Windows: Device functionality rules
Windows
: Device functionality rulesName | Description | Activation types | Default | Possible values |
|---|---|---|---|---|
Allow storage card | Specify whether the storage card is enabled. | MDM controls | Allow |
|
Allow Windows license reactivation | Specify whether users can reactivate their Windows license if required, for example, after a significant hardware change. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 | MDM controls | Allow |
|
Allow Wi-Fi | Specify whether a device can make Wi-Fi connections. This rule does not apply to Windows 10 computers and tablets. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow Internet Sharing | Specify whether a user can use Internet Sharing. Depends on: Allow Wi-Fi Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow auto-connect to Wi-Fi hotspots | Specify whether a device can automatically connect to Wi-Fi hotspots and Wi-Fi networks that are shared with contacts. Depends on: Allow Wi-Fi Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow manual Wi-Fi configuration | Specify whether a user can configure a device to connect to Wi-Fi networks that are outside your installed networks. This rule does not apply to Windows 10 computers and tablets. Depends on: Allow Wi-Fi Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow offline maps automatic updates | Specify whether the device automatically downloads updates for offline maps when the device is online. Minimum OS version: 10.0.14393 | MDM controls | Allow |
|
Allow offline maps updates over metered connection | Specify whether the device automatically downloads updates for offline maps when the device is using a metered connection. Depends on: Allow offline maps automatic updates Minimum OS version: 10.0.14393 | MDM controls | Allow |
|
Allow SMS and MMS sync | Specify whether users can back up and restore SMS and MMS messages and use and Messaging Everywhere. This rule does not apply to Windows 10 computers and tablets. Minimum OS version: 10.0.14393 | MDM controls | Disallow |
|
Allow notification mirroring | Specify whether app and system notifications can be mirrored to other Windows devices that the user is logged in to. Minimum OS version: 10.0.14393 | MDM controls | Allow |
|
Allow NFC | Specify whether a device can use NFC. This rule does not apply to Windows 10 computers and tablets. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow Bluetooth | Specify whether a device can use Bluetooth. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow VPN | Specify whether a device can use VPN. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow VPN over mobile networks | Specify whether a device can use VPN over mobile networks. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow VPN roaming over mobile networks | Specify whether a device can connect to VPN when the device roams over mobile networks. Depends on: Allow VPN over mobile networks Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow telemetry | Specify whether a device can send telemetry information (such as SQM or Watson) to Microsoft. Minimum OS version: 10.0 Obsolete in OS version: 10.0.19045 | MDM controls | Allow |
|
Allow copy and paste | Specify whether a user can copy and paste. This rule does not apply to Windows 10 computers and tablets. This rule applies only to Windows 10 Mobile devices. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow adding email accounts | Specify whether a user can add email accounts to the device. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow manual root certificate installation | Specify whether a user can manually install root and intermediate CAP certificates. This rule does not apply to Windows 10 computers and tablets. This rule applies only to Windows 10 Mobile devices. Minimum OS version: 10.0 | MDM controls | Allow |
|
Require device encryption | Specify whether a device must use internal storage encryption. Once you turn device encryption on, you cannot turn it off using this rule. This rule does not apply to Windows 10 computers and tablets. Minimum OS version: 10.0 | MDM controls | Off |
|
Allow app store | Specify whether the app store is allowed. This rule does not apply to Windows 10 computers and tablets. This rule applies only to Windows 10 Mobile devices. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow apps from Windows Store | Specify whether the device can open apps from the Windows Store. This rule disables apps downloaded by a user and apps preloaded on the device. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 | MDM controls | Allow |
|
