This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see Understanding ADMX-backed policies.
The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.
iSCSIDiscovery_ConfigureiSNSServers
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed.
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Suġġeriment
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
iSCSIDiscovery_ConfigureiSNSServers
Friendly Name
Do not allow manual configuration of iSNS servers
Location
Computer Configuration
Path
System > iSCSI > iSCSI Target Discovery
Registry Key Name
Software\Policies\Microsoft\Windows\iSCSI
Registry Value Name
ConfigureiSNSServers
ADMX File Name
iSCSI.admx
iSCSIDiscovery_ConfigureTargetPortals
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed.
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Suġġeriment
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
iSCSIDiscovery_ConfigureTargetPortals
Friendly Name
Do not allow manual configuration of target portals
Location
Computer Configuration
Path
System > iSCSI > iSCSI Target Discovery
Registry Key Name
Software\Policies\Microsoft\Windows\iSCSI
Registry Value Name
ConfigureTargetPortals
ADMX File Name
iSCSI.admx
iSCSIDiscovery_ConfigureTargets
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually configured. Note if enabled there may be cases where this will break VDS.
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Suġġeriment
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
iSCSIDiscovery_ConfigureTargets
Friendly Name
Do not allow manual configuration of discovered targets
Location
Computer Configuration
Path
System > iSCSI > iSCSI Target Discovery
Registry Key Name
Software\Policies\Microsoft\Windows\iSCSI
Registry Value Name
ConfigureTargets
ADMX File Name
iSCSI.admx
iSCSIDiscovery_NewStaticTargets
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and already discovered targets may be manually configured. Note if enabled there may be cases where this will break VDS.
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Suġġeriment
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
iSCSIDiscovery_NewStaticTargets
Friendly Name
Do not allow adding new targets via manual configuration
Location
Computer Configuration
Path
System > iSCSI > iSCSI Target Discovery
Registry Key Name
Software\Policies\Microsoft\Windows\iSCSI
Registry Value Name
NewStaticTargets
ADMX File Name
iSCSI.admx
iSCSIGeneral_ChangeIQNName
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
If enabled then don't allow the initiator iqn name to be changed. If disabled then the initiator iqn name may be changed.
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Suġġeriment
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
iSCSIGeneral_ChangeIQNName
Friendly Name
Do not allow changes to initiator iqn name
Location
Computer Configuration
Path
System > iSCSI > General iSCSI
Registry Key Name
Software\Policies\Microsoft\Windows\iSCSI
Registry Value Name
ChangeIQNName
ADMX File Name
iSCSI.admx
iSCSIGeneral_RestrictAdditionalLogins
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
If enabled then only those sessions that are established via a persistent login will be established and no new persistent logins may be created. If disabled then additional persistent and non persistent logins may be established.
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Suġġeriment
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
iSCSIGeneral_RestrictAdditionalLogins
Friendly Name
Do not allow additional session logins
Location
Computer Configuration
Path
System > iSCSI > General iSCSI
Registry Key Name
Software\Policies\Microsoft\Windows\iSCSI
Registry Value Name
RestrictAdditionalLogins
ADMX File Name
iSCSI.admx
iSCSISecurity_ChangeCHAPSecret
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
If enabled then don't allow the initiator CHAP secret to be changed. If disabled then the initiator CHAP secret may be changed.
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Suġġeriment
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
iSCSISecurity_ChangeCHAPSecret
Friendly Name
Do not allow changes to initiator CHAP secret
Location
Computer Configuration
Path
System > iSCSI > iSCSI Security
Registry Key Name
Software\Policies\Microsoft\Windows\iSCSI
Registry Value Name
ChangeCHAPSecret
ADMX File Name
iSCSI.admx
iSCSISecurity_RequireIPSec
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
If enabled then only those connections that are configured for IPSec may be established. If disabled then connections that are configured for IPSec or connections not configured for IPSec may be established.
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Suġġeriment
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
iSCSISecurity_RequireIPSec
Friendly Name
Do not allow connections without IPSec
Location
Computer Configuration
Path
System > iSCSI > iSCSI Security
Registry Key Name
Software\Policies\Microsoft\Windows\iSCSI
Registry Value Name
RequireIPSec
ADMX File Name
iSCSI.admx
iSCSISecurity_RequireMutualCHAP
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
If enabled then only those sessions that are configured for mutual CHAP may be established. If disabled then sessions that are configured for mutual CHAP or sessions not configured for mutual CHAP may be established.
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Suġġeriment
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name
Value
Name
iSCSISecurity_RequireMutualCHAP
Friendly Name
Do not allow sessions without mutual CHAP
Location
Computer Configuration
Path
System > iSCSI > iSCSI Security
Registry Key Name
Software\Policies\Microsoft\Windows\iSCSI
Registry Value Name
RequireMutualCHAP
ADMX File Name
iSCSI.admx
iSCSISecurity_RequireOneWayCHAP
Scope
Editions
Applicable OS
✅ Device ❌ User
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later
If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may be established. Note that if the "Do not allow sessions without mutual CHAP" setting is enabled then that setting overrides this one.
Description framework properties:
Property name
Property value
Format
chr (string)
Access Type
Add, Delete, Get, Replace
Suġġeriment
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
As an Information Security Administrator, you plan and implement information security of sensitive data by using Microsoft Purview and related services. You’re responsible for mitigating risks by protecting data inside collaboration environments that are managed by Microsoft 365 from internal and external threats and protecting data used by AI services. You also implement information protection, data loss prevention, retention, insider risk management, and manage information security alerts and activities.