deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-networklistmanager.md

5.7 KiB
Raw Blame History

title, description, author, manager, ms.author, ms.date, ms.localizationpriority, ms.prod, ms.technology, ms.topic
title description author manager ms.author ms.date ms.localizationpriority ms.prod ms.technology ms.topic
NetworkListManager Policy CSP Learn more about the NetworkListManager Area in Policy CSP. vinaypamnani-msft aaroncz vinpa 01/09/2023 medium windows-client itpro-manage reference

Policy CSP - NetworkListManager

AllowedTlsAuthenticationEndpoints

Scope Editions Applicable OS
✔️ Device
User		 Home
✔️ Pro
✔️ Enterprise
✔️ Education
Windows SE		 ✔️ Windows 11, version 22H2 [10.0.22621] and later 
./Device/Vendor/MSFT/Policy/Config/NetworkListManager/AllowedTlsAuthenticationEndpoints

List of URLs (seperated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated.

  • The HTTPS endpoint must not have any more authentication checks, such as sign-in or multi-factor authentication.
  • The HTTPS endpoint must be an internal address not accessible from outside the organizational network.
  • The client must trust the server certificate. So the CA certificate that the HTTPS server certificate chains to must be present in the client machine's root certificate store.
  • A certificate shouldn't be a public certificate.

Test the URL using this command, it MUST return a HTTP_STATUS_OK 200

Invoke-webrequest https://nls.corp.contoso.com -Method get -UseBasicParsing -MaximumRedirection 0

When entering a list of TLS endpoints in Microsoft Intune using a configruation profile with a custom template and the OMA URI, the URLs must be seperated by Unicode character 0xF000. It must be this format:

<![CDATA[https://nls.corp.contoso.com&#xF000;https://nls.corp.fabricam.com]]>

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace
Allowed Values List (Delimiter: 0xF000)

ConfiguredTlsAuthenticationNetworkName

Scope Editions Applicable OS
✔️ Device
User		 Home
✔️ Pro
✔️ Enterprise
✔️ Education
Windows SE		 ✔️ Windows 11, version 22H2 [10.0.22621] and later 
./Device/Vendor/MSFT/Policy/Config/NetworkListManager/ConfiguredTlsAuthenticationNetworkName

The string will be used to name the network authenticated against one of the endpoints listed in AllowedTlsAuthenticationEndpoints policy

This policy setting provides the string that names a network. If this setting is used for Trusted Network Detection in an Always On VPN profile, it must be the DNS suffix that is configured in the TrustedNetworkDetection attribute.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Related articles

Policy configuration service provider