deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-cryptography.md
Chris J. Lin ef1c69b439
Release mcc ent (#1) 
* smb adds

* smb adds

* formatting

* private preview and support content

* edit removed and dep

* Fix blocking issues

* Acro-fix

* 24H2 CSP Updates

* Fix link

* fix link in dep page

* edit

* edit index file

* syntax-fix-24h2

* ltsc-edits

* ltsc-edits

* lichris-docs-1

* Acrolinx improvements

* refresh for maxado-8631996

* update link for maxado-8631993

* additional edits, acrolinx

* ltsc-tw

* contentsource-8914508

* contentsource-8914508

* Updates for 1 October release

* Set stale debug to false

* update gp link for 24h2

* additional changes

* Changes to updates, acrolinx changes

* fixes broken links

* Fixed alignment issues

* updates from Rafal

* fixed acrolinx

* so many link fixes

* added release notes and troubleshoot content

* updates

* Update security-compliance-toolkit-10.md

Added Windows 11 24H2

* Update get-support-for-security-baselines.md

Updated for Windows 11 24H2

* bump date

* bump date

* fix pde comment

* fixing broken link

* Fix broken redirections

* fix to rel link

* reset head, fix link

* add cli to deploy, add script to cli

* removing "mcce"

* edits to create page

* Update default and global release policies OS version and dates to latest release values

* emoved e from mcce and other changes

* updated example script

* added important notice to update page

* more update page changes

* clarified how proxy configuration is used

* anonymizing variables in example script

* revise example script

* acrolinx fixes to update page

* changes to other pages and content in overview page

* Update broken link

Update broken link

* Update windows-sandbox-configure-using-wsb-file.md

Update `HostFolder` value description in `MappedFolder`, specifying that the path could be absolute or relative, not only absolute as, instead, is for the `SandboxFolder` value.

* Remove bad link

Removed bad link. There is already a second link referring to content so no need to replace the link.

* docfx update for security book

* Correct TOC entry changing Windows 10 to Windows

* Update whats-new-do.md

- Vpn to VPN
- Minor improvements

* Updated date for freshness reporting

* Add EOS callout

Fix some obvious Acrolinx issues

* Fixed typo added clarity

* Update mcc-ent-deploy-to-windows.md

* Update .openpublishing.redirection.windows-deployment.json

* Update .openpublishing.redirection.windows-deployment.json

* Update policy-csp-localpoliciessecurityoptions.md

* Correct indentation and spacing

* Acrolinx: "Enteprise"

* Update mcc-ent-edu-overview.md

* refresh

* Remove redirection and final bits of store-for-business

store-for-business, AKA /microsoft-store/, is retired, and the content is archived in officearchive-pr. This archival was for ADO task 9268422.

* added support content and other changes

* fixed tabs

* fixed tabs

* Updated device reg policy and group information

* Update delivery-optimization-endpoints.md

Added a line item in MCC table for Outlook *res.cdn.office.net requirement

* freshness review

* Fix broken links

* Minor change

* content for faq

* changes to landing page

* more content to faqs

* pencil edit

* add copilot exps link

* edits and ren cli file temporarily

* ren file back and edit toc to lowercase

* edit

* edit

* edit

* Update windows-autopatch-configure-network.md

Adding a new network endpoint required for the service 'device.autopatch.microsoft.com' @tiaraquan

* Clarify some points and remove data that is confusing to customers.

