CloudDesktop CSP
Important
This CSP contains some settings that are under development and only applicable for Windows Insider Preview builds. These settings are subject to change and may have dependencies on other features or services in preview.
The following list shows the CloudDesktop configuration service provider nodes:
- ./Device/Vendor/MSFT/CloudDesktop
- ./User/Vendor/MSFT/CloudDesktop
Device/BootToCloudPCEnhanced
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 22H2 with KB5035942 [10.0.22621.3374] and later |
./Device/Vendor/MSFT/CloudDesktop/BootToCloudPCEnhanced
This node allows to configure different kinds of Boot to Cloud mode. Boot to cloud mode enables users to seamlessly sign-in to a Cloud PC. For using this feature, Cloud Provider application must be installed on the PC and the user must have a Cloud PC provisioned. This node supports the below options: 0. Not Configured. 1. Enable Boot to Cloud Shared PC Mode: Boot to Cloud Shared PC mode allows multiple users to sign-in on the device and use for shared purpose. 2. Enable Boot to Cloud Dedicated Mode (Cloud only): Dedicated mode allows user to sign-in on the device using various authentication mechanism configured by their organization (For ex. PIN, Biometrics etc). This mode preserves user personalization, including their profile picture and username in local machine, and facilitates fast account switching.
Important
If BootToCloudPCEnhanced and EnableBootToCloudSharedPCMode are both configured, BootToCloudPCEnhanced is given priority and overrides EnableBootToCloudSharedPCMode.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Not Configured. |
| 1 | Enable Boot to Cloud Shared PC Mode. |
| 2 | Enable Boot to Cloud Dedicated Mode (Cloud only). |
Device/EnableBootToCloudSharedPCMode
Note
This policy is deprecated and may be removed in a future release.
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows Insider Preview |
./Device/Vendor/MSFT/CloudDesktop/EnableBootToCloudSharedPCMode
Setting this node to "true" configures boot to cloud for Shared PC mode. Boot to cloud mode enables users to seamlessly sign-in to a Cloud PC. Shared PC mode allows multiple users to sign-in on the device and use for shared purpose. For enabling Boot to Cloud Shared PC feature, Cloud Provider application must be installed on the PC and the user must have a Cloud PC provisioned.
Important
If BootToCloudPCEnhanced and EnableBootToCloudSharedPCMode are both configured, BootToCloudPCEnhanced is given priority and overrides EnableBootToCloudSharedPCMode.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | bool |
| Access Type | Add, Delete, Get, Replace |
| Default Value | false |
Allowed values:
| Value | Description |
|---|---|
| false (Default) | Not configured. |
| true | Boot to cloud shared pc mode enabled. |
User/EnablePhysicalDeviceAccessOnCtrlAltDel
| Scope | Editions | Applicable OS |
|---|---|---|
| ❌ Device ✅ User |
✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows Insider Preview |
./User/Vendor/MSFT/CloudDesktop/EnablePhysicalDeviceAccessOnCtrlAltDel
Configuring this node gives access to the physical devices used to boot to Cloud PCs from the Ctrl+Alt+Del page for specified users. This node supports these options: 0. Not enabled 1. Enabled.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | bool |
| Access Type | Add, Delete, Get, Replace |
| Default Value | false |
Allowed values:
| Value | Description |
|---|---|
| false (Default) | Access to physical device on CtrlAltDel page disabled. |
| true | Access to physical device on CtrlAltDel page enabled. |
User/EnablePhysicalDeviceAccessOnErrorScreens
| Scope | Editions | Applicable OS |
|---|---|---|
| ❌ Device ✅ User |
✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows Insider Preview |
./User/Vendor/MSFT/CloudDesktop/EnablePhysicalDeviceAccessOnErrorScreens
Configuring this node gives access to the physical devices used to boot to Cloud PCs from the error screens for specified users. This node supports these options: 0. Not enabled 1. Enabled.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | bool |
| Access Type | Add, Delete, Get, Replace |
| Default Value | false |
Allowed values:
| Value | Description |
|---|---|
| false (Default) | Access to physical device on error screens disabled. |
| true | Access to physical device on error screens enabled. |
BootToCloudPCEnhanced technical reference
BootToCloudPCEnhanced is the setting used to configure Boot to Cloud feature either for shared mode or dedicated mode. When you enable this setting, multiple policies are applied to achieve the intended behavior. If you wish to customize the Boot to Cloud experience, you can utilize the BootToCloudMode policy, which provides the flexibility to tailor the experience according to your requirements.
