CloudDesktop CSP

Logo of Windows Insider.

Important

This CSP contains some settings that are under development and only applicable for Windows Insider Preview builds. These settings are subject to change and may have dependencies on other features or services in preview.

The following list shows the CloudDesktop configuration service provider nodes:

Device/BootToCloudPCEnhanced

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 22H2 with KB5035942 [10.0.22621.3374] and later
./Device/Vendor/MSFT/CloudDesktop/BootToCloudPCEnhanced

This node allows to configure different kinds of Boot to Cloud mode. Boot to cloud mode enables users to seamlessly sign-in to a Cloud PC. For using this feature, Cloud Provider application must be installed on the PC and the user must have a Cloud PC provisioned. This node supports the below options: 0. Not Configured. 1. Enable Boot to Cloud Shared PC Mode: Boot to Cloud Shared PC mode allows multiple users to sign-in on the device and use for shared purpose. 2. Enable Boot to Cloud Dedicated Mode (Cloud only): Dedicated mode allows user to sign-in on the device using various authentication mechanism configured by their organization (For ex. PIN, Biometrics etc). This mode preserves user personalization, including their profile picture and username in local machine, and facilitates fast account switching.

Important

If BootToCloudPCEnhanced and EnableBootToCloudSharedPCMode are both configured, BootToCloudPCEnhanced is given priority and overrides EnableBootToCloudSharedPCMode.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Not Configured.
1 Enable Boot to Cloud Shared PC Mode.
2 Enable Boot to Cloud Dedicated Mode (Cloud only).

Device/EnableBootToCloudSharedPCMode

Note

This policy is deprecated and may be removed in a future release.

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows Insider Preview
./Device/Vendor/MSFT/CloudDesktop/EnableBootToCloudSharedPCMode

Setting this node to "true" configures boot to cloud for Shared PC mode. Boot to cloud mode enables users to seamlessly sign-in to a Cloud PC. Shared PC mode allows multiple users to sign-in on the device and use for shared purpose. For enabling Boot to Cloud Shared PC feature, Cloud Provider application must be installed on the PC and the user must have a Cloud PC provisioned.

Important

If BootToCloudPCEnhanced and EnableBootToCloudSharedPCMode are both configured, BootToCloudPCEnhanced is given priority and overrides EnableBootToCloudSharedPCMode.

Description framework properties:

Property name Property value
Format bool
Access Type Add, Delete, Get, Replace
Default Value false

Allowed values:

Value Description
false (Default) Not configured.
true Boot to cloud shared pc mode enabled.

User/EnablePhysicalDeviceAccessOnCtrlAltDel

Scope Editions Applicable OS
❌ Device
✅ User
✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows Insider Preview
./User/Vendor/MSFT/CloudDesktop/EnablePhysicalDeviceAccessOnCtrlAltDel

Configuring this node gives access to the physical devices used to boot to Cloud PCs from the Ctrl+Alt+Del page for specified users. This node supports these options: 0. Not enabled 1. Enabled.

Description framework properties:

Property name Property value
Format bool
Access Type Add, Delete, Get, Replace
Default Value false

Allowed values:

Value Description
false (Default) Access to physical device on CtrlAltDel page disabled.
true Access to physical device on CtrlAltDel page enabled.

User/EnablePhysicalDeviceAccessOnErrorScreens

Scope Editions Applicable OS
❌ Device
✅ User
✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows Insider Preview
./User/Vendor/MSFT/CloudDesktop/EnablePhysicalDeviceAccessOnErrorScreens

Configuring this node gives access to the physical devices used to boot to Cloud PCs from the error screens for specified users. This node supports these options: 0. Not enabled 1. Enabled.

Description framework properties:

Property name Property value
Format bool
Access Type Add, Delete, Get, Replace
Default Value false

Allowed values:

Value Description
false (Default) Access to physical device on error screens disabled.
true Access to physical device on error screens enabled.

BootToCloudPCEnhanced technical reference

BootToCloudPCEnhanced is the setting used to configure Boot to Cloud feature either for shared mode or dedicated mode. When you enable this setting, multiple policies are applied to achieve the intended behavior. If you wish to customize the Boot to Cloud experience, you can utilize the BootToCloudMode policy, which provides the flexibility to tailor the experience according to your requirements.

