This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see Understanding ADMX-backed policies.
The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.
Pol_MSS_AutoAdminLogon
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
Pol_MSS_AutoAdminLogon
ADMX File Name
MSS-legacy.admx
Pol_MSS_AutoReboot
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
Allow Windows to automatically restart after a system crash (recommended except for highly secure environments).
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
Pol_MSS_AutoReboot
ADMX File Name
MSS-legacy.admx
Pol_MSS_AutoShareServer
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
Enable administrative shares on servers (recommended except for highly secure environments).
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
Pol_MSS_AutoShareServer
ADMX File Name
MSS-legacy.admx
Pol_MSS_AutoShareWks
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
Enable administrative shares on workstations (recommended except for highly secure environments).
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
Pol_MSS_AutoShareWks
ADMX File Name
MSS-legacy.admx
Pol_MSS_DisableSavePassword
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
Pol_MSS_DisableSavePassword
ADMX File Name
MSS-legacy.admx
Prevent the dial-up password from being saved (recommended).
Pol_MSS_EnableDeadGWDetect
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
Allow automatic detection of dead network gateways (could lead to DoS).
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
Pol_MSS_EnableDeadGWDetect
ADMX File Name
MSS-legacy.admx
Pol_MSS_HideFromBrowseList
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
Hide Computer From the Browse List (not recommended except for highly secure environments).
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
Pol_MSS_HideFromBrowseList
ADMX File Name
MSS-legacy.admx
Pol_MSS_KeepAliveTime
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
Define how often keep-alive packets are sent in milliseconds.
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
Pol_MSS_KeepAliveTime
ADMX File Name
MSS-legacy.admx
Pol_MSS_NoDefaultExempt
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
Configure IPSec exemptions for various types of network traffic.
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
Pol_MSS_NoDefaultExempt
ADMX File Name
MSS-legacy.admx
Pol_MSS_NtfsDisable8dot3NameCreation
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
Enable the computer to stop generating 8.3 style filenames.
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
Pol_MSS_NtfsDisable8dot3NameCreation
ADMX File Name
MSS-legacy.admx
Pol_MSS_PerformRouterDiscovery
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS).
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
Pol_MSS_PerformRouterDiscovery
ADMX File Name
MSS-legacy.admx
Pol_MSS_SafeDllSearchMode
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
Pol_MSS_SafeDllSearchMode
ADMX File Name
MSS-legacy.admx
Pol_MSS_ScreenSaverGracePeriod
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
he time in seconds before the screen saver grace period expires (0 recommended).
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
Pol_MSS_ScreenSaverGracePeriod
ADMX File Name
MSS-legacy.admx
Pol_MSS_SynAttackProtect
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
Syn attack protection level (protects against DoS).
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
Pol_MSS_SynAttackProtect
ADMX File Name
MSS-legacy.admx
Pol_MSS_TcpMaxConnectResponseRetransmissions
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
SYN-ACK retransmissions when a connection request is not acknowledged.
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
Pol_MSS_TcpMaxConnectResponseRetransmissions
ADMX File Name
MSS-legacy.admx
Pol_MSS_TcpMaxDataRetransmissions
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
Define how many times unacknowledged data is retransmitted (3 recommended, 5 is default).
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
Pol_MSS_TcpMaxDataRetransmissions
ADMX File Name
MSS-legacy.admx
Pol_MSS_TcpMaxDataRetransmissionsIPv6
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
Define how many times unacknowledged data is retransmitted (3 recommended, 5 is default).
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
Pol_MSS_TcpMaxDataRetransmissionsIPv6
ADMX File Name
MSS-legacy.admx
Pol_MSS_WarningLevel
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
As an Information Security Administrator, you plan and implement information security of sensitive data by using Microsoft Purview and related services. You’re responsible for mitigating risks by protecting data inside collaboration environments that are managed by Microsoft 365 from internal and external threats and protecting data used by AI services. You also implement information protection, data loss prevention, retention, insider risk management, and manage information security alerts and activities.