the setting at any time from user interface. Example: `<Application productId="{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}" aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail"/>`
Application
Application	Include PinToStart to display an app on the Start screen. For apps pinned to the Start screen, identify a tile size (small, medium, or large), and a location. The size of a small tile is 1 column x 1 row, a medium tile is 2 x 2, and a large tile is 4 x 2. For the tile location, the first value indicates the column and the second value indicates the row. A value of 0 (zero) indicates the first column, a value of 1 indicates the second column, and so on. Include autoRun as an attribute to configure the application to run automatically.

Application example:

<Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}" autoRun="true">
   <PinToStart>
      <Size>Large</Size>
      <Location>
         <LocationX>0</LocationX>
         <LocationY>2</LocationY>
      </Location>
   </PinToStart>
</Application>

Entry	Description
Application	Multiple App Packages enable multiple apps to exist inside the same package. Since ProductIds identify packages and not applications, specifying a ProductId is not enough to distinguish between individual apps inside a multiple app package. Trying to include application from a multiple app package with just a ProductId can result in unexpected behavior. To support pinning applications in multiple app packages, use an AUMID parameter in lockdown XML. The following example shows how to pin both Outlook mail and Outlook calendar.

Entry

Description

Application

Multiple App Packages enable multiple apps to exist inside the same package. Since ProductIds identify packages and not applications, specifying a ProductId is not enough to distinguish between individual apps inside a multiple app package. Trying to include application from a multiple app package with just a ProductId can result in unexpected behavior. To support pinning applications in multiple app packages, use an AUMID parameter in lockdown XML. The following example shows how to pin both Outlook mail and Outlook calendar.

Application example:

<Apps>
    <!-- Outlook Calendar -->
    <Application productId="{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}"
aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.calendar">
        <PinToStart>
            <Size>Large</Size>
            <Location>
                <LocationX>1</LocationX>
                <LocationY>4</LocationY>
            </Location>
        </PinToStart>
    </Application>
    <!-- Outlook Mail-->
    <Application productId="{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}"
aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail">
        <PinToStart>
            <Size>Large</Size>
            <Location>
                <LocationX>1</LocationX>
                <LocationY>6</LocationY>
            </Location>
        </PinToStart>
    </Application>
</Apps>

Entry	Description
Folder	A folder should be contained in `<Applications/>` node among with other `<Application/>` nodes, it shares most grammar with the Application Node, folderId is mandatory, folderName is optional, which is the folder name displayed on Start. folderId is a unique unsigned integer for each folder.

Folder example:

<Application folderId="4" folderName="foldername">
    <PinToStart>
        <Size>Large</Size>
        <Location>
            <LocationX>0</LocationX>
            <LocationY>2</LocationY>
        </Location>
    </PinToStart>
</Application>

An application that belongs in the folder would add an optional attribute ParentFolderId, which maps to folderId of the folder. In this case, the location of this application will be located inside the folder.

<Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}">
    <PinToStart>
        <Size>Medium</Size>
        <Location>
            <LocationX>0</LocationX>
            <LocationY>0</LocationY>
        </Location>
        <ParentFolderId>2</ParentFolderId>
    </PinToStart>
</Application>

Entry	Description
Settings	Starting in Windows 10, version 1511, you can specify the following settings pages in the lockdown XML file. For Windows 10, version 1703, see the instructions below for the new way to specify the settings pages.

