EnterpriseAssignedAccess configuration service provider

December 09, 2014

The EnterpriseAssignedAccess configuration service provider enables the IT administrator to provision the device into a state with locked down user experience. You can customize the start screen with a variety of pinned applications, disable system buttons, configure buttons to have custom launch actions, and customize the settings panel to have only specific settings options available to the user.

NoteNote

This CSP is for Windows Phone 8.1 enterprise use. There is a different version of this CSP for Windows Embedded 8.1 Handheld devices.

Caution noteCaution

This feature should only be used on devices that are owned or provided by the enterprise company or organization, or on a user owned device where the user allowed the device to be fully managed by the enterprise company.

As a mobile device management solutions vendor, you must provide the following disclaimer to the IT administrator prior to the use of the feature.

This feature may cause the device to fail or lose connectivity and require that the device be serviced at a factory-authorized repair center to reset to factory settings. Microsoft is not liable for any damage to the device or any loss of productivity that results from use of this feature. Microsoft requires that software vendors provide disclaimers to users when their products expose this feature and capabilities.

Important considerations before proceeding to use the EnterpriseAssignedAccess CSP:

  • Assigned access should be used in conjunction with application allow/deny lists and restrictive policy controls. It may be possible to deep link into settings or applications based on file handling. The combination of PolicyManager settings management, application management, and lockdown creates the most secure locked down experience.

  • Once an assigned access has been provisioned to a device, the only way to remove this functionality is to reset the device to factory setting using about->reset your phone or through hardware key combinations.

  • It is possible that specific combinations of assigned access and device policies through PolicyManager may render the device unusable. For example, if hardware key reset combinations are disabled, the device will need to be sent to a factory-authorized repair center for repair to remove assigned access functionality.

  • On every reboot, the assigned access XML is reapplied and any user settings or options is overridden. This includes Start Screen size (if the user selected “more tiles” for 6-column start, and the assigned access feature requires 4-column start), then on reboot, the user’s start screen will be forced back to a 4-column start and their start screen arrangement will be converted down back to a 4-column start.

  • Email accounts cannot be managed using assigned access, and those always show up on the All Apps page when assigned access is configured. You can address this by blocking provisioning of email accounts using PolicyManager.

  • Family Rooms cannot be blocked from view if they are previously pinned to the Start Screen. You can address this by blocking provisioning of a Microsoft Account connection using PolicyManager.

  • It is only possible to block the Store through the tile. If a user searches their apps list, an item is shown that allows the user to “Search Store,” which enables the user to deep link into the Store directly even though the application does not exist. Additionally, this will allow users to purchase against any provisioned Microsoft Account. You can address this by blocking access to the Store and blocking provisioning of a Microsoft Account using PolicyManager.

  • All settings can be accessed through deep links. This includes apps that deep link into settings pages and QR codes/NFC Tags that can deep link into apps or settings pages. Users can be blocked from changing deep-linked settings by disabling policies PolicyManager. There is no way to allow Wi-Fi, but prevent the user from changing the state to prevent the user from turning off Wi-Fi.

  • If action+notification center is usable, it allows deep links to settings and apps. You can address this by blocking access to apps using PolicyManager and using the allow/deny lists.

  • Any application that has a web browser control can deep link into the Microsoft Store and purchase apps against any provisioned Microsoft Account. If a Microsoft Account is not present, one can be added, even if the settings page is not visible. You can address this by blocking access to the Store and Microsoft Account provisioning using PolicyManager.

  • Apps that have web links can launch Internet Explorer, enabling a full browser experience, even if Internet Explorer is not visible. You can address this by blocking access to Internet Explorer using PolicyManager.

  • Any app that is visible in a user-action required state allows deep linking into the Store. You can address this by blocking access to the Store using PolicyManager.

  • Internet Explorer cache and back stack are not cleared when provisioning assigned access.

The following diagram shows the EnterpriseAssignedAccess configuration service provider management object in a tree format.

Provisioning_CSP_EnterpriseAssignedAccess
AssignedAccess

The parent node for the assigned access XML.

AssignedAccessXml

The XML code that controls the assigned access settings applied to the device. Supported operations are Add, Get, and Replace.

