Policy CSP - MSSecurityGuide
Tip
This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>
. For details, see Understanding ADMX-backed policies.
The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.
Important
This CSP contains some settings that are under development and only applicable for Windows Insider Preview builds. These settings are subject to change and may have dependencies on other features or services in preview.
ApplyUACRestrictionsToLocalAccountsOnNetworkLogon
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1803 [10.0.17134] and later |
./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon
Description framework properties:
Property name | Property value |
---|---|
Format | chr (string) |
Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name | Value |
---|---|
Name | Pol_SecGuide_0201_LATFP |
ADMX File Name | SecGuide.admx |
ConfigureSMBV1ClientDriver
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1803 [10.0.17134] and later |
./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/ConfigureSMBV1ClientDriver
Description framework properties:
Property name | Property value |
---|---|
Format | chr (string) |
Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name | Value |
---|---|
Name | Pol_SecGuide_0002_SMBv1_ClientDriver |
ADMX File Name | SecGuide.admx |
ConfigureSMBV1Server
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1803 [10.0.17134] and later |
./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/ConfigureSMBV1Server
Description framework properties:
Property name | Property value |
---|---|
Format | chr (string) |
Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name | Value |
---|---|
Name | Pol_SecGuide_0001_SMBv1_Server |
ADMX File Name | SecGuide.admx |
EnableStructuredExceptionHandlingOverwriteProtection
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1803 [10.0.17134] and later |
./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection
Description framework properties:
Property name | Property value |
---|---|
Format | chr (string) |
Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name | Value |
---|---|
Name | Pol_SecGuide_0102_SEHOP |
ADMX File Name | SecGuide.admx |
NetBTNodeTypeConfiguration
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows Insider Preview |
./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/NetBTNodeTypeConfiguration
Description framework properties:
Property name | Property value |
---|---|
Format | chr (string) |
Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name | Value |
---|---|
Name | Pol_SecGuide_0050_NetbtNodeTypeConfig |
ADMX File Name | SecGuide.admx |
TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1803 [10.0.17134] and later |
./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications
Description framework properties:
Property name | Property value |
---|---|
Format | chr (string) |
Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name | Value |
---|---|
Name | Pol_SecGuide_0101_WDPUA |
ADMX File Name | SecGuide.admx |
WDigestAuthentication
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1803 [10.0.17134] and later |
./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/WDigestAuthentication
Description framework properties:
Property name | Property value |
---|---|
Format | chr (string) |
Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name | Value |
---|---|
Name | Pol_SecGuide_0202_WDigestAuthn |
ADMX File Name | SecGuide.admx |