* fix syntax

* Sentence correction

* Update windows/deployment/do/waas-delivery-optimization-faq.yml

Co-authored-by: Meghan Stewart <33289333+mestew@users.noreply.github.com>

* Update windows/deployment/do/waas-delivery-optimization-faq.yml

Co-authored-by: Meghan Stewart <33289333+mestew@users.noreply.github.com>

* moved shortcuts under policy settings article

---------

Co-authored-by: Alma Jenks <v-alje@microsoft.com>
Co-authored-by: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Co-authored-by: Stacyrch140 <102548089+Stacyrch140@users.noreply.github.com>
Co-authored-by: Nidhi Doshi <77081571+doshnid@users.noreply.github.com>
Co-authored-by: Gary Moore <5432776+garycentric@users.noreply.github.com>
Co-authored-by: Vinay Pamnani (from Dev Box) <vinpa@microsoft.com>
Co-authored-by: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Co-authored-by: Aaron Czechowski <aczechowski@users.noreply.github.com>
Co-authored-by: Aditi Srivastava <133841950+aditisrivastava07@users.noreply.github.com>
Co-authored-by: Daniel H. Brown <32883970+DHB-MSFT@users.noreply.github.com>
Co-authored-by: David Strome <21028455+dstrome@users.noreply.github.com>
Co-authored-by: Padma Jayaraman <v-padmaj@microsoft.com>
Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Co-authored-by: Rebecca Agiewich <16087112+rjagiewich@users.noreply.github.com>
Co-authored-by: Rick Munck <33725928+jmunck@users.noreply.github.com>
Co-authored-by: Tanaka <Huios@users.noreply.github.com>
Co-authored-by: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Co-authored-by: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Co-authored-by: Davide Piccinini <davide.piccinini.95@gmail.com>
Co-authored-by: Phil Garcia <phil@thinkedge.com>
Co-authored-by: Learn Build Service GitHub App <Learn Build Service LearnBuild@microsoft.com>
Co-authored-by: tiaraquan <tiaraquan@microsoft.com>
Co-authored-by: Caitlin Hart <caithart@microsoft.com>
Co-authored-by: Harman Thind <63820404+hathin@users.noreply.github.com>
Co-authored-by: [cmknox] <[cmknox@gmail.com]>
Co-authored-by: Carmen Forsmann <cmforsmann@live.com>
2024-10-17 11:34:07 -07:00

