Muokkaa

Jaa


Policy CSP - CredentialProviders

Tip

This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see Understanding ADMX-backed policies.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

AllowPINLogon

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 1703 [10.0.15063] and later
./Device/Vendor/MSFT/Policy/Config/CredentialProviders/AllowPINLogon

This policy setting allows you to control whether a domain user can sign in using a convenience PIN.

  • If you enable this policy setting, a domain user can set up and sign in with a convenience PIN.

  • If you disable or don't configure this policy setting, a domain user can't set up and use a convenience PIN.

Note

The user's domain password will be cached in the system vault when using this feature.

To configure Windows Hello for Business, use the Administrative Template policies under Windows Hello for Business.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name Value
Name AllowDomainPINLogon
Friendly Name Turn on convenience PIN sign-in
Location Computer Configuration
Path System > Logon
Registry Key Name Software\Policies\Microsoft\Windows\System
Registry Value Name AllowDomainPINLogon
ADMX File Name CredentialProviders.admx

BlockPicturePassword

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 1703 [10.0.15063] and later
./Device/Vendor/MSFT/Policy/Config/CredentialProviders/BlockPicturePassword

This policy setting allows you to control whether a domain user can sign in using a picture password.

  • If you enable this policy setting, a domain user can't set up or sign in with a picture password.

  • If you disable or don't configure this policy setting, a domain user can set up and use a picture password.

Note that the user's domain password will be cached in the system vault when using this feature.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name Value
Name BlockDomainPicturePassword
Friendly Name Turn off picture password sign-in
Location Computer Configuration
Path System > Logon
Registry Key Name Software\Policies\Microsoft\Windows\System
Registry Value Name BlockDomainPicturePassword
ADMX File Name CredentialProviders.admx

DisableAutomaticReDeploymentCredentials

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 1709 [10.0.16299] and later
./Device/Vendor/MSFT/Policy/Config/CredentialProviders/DisableAutomaticReDeploymentCredentials

Boolean policy to disable the visibility of the credential provider that triggers the PC refresh on a device. This policy doesn't actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the Autopilot Reset is triggered the devices are for ready for use by information workers or students.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 1

Allowed values:

Value Description
0 Enable the visibility of the credentials for Autopilot Reset.
1 (Default) Disable visibility of the credentials for Autopilot Reset.

Policy configuration service provider