|
Management Function
|
User Guidance
|
Local Administrator Guidance
|
IT Administrator Guidance
|
1
|
Configure password policy
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
2
|
Configure session locking policy
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
3
|
Enable/disable the VPN protection
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
4
|
Enable/disable [GPS, Wi-Fi, mobile broadband radios, Bluetooth]
|
|
|
Windows 10
Windows 10 Mobile
|
5
|
Enable/disable [camera, microphone]
|
|
Windows 10
|
Windows 10 Mobile
Windows 10 (Camera only)
|
6
|
Specify wireless networks (SSIDs) to which the TSF may connect
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
7
|
Configure security policy for connecting to wireless networks
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
8
|
Transition to the locked state
|
Windows 10
Windows 10 Mobile
|
Windows 10
|
|
9
|
TSF wipe of protected data
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
10
|
Configure application installation policy
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
11
|
Import keys/secrets into the secure key storage
|
Windows 10
Windows 10 Mobile
|
Windows 10
|
|
12
|
Destroy imported keys/secrets and any other keys/secrets in the secure key storage
|
Windows 10
Windows 10 Mobile
|
Windows 10
|
|
13
|
Import X.509v3 certificates into the Trust Anchor Database
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
14
|
Remove imported X.509v3 certificates and any other X.509v3 certificates in the Trust Anchor Database
|
Windows 10 Mobile
|
Windows 10
|
|
15
|
Enroll the TOE in management
|
Windows 10 Mobile
|
Windows 10
|
|
16
|
Remove applications
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
17
|
Update system software
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
18
|
Install applications
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
19
|
Remove Enterprise applications
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
20
|
Configure the Bluetooth trusted channel
a. disable/enable the Discoverable mode (for BR/EDR)
|
|
|
Windows 10
Windows 10 Mobile
|
|
b. change the Bluetooth device name
|
|
|
Windows 10
Windows 10 Mobile
|
|
d. disable/enable Advertising (for LE),
|
|
|
Windows 10
Windows 10 Mobile
|
21
|
Enable/disable display notification in the locked state
|
|
|
Windows 10
Windows 10 Mobile
|
22
|
Enable/disable all data signaling over [USB hardware ports]
|
|
Windows 10
|
Windows 10 Mobile
|
23
|
Enable/disable [none, Assign personal Hotspot connections]
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
24
|
Enable/disable developer modes
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
25
|
Enable data-at rest protection
|
Windows 10 Mobile
|
Windows 10
|
|
26
|
Enable removable media’s data at rest protection
|
Windows 10
|
Windows 10
|
|
28
|
Wipe Enterprise data
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
30
|
Configure whether to allow a trusted channel if certificate validation is not possible
|
Windows 10
Windows 10 Mobile
|
Windows 10
|
|
31
|
Enable/disable the cellular protocols used to connect to cellular network base stations
|
|
Windows 10
|
Windows 10 Mobile
|
32
|
Read audit logs kept by the TSF
|
|
Windows 10
|
|
33
|
Configure certificate used to validate digitally signed applications
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
34
|
Approve exceptions for shared use of keys/secrets by multiple applications
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
35
|
Approve exceptions for destruction of keys/secrets by other applications
|
Windows 10
Windows 10 Mobile
|
Windows 10
|
|
36
|
Configure the unlock banner
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|
37
|
Configure the auditable items
|
|
Windows 10
|
|
38
|
Retrieve TSF-software integrity verification values
|
|
|
Windows 10
Windows 10 Mobile
|
39
|
enable/disable [USB mass storage mode]
|
|
|
Windows 10 Mobile
|
40
|
Enable/disable backup to remote system
|
Windows 10
Windows 10 Mobile
|
Windows 10
|
|
44
|
Enable/disable location services
|
|
Windows 10
|
Windows 10
Windows 10 Mobile
|