What's new in mobile device enrollment and management

This article provides information about what's new in mobile device management (MDM) enrollment and management experience across all Windows devices. This article also provides details about the breaking changes and known issues and frequently asked questions.

For details about Microsoft mobile device management protocols for Windows, see [MS-MDM]: Mobile Device Management Protocol and [MS-MDE2]: Mobile Device Enrollment Protocol Version 2.

What's new in MDM for Windows 11, version 22H2

New or updated article Description
DeviceStatus Added the following node:
  • MDMClientCertAttestation
  • eUUICs Added the following node:
  • IsDiscoveryServer
  • PersonalDataEncryption New CSP
    Policy CSP Added the following nodes:
  • Accounts/RestrictToEnterpriseDeviceAuthenticationOnly
  • DesktopAppInstaller/EnableAdditionalSources
  • DesktopAppInstaller/EnableAllowedSources
  • DesktopAppInstaller/EnableAppInstaller
  • DesktopAppInstaller/EnableDefaultSource
  • DesktopAppInstaller/EnableExperimentalFeatures
  • DesktopAppInstaller/EnableHashOverride
  • DesktopAppInstaller/EnableLocalManifestFiles
  • DesktopAppInstaller/EnableMicrosoftStoreSource
  • DesktopAppInstaller/EnableMSAppInstallerProtocol
  • DesktopAppInstaller/EnableSettings
  • DesktopAppInstaller/SourceAutoUpdateInterval
  • Education/EnableEduThemes
  • Experience/AllowSpotlightCollectionOnDesktop
  • FileExplorer/DisableGraphRecentItems
  • HumanPresence/ForceInstantDim
  • InternetExplorer/EnableGlobalWindowListInIEMode
  • InternetExplorer/HideIEAppRetirementNotification
  • InternetExplorer/ResetZoomForDialogInIEMode
  • LocalSecurityAuthority/AllowCustomSSPsAPs
  • LocalSecurityAuthority/ConfigureLsaProtectedProcess
  • MixedReality/AllowCaptivePortalBeforeLogon
  • MixedReality/AllowLaunchUriInSingleAppKiosk
  • MixedReality/AutoLogonUser
  • MixedReality/ConfigureMovingPlatform
  • MixedReality/ConfigureNtpClient
  • MixedReality/ManualDownDirectionDisabled
  • MixedReality/NtpClientEnabled
  • MixedReality/SkipCalibrationDuringSetup
  • MixedReality/SkipTrainingDuringSetup
  • NetworkListManager/AllowedTlsAuthenticationEndpoints
  • NetworkListManager/ConfiguredTLSAuthenticationNetworkName
  • Printers/ConfigureCopyFilesPolicy
  • Printers/ConfigureDriverValidationLevel
  • Printers/ConfigureIppPageCountsPolicy
  • Printers/ConfigureRedirectionGuard
  • Printers/ConfigureRpcConnectionPolicy
  • Printers/ConfigureRpcListenerPolicy
  • Printers/ConfigureRpcTcpPort
  • Printers/ManageDriverExclusionList
  • Printers/RestrictDriverInstallationToAdministrators
  • RemoteDesktopServices/DoNotAllowWebAuthnRedirection
  • Search/AllowSearchHighlights
  • Search/DisableSearch
  • SharedPC/EnableSharedPCModeWithOneDriveSync
  • Start/DisableControlCenter
  • Start/DisableEditingQuickSettings
  • Start/HideRecommendedSection
  • Start/HideTaskViewButton
  • Start/SimplifyQuickSettings
  • Stickers/EnableStickers
  • Textinput/allowimenetworkaccess
  • Update/NoUpdateNotificationDuringActiveHours
  • WebThreatDefense/EnableService
  • WebThreatDefense/NotifyMalicious
  • WebThreatDefense/NotifyPasswordReuse
  • WebThreatDefense/NotifyUnsafeApp
  • Windowslogon/EnableMPRNotifications
  • SecureAssessment Added the following node:
  • Assessments
  • WindowsAutopilot Added the following node:
  • HardwareMismatchRemediationData
  • What's new in MDM for Windows 11, version 21H2

    New or updated article Description
    Policy CSP Added the following nodes:
  • Kerberos/PKInitHashAlgorithmConfiguration
  • Kerberos/PKInitHashAlgorithmSHA1
  • Kerberos/PKInitHashAlgorithmSHA256
  • Kerberos/PKInitHashAlgorithmSHA384
  • Kerberos/PKInitHashAlgorithmSHA512
  • NewsAndInterests/AllowNewsAndInterests
  • Experiences/ConfigureChatIcon
  • Start/ConfigureStartPins
  • Virtualizationbasedtechnology/HypervisorEnforcedCodeIntegrity
  • Virtualizationbasedtechnology/RequireUEFIMemoryAttributesTable
  • DMClient CSP Updated the description of the following nodes:
  • Provider/ProviderID/ConfigLock/Lock
  • Provider/ProviderID/ConfigLock/UnlockDuration
  • Provider/ProviderID/ConfigLock/SecuredCore
  • PrinterProvisioning New CSP