Entry

Description

Apps

The list of Apps that you specify in the Prov.xml is an allow list of application. If you do not specify an app, then it will not be available to the user on start. To pin or allow certain first party apps, you must specify the product IDs of the apps to configure their placement

The following list shows the first party apps and product IDs.

ApplicationProduct ID
Alarms{5B04B775-356B-4AA0-AAF8-6491FFEA560A}
Battery Saver{C551F76F-3368-42BB-92DF-7BFBB9265636}
MSN Money{1E0440F1-7ABF-4B9A-863D-177970EEFB5E}
Bing Food{CC512389-0456-430F-876B-704B17317DE2}
Bing Health{CBB8C3BD-99E8-4176-AD8C-95EC6A3641C2}
Bing News{9C3E8CAD-6702-4842-8F61-B8B33CC9CAF1}
Bing Sports{0F4C8C7E-7114-4E1E-A84C-50664DB13B17}
Bing Travel{19CD0687-980B-4838-8880-5F68ABA1671E}
Bing Weather{63C2A117-8604-44E7-8CEF-DF10BE3A57C8}
Calculator{5B04B775-356B-4AA0-AAF8-6491FFEA5603}
Calendar{36F9FA1C-FDAD-4CF0-99EC-C03771ED741A}
Camera (built-in){5B04B775-356B-4AA0-AAF8-6491FFEA5631}
Cortana{5B04B775-356B-4AA0-AAF8-6491FFEA568C}
Data Sense{5B04B775-356B-4AA0-AAF8-6491FFEA5646}
Email{5B04B775-356B-4AA0-AAF8-6491FFEA5614}
Facebook{0C340A67-3288-4C76-9375-0F2FEFBA0412}
Games{50A6AEF0-4F35-434B-9308-CB3251303AE4}
Internet Explorer{5B04B775-356B-4AA0-AAF8-6491FFEA5660}
Maps{5B04B775-356B-4AA0-AAF8-6491FFEA5686}
Messaging{5B04B775-356B-4AA0-AAF8-6491FFEA5610}
Music{D2B6A184-DA39-4C9A-9E0A-8B589B03DEC0}
Office Hub{5B04B775-356B-4AA0-AAF8-6491FFEA561E}
OneDrive{AD543082-80EC-45BB-AA02-FFE7F4182BA8}
OneNote{5B04B775-356B-4AA0-AAF8-6491FFEA561B}
People{5B04B775-356B-4AA0-AAF8-6491FFEA5615}
Phone{5B04B775-356B-4AA0-AAF8-6491FFEA5611}
Photos{5B04B775-356B-4AA0-AAF8-6491FFEA5632}
Podcasts{C3215724-B279-4206-8C3E-61D1A9D63ED3}
Settings{5B04B775-356B-4AA0-AAF8-6491FFEA5601}
Storage Sense{5B04B775-356B-4AA0-AAF8-6491FFEA564D}
Store{5B04B775-356B-4AA0-AAF8-6491FFEA5633}
Video{6AFFE59E-0467-4701-851F-7AC026E21665}
Wallet{5B04B775-356B-4AA0-AAF8-6491FFEA5683}

Example:

NoteNote
All top-level elements under <Default> must be included as part of the XML, unlike the following sample excerpt which does not include the other top-level elements.

<?xml version="1.0" encoding="utf-8"?>
<HandheldLockdown version="1.0" >
  <Default>
    <Apps>
      <!-- Alarms -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA560A}">
        <PinToStart>
          <Size>Medium</Size>
          <Location>
            <LocationX>0</LocationX>
            <LocationY>4</LocationY>
          </Location>
        </PinToStart>
      </Application>
    </Apps>
  </Default>
</HandheldLockdown>

Buttons

Buttons can be locked down to prevent the button from executing or starting their normal functionality. Additionally, the button functionality can be remapped to do a specific functionality, such as launching an application.

Button on the deviceButton XML namePress|press and hold, block/overrideCan be remapped?
CameraCameraBlock and overrideNo
BackBackNot supportedNo
Start (Windows key)StartBlock and overrideNo
SearchSearchBlock and overrideYes (app launch)
Volume up---Not supportedNo
Volume down---Not supportedNo
Power---Not supportedNo

To lock down all the button presses, all buttons must be added to the ButtonLockDownList with both ButtonEvent types added. The following example shows the button lockdown and remapping.

