To cancel any Microsoft subscription, see How to cancel your Microsoft subscription includes Xbox Live or Microsoft To cancel a purchase, see Cancel an order or pre-order from Microsoft Store. For unrecognized purchases, find out what you can do about unexpected charges from Microsoft. If you think someone else is using your account, learn how to get back into your Microsoft account if it's been compromised and how to help protect your Microsoft account from fraudulent activity. If there's a problem with your password, see How to reset your Microsoft account password.
Keep track of your child's purchases. If you let your child use your credit card or other payment method to buy stuff on their account, you can Keep track of your child's Microsoft Store purchases. Get more info about how to require adult approval for the things your child wants to buy in Microsoft Store on Windows 11 and Xbox One devices. Under Purchase sign-in , turn off I want to buy without a password, for faster checkout.
Get more info about how to require adult approval for the things your child wants to buy in Microsoft Store on Windows 10 and Xbox One devices.
Table of contents. Microsoft Store and billing help. Manage a subscription. Shipping, orders, and history. Refunds and exchanges. Authorize or troubleshoot a purchase. Payment options and updates.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services.
Privacy policy. For more info about the features and functionality that are supported in each edition of Windows, see Compare Windows 10 Editions. IT pros can configure access to Microsoft Store for client computers in their organization. For some organizations, business policies require blocking access to Microsoft Store. All executable code including Microsoft Store applications should have an update and maintenance plan. Organizations that use Microsoft Store applications should ensure that the applications can be updated through the Microsoft Store over the internet, through the Private Store , or distributed offline to keep the applications up to date.
For Windows 10, this is only supported on Windows 10 Enterprise edition. AppLocker provides policy-based access control management for applications. You can block access to Microsoft Store app with AppLocker by creating a rule for packaged apps. You'll give the name of the Microsoft Store app as the packaged app that you want to block from client computers. For more information on creating an AppLocker rule for app packages, see Create a rule for packaged apps.
On Permissions , select the action allow or deny and the user or group that the rule should apply to, and then click Next. On Publisher , you can select Use an installed app package as a reference , and then click Select. These settings use the personalization policy CSP , which also lists the supported Windows editions.
Users can't change the picture. Printers : Add printers using their network host names DNS name. The OS searches and installs matching printer drivers for each printer on the device. If you don't enter a value, Intune doesn't change or update this setting.
Default printer : Enter the network host name DNS name of an installed printer to use as the default printer. Add new printers : Block prevents users from adding new printers. By default, the OS might allow adding new printers. These settings use the privacy policy CSP , which also lists the supported Windows editions. Privacy experience : Block prevents the privacy experience from opening when users sign in, and from opening for new and upgraded users.
Input personalization : Block prevents using voice for dictation and to talk to Cortana and other apps that use Microsoft cloud-based speech recognition. It's disabled and users can't enable online speech recognition using settings. By default, the OS might let users choose. If you allow these services, Microsoft might collect voice data to improve the service. Automatic acceptance of the pairing and privacy user consent prompts : Choose Allow so Windows can automatically accept pairing and privacy consent messages when running apps.
By default, the OS might prevent the automatic acceptance. Publish user activities : Block prevents apps and the OS from publishing user activities.
It also prevents shared experiences and discovery of recently used resources in the activity feed. User Activities track the state of a user's tasks in an app or the OS. By default, the OS might enable this feature so apps can publish user activities. Local activities only : Block prevents shared experiences and the discovery of recently used resources in task switcher, based only on local activity.
You can configure information that all apps on the device can access. Also, define exceptions on a per-app basis using Per-app privacy exceptions. User input from wireless display receivers : Block prevents user input from wireless display receivers. By default, the OS might allow a wireless display to send keyboard, mouse, pen, and touch input back to the source device. Projection to this PC : Block prevents other devices from finding the device for projection, and prevents projecting to other devices.
By default, the OS might allow devices to be discoverable, and can project to the device above the lock screen. For information about recent changes for Windows Telemetry, see Changes to Windows diagnostic data collection. Share usage data : Choose the level of diagnostic data that's submitted. This feature controls what data Microsoft Edge sends to Microsoft Analytics for enterprise devices with a configured commercial ID.
The format for this setting is server : port. If the named proxy fails, or if a proxy isn't entered, then the Connected User Experiences and Telemetry data isn't sent. It stays on the local device. These settings use the search policy CSP , which also lists the supported Windows editions.
