deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-networklistmanager.md
Vinay Pamnani a6618def58 2307 CSP Updates
2023-08-02 14:44:13 -04:00

5.6 KiB
Raw Blame History

title, description, author, manager, ms.author, ms.date, ms.localizationpriority, ms.prod, ms.technology, ms.topic
title description author manager ms.author ms.date ms.localizationpriority ms.prod ms.technology ms.topic
NetworkListManager Policy CSP Learn more about the NetworkListManager Area in Policy CSP. vinaypamnani-msft aaroncz vinpa 08/02/2023 medium windows-client itpro-manage reference

Policy CSP - NetworkListManager

AllowedTlsAuthenticationEndpoints

Scope Editions Applicable OS
Device
User		 Pro
Enterprise
Education
Windows SE		 Windows 10, version 2009 [10.0.19042] and later 
./Device/Vendor/MSFT/Policy/Config/NetworkListManager/AllowedTlsAuthenticationEndpoints

List of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated.

  • When entering a list of TLS endpoints in Microsoft Intune using a configuration profile with a custom template and the OMA URI, use the following format: <![CDATA[https://nls.corp.contoso.com&#xF000;https://nls.corp.fabricam.com]]>
  • The HTTPS endpoint must not have any more authentication checks, such as sign-in or multi-factor authentication.
  • The HTTPS endpoint must be an internal address not accessible from outside the organizational network.
  • The client must trust the server certificate. So the CA certificate that the HTTPS server certificate chains to must be present in the client machine's root certificate store.
  • A certificate shouldn't be a public certificate.

To test the URL, use a PowerShell command similar to below:

Invoke-WebRequest -Uri https://nls.corp.contoso.com -Method get -UseBasicParsing -MaximumRedirection 0

StatusCode return by the command must be 200 (HTTP_STATUS_OK).

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace
Allowed Values List (Delimiter: 0xF000)

ConfiguredTlsAuthenticationNetworkName

Scope Editions Applicable OS
Device
User		 Pro
Enterprise
Education
Windows SE		 Windows 10, version 2009 [10.0.19042] and later 
./Device/Vendor/MSFT/Policy/Config/NetworkListManager/ConfiguredTlsAuthenticationNetworkName

The string will be used to name the network authenticated against one of the endpoints listed in AllowedTlsAuthenticationEndpoints policy.

This policy setting provides the string that names a network. If this setting is used for Trusted Network Detection in an Always On VPN profile, it must be the DNS suffix that is configured in the TrustedNetworkDetection attribute.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Related articles

Policy configuration service provider