415 lines
17 KiB
Markdown
Raw Blame History

---
title: Cryptography Policy CSP
description: Learn more about the Cryptography Area in Policy CSP.
ms.date: 09/27/2024
---
<!-- Auto-Generated CSP Document -->
<!-- Cryptography-Begin -->
# Policy CSP - Cryptography
<!-- Cryptography-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Cryptography-Editable-End -->
<!-- AllowFipsAlgorithmPolicy-Begin -->
## AllowFipsAlgorithmPolicy
<!-- AllowFipsAlgorithmPolicy-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
<!-- AllowFipsAlgorithmPolicy-Applicability-End -->
<!-- AllowFipsAlgorithmPolicy-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/Cryptography/AllowFipsAlgorithmPolicy
```
<!-- AllowFipsAlgorithmPolicy-OmaUri-End -->
<!-- AllowFipsAlgorithmPolicy-Description-Begin -->
<!-- Description-Source-DDF -->
Allows or disallows the Federal Information Processing Standard (FIPS) policy.
<!-- AllowFipsAlgorithmPolicy-Description-End -->
<!-- AllowFipsAlgorithmPolicy-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- AllowFipsAlgorithmPolicy-Editable-End -->
<!-- AllowFipsAlgorithmPolicy-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
<!-- AllowFipsAlgorithmPolicy-DFProperties-End -->
<!-- AllowFipsAlgorithmPolicy-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| 1 | Allow. |
| 0 (Default) | Block. |
<!-- AllowFipsAlgorithmPolicy-AllowedValues-End -->
<!-- AllowFipsAlgorithmPolicy-GpMapping-Begin -->
**Group policy mapping**:
| Name | Value |
|:--|:--|
| Name | System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing |
| Path | Windows Settings > Security Settings > Local Policies > Security Options |
<!-- AllowFipsAlgorithmPolicy-GpMapping-End -->
<!-- AllowFipsAlgorithmPolicy-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- AllowFipsAlgorithmPolicy-Examples-End -->
<!-- AllowFipsAlgorithmPolicy-End -->
<!-- ConfigureEllipticCurveCryptography-Begin -->
## ConfigureEllipticCurveCryptography
<!-- ConfigureEllipticCurveCryptography-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
<!-- ConfigureEllipticCurveCryptography-Applicability-End -->
<!-- ConfigureEllipticCurveCryptography-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/Cryptography/ConfigureEllipticCurveCryptography
```
<!-- ConfigureEllipticCurveCryptography-OmaUri-End -->
<!-- ConfigureEllipticCurveCryptography-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.
- If you enable this policy setting, ECC curves are prioritized in the order specified.(Enter one Curve name per line)
- If you disable or don't configure this policy setting, the default ECC curve order is used.
Default Curve Order
curve25519
NistP256
NistP384
To See all the curves supported on the system, Use the following command:
CertUtil.exe -DisplayEccCurve.
<!-- ConfigureEllipticCurveCryptography-Description-End -->
<!-- ConfigureEllipticCurveCryptography-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ConfigureEllipticCurveCryptography-Editable-End -->
<!-- ConfigureEllipticCurveCryptography-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | List (Delimiter: `;`) |
<!-- ConfigureEllipticCurveCryptography-DFProperties-End -->
<!-- ConfigureEllipticCurveCryptography-GpMapping-Begin -->
**Group policy mapping**:
| Name | Value |
|:--|:--|
| Name | SSLCurveOrder |
| Friendly Name | ECC Curve Order |
| Location | Computer Configuration |
| Path | Network > SSL Configuration Settings |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002 |
| ADMX File Name | CipherSuiteOrder.admx |
<!-- ConfigureEllipticCurveCryptography-GpMapping-End -->
<!-- ConfigureEllipticCurveCryptography-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- ConfigureEllipticCurveCryptography-Examples-End -->
<!-- ConfigureEllipticCurveCryptography-End -->
<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Begin -->
## ConfigureSystemCryptographyForceStrongKeyProtection
<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Applicability-End -->
<!-- ConfigureSystemCryptographyForceStrongKeyProtection-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/Cryptography/ConfigureSystemCryptographyForceStrongKeyProtection
```
<!-- ConfigureSystemCryptographyForceStrongKeyProtection-OmaUri-End -->
<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Description-Begin -->
<!-- Description-Source-DDF -->
System cryptography: Force strong key protection for user keys stored on the computer. Last write wins.
<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Description-End -->
<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Editable-End -->
<!-- ConfigureSystemCryptographyForceStrongKeyProtection-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 2 |
<!-- ConfigureSystemCryptographyForceStrongKeyProtection-DFProperties-End -->
<!-- ConfigureSystemCryptographyForceStrongKeyProtection-AllowedValues-Begin -->
**Allowed values**:
| Flag | Description |
|:--|:--|
| 8 | An app container has accessed a medium key that isn't strongly protected. For example, a key that's for user consent only, or is password or fingerprint protected. |
| 2 (Default) | Force high protection. |
| 1 | Display the strong key user interface as needed. |
<!-- ConfigureSystemCryptographyForceStrongKeyProtection-AllowedValues-End -->
<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Examples-End -->
<!-- ConfigureSystemCryptographyForceStrongKeyProtection-End -->
<!-- OverrideMinimumEnabledDTLSVersionClient-Begin -->
## OverrideMinimumEnabledDTLSVersionClient
<!-- OverrideMinimumEnabledDTLSVersionClient-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
<!-- OverrideMinimumEnabledDTLSVersionClient-Applicability-End -->
<!-- OverrideMinimumEnabledDTLSVersionClient-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/Cryptography/OverrideMinimumEnabledDTLSVersionClient
```
<!-- OverrideMinimumEnabledDTLSVersionClient-OmaUri-End -->
<!-- OverrideMinimumEnabledDTLSVersionClient-Description-Begin -->
<!-- Description-Source-DDF -->
Override minimal enabled TLS version for client role. Last write wins.