Safe Search mobile only : Control how Cortana filters adult content in search results. Display web results in search : Block prevents users from using Windows Search to search the internet, and web results aren't shown in Search. By default, the OS might allow users to search the web, and the results are shown on the device.
Diacritics : Block prevents diacritics from being shown in Windows Search. By default, the OS might show diacritics. Automatic language detection : Block prevents Windows Search from automatically detecting the language when indexing content or properties. By default, the OS might allow this feature. Search location : Block prevents Windows Search from using the location.
Indexer backoff : Block disables the search indexer backoff feature. Indexing continues at full speed, even if the system activity is high. By default, the OS might use backoff logic to throttle back indexing activity when system activity is high. Removable drive indexing : Block prevents locations on removable drives from being added to libraries, and from being indexed. Low disk space indexing : Enable allows automatic indexing, even when disk space is low.
By default, the OS might turn off automatic indexing when the hard disk space is MB or less. If devices in your organization have limited hard drive space, then set it to Not configured. Remote queries : Enable allows remote queries of the device's index. By default, the OS might prevent users from querying the device's index remotely.
These settings use the start policy CSP , which also lists the supported Windows editions. Management capabilities to deliver customized Start and Taskbar experiences are currently limited on Windows Start menu layout : Upload an XML file that includes your customizations, including the order the apps are listed, and more. The XML file overrides the default start layout. Users can't change the start menu layout you enter.
Pin websites to tiles in Start menu : Import images from Microsoft Edge. These images are shown as links in the Windows Start menu for desktop devices. Unpin apps from task bar : Block prevents users from unpinning apps from the task bar. By default, the OS might allow users to unpin apps from the task bar. Fast user switching : Block prevents switching between users that are logged on simultaneously without logging off. By default, the OS might show the Switch user on the user tile.
Most used apps : Block hides the most used apps from showing on the start menu. It also disables the corresponding toggle in the Settings app. By default, the OS might show the most used apps. Recently added apps : Block hides recently added apps on the start menu. By default, the OS might show the recently added apps on the start menu. Recently opened items in Jump Lists : Block hides recent jump lists from being shown on the start menu and taskbar. By default, the OS might show recently opened items in the jumplists.
Power button : Block hides the power button in the start menu. By default, the OS might show the power button. User Tile : Block hides the user tile in the start menu. By default, the OS might show the user tile. Configure the following settings:. Shut Down : Block hides the Update and shut down and Shut down options in the power button in the start menu.
Sleep : Block hides the Sleep option in the power button in the start menu. Hibernate : Block hides the Hibernate option in the power button in the start menu. Switch Account : Block hides the Switch account in the user tile in the start menu. Restart Options : Block hides the Update and restart and Restart options in the power button in the start menu. Pictures on Start : Hide or show the folder for pictures in the Windows Start menu. Videos on Start : Hide or show the folder for videos in the Windows Start menu.
By default, the OS might turn on SmartScreen, and allow users to turn it on and off. Microsoft Edge uses Microsoft Defender SmartScreen turned on to protect users from potential phishing scams and malicious software. Malicious site access : Block prevents users from ignoring the Microsoft Defender SmartScreen Filter warnings, and blocks them from going to the site.
By default, the OS might allow users to ignore the warnings, and continue to the site. Unverified file download : Block prevents users from ignoring the Microsoft Defender SmartScreen Filter warnings, and blocks them from downloading unverified files.
By default, the OS might allow users to ignore the warnings, and continue to download the unverified files. Windows Spotlight : Block turns off Windows spotlight on the lock screen, Windows Tips, Microsoft consumer features, and other related features. If your goal is to minimize network traffic from devices, then select Yes. By default, the OS might allow Windows spotlight features, and might be controlled by users. Windows Spotlight on lock screen : Block stops Windows Spotlight from showing information on the device lock screen.
By default, the OS might show Windows spotlight information on the lock screen. Third-party suggestions in Windows Spotlight : Block stops Windows Spotlight from suggesting content that isn't published by Microsoft.
By default, the OS might allow app and content suggestions from partners, and show suggested apps in the Start menu, and Windows tips. Consumer Features : Block turns off experiences that are typically for consumers, such as start suggestions, membership notifications, post-out of box experience app installation, and redirect tiles. Windows Tips : Block disables pop-up Windows Tips.
By default, the OS might allow the Windows Tips to show. Windows Spotlight in action center : Block prevents Windows spotlight notifications from showing in the Action Center. By default, the OS might show notifications in the Action Center that suggest apps or features to help users be more productive on Windows. Windows Spotlight personalization : Block prevents Windows from using diagnostic data to provide customized experiences to users.