System (main menu) - SettingsPageGroupPCSystem
- Display - SettingsPageDisplay
- Notifications & actions - SettingsPageAppsNotifications
- Phone - SettingsPageCalls
- Messaging - SettingsPageMessaging
- Battery saver - SettingsPageBatterySaver
- Storage - SettingsPageStorageSenseStorageOverview
- Driving mode - SettingsPageDrivingMode
- Offline maps - SettingsPageMaps
- About - SettingsPagePCSystemInfo
- Apps for websites - SettingsPageAppsForWebsites
Devices (main menu) - SettingsPageGroupDevices
- Default camera - SettingsPagePhotos
- Bluetooth - SettingsPagePCSystemBluetooth
- NFC - SettingsPagePhoneNFC
- Mouse - SettingsPageMouseTouchpad
- USB - SettingsPageUsb
Network and wireless (main menu) - SettingsPageGroupNetwork
- Cellular and SIM - SettingsPageNetworkCellular
- Wi-Fi - SettingsPageNetworkWiFi
- Airplane mode - SettingsPageNetworkAirplaneMode
- Data usage - SettingsPageDataSenseOverview
- Mobile hotspot - SettingsPageNetworkMobileHotspot
- VPN - SettingsPageNetworkVPN
Personalization (main menu) - SettingsPageGroupPersonalization
- Start - SettingsPageBackGround
- Colors - SettingsPageColors
- Sounds - SettingsPageSounds
- Lock screen - SettingsPageLockscreen
- Glance - SettingsPageGlance
- Navigation bar - SettingsNavigationBar
Accounts (main menu) - SettingsPageGroupAccounts
- Your account - SettingsPageAccountsPicture
- Sign-in options - SettingsPageAccountsSignInOptions
- Work access - SettingsPageWorkAccess
- Sync your settings - SettingsPageAccountsSync
- Apps corner* - SettingsPageAppsCorner
- Email - SettingsPageAccountsEmailApp
Time and language (main menu) - SettingsPageGroupTimeRegion
- Date and time - SettingsPageTimeRegionDateTime
- Language - SettingsPageTimeLanguage
- Region - SettingsPageRegion
- Keyboard - SettingsPageKeyboard
- Speech - SettingsPageSpeech
Ease of access (main menu) - SettingsPageGroupEaseOfAccess
- Narrator - SettingsPageEaseOfAccessNarrator
- Magnifier - SettingsPageEaseOfAccessMagnifier
- High contrast - SettingsPageEaseOfAccessHighContrast
- Closed captions - SettingsPageEaseOfAccessClosedCaptioning
- More options - SettingsPageEaseOfAccessMoreOptions
Privacy (main menu) - SettingsPageGroupPrivacy
- Location - SettingsPagePrivacyLocation
- Camera - SettingsPagePrivacyWebcam
- Microphone - SettingsPagePrivacyMicrophone
- Motion - SettingsPagePrivacyMotionData
- Speech inking and typing - SettingsPagePrivacyPersonalization
- Account info - SettingsPagePrivacyAccountInfo
- Contacts - SettingsPagePrivacyContacts
- Calendar - SettingsPagePrivacyCalendar
- Messaging - SettingsPagePrivacyMessaging
- Radios - SettingsPagePrivacyRadios
- Background apps - SettingsPagePrivacyBackgroundApps
- Accessory apps - SettingsPageAccessories
- Advertising ID - SettingsPagePrivacyAdvertisingId
- Other devices - SettingsPagePrivacyCustomPeripherals
- Feedback & diagnostics - SettingsPagePrivacySIUFSettings
- Call history - SettingsPagePrivacyCallHistory
- Email - SettingsPagePrivacyEmail
- Phone call - SettingsPagePrivacyPhoneCall
- Notifications - SettingsPagePrivacyNotifications
- CDP - SettingsPagePrivacyCDP
Update and Security (main menu) - SettingsPageGroupRestore
- Phone update - SettingsPageRestoreMusUpdate
- Backup - SettingsPageRestoreOneBackup
- Find my phone - SettingsPageFindMyDevice
- For developers - SettingsPageSystemDeveloperOptions
- Windows Insider Program - SettingsPageFlights
- Device encryption - SettingsPageGroupPCSystemDeviceEncryption
OEM (main menu) - SettingsPageGroupExtensibility
- Extensibility - SettingsPageExtensibility

Entry	Description
Settings	Starting in Windows 10, version 1703, you can specify the settings pages using the settings URI.

