Windows.Embedded.DeviceLockdown Namespace

Provides a simple and consistent interface for locking down the available applications and tiles on the device for specific user roles defined by the enterprise.

These APIs are available in the Mobile Extension SDK.



Provides the methods for getting and applying restrictions to applications and tiles on the device based on user role IDs.


Represents the user role information.




In order to use this API, you need to first configure roles that are deployed using the EnterpriseAssignedAccess CSP.

The device lockdown APIs in Windows.Embedded.DeviceLockdown require the enterpriseDeviceLockdown capability, which allows you to use a standard enterprise certificate. This capability is not available to standard 3rd party developers where the certificate is provided through Visual Studio. At this time, you must manually include this capability in your manifest file. For instructions about how to manually update your manifest file and more details about device capabilities, see app capability declarations.

See also