    What's new in MDM for Windows 10, version 20H2

    New or updated article Description
    Policy CSP Added the following nodes:
  • Experience/DisableCloudOptimizedContent
  • LocalUsersAndGroups/Configure
  • MixedReality/AADGroupMembershipCacheValidityInDays
  • MixedReality/BrightnessButtonDisabled
  • MixedReality/FallbackDiagnostics
  • MixedReality/MicrophoneDisabled
  • MixedReality/VolumeButtonDisabled
  • Multitasking/BrowserAltTabBlowout
  • SurfaceHub CSP Added the following new node:
  • Properties/SleepMode
  • WindowsDefenderApplicationGuard CSP Updated the description of the following node:
  • Settings/AllowWindowsDefenderApplicationGuard
  • What's new in MDM for Windows 10, version 2004

    New or updated article Description
    Policy CSP Added the following nodes:
  • ApplicationManagement/BlockNonAdminUserInstall
  • Bluetooth/SetMinimumEncryptionKeySize
  • DeliveryOptimization/DOCacheHostSource
  • DeliveryOptimization/DOMaxBackgroundDownloadBandwidth
  • DeliveryOptimization/DOMaxForegroundDownloadBandwidth
  • Education/AllowGraphingCalculator
  • TextInput/ConfigureJapaneseIMEVersion
  • TextInput/ConfigureSimplifiedChineseIMEVersion
  • TextInput/ConfigureTraditionalChineseIMEVersion

    Updated the following policy:
  • DeliveryOptimization/DOCacheHost

    Deprecated the following policies:
  • DeliveryOptimization/DOMaxDownloadBandwidth
  • DeliveryOptimization/DOMaxUploadBandwidth
  • DeliveryOptimization/DOPercentageMaxDownloadBandwidth
  • DevDetail CSP Added the following new node:
  • Ext/Microsoft/DNSComputerName
  • EnterpriseModernAppManagement CSP Added the following node:
  • IsStub
  • SUPL CSP Added the following node:
  • FullVersion
  • What's new in MDM for Windows 10, version 1909

    New or updated article Description
    BitLocker CSP Added the following nodes:
  • ConfigureRecoveryPasswordRotation
  • RotateRecoveryPasswords
  • RotateRecoveryPasswordsStatus
  • RotateRecoveryPasswordsRequestID
  • What's new in MDM for Windows 10, version 1903

    New or updated article Description
    Policy CSP Added the following nodes:
  • DeliveryOptimization/DODelayCacheServerFallbackBackground
  • DeliveryOptimization/DODelayCacheServerFallbackForeground
  • DeviceHealthMonitoring/AllowDeviceHealthMonitoring
  • DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope
  • DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination
  • DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs
  • DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs
  • Experience/ShowLockOnUserTile
  • InternetExplorer/AllowEnhancedSuggestionsInAddressBar
  • InternetExplorer/DisableActiveXVersionListAutoDownload
  • InternetExplorer/DisableCompatView
  • InternetExplorer/DisableFeedsBackgroundSync
  • InternetExplorer/DisableGeolocation
  • InternetExplorer/DisableWebAddressAutoComplete
  • InternetExplorer/NewTabDefaultPage
  • Power/EnergySaverBatteryThresholdOnBattery
  • Power/EnergySaverBatteryThresholdPluggedIn
  • Power/SelectLidCloseActionOnBatterybr>
  • Power/SelectLidCloseActionPluggedIn
  • Power/SelectPowerButtonActionOnBattery
  • Power/SelectPowerButtonActionPluggedIn
  • Power/SelectSleepButtonActionOnBattery
  • Power/SelectSleepButtonActionPluggedIn
  • Power/TurnOffHybridSleepOnBattery
  • Power/TurnOffHybridSleepPluggedIn
  • Power/UnattendedSleepTimeoutOnBattery
  • Power/UnattendedSleepTimeoutPluggedIn
  • Privacy/LetAppsActivateWithVoice
  • Privacy/LetAppsActivateWithVoiceAboveLock
  • Search/AllowFindMyFiles
  • ServiceControlManager/SvchostProcessMitigation
  • System/AllowCommercialDataPipelinebr>
  • System/TurnOffFileHistory
  • TimeLanguageSettings/ConfigureTimeZonebr>
  • Troubleshooting/AllowRecommendations
  • Update/AutomaticMaintenanceWakeUp
  • Update/ConfigureDeadlineForFeatureUpdates
  • Update/ConfigureDeadlineForQualityUpdates
  • Update/ConfigureDeadlineGracePeriod
  • WindowsLogon/AllowAutomaticRestartSignOn
  • WindowsLogon/ConfigAutomaticRestartSignOn
  • WindowsLogon/EnableFirstLogonAnimation
  • Policy CSP - Audit Added the new Audit policy CSP.
    ApplicationControl CSP Added the new CSP.
    Defender CSP Added the following new nodes:
  • Health/TamperProtectionEnabled
  • Health/IsVirtualMachine
  • Configuration
  • Configuration/TamperProtection
  • Configuration/EnableFileHashComputation
  • DiagnosticLog CSP
    DiagnosticLog DDF
    Added version 1.4 of the CSP.
    Added the new 1.4 version of the DDF.
    Added the following new nodes:
  • Policy
  • Policy/Channels
  • Policy/Channels/ChannelName
  • Policy/Channels/ChannelName/MaximumFileSize
  • Policy/Channels/ChannelName/SDDL
  • Policy/Channels/ChannelName/ActionWhenFull
  • Policy/Channels/ChannelName/Enabled
  • DiagnosticArchive
  • DiagnosticArchive/ArchiveDefinition
  • DiagnosticArchive/ArchiveResults
  • EnrollmentStatusTracking CSP Added the new CSP.
    PassportForWork CSP Added the following new nodes:
  • SecurityKey
  • SecurityKey/UseSecurityKeyForSignin
  • What's new in MDM for Windows 10, version 1809