NoteNote
All top-level elements under <Default> must be included as part of the XML, unlike the following sample excerpt which does not include the other top-level elements.

<?xml version="1.0" encoding="utf-8"?>
<HandheldLockdown version="1.0" >
  <Default>
    <Buttons>
      <ButtonLockdownList>
        <!-- Lockdown all buttons -->
        <Button name="Search">
        </Button>
        <Button name="Camera">
          <ButtonEvent name="Press" />
          <ButtonEvent name="PressAndHold" />
        </Button>
      </ButtonLockdownList>
      <ButtonRemapList>
        <Button name="Search">
          <ButtonEvent name="Press">
            <!-- Settings -->
            <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5601}" parameters="" />
          </ButtonEvent>
        </Button>
      </ButtonRemapList>
    </Buttons>
  </Default>
</HandheldLockdown>

Settings

A number of settings/application items can be managed to configure whether or not those options can be viewed in the settings page. Note that OEMs can configure additional settings CPLs, and these are not included in this list.

NoteNote
The list of settings/applications are an allow list. If no settings are included in the assigned access XML, then no settings/applications is listed.
Settting pageSettings nameName
SystemaboutMicrosoft.About
Systemease of accessMicrosoft.Accessibility
Systememail+accountsMicrosoft.Accounts
Systemadvertising idMicrosoft.AdverstisingId
Systemairplane modeMicrosoft.AirplaneMode
Systembattery saverMicrosoft.BatterySaver
SystemBluetoothMicrosoft.Bluetooth
SystembrightnessMicrosoft.Brightness
SystemCellular+SIMMicrosoft.CellularConn
SystembackupMicrosoft.CloudStorageCpl
SystemworkplaceMicrosoft.CompanyAccount
Systemdate+timeMicrosoft.DateTime
Systemquite hoursMicrosoft.DoNotDisturb
Systemdriving modeMicrosoft.DrivingMode
SystemfeedbackMicrosoft.Feedback
Systemfind my phoneMicrosoft.FindMyPhone
Systemkids cornerMicrosoft.KidZone
SystemlanguageMicrosoft.Language
SystemlocationMicrosoft.Location
Systemproject my screenMicrosoft.MirrorUX
Systemnotifications+actionsMicrosoft.NocenterSettings
SystemlockscreenMicrosoft.PhoneLock
SystemregionMicrosoft.Regional
Systemsync my settingsMicrosoft.RoamingCpl
Systemscreen rotationMicrosoft.RotationLock
Systeminternet sharingMicrosoft.SoftAP
Systemringtones+soundsMicrosoft.Sounds
SystemspeechMicrosoft.Speech
Systemstorage senseMicrosoft.StorageSettings
Systemstart+themeMicrosoft.Themes
SystemkeyboardMicrosoft.TouchKeyboard
Systemphone updateMicrosoft.Updates
SystemVPNMicrosoft.VPN
SystemWi-FiMicrosoft.WiFi
SystemNFCMicrosoft.NFC
SystemUSBMicrosoft.USB
Systemdata senseMicrosoft.DataSmart
Applicationinternet explorerMicrosoft.IE
ApplicationmapsMicrosoft.Maps
ApplicationmessagingMicrosoft.Messaging
ApplicationOfficeMicrosoft.OfficeMobile
ApplicationpeopleMicrosoft.Contacts
ApplicationphoneMicrosoft.Phone
Applicationphotos+cameraMicrosoft.Photos
ApplicationsearchMicrosoft.Search
ApplicationstoreMicrosoft.Marketplace
ApplicationwalletMicrosoft.Wallet
ApplicationcortanaMicrosoft.AssistUX

Settings is a required field. Settings/System and Settings/Application are optional elements. Setting/System is an allow list of setting that show up under System. Settings/Application is an allow list of settings that show up under Application.

The following example locks down the settings page to only show two settings items in the Settings application: system\about and application\phone.

NoteNote
All top-level elements under <Default> must be included as part of the XML, unlike the following sample excerpt which does not include the other top-level elements.