Note

It is recommended not to set any of the policies enforced by this setting to different values, as these policies help provide a smooth UX experience for the Boot to Cloud feature for shared and dedicated mode.

Boot to Cloud Shared PC Mode

When the Shared PC mode is enabled by setting BootToCloudPCEnhanced value to 1:

  • Following MDM policies are applied for the Device scope (all users):

    Setting Value Value Description
    CloudDesktop/BootToCloudMode 1 Enable Boot to Cloud Desktop
    WindowsLogon/OverrideShellProgram 1 Apply Lightweight Shell
    ADMX_CredentialProviders/DefaultCredentialProvider Enabled Configures default credential provider to password provider
    ADMX_Logon/DisableExplorerRunLegacy_2 Enabled Don't process the computer legacy run list
    TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode 1 When no keyboard is attached
  • Following local group policies are configured for all users:

    Policy setting Status
    Security Settings/Local Policies/Security Options/User Account Control: Behavior of elevation prompt for standard user Automatically deny elevation requests
    Security Settings/Local Policies/Security Options/Interactive logon: Don't display last signed-in Enabled
    Control Panel/Personalization/Prevent enabling lock screen slide show Enabled
    System/Logon/Block user from showing account details on sign-in Enabled
    System/Logon/Enumerate local users on domain-joined computers Disabled
    System/Logon/Hide entry points for Fast User Switching Enabled
    System/Logon/Show first sign-in animation Disabled
    System/Logon/Turn off app notifications on the lock screen Enabled
    System/Logon/Turn off picture password sign-in Enabled
    System/Logon/Turn on convenience PIN sign-in Disabled
    Windows Components/App Package Deployment/Allow a Windows app to share application data between users Enabled
    Windows Components/Biometrics/Allow the use of biometrics Disabled
    Windows Components/Biometrics/Allow users to log on using biometrics Disabled
    Windows Components/Biometrics/Allow domain users to log on using biometrics Disabled
    Windows Components/File Explorer/Show lock in the user tile menu Disabled
    Windows Components/File History/Turn off File History Enabled
    Windows Components/OneDrive/Prevent the usage of OneDrive for file storage Enabled
    Windows Components/Windows Hello for Business/Use biometrics Disabled
    Windows Components/Windows Hello for Business/Use Windows Hello for Business Disabled
    Windows Components/Windows Logon Options/Sign-in and lock last interactive user automatically after a restart Disabled
    Windows Components/Microsoft Passport for Work Disabled
    System/Ctrl+Alt+Del Options/Remove Task Manager Enabled
    System/Ctrl+Alt+Del Options/Remove Change Password Enabled
    Start Menu and Taskbar/Notifications/Turn off toast notifications Enabled
    Start Menu and Taskbar/Notifications/Remove Notifications and Action Center Enabled
    System/Logon/Do not process the legacy run list Enabled
    Windows Components/Windows Copilot/Turn off Windows Copilot Enabled
  • Following registry changes are performed:

    Registry setting Status
    Software\Policies\Microsoft\PassportForWork\Remote\Enabled (Phone sign-in/Use phone sign-in) 0
    Software\Policies\Microsoft\PassportForWork\Enabled (Use Microsoft Passport for Work) 0

Boot to Cloud Dedicated Mode

When the Dedicated mode is enabled by setting BootToCloudPCEnhanced value to 2:

  • Following MDM policies are applied for the Device scope (all users):

    Setting Value Value Description
    CloudDesktop/BootToCloudMode 1 Enable Boot to Cloud Desktop
    WindowsLogon/OverrideShellProgram 1 Apply Lightweight Shell
    ADMX_Logon/DisableExplorerRunLegacy_2 Enabled Don't process the computer legacy run list
    TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode 1 When no keyboard is attached
  • Following local group policies are configured for all users:

    Policy setting Status
    System/Ctrl+Alt+Del Options/Remove Change Password Enabled
    Start Menu and Taskbar/Notifications/Turn off toast notifications Enabled
    Start Menu and Taskbar/Notifications/Remove Notifications and Action Center Enabled
    System/Logon/Do not process the legacy run list Enabled
    Windows Components/Windows Copilot/Turn off Windows Copilot Enabled

Configuration service provider reference