d. disable/enable Advertising (for LE),
i. no other Bluetooth configuration]
|
DeviceManagement-Enterprise-Diagnostics-Provider/Admin: 813, 814
|
enable/disable display notification in the locked state of: [
email notifications,
calendar appointments,
contact associated with phone call notification,
text message notification,
other application-based notifications,
all notifications]
|
DeviceManagement-Enterprise-Diagnostics-Provider/Admin: 813
|
enable/disable all data signaling over [USB hardware ports]
|
Local Administrator:
Windows-Kernel-PnP: 832, 801
|
enable/disable [none, Assign personal Hotspot connections]
|
Microsoft-Windows-WLAN-AutoConfig/Operational: 8006
|
enable/disable developer modes
|
IT Administrator:
DeviceManagement-Enterprise-Diagnostics-Provider/Admin: 813
Local Administrator:
Microsoft-Windows-GroupPolicy/Operational: 1502
|
enable data-at rest protection
|
System: 24667
|
enable removable media’s data-at-rest protection
|
System: 24667
|
enable/disable bypass of local user authentication
|
N/A
|
wipe Enterprise data
|
DeviceManagement-Enterprise-Diagnostics-Provider/Admin: 48
|
approve [import, removal] by applications of X.509v3 certificates in the Trust Anchor Database
|
N/A
|
configure whether to establish a trusted channel or disallow establishment if the TSF cannot establish a connection to determine the validity of a certificate
|
Security: 4950
|
enable/disable the cellular protocols used to connect to cellular network base stations
|
Microsoft-Windows-WWAN-SVC-Events/Operational: 11004
|
read audit logs kept by the TSF
|
Security: 4673
|
configure [certificate] used to validate digital signature on applications
|
Same as 13. and 14.
|
approve exceptions for shared use of keys/secrets by multiple applications
|
Microsoft-Windows-AppXDeploymentServer/Operational: 400
|
approve exceptions for destruction of keys/secrets by applications that did not import the key/secret
|
Microsoft-Windows-AppXDeploymentServer/Operational: 400
|
configure the unlock banner
|
Security: 4657
|
configure the auditable items
|
Security: 4719
|
retrieve TSF-software integrity verification values
|
See audit for FPT_NOT_EXT.1 (ATTEST)
|
enable/disable [selection:
USB mass storage mode,
USB data transfer without user authentication,
USB data transfer without authentication of the connecting system]
|
N/A
|
enable/disable backup to [remote system]
|
Security: 4657
|
enable/disable [
USB tethering authenticated by [pre-shared key, passcode, no authentication]]
|
N/A
|
approve exceptions for sharing data between [selection: application processes, groups of application processes]
|
N/A
|
place applications into application process groups based on [assignment: application characteristics]
|
N/A
|
enable/disable location services:
across device
[
b. on a per-app basis
|