Allow developer unlock | Specify whether a developer can unlock a device. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow browser | Specify whether Internet Explorer or Microsoft Edge are allowed on the device. This rule does not apply to Windows 10 computers and tablets. This rule applies only to Windows 10 Mobile devices. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow cookies | Specify whether cookies are allowed in the browser. This rule is supported only by Microsoft Edge version 45 and earlier. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow Do Not Track headers | Specify whether the browser can send Do Not Track headers. This rule is supported only by Microsoft Edge version 45 and earlier. Minimum OS version: 10.0 Obsolete in OS version: 10.0.19045 | MDM controls | Disallow |
|
Allow InPrivate browsing on the work network | Specify whether users can use InPrivate browsing while connected to your work network. This rule is supported only by Microsoft Edge version 45 and earlier. Minimum OS version: 10.0 Obsolete in OS version: 10.0.19045 | MDM controls | Allow |
|
Allow pop-up blocker | Specify whether the pop-up blocker is allowed. This rule is supported only by Microsoft Edge version 45 and earlier. Minimum OS version: 10.0 Obsolete in OS version: 10.0.19045 | MDM controls | Disallow |
|
Allow SmartScreen Filter | Specify whether the SmartScreen Filter can be used in the browser. This rule is supported only by Microsoft Edge version 45 and earlier. Minimum OS version: 10.0 Obsolete in OS version: 10.0.19045 | MDM controls | Allow |
|
Allow ignoring SmartScreen Filter site warnings | Specify whether users can ignore SmartScreen Filter warnings about potentially malicious websites and continue on to the site. This rule is supported only by Microsoft Edge version 45 and earlier. Depends on: Allow SmartScreen Filter Minimum OS version: 10.0 Obsolete in OS version: 10.0.19045 | MDM controls | Allow |
|
Allow ignoring SmartScreen Filter download warnings | Specify whether users can ignore SmartScreen Filter warnings about downloading unverified files and continue the download process. This rule is supported only by Microsoft Edge version 45 and earlier. Depends on: Allow SmartScreen Filter Minimum OS version: 10.0 Obsolete in OS version: 10.0.19045 | MDM controls | Allow |
|
Display IP address during WebRTC phone calls | Specify whether the localhost IP address is displayed while making phone calls using the WebRTC protocol. This rule does not apply to Windows 10 smartphones. This rule is supported only by Microsoft Edge version 45 and earlier. Minimum OS version: 10.0 Obsolete in OS version: 10.0.19045 | MDM controls | Allow |
|
Allow autofill | Specify whether the browser remembers text entered in web forms. This rule is supported only by Microsoft Edge version 45 and earlier. Minimum OS version: 10.0 Obsolete in OS version: 10.0.19045 | MDM controls | Allow |
|
Allow saving and managing passwords | Specify whether the user can save and manage passwords in the browser. This rule is supported only by Microsoft Edge version 45 and earlier. Minimum OS version: 10.0 Obsolete in OS version: 10.0.19045 | MDM controls | Allow |
|
Allow search suggestions in address bar | Specify whether search suggestions are allowed in the address bar. This rule is supported only by Microsoft Edge version 45 and earlier. Minimum OS version: 10.0 Obsolete in OS version: 10.0.19045 | MDM controls | Allow |
|
Allow extensions in Edge browser | Specifies whether Microsoft Edge extensions are allowed. This rule is supported only by Microsoft Edge version 45 and earlier. Minimum OS version: 10.0.14393 Obsolete in OS version: 10.0.19045 | MDM controls | Allow |
|
Mobile browser first run URL | Specify the URL that opens in Microsoft Edge when the browser is opened for the first time. This rule does not apply to Windows 10 computers and tablets. This rule applies only to Windows 10 Mobile devices. Minimum OS version: 10.0 Obsolete in OS version: 10.0.19045 | MDM controls | ||
Browser start pages | Specify start pages for the browser. Separate multiple pages using the XML-escaped characters < and >. This rule does not apply to Windows 10 smartphones. This rule is supported only by Microsoft Edge version 45 and earlier. Minimum OS version: 10.0 Obsolete in OS version: 10.0.19045 | MDM controls | ||
Send Intranet traffic to Internet Explorer | Specify whether the device opens Intranet sites in Internet Explorer. If this rule is not selected, Intranet sites open in Microsoft Edge. This rule does not apply to Windows 10 smartphones. This rule is supported only by Microsoft Edge version 45 and earlier. Minimum OS version: 10.0 Obsolete in OS version: 10.0.19045 | MDM controls | Allow |
|
Enterprise site list URL | If your organization has enabled Enterprise Mode for Internet Explorer, specify the URL for your organization's enterprise site list. This rule is supported only by Microsoft Edge version 45 and earlier. Minimum OS version: 10.0 Obsolete in OS version: 10.0.19045 | MDM controls | ||