<!-- OverrideMinimumEnabledDTLSVersionClient-Description-End -->
<!-- OverrideMinimumEnabledDTLSVersionClient-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- OverrideMinimumEnabledDTLSVersionClient-Editable-End -->
<!-- OverrideMinimumEnabledDTLSVersionClient-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- OverrideMinimumEnabledDTLSVersionClient-DFProperties-End -->
<!-- OverrideMinimumEnabledDTLSVersionClient-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- OverrideMinimumEnabledDTLSVersionClient-Examples-End -->
<!-- OverrideMinimumEnabledDTLSVersionClient-End -->
<!-- OverrideMinimumEnabledDTLSVersionServer-Begin -->
## OverrideMinimumEnabledDTLSVersionServer
<!-- OverrideMinimumEnabledDTLSVersionServer-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
<!-- OverrideMinimumEnabledDTLSVersionServer-Applicability-End -->
<!-- OverrideMinimumEnabledDTLSVersionServer-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/Cryptography/OverrideMinimumEnabledDTLSVersionServer
```
<!-- OverrideMinimumEnabledDTLSVersionServer-OmaUri-End -->
<!-- OverrideMinimumEnabledDTLSVersionServer-Description-Begin -->
<!-- Description-Source-DDF -->
Override minimal enabled TLS version for server role. Last write wins.
<!-- OverrideMinimumEnabledDTLSVersionServer-Description-End -->
<!-- OverrideMinimumEnabledDTLSVersionServer-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- OverrideMinimumEnabledDTLSVersionServer-Editable-End -->
<!-- OverrideMinimumEnabledDTLSVersionServer-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- OverrideMinimumEnabledDTLSVersionServer-DFProperties-End -->
<!-- OverrideMinimumEnabledDTLSVersionServer-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- OverrideMinimumEnabledDTLSVersionServer-Examples-End -->
<!-- OverrideMinimumEnabledDTLSVersionServer-End -->
<!-- OverrideMinimumEnabledTLSVersionClient-Begin -->
## OverrideMinimumEnabledTLSVersionClient
<!-- OverrideMinimumEnabledTLSVersionClient-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
<!-- OverrideMinimumEnabledTLSVersionClient-Applicability-End -->
<!-- OverrideMinimumEnabledTLSVersionClient-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/Cryptography/OverrideMinimumEnabledTLSVersionClient
```
<!-- OverrideMinimumEnabledTLSVersionClient-OmaUri-End -->
<!-- OverrideMinimumEnabledTLSVersionClient-Description-Begin -->
<!-- Description-Source-DDF -->
Override minimal enabled TLS version for client role. Last write wins.
<!-- OverrideMinimumEnabledTLSVersionClient-Description-End -->
<!-- OverrideMinimumEnabledTLSVersionClient-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- OverrideMinimumEnabledTLSVersionClient-Editable-End -->
<!-- OverrideMinimumEnabledTLSVersionClient-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- OverrideMinimumEnabledTLSVersionClient-DFProperties-End -->
<!-- OverrideMinimumEnabledTLSVersionClient-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- OverrideMinimumEnabledTLSVersionClient-Examples-End -->
<!-- OverrideMinimumEnabledTLSVersionClient-End -->
<!-- OverrideMinimumEnabledTLSVersionServer-Begin -->
## OverrideMinimumEnabledTLSVersionServer
<!-- OverrideMinimumEnabledTLSVersionServer-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
<!-- OverrideMinimumEnabledTLSVersionServer-Applicability-End -->
<!-- OverrideMinimumEnabledTLSVersionServer-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/Cryptography/OverrideMinimumEnabledTLSVersionServer
```
<!-- OverrideMinimumEnabledTLSVersionServer-OmaUri-End -->
<!-- OverrideMinimumEnabledTLSVersionServer-Description-Begin -->
<!-- Description-Source-DDF -->
Override minimal enabled TLS version for server role. Last write wins.
<!-- OverrideMinimumEnabledTLSVersionServer-Description-End -->
<!-- OverrideMinimumEnabledTLSVersionServer-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- OverrideMinimumEnabledTLSVersionServer-Editable-End -->
<!-- OverrideMinimumEnabledTLSVersionServer-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- OverrideMinimumEnabledTLSVersionServer-DFProperties-End -->
<!-- OverrideMinimumEnabledTLSVersionServer-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- OverrideMinimumEnabledTLSVersionServer-Examples-End -->
<!-- OverrideMinimumEnabledTLSVersionServer-End -->
<!-- TLSCipherSuites-Begin -->
## TLSCipherSuites
<!-- TLSCipherSuites-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
<!-- TLSCipherSuites-Applicability-End -->
<!-- TLSCipherSuites-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/Cryptography/TLSCipherSuites
```
<!-- TLSCipherSuites-OmaUri-End -->
<!-- TLSCipherSuites-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).
- If you enable this policy setting, SSL cipher suites are prioritized in the order specified.
- If you disable or don't configure this policy setting, default cipher suite order is used.
Link for all the cipherSuites: <https://go.microsoft.com/fwlink/?LinkId=517265>
<!-- TLSCipherSuites-Description-End -->
<!-- TLSCipherSuites-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- TLSCipherSuites-Editable-End -->
<!-- TLSCipherSuites-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | List (Delimiter: `;`) |
<!-- TLSCipherSuites-DFProperties-End -->
<!-- TLSCipherSuites-GpMapping-Begin -->
**Group policy mapping**:
| Name | Value |
|:--|:--|
| Name | SSLCipherSuiteOrder |
| Friendly Name | SSL Cipher Suite Order |
| Location | Computer Configuration |
| Path | Network > SSL Configuration Settings |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002 |
| ADMX File Name | CipherSuiteOrder.admx |
<!-- TLSCipherSuites-GpMapping-End -->
<!-- TLSCipherSuites-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- TLSCipherSuites-Examples-End -->
<!-- TLSCipherSuites-End -->
<!-- Cryptography-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- Cryptography-CspMoreInfo-End -->
<!-- Cryptography-End -->
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)
Reference in New Issue View Git Blame Copy Permalink