This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see Understanding ADMX-backed policies.
The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.
AllowCustomSSPsAPs
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
This policy controls the configuration under which LSASS is run.
If you don't configure this policy and there is no current setting in the registry, LSA will run as protected process for all clean installed, HVCI capable, client SKUs. This configuration isn't UEFI locked. This can be overridden if the policy is configured.
If you configure and set this policy setting to "Disabled", LSA won't run as a protected process.
If you configure and set this policy setting to "EnabledWithUEFILock," LSA will run as a protected process and this configuration is UEFI locked.
If you configure and set this policy setting to "EnabledWithoutUEFILock", LSA will run as a protected process and this configuration isn't UEFI locked.
Description framework properties:
Property name
Property value
Format
int
Access Type
Add, Delete, Get, Replace
Default Value
0
Allowed values:
Value
Description
0 (Default)
Disabled. Default value. LSA won't run as protected process.
1
Enabled with UEFI lock. LSA will run as protected process and this configuration is UEFI locked.
2
Enabled without UEFI lock. LSA will run as protected process and this configuration isn't UEFI locked.
Protect your Active Directory environment by securing user accounts to least privilege and placing them in the Protected Users group. Learn how to limit authentication scope and remediate potentially insecure accounts.
As an Information Security Administrator, you plan and implement information security of sensitive data by using Microsoft Purview and related services. You’re responsible for mitigating risks by protecting data inside collaboration environments that are managed by Microsoft 365 from internal and external threats and protecting data used by AI services. You also implement information protection, data loss prevention, retention, insider risk management, and manage information security alerts and activities.