Display message when opening enterprise site list pages in Microsoft Edge | Specify whether Microsoft Edge displays an interstitial page when opening sites that are configured to open in Internet Explorer using the enterprise site list. This rule does not apply to Windows 10 smartphones. This rule is supported only by Microsoft Edge version 45 and earlier. Minimum OS version: 10.0.14393 Obsolete in OS version: 10.0.19045 | MDM controls | Disallow |
|
Allow edge swipe | Specify whether the user can use edge swipe actions, for example, swiping from the right edge to open the Action Center or swiping from the left edge to view all open apps. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 | MDM controls | Allow |
|
Allow access to developer tools | Specify whether the user can display Developer Tools in Microsoft Edge by pressing F12. This rule does not apply to Windows 10 smartphones. This rule is supported only by Microsoft Edge version 45 and earlier. This rule applies only to devices running Windows 10.0 to, but not including, version 10.0.19045. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow access to the about:flags page | Specify whether users can access the about:flags page, which can be used to change developer settings and to enable experimental features. This rule is supported only by Microsoft Edge version 45 and earlier. This rule applies only to devices running Windows 10.0.14393 to, but not including, version 10.0.19045. Minimum OS version: 10.0.14393 | MDM controls | Allow |
|
Allow screen capture | Specify whether a user can use the screen capture feature. This rule does not apply to Windows 10 computers and tablets. This rule applies only to Windows 10 Mobile devices. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow location services | Specify if a user can turn on the location service. This rule applies only to devices running Windows 10.0 to, but not including, version 10.0.19045. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow USB connection | Specify whether a computer can access a device's memory using a USB connection. Both MTP and IP over USB are turned off when this rule is enforced. This rule does not apply to Windows 10 computers and tablets. This rule applies only to Windows 10 Mobile devices. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow mobile data roaming | Specify whether a device can use data services over the wireless network when the device is roaming. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow camera | Specify whether a device can use the camera. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow search to use location | Specify whether the search can use location information. Minimum OS version: 10.0 | MDM controls | Allow |
|
Enable safe search permissions | Specify whether you want to configure safe search permissions so that you can filter adult content. This rule does not apply to Windows 10 computers and tablets. This rule applies only to Windows 10 Mobile devices. Minimum OS version: 10.0 | MDM controls | Not selected | |
Safe search permissions | Specify what level of safe search (filtering adult content) is required. If you set the value to Moderate, valid search results are not filtered. This rule does not apply to Windows 10 computers and tablets. This rule applies only to Windows 10 Mobile devices. Depends on: Enable safe search permissions Minimum OS version: 10.0 | MDM controls | Moderate |
|
Allow voice recording | Specify whether voice recording is allowed. This rule does not apply to Windows 10 computers and tablets. This rule applies only to Windows 10 Mobile devices. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow action center notifications | Specify whether a device can display action center notifications above the device lock screen. This rule does not apply to Windows 10 computers and tablets. This rule applies only to Windows 10 Mobile devices. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow Cortana | Specify whether Cortana is allowed on a device. Minimum OS version: 10.0 | MDM controls | Allow |
|
Allow Cortana above lock | Specify whether the user can interact with Cortana using voice commands while the device is locked. Depends on: Allow Cortana Minimum OS version: 10.0.14393 | MDM controls | Allow |
|
Allow speech model updates | Specify whether the device can receive Microsoft updates to the speech recognition and speech synthesis models. Minimum OS version: 10.0.14393 | MDM controls | Allow |
|
Allow sync my settings | Specify whether a user can share their device settings with other devices using the "Sync My Settings" option. Minimum OS version: 10.0 | MDM controls | Allow |
|
Lock screen image provider | Specify the package ID of the lock screen image provider. If you don't set this rule, the user can set the lock screen image. This rule does not apply to Windows 10 computers and tablets. This rule applies only to Windows 10 Mobile devices. Minimum OS version: 10.0.14393 | MDM controls | ||