<?xml version="1.0" encoding="utf-8"?>
<HandheldLockdown version="1.0" >
  <Default>
    <Settings>
      <System name="Microsoft.About" />
      <Application name="Microsoft.Phone" />
    </Settings>
  </Default>
</HandheldLockdown>

ActionCenter

Enables or disables the Action Center on the device. The Action Center includes both quick settings and notifications that users can quickly access. ActionCenter is required and supports enabled = "true" or "false."

NoteNote
All top-level elements under <Default> must be included as part of the XML, unlike the following sample excerpt which does not include the other top-level elements.

<?xml version="1.0" encoding="utf-8"?>
<HandheldLockdown version="1.0" >
  <Default>
    <ActionCenter enabled="true" />
  </Default>
</HandheldLockdown>

MenuItems

The start screen allows for a menu to display and help the user configure and customize their start screen. The menu can be triggered by pressing and holding start screen applications or tiles. This includes resizing tiles, moving their placement, and pinning additional tiles to start. To prevent this experience from being exposed and to more fully lockdown the experience, MenuItems can be disabled.

The DisableMenuItems element disables all menu items on the modern shell including the long press on applications to prevent menu items from displaying. MenuItems is required.

NoteNote
All top-level elements under <Default> must be included as part of the XML, unlike the following sample excerpt which does not include the other top-level elements.
<?xml version="1.0" encoding="utf-8"?>
<HandheldLockdown version="1.0" >
  <Default>
    <MenuItems>
      <DisableMenuItems/>
    </MenuItems>
  </Default>
</HandheldLockdown>

StartScreenSize

Three start screen configurations are supported: small, medium, large. Medium and large represent three-column start views, which enable six small tiles to be pinned in one row. The main difference between medium and large start screen scaling is resolution and keyboard scaling. Medium is recommended for all 720P and lower screen resolutions. Large is recommended for 1080P screen resolutions.

The StartScreenSize element is required. Supported values are "Small," "Medium," and "Large."

NoteNote
All top-level elements under <Default> must be included as part of the XML, unlike the following sample excerpt which does not include the other top-level elements.

<?xml version="1.0" encoding="utf-8"?>
<HandheldLockdown version="1.0" >
  <Default>
    <StartScreenSize>Small</StartScreenSize>
  </Default>
</HandheldLockdown>

Here is an example AssignedAccessXML.

Important noteImportant note

The XML should be placed in the <Data> element and either fully escaped or use <Data>![CDATA[<insert_xml_here>]]</Data> for wrapping unescaped data.