For example, in place of SettingPageDisplay, you would use ms-settings:display. See ms-settings: URI scheme reference to find the URI for each settings page.

Here is an example for Windows 10, version 1703.

<Settings>
  <System name="ms-settings:display"/>
  <System name="ms-settings:appsforwebsites"/>
  <System name="ms-settings:about"/>
  <System name="ms-settings:camera"/>
  <System name="ms-settings:nfctransactions"/>
  <System name="ms-settings:mousetouchpad"/>
  <System name="ms-settings:usb"/>
</Settings>

Quick action settings

Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page).

Note

Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. In Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page.

SystemSettings_System_Display_QuickAction_Brightness

Dependencies - SettingsPageSystemDisplay, SettingsPageDisplay
SystemSettings_System_Display_Internal_Rotation

Dependencies - SettingsPageSystemDisplay, SettingsPageDisplay
SystemSettings_QuickAction_WiFi

Dependencies - SettingsPageGroupNetwork, SettingsPageNetworkWiFi
SystemSettings_QuickAction_InternetSharing

Dependencies - SettingsPageGroupNetwork, SettingsPageInternetSharing
SystemSettings_QuickAction_CellularData

Dependencies - SettingsPageGroupNetwork, SettingsPageNetworkCellular
SystemSettings_QuickAction_AirplaneMode

Dependencies - SettingsPageGroupNetwork, SettingsPageNetworkAirplaneMode
SystemSettings_Privacy_LocationEnabledUserPhone

Dependencies - SettingsGroupPrivacyLocationGlobals, SettingsPagePrivacyLocation
SystemSettings_Network_VPN_QuickAction

Dependencies - SettingsPageGroupNetwork, SettingsPageNetworkVPN
SystemSettings_Launcher_QuickNote

Dependencies - none
SystemSettings_Flashlight_Toggle

Dependencies - none
SystemSettings_Device_BluetoothQuickAction

Dependencies - SettingsPageGroupDevices, SettingsPagePCSystemBluetooth
SystemSettings_BatterySaver_LandingPage_OverrideControl

Dependencies - BatterySaver_LandingPage_SettingsConfiguration, SettingsPageBatterySaver
QuickActions_Launcher_DeviceDiscovery

Dependencies - none
QuickActions_Launcher_AllSettings

Dependencies - none
SystemSettings_QuickAction_QuietHours

Dependencies - none
SystemSettings_QuickAction_Camera

Dependencies - none

Starting in Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page. Here is the list:

QuickActions_Launcher_AllSettings
QuickActions_Launcher_DeviceDiscovery
SystemSettings_BatterySaver_LandingPage_OverrideControl
SystemSettings_Device_BluetoothQuickAction
SystemSettings_Flashlight_Toggle
SystemSettings_Launcher_QuickNote
SystemSettings_Network_VPN_QuickAction
SystemSettings_Privacy_LocationEnabledUserPhone
SystemSettings_QuickAction_AirplaneMode
SystemSettings_QuickAction_Camera
SystemSettings_QuickAction_CellularData
SystemSettings_QuickAction_InternetSharing
SystemSettings_QuickAction_QuietHours
SystemSettings_QuickAction_WiFi
SystemSettings_System_Display_Internal_Rotation
SystemSettings_System_Display_QuickAction_Brightness

In this example, all settings pages and quick action settings are allowed. An empty <Settings> node indicates that none of the settings are blocked.

<Settings>
</Settings>

In this example for Windows 10, version 1511, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names.

<Settings>
  <System name="SettingsPageGroupPCSystem" />
  <System name="SettingsPageDisplay" />
  <System name="SettingsPageAppsNotifications" />
  <System name="SettingsPageCalls" />
  <System name="SettingsPageMessaging" />
  <System name="SettingsPageBatterySaver" />
  <System name="SettingsPageStorageSenseStorageOverview" />
  <System name="SettingsPageGroupPCSystemDeviceEncryption" />
  <System name="SettingsPageDrivingMode" />
  <System name="SettingsPagePCSystemInfo" />
 </Settings>

Here is an example for Windows 10, version 1703.