Update installation day | Specify the day that updates are installed. This rule takes effect only if the "Automatic updates" rule is set to "Install updates and restart at specified time." This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 Obsolete in OS version: 10.0.19045 | MDM controls | Every day |
|
Update installation hour | Specify the hour of the day that updates are installed. The value corresponds to a 24-hour clock where 0 represents 12 AM. This rule takes effect only if the "Automatic updates" rule is set to "Install updates and restart at specified time." This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 Obsolete in OS version: 10.0.19045 | MDM controls | 3 (3:00 am) | Minimum value: 0 (midnight) Maximum value: 23 (11:00 pm) |
Active hours start | Specify the start of the range of hours when the user is usually active and Windows update reboots are not scheduled. The value corresponds to a 24-hour clock where 0 represents 12 AM. If the "Automatic Updates" rule is set to "Turn off automatic updates," this rule does not apply. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 Obsolete in OS version: 10.0.19045 | MDM controls | 8 (8:00 am) | Minimum value: 0 (midnight) Maximum value: 23 (11:00 pm) |
Active hours end | Specify the end of the range of hours when the user is usually active and Windows update reboots are not scheduled. The value corresponds to a 24-hour clock where 0 represents 12 AM. If the "Automatic Updates" rule is set to "Turn off automatic updates," this rule does not apply. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 Obsolete in OS version: 10.0.19045 | MDM controls | 17 (5:00 pm) | Minimum value: 0 (midnight) Maximum value: 23 (11:00 pm) |
Delivery Optimization mode | Specify the methods that Delivery Optimization can use to download Windows updates, apps, and app updates to the device. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 Obsolete in OS version: 10.0.19045 | MDM controls | HTTP and peering on same NAT |
|
Allow Delivery Optimization peer caching over VPN | Specify whether the device can participate in peer caching when connected to the work network using VPN. This rule takes effect only if the "Delivery Optimization mode" rule is set to an option that allows peering. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.15063 Obsolete in OS version: 10.0.19045 | MDM controls | Allow |
|
Group identifier | Specify an arbitrary group ID that the device belongs to for local network peering between devices that are on different domains or are not on the same LAN. This rule takes effect only if the "Delivery Optimization mode" rule is set to "HTTP and peering across private group". This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 Obsolete in OS version: 10.0.19045 | MDM controls | ||
Minimum RAM for peer caching | Specify the minimum amount of RAM in GB that the device must have to use peer caching. Devices with less than the specified amount of RAM can't use peer caching. If set to 0, the Delivery Optimization cloud service default is used. This rule takes effect only if the "Delivery Optimization mode" rule is set to an option that allows peering. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.15063 Obsolete in OS version: 10.0.19045 | MDM controls | 4 GB | Minimum value: 0 GB Maximum value: 2147483647 GB |
Cache drive | Specify the drive that Delivery Optimization uses for the cache on the device. The drive location can be specified using environment variables, drive letter, or a full path. If no drive is specified, %SystemDrive% is used to store the cache. This rule takes effect only if the "Delivery Optimization mode" rule is set to an option that allows peering. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 Obsolete in OS version: 10.0.19045 | MDM controls | ||
Minimum disk size allowed to peer | Specify the minimum disk size capacity in GB for the device to use peer caching. If set to 0, the Delivery Optimization cloud service default is used. This rule takes effect only if the "Delivery Optimization mode" rule is set to an option that allows peering. Recommended values: 64 GB to 256 GB. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.15063 Obsolete in OS version: 10.0.19045 | MDM controls | 64 GB | Minimum value: 0 GB Maximum value: 2147483647 GB |
Maximum cache size percentage | Specify the maximum percentage of the disk size that Delivery Optimization can use for the cache. The "Absolute maximum cache size" rule takes precedence over this rule. This rule takes effect only if the "Delivery Optimization mode" rule is set to an option that allows peering. This rule applies to Windows 10 computers and tablets. Minimum OS version: 10.0.14393 Obsolete in OS version: 10.0.19045 | MDM controls | 20 percent | Minimum value: 1 percent Maximum value: 100 percent |
