10 KiB
title, description, ms.author, ms.topic, ms.prod, ms.technology, author, ms.date
| title | description | ms.author | ms.topic | ms.prod | ms.technology | author | ms.date |
|---|---|---|---|---|---|---|---|
| Policy CSP - NetworkIsolation | Policy CSP - NetworkIsolation | maricia | article | w10 | windows | nickbrower | 07/14/2017 |
Policy CSP - NetworkIsolation
Warning
Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
NetworkIsolation policies
NetworkIsolation/EnterpriseCloudResources
| Home | Pro | Business | Enterprise | Education | Mobile | Mobile Enterprise |
|---|---|---|---|---|---|---|
 |
 |
|
|
|
|
Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the **EnterpriseInternalProxyServers** policy. This domain list is a pipe-separated list of cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address. For example, **<*cloudresource*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|**.
NetworkIsolation/EnterpriseIPRange
| Home | Pro | Business | Enterprise | Education | Mobile | Mobile Enterprise |
|---|---|---|---|---|---|---|
|
|
|
|
|
|
Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of IPv4 and IPv6 ranges. For example:
10.0.0.0-10.255.255.255,157.54.0.0-157.54.255.255,
192.168.0.0-192.168.255.255,2001:4898::-2001:4898:7fff:ffff:ffff:ffff:ffff:ffff,
2001:4898:dc05::-2001:4898:dc05:ffff:ffff:ffff:ffff:ffff,
2a01:110::-2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,
fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
NetworkIsolation/EnterpriseIPRangesAreAuthoritative
| Home | Pro | Business | Enterprise | Education | Mobile | Mobile Enterprise |
|---|---|---|---|---|---|---|
|
|
|
|
|
|
Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets.
NetworkIsolation/EnterpriseInternalProxyServers
| Home | Pro | Business | Enterprise | Education | Mobile | Mobile Enterprise |
|---|---|---|---|---|---|---|
|
|
|
|
|
|
This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies.
NetworkIsolation/EnterpriseNetworkDomainNames
| Home | Pro | Business | Enterprise | Education | Mobile | Mobile Enterprise |
|---|---|---|---|---|---|---|
|
|
|
|
|
|
This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com".
Note
The client requires domain name to be canonical, otherwise the setting will be rejected by the client.
Here are the steps to create canonical domain names:
- Transform the ASCII characters (A-Z only) to lower case. For example, Microsoft.COM -> microsoft.com.
- Call IdnToAscii with IDN_USE_STD3_ASCII_RULES as the flags.
- Call IdnToUnicode with no flags set (dwFlags = 0).
NetworkIsolation/EnterpriseProxyServers
| Home | Pro | Business | Enterprise | Education | Mobile | Mobile Enterprise |
|---|---|---|---|---|---|---|
|
|
|
|
|
|
This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59".
NetworkIsolation/EnterpriseProxyServersAreAuthoritative
| Home | Pro | Business | Enterprise | Education | Mobile | Mobile Enterprise |
|---|---|---|---|---|---|---|
|
|
|
|
|
|
Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies.
NetworkIsolation/NeutralResources
| Home | Pro | Business | Enterprise | Education | Mobile | Mobile Enterprise |
|---|---|---|---|---|---|---|
|
|
|
|
|
|
List of domain names that can used for work or personal resource.
Footnote:
- 1 - Added in Windows 10, version 1607.
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.