<Settings>
  <System name="ms-settings:display"/>
  <System name="ms-settings:appsforwebsites"/>
  <System name="ms-settings:about"/>
  <System name="ms-settings:camera"/>
  <System name="ms-settings:nfctransactions"/>
  <System name="ms-settings:mousetouchpad"/>
  <System name="ms-settings:usb"/>
</Settings>

Entry	Description
Buttons	The following list identifies the hardware buttons on the device that you can lock down in ButtonLockdownList. When a user taps a button that is in the lockdown list, nothing will happen.

Start
Back
Search
Camera
Custom1
Custom2
Custom3

Note

Lock down of the Start button only prevents the press and hold event.

Custom buttons are hardware buttons that can be added to devices by OEMs.

Buttons example:

<Buttons>
   <ButtonLockdownList>
      <!-- Lockdown all buttons -->
         <Button name="Search">
         </Button>
         <Button name="Camera">
         </Button>
         <Button name="Custom1">
         </Button>
         <Button name="Custom2">
         </Button>
         <Button name="Custom3">
         </Button>
   </ButtonLockdownList>

The Search and custom buttons can be remapped or configured to open a specific application. Button remapping takes effect for the device and applies to all users.

Note

The lockdown settings for a button, per user role, will apply regardless of the button mapping.

Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role.

To remap a button in lockdown XML, you supply the button name, the button event (typically "press"), and the product ID for the application the button will open.

<ButtonRemapList>
   <Button name="Search">
      <ButtonEvent name="Press">
         <!-- Alarms -->
         <Application productId="{08179793-ED2E-45EA-BA12-BDE3EE9C3CE3}" parameters="" />
          </ButtonEvent>
   </Button>
</ButtonRemapList>

Disabling navigation buttons To disable navigation buttons (such as Home or Back) in lockdown XML, you supply the name (for example, Start) and button event (typically "press").

The following section contains a sample lockdown XML file that shows how to disable navigation buttons.

<?xml version="1.0" encoding="utf-8"?>
<HandheldLockdown version="1.0" >
    <Default>
        <ActionCenter enabled="false" />
        <Apps>
            <!-- Settings -->
            <Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}">
                <PinToStart>
                    <Size>Large</Size>
                    <Location>
                        <LocationX>0</LocationX>
                        <LocationY>0</LocationY>
                    </Location>
                </PinToStart>
            </Application>

            <!-- Phone Apps -->
            <Application productId="{F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7}">
                <PinToStart>
                    <Size>Small</Size>
                    <Location>
                        <LocationX>2</LocationX>
                        <LocationY>2</LocationY>
                    </Location>
                </PinToStart>
            </Application>
        </Apps>
        <Buttons>
            <ButtonLockdownList>
                <Button name="Start">
                    <ButtonEvent name="Press" />
                </Button>
                <Button name="Back">
                    <ButtonEvent name="Press" />
                    <ButtonEvent name="PressAndHold" />
                </Button>
                <Button name="Search">
                    <ButtonEvent name="All" />
                </Button>
                <Button name="Camera">
                    <ButtonEvent name="Press" />
                    <ButtonEvent name="PressAndHold" />
                </Button>
                <Button name="Custom1">
                    <ButtonEvent name="Press" />
                    <ButtonEvent name="PressAndHold" />
                </Button>
                <Button name="Custom2">
                    <ButtonEvent name="Press" />
                    <ButtonEvent name="PressAndHold" />
                </Button>
                <Button name="Custom3">
                    <ButtonEvent name="Press" />
                    <ButtonEvent name="PressAndHold" />
                </Button>
            </ButtonLockdownList>
            <ButtonRemapList />
        </Buttons>
        <MenuItems>
            <DisableMenuItems/>
        </MenuItems>
        <Settings>
        </Settings>
        <Tiles>
            <EnableTileManipulation/>
        </Tiles>
        <StartScreenSize>Small</StartScreenSize>
    </Default>
</HandheldLockdown>

Entry	Description
MenuItems	Use DisableMenuItems to prevent use of the context menu, which is displayed when a user presses and holds an application in the All Programs list. You can include this entry in the default profile and in any additional user role profiles that you create.