Absolute maximum cache size | Specify the maximum size in GB of the Delivery Optimization cache. Delivery Optimization clears the cache when the device is low on disk space. This rule takes precedence over the "Maximum cache size percentage" rule. If set to 0, the Delivery Optimization cloud service default is used. This rule takes effect only if the "Delivery Optimization mode" rule is set to an option that allows peering. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 Obsolete in OS version: 10.0.19045 | MDM controls | 10 GB | Minimum value: 0 GB Maximum value: 2147483647 GB |
Minimum file size to cache | Specify the minimum file size in MB that can be downloaded using peering. If set to 0, the Delivery Optimization cloud service default is used. This rule takes effect only if the "Delivery Optimization mode" rule is set to an option that allows peering. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.15063 Obsolete in OS version: 10.0.19045 | MDM controls | 100 MB | Minimum value: 0 GB Maximum value: 2147483647 GB |
Maximum cache age | Specify the maximum time in seconds that each file remains in the Delivery Optimization cache after downloading successfully. If set to 0, Delivery Optimization holds the files in the cache and makes them available for upload to other devices as long as the cache size is not exceeded. This rule takes effect only if the "Delivery Optimization mode" rule is set to an option that allows peering. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 Obsolete in OS version: 10.0.19045 | MDM controls | 259200 seconds (72 hours) | Minimum value: 0 GB Maximum value: 2147483647 GB |
Maximum download bandwidth percentage | Specify the maximum percentage of available download bandwidth that Delivery Optimization uses across all concurrent download activities. If set to 0, Delivery Optimization dynamically adjusts to use the available bandwidth for downloads. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 | MDM controls | 0 | Minimum value: 0 percent Maximum value: 100 percent |
Maximum download bandwidth | Specify the maximum download bandwidth in KB/second that Delivery Optimization can use across all concurrent download activities. If set to 0, Delivery Optimization dynamically adjusts to use the available bandwidth for downloads. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 | MDM controls | 0 | Minimum value: 0 GB Maximum value: 2147483647 GB |
Minimum download quality | Specify the minimum download speed in KB/second for background downloads. This rule affects the blending of peer and HTTP sources. Delivery Optimization complements the download from the HTTP source to achieve the minimum value set. This rule takes effect only if the "Delivery Optimization mode" rule is set to an option that allows peering. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 Obsolete in OS version: 10.0.19045 | MDM controls | 500 KB/second | Minimum value: 0 GB Maximum value: 2147483647 GB |
Minimum battery percentage for upload | Specify the minimum battery percentage remaining for devices to upload cached data to LAN and group peers while on battery power. Uploads will pause if the battery level drops below the minimum percentage. If set to 0, the Delivery Optimization cloud service default is used. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.15063 Obsolete in OS version: 10.0.19045 | MDM controls | 0, use the Delivery Optimization cloud service default | Minimum value: 0 percent Maximum value: 100 percent |
Maximum upload bandwidth | Specify the maximum upload bandwidth in KB/second that Delivery Optimization can use across all concurrent upload activities. If set to 0, unlimited possible bandwidth is permitted, optimized for minimal usage. This rule takes effect only if the "Delivery Optimization mode" rule is set to an option that allows peering. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 Obsolete in OS version: 10.0.14393 | MDM controls | 0 | Minimum value: 0 GB Maximum value: 2147483647 GB |
Monthly upload data cap | Specify the maximum total data in GB that Delivery Optimization can upload to Internet peers in each calendar month. If set to 0, no monthly upload limit is applied. This rule takes effect only if the "Delivery Optimization mode" rule is set to an option that allows peering. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 Obsolete in OS version: 10.0.19045 | MDM controls | 20 GB | Minimum value: 0 GB Maximum value: 2147483647 GB |
Allow Windows Ink Workspace | Specify whether users can access the Windows Ink Workspace. This rule does not apply to Windows 10 smartphones. Minimum OS version: 10.0.14393 | MDM controls | Allow |
|
Allow Windows Ink Workspace app suggestions | Specify whether Windows Ink Workspace is allowed to suggest apps. This rule does not apply to Windows 10 smartphones. Depends on: Allow Windows Ink Workspace Minimum OS version: 10.0.14393 | MDM controls | Disabled |
|