The table below mirrors the Apple glossary you already saw, but for Windows 10 or later (Pro, Enterprise, Education, SE and LTSC where noted).
Use it when you’re inside Device Management → Policies → New Policy → Windows and need to know what each payload does.
Policy (alphabetical) | What it controls | Supported editions / min. OS |
Create allow / deny rules for EXE, MSI, Script, Packaged apps | Pro 10 + / Enterprise 10 + / Education 10 + / SE 10 + / LTSC 10 + | |
One-click silent BitLocker enable/disable (no advanced options) | Windows 10 + | |
BitLocker (deprecated) | Legacy BitLocker settings payload | Windows 10 + |
Certificate Install (SCEP/PKI) | Push user/computer certs (PFX, SCEP) & trust anchors | Windows 10 + |
Connectivity | WLAN/LAN proxy, metered-network flag, tethering, hotspot | Windows 10 + |
Defender | Real-time protection, cloud heuristics, engine updates, exclusions | Windows 10 + |
Firefox Extension Deployment | Force-install / block Firefox add-ons via policies.json | Windows 10 + |
Force or block Chrome Web-Store extensions | Windows 10 + | |
Google SSO | Configure Google Workspace login at Windows lock screen | Windows 10 + |
Logon Message | Custom legal banner title & body before sign-in | Windows 10 + |
Microsoft Remote Desktop | Allow RDP, network-level auth, encryption, clipboard rules | Windows 10 + |
Length, complexity, history, grace period rules | Windows 10 + | |
PIN | Windows Hello for Business PIN length, complexity, expiration | Windows 10 + |
Power | AC/DC sleep, lid close, hibernate, display timeout | Pro 10 + / Enterprise 10 + / Education 10 + / SE 10 + / LTSC 10 + |
PEAP/MS-CHAPv2 or EAP-TLS wired, Wi-Fi, and VPN profiles | Windows 10 + | |
Remote Desktop (Windows) | Initiate on-demand RDP session from Swif console | Windows 10 + |
SCEP Certificate | SCEP profile for auto-enrolling certificates | Windows 10 + |
Security | Device Guard, Credential Guard, SMB signing, TLS protocol ciphers | Windows 10 + |
Settings | Hundreds of CSP tweaks (privacy, notifications, telemetry, Cortana) | Pro 10 + / Enterprise 10 + / Education 10 + / SE 10 + / LTSC 10 + |
Shared-PC mode, guest account lifetime, local storage limits | Windows 10 + | |
Quality & feature update deferral, automatic reboots, bandwidth | Windows 10 + | |
Tracking | Diagnostic data level, Advertising ID, location services | Windows 10 + |
Allow / block removable storage, set read-only, specify device IDs | Pro 10 + / Enterprise 10 + / Education 10 + / SE 10 + / LTSC 10 + | |
Local account creation, admin elevation, guest enable/disable | Windows 10 + | |
VPN | IKEv2, L2TP, SSTP, Automatic, Always-On VPN profiles | Windows 10 + |
WPA2/WPA3 Enterprise & PSK network profiles | Windows 10 + |
Tips
BitLocker Auto is the recommended payload for most orgs—enables encryption silently with escrow to Swif’s key vault.
AppLocker supports rules per Publisher-SID for modern (AppX/MSIX) apps and traditional binaries.
Policies tagged Pro 10 + require at least Windows 10 Pro; Home editions will ignore the payload.
To write a custom policy, you can find more details at Configuring Windows Custom CSP Policies in Swif.