Note
It is recommended not to set any of the policies enforced by this setting to different values, as these policies help provide a smooth UX experience for the Boot to Cloud feature for shared and dedicated mode.
Boot to Cloud Shared PC Mode
When the Shared PC mode is enabled by setting BootToCloudPCEnhanced value to 1:
Following MDM policies are applied for the Device scope (all users):
Setting Value Value Description CloudDesktop/BootToCloudMode 1 Enable Boot to Cloud Desktop WindowsLogon/OverrideShellProgram 1 Apply Lightweight Shell ADMX_CredentialProviders/DefaultCredentialProvider Enabled Configures default credential provider to password provider ADMX_Logon/DisableExplorerRunLegacy_2 Enabled Don't process the computer legacy run list TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode 1 When no keyboard is attached Following local group policies are configured for all users:
Policy setting Status Security Settings/Local Policies/Security Options/User Account Control: Behavior of elevation prompt for standard user Automatically deny elevation requests Security Settings/Local Policies/Security Options/Interactive logon: Don't display last signed-in Enabled Control Panel/Personalization/Prevent enabling lock screen slide show Enabled System/Logon/Block user from showing account details on sign-in Enabled System/Logon/Enumerate local users on domain-joined computers Disabled System/Logon/Hide entry points for Fast User Switching Enabled System/Logon/Show first sign-in animation Disabled System/Logon/Turn off app notifications on the lock screen Enabled System/Logon/Turn off picture password sign-in Enabled System/Logon/Turn on convenience PIN sign-in Disabled Windows Components/App Package Deployment/Allow a Windows app to share application data between users Enabled Windows Components/Biometrics/Allow the use of biometrics Disabled Windows Components/Biometrics/Allow users to log on using biometrics Disabled Windows Components/Biometrics/Allow domain users to log on using biometrics Disabled Windows Components/File Explorer/Show lock in the user tile menu Disabled Windows Components/File History/Turn off File History Enabled Windows Components/OneDrive/Prevent the usage of OneDrive for file storage Enabled Windows Components/Windows Hello for Business/Use biometrics Disabled Windows Components/Windows Hello for Business/Use Windows Hello for Business Disabled Windows Components/Windows Logon Options/Sign-in and lock last interactive user automatically after a restart Disabled Windows Components/Microsoft Passport for Work Disabled System/Ctrl+Alt+Del Options/Remove Task Manager Enabled System/Ctrl+Alt+Del Options/Remove Change Password Enabled Start Menu and Taskbar/Notifications/Turn off toast notifications Enabled Start Menu and Taskbar/Notifications/Remove Notifications and Action Center Enabled System/Logon/Do not process the legacy run list Enabled Windows Components/Windows Copilot/Turn off Windows Copilot Enabled Following registry changes are performed:
Registry setting Status Software\Policies\Microsoft\PassportForWork\Remote\Enabled (Phone sign-in/Use phone sign-in) 0 Software\Policies\Microsoft\PassportForWork\Enabled (Use Microsoft Passport for Work) 0
Boot to Cloud Dedicated Mode
When the Dedicated mode is enabled by setting BootToCloudPCEnhanced value to 2:
Following MDM policies are applied for the Device scope (all users):
Setting Value Value Description CloudDesktop/BootToCloudMode 1 Enable Boot to Cloud Desktop WindowsLogon/OverrideShellProgram 1 Apply Lightweight Shell ADMX_Logon/DisableExplorerRunLegacy_2 Enabled Don't process the computer legacy run list TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode 1 When no keyboard is attached Following local group policies are configured for all users:
Policy setting Status System/Ctrl+Alt+Del Options/Remove Change Password Enabled Start Menu and Taskbar/Notifications/Turn off toast notifications Enabled Start Menu and Taskbar/Notifications/Remove Notifications and Action Center Enabled System/Logon/Do not process the legacy run list Enabled Windows Components/Windows Copilot/Turn off Windows Copilot Enabled