Skip to main content

Windows-specific MDM policies available in Swif

Updated today

The table below mirrors the Apple glossary you already saw, but for Windows 10 or later (Pro, Enterprise, Education, SE and LTSC where noted).


Use it when you’re inside Device Management → Policies → New Policy → Windows and need to know what each payload does.

Policy (alphabetical)

What it controls

Supported editions / min. OS

Create allow / deny rules for EXE, MSI, Script, Packaged apps

Pro 10 + / Enterprise 10 + / Education 10 + / SE 10 + / LTSC 10 +

One-click silent BitLocker enable/disable (no advanced options)

Windows 10 +

BitLocker (deprecated)

Legacy BitLocker settings payload

Windows 10 +

Certificate Install (SCEP/PKI)

Push user/computer certs (PFX, SCEP) & trust anchors

Windows 10 +

Connectivity

WLAN/LAN proxy, metered-network flag, tethering, hotspot

Windows 10 +

Defender

Real-time protection, cloud heuristics, engine updates, exclusions

Windows 10 +

Firefox Extension Deployment

Force-install / block Firefox add-ons via policies.json

Windows 10 +

Force or block Chrome Web-Store extensions

Windows 10 +

Google SSO

Configure Google Workspace login at Windows lock screen

Windows 10 +

Logon Message

Custom legal banner title & body before sign-in

Windows 10 +

Microsoft Remote Desktop

Allow RDP, network-level auth, encryption, clipboard rules

Windows 10 +

Length, complexity, history, grace period rules

Windows 10 +

PIN

Windows Hello for Business PIN length, complexity, expiration

Windows 10 +

Power

AC/DC sleep, lid close, hibernate, display timeout

Pro 10 + / Enterprise 10 + / Education 10 + / SE 10 + / LTSC 10 +

PEAP/MS-CHAPv2 or EAP-TLS wired, Wi-Fi, and VPN profiles

Windows 10 +

Remote Desktop (Windows)

Initiate on-demand RDP session from Swif console

Windows 10 +

SCEP Certificate

SCEP profile for auto-enrolling certificates

Windows 10 +

Security

Device Guard, Credential Guard, SMB signing, TLS protocol ciphers

Windows 10 +

Settings

Hundreds of CSP tweaks (privacy, notifications, telemetry, Cortana)

Pro 10 + / Enterprise 10 + / Education 10 + / SE 10 + / LTSC 10 +

Shared-PC mode, guest account lifetime, local storage limits

Windows 10 +

Quality & feature update deferral, automatic reboots, bandwidth

Windows 10 +

Tracking

Diagnostic data level, Advertising ID, location services

Windows 10 +

Allow / block removable storage, set read-only, specify device IDs

Pro 10 + / Enterprise 10 + / Education 10 + / SE 10 + / LTSC 10 +

Local account creation, admin elevation, guest enable/disable

Windows 10 +

VPN

IKEv2, L2TP, SSTP, Automatic, Always-On VPN profiles

Windows 10 +

WPA2/WPA3 Enterprise & PSK network profiles

Windows 10 +

Tips

  • BitLocker Auto is the recommended payload for most orgs—enables encryption silently with escrow to Swif’s key vault.

  • AppLocker supports rules per Publisher-SID for modern (AppX/MSIX) apps and traditional binaries.

  • Policies tagged Pro 10 + require at least Windows 10 Pro; Home editions will ignore the payload.

Need Linux or Apple equivalents? Switch tabs in the wizard—each OS family has its own glossary.

To write a custom policy, you can find more details at Configuring Windows Custom CSP Policies in Swif.

Did this answer your question?