Important

If DisableMenuItems is not included in a profile, users of that profile can uninstall apps.

MenuItems example:

<MenuItems>
   <DisableMenuItems/>
</MenuItems>

Entry	Description
Tiles	Turning-on tile manipulation - By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile. If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile.

Entry

Description

Tiles

Turning-on tile manipulation - By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile. If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile.

Important

If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile.

The following sample file contains configuration for enabling tile manipulation.

Note

Tile manipulation is disabled when you don’t have a <Tiles> node in lockdown XML, or if you have a <Tiles> node but don’t have the <EnableTileManipulation> node.

<?xml version="1.0" encoding="utf-8"?>
<HandheldLockdown version="1.0" >
    <Default>
        <ActionCenter enabled="false" />
        <Apps>
            <!-- Settings -->
            <Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}">
                <PinToStart>
                    <Size>Large</Size>
                    <Location>
                        <LocationX>0</LocationX>
                        <LocationY>0</LocationY>
                    </Location>
                </PinToStart>
            </Application>

            <!-- Phone Apps -->
            <Application productId="{F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7}">
                <PinToStart>
                    <Size>Small</Size>
                    <Location>
                        <LocationX>2</LocationX>
                        <LocationY>2</LocationY>
                    </Location>
                </PinToStart>
            </Application>
        </Apps>
        <Buttons>
            <ButtonLockdownList>
                <Button name="Start">
                    <ButtonEvent name="Press" />
                </Button>
                <Button name="Back">
                    <ButtonEvent name="Press" />
                    <ButtonEvent name="PressAndHold" />
                </Button>
                <Button name="Search">
                    <ButtonEvent name="All" />
                </Button>
                <Button name="Camera">
                    <ButtonEvent name="Press" />
                    <ButtonEvent name="PressAndHold" />
                </Button>
                <Button name="Custom1">
                    <ButtonEvent name="Press" />
                    <ButtonEvent name="PressAndHold" />
                </Button>
                <Button name="Custom2">
                    <ButtonEvent name="Press" />
                    <ButtonEvent name="PressAndHold" />
                </Button>
                <Button name="Custom3">
                    <ButtonEvent name="Press" />
                    <ButtonEvent name="PressAndHold" />
                </Button>
            </ButtonLockdownList>
            <ButtonRemapList />
        </Buttons>
        <MenuItems>
            <DisableMenuItems/>
        </MenuItems>
        <Settings>
        </Settings>
        <Tiles>
            <EnableTileManipulation/>
        </Tiles>
        <StartScreenSize>Small</StartScreenSize>
    </Default>
</HandheldLockdown>

Entry	Description
CSP Runner	Allows CSPs to be executed on the device per user role. You can use this to implement role specific policies, such as changing the color scheme when an admin logs on the device, or to set configurations per role.

LockscreenWallpaper/ The parent node of the lock screen-related parameters that let administrators query and manage the lock screen image on devices. Supported operations are Add, Delete, Get and Replace.

LockscreenWallpaper/BGFileName The file name of the lock screen. The image file for the lock screen can be in .jpg or .png format and must not exceed 2 MB. The file name can also be in the Universal Naming Convention (UNC) format, in which case the device downloads it from the shared network and then sets it as the lock screen wallpaper.

Supported operations are Add, Get, and Replace.

Theme/ The parent node of theme-related parameters.

Supported operations are Add, Delete, Get and Replace.

Theme/ThemeBackground Indicates whether the background color is light or dark. Set to 0 for light; set to 1 for dark.