    New or updated article Description
    Policy CSP Added the following nodes:
  • ApplicationManagement/LaunchAppAfterLogOn
  • ApplicationManagement/ScheduleForceRestartForUpdateFailures
  • Authentication/EnableFastFirstSignIn (Preview mode only
  • Authentication/EnableWebSignIn (Preview mode only
  • Authentication/PreferredAadTenantDomainName
  • Browser/AllowFullScreenMode
  • Browser/AllowPrelaunch
  • Browser/AllowPrinting
  • Browser/AllowSavingHistory
  • Browser/AllowSideloadingOfExtensions
  • Browser/AllowTabPreloading
  • Browser/AllowWebContentOnNewTabPage
  • Browser/ConfigureFavoritesBar
  • Browser/ConfigureHomeButton
  • Browser/ConfigureKioskMode
  • Browser/ConfigureKioskResetAfterIdleTimeout
  • Browser/ConfigureOpenMicrosoftEdgeWith
  • Browser/ConfigureTelemetryForMicrosoft365Analytics
  • Browser/PreventCertErrorOverrides
  • Browser/SetHomeButtonURL
  • Browser/SetNewTabPageURL
  • Browser/UnlockHomeButton
  • Defender/CheckForSignaturesBeforeRunningScan
  • Defender/DisableCatchupFullScan
  • Defender/DisableCatchupQuickScan
  • Defender/EnableLowCPUPriority
  • Defender/SignatureUpdateFallbackOrder
  • Defender/SignatureUpdateFileSharesSources
  • DeviceGuard/ConfigureSystemGuardLaunch
  • DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
  • DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
  • DeviceInstallation/PreventDeviceMetadataFromNetwork
  • DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
  • DmaGuard/DeviceEnumerationPolicy
  • Experience/AllowClipboardHistory
  • Experience/DoNotSyncBrowserSettings
  • Experience/PreventUsersFromTurningOnBrowserSyncing
  • Kerberos/UPNNameHints
  • Privacy/AllowCrossDeviceClipboard
  • Privacy/DisablePrivacyExperience
  • Privacy/UploadUserActivities
  • Security/RecoveryEnvironmentAuthentication
  • System/AllowDeviceNameInDiagnosticData
  • System/ConfigureMicrosoft365UploadEndpoint
  • System/DisableDeviceDelete
  • System/DisableDiagnosticDataViewer
  • Storage/RemovableDiskDenyWriteAccess
  • TaskManager/AllowEndTask
  • Update/DisableWUfBSafeguards
  • Update/EngagedRestartDeadlineForFeatureUpdates
  • Update/EngagedRestartSnoozeScheduleForFeatureUpdates
  • Update/EngagedRestartTransitionScheduleForFeatureUpdates
  • Update/SetDisablePauseUXAccess
  • Update/SetDisableUXWUAccess
  • WindowsDefenderSecurityCenter/DisableClearTpmButton
  • WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
  • WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
  • WindowsLogon/DontDisplayNetworkSelectionUI
  • BitLocker CSP Added a new node AllowStandardUserEncryption.
  • Added support for Pro edition.
  • Defender CSP Added a new node Health/ProductStatus.
    DevDetail CSP Added a new node SMBIOSSerialNumber.
    EnterpriseModernAppManagement CSP Added Non-Removable setting under AppManagement node.
    Office CSP Added FinalStatus setting.
    PassportForWork CSP Added new settings.
    RemoteWipe CSP Added new settings.
    SUPL CSP Added three new certificate nodes.
    TenantLockdown CSP Added new CSP.
    Wifi CSP Added a new node WifiCost.
    WindowsDefenderApplicationGuard CSP Added new settings.
    WindowsLicensing CSP Added S mode settings and SyncML examples.
    Win32CompatibilityAppraiser CSP New CSP.