7 Appendix B: Product Behavior

  • Article

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include updates to those products.

  • Windows 8.1 operating system

Exceptions, if any, are noted in this section. If an update version, service pack or Knowledge Base (KB) number appears with a product name, the behavior changed in that update. The new behavior also applies to subsequent updates unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms "SHOULD" or "SHOULD NOT" implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term "MAY" implies that the product does not follow the prescription.

<1> Section 3.4.4.1.1: The RequestSecurityTokenOnBehalfOf message is added as described in Knowledge Base Article 2909569, December 2013 GDR [MSKB-2909569]. This General Distribution Release (GDR) applies to Windows 8.1.

<2> Section 3.4.4.1.1.2:  The RequestSecurityTokenOnBehalfOf message is added as described in Knowledge Base Article 2909569, December 2013 GDR [MSKB-2909569]. This General Distribution Release (GDR) applies to Windows 8.1.

<3> Section 3.4.4.1.1.2:  In Windows 8.1, use of the RequestSecurityTokenOnBehalfOf message requires configuration of the following three registry keys as a prerequisite to performing enrollment:

  • MachineMDMEnrollment is set to 1.

  • MachineMDMEnrollmentUserUPN is set to a value that the server can identify and associate with the locally managed user.

  • MachineMDMEnrollmentUserSID is set to the SID of the local user on whose behalf the administrator is enrolling.

For example, the registry keys are defined as follows:

 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM]
 "MachineMDMEnrollment"=dword:00000001
 "MachineMDMEnrollmentUserUPN"="joe@contoso.com"
 "MachineMDMEnrollmentUserSID"="S-1-5-21-425223123-4157917690-3751521321-1002"]

<4> Section 3.6:  For the most current version of the example provisioning document schema, see Knowledge Base Article 2909569, December 2013 GDR [MSKB-2909569]. This General Distribution Release (GDR) applies to Windows 8.1.