By default, the OS might allow Microsoft to use diagnostic data to provide personalized recommendations, tips, and offers to tailor Windows for the user's needs. Windows welcome experience : Block turns off the Windows spotlight Windows welcome experience feature. The Windows welcome experience won't show when there are updates and changes to Windows and its apps.
By default, the OS might allow Windows welcome experience that shows users information about new, or updated features. These settings use the defender policy CSP , which also lists the supported Windows editions.
Real-time monitoring : Enable turns on real-time scanning for malware, spyware, and other unwanted software. Users can't turn it off. By default, the OS turns on this feature, and allows users to change it.
If you enable this setting, and then change it back to Not configured , then Intune leaves the setting in its previously configured state. Behavior monitoring : Enable turns on behavior monitoring, and checks for certain known patterns of suspicious activity on devices.
Users can't turn behavior monitoring off. By default, the OS might turn on Behavior Monitoring, and allow users to change it. If you enable the setting, and then change it back to Not configured , then Intune leaves the setting in its previously configured state.
It uses the signatures of known vulnerabilities from the Microsoft Endpoint Protection Center to help detect and block malicious traffic. Enable : Turns on network protection and network blocking. When enabled, users are blocked from connecting to known vulnerabilities. Scan all downloads : Enable turns on this setting, and Defender scans all files downloaded from the Internet.
Users can't turn off this setting. By default, the OS might turn on this setting, and allow users to change it. Scan scripts loaded in Microsoft web browsers : Enable allows Defender to scan scripts that are used in Internet Explorer. End user access to Defender : Block hides the Microsoft Defender user interface from users.
All Microsoft Defender notifications are also suppressed. If you block the setting, and then change it back to Not configured , then Intune leaves the setting in its previously configured state. Security intelligence update interval in hours : Enter the interval that Defender checks for new security intelligence, from Monitor file and program activity : Allows Defender to monitor file and program activity on devices.
Days before deleting quarantined malware : Continue tracking resolved malware for the number of days you enter so you can manually check previously affected devices. If you don't configure this setting, or set it to 0 days, malware stays in the Quarantine folder, and isn't automatically removed. When set to 90 , quarantine items are stored for 90 days on the system, and then removed.
Scan archive files : Enable turns on Defender so it scans archive files, such as Zip or Cab files. By default, the OS might turn on this scanning, and allow users to change it. Scan incoming mail messages : Enable allows Defender to scan email messages as they arrive on devices. When enabled, the engine parses the mailbox and mail files to analyze the mail body and attachments. You can scan. By default, the OS turns off this scanning, and allows users to change it. Scan removable drives during a full scan : Enable turns on Defender removable drive scans during a full scan.
By default, the OS might let Defender scan removable drives, such as USB sticks, and allow users to change this setting. Scan mapped network drives during a full scan : Enable has Defender scan files on mapped network drives.
If the files on the drive are read-only, Defender can't remove any malware found in them. Scan files opened from network folders : Enable has Defender scans files opened from network folders or shared network drives, such as files accessed from a UNC path. By default, the OS scans files opened from network folders, and allows users to change it. Cloud protection : Enable turns on the Microsoft Active Protection Service to receive information about malware activity from devices that you manage.
Users can't change this setting. By default, the OS allows the Microsoft Active Protection Service to receive information, and allows users to change this setting. Prompt users before sample submission : Controls whether potentially malicious files that might require further analysis are automatically sent to Microsoft.
Time to perform a daily quick scan : Choose the hour to run a daily quick scan. By default, the OS might run this scan at 2 AM. If you want more customization, then configure the Type of system scan to perform setting. Type of system scan to perform : Schedule a system scan, including the level of scanning, and the day and time to run the scan. This setting may conflict with the Time to perform a daily quick scan setting.
Some recommendations:. If you only want one quick scan daily no full scan , then use either setting: Time to perform a daily quick scan or Type of system scan to perform. For example, to run a quick scan every Tuesday at 6 AM, configure the Type of system scan to perform setting. Don't configure the Time to perform a daily quick scan setting simultaneously with the Type of system scan to perform set to Quick scan.
These settings may conflict, and a scan may not run. Detect potentially unwanted applications : This feature identifies and blocks potentially unwanted applications PUA from downloading and installing in your network.
These applications aren't considered viruses, malware, or other types of threats. But, they can run actions on endpoints that might affect their performance or use. Choose the level of protection when Windows detects PUAs.
0コメント