<?xml version="1.0" encoding="utf-8"?>
<HandheldLockdown version="1.0" >
  <Default>
    <ActionCenter enabled="true" />
    <Apps>
      <!-- Alarms -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA560A}" />
      <!-- Battery Saver -->
      <Application productId="{C551F76F-3368-42BB-92DF-7BFBB9265636}" />
      <!-- MSN Money -->
      <Application productId="{1E0440F1-7ABF-4B9A-863D-177970EEFB5E}" />
      <!-- Bing Food -->
      <Application productId="{CC512389-0456-430F-876B-704B17317DE2}" />
      <!-- Bing Health -->
      <Application productId="{CBB8C3BD-99E8-4176-AD8C-95EC6A3641C2}" />
      <!-- Bing News -->
      <Application productId="{9C3E8CAD-6702-4842-8F61-B8B33CC9CAF1}" />
      <!-- Bing Sports -->
      <Application productId="{0F4C8C7E-7114-4E1E-A84C-50664DB13B17}" />
      <!-- Bing Travel -->
      <Application productId="{19CD0687-980B-4838-8880-5F68ABA1671E}" />
      <!-- Bing Weather -->
      <Application productId="{63C2A117-8604-44E7-8CEF-DF10BE3A57C8}" />
      <!-- Calculator -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5603}" />
      <!-- Calendar -->
      <Application productId="{36F9FA1C-FDAD-4CF0-99EC-C03771ED741A}">
        <PinToStart>
          <Size>Medium</Size>
          <Location>
            <LocationX>0</LocationX>
            <LocationY>4</LocationY>
          </Location>
        </PinToStart>
      </Application>
      <!-- Camera -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5631}" />
      <!-- Cortana -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA568C}">
        <PinToStart>
          <Size>Medium</Size>
          <Location>
            <LocationX>0</LocationX>
            <LocationY>2</LocationY>
          </Location>
        </PinToStart>
      </Application>
      <!-- Data Sense -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5646}" />
      <!-- Email -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5614}">
        <PinToStart>
          <Size>Small</Size>
          <Location>
            <LocationX>0</LocationX>
            <LocationY>1</LocationY>
          </Location>
        </PinToStart>
      </Application>
      <!-- Facebook -->
      <Application productId="{0C340A67-3288-4C76-9375-0F2FEFBA0412}" />
      <!-- Games -->
      <Application productId="{50A6AEF0-4F35-434B-9308-CB3251303AE4}" />
      <!-- Internet Explorer -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5660}">
        <PinToStart>
          <Size>Small</Size>
          <Location>
            <LocationX>1</LocationX>
            <LocationY>1</LocationY>
          </Location>
        </PinToStart>
      </Application>
      <!-- Maps -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5686}" />
      <!-- Messaging -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5610}">
        <PinToStart>
          <Size>Small</Size>
          <Location>
            <LocationX>1</LocationX>
            <LocationY>0</LocationY>
          </Location>
        </PinToStart>
      </Application>
      <!-- Music -->
      <Application productId="{D2B6A184-DA39-4C9A-9E0A-8B589B03DEC0}">
        <PinToStart>
          <Size>Medium</Size>
          <Location>
            <LocationX>2</LocationX>
            <LocationY>4</LocationY>
          </Location>
        </PinToStart>
      </Application>
      <!-- Office Hub -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA561E}" />
      <!-- OneDrive -->
      <Application productId="{AD543082-80EC-45BB-AA02-FFE7F4182BA8}" />
      <!-- OneNote -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA561B}" />
      <!-- People -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5615}">
        <PinToStart>
          <Size>Medium</Size>
          <Location>
            <LocationX>2</LocationX>
            <LocationY>0</LocationY>
          </Location>
        </PinToStart>
      </Application>
      <!-- Phone -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5611}">
        <PinToStart>
          <Size>Small</Size>
          <Location>
            <LocationX>0</LocationX>
            <LocationY>0</LocationY>
          </Location>
        </PinToStart>
      </Application>
      <!-- Photos -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5632}">
        <PinToStart>
          <Size>Large</Size>
          <Location>
            <LocationX>0</LocationX>
            <LocationY>2</LocationY>
          </Location>
        </PinToStart>
      </Application>
      <!-- Podcast -->
      <Application productId="{C3215724-B279-4206-8C3E-61D1A9D63ED3}" />
      <!-- Settings -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5601}" />
      <!-- Storage Sense -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA564D}" />
      <!-- Store -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5633}">
        <PinToStart>
          <Size>Medium</Size>
          <Location>
            <LocationX>2</LocationX>
            <LocationY>2</LocationY>
          </Location>
        </PinToStart>
      </Application>
      <!-- Video -->
      <Application productId="{6AFFE59E-0467-4701-851F-7AC026E21665}" />
      <!-- Wallet -->
      <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5683}"/>
    </Apps>
    <Buttons>
      <ButtonLockdownList>
        <!-- Lockdown all buttons -->
        <Button name="Search">
        </Button>
        <Button name="Camera">
          <ButtonEvent name="Press" />
          <ButtonEvent name="PressAndHold" />
        </Button>
      </ButtonLockdownList>
      <ButtonRemapList>
        <Button name="Search">
          <ButtonEvent name="Press">
            <!-- Settings -->
            <Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5601}" parameters="" />
          </ButtonEvent>
        </Button>
      </ButtonRemapList>
    </Buttons>
    <MenuItems>
      <DisableMenuItems/>
    </MenuItems>
    <Settings>
      <System name="Microsoft.About" />
      <System name="Microsoft.Accessibility" />
      <System name="Microsoft.Accounts" />
      <System name="Microsoft.AdvertisingId" />
      <System name="Microsoft.AirplaneMode" />
      <System name="Microsoft.AssistUX" />
      <System name="Microsoft.BatterySaver" />
      <System name="Microsoft.Bluetooth" />
      <System name="Microsoft.Brightness" />
      <System name="Microsoft.CellularConn" />
      <System name="Microsoft.CloudStorageCpl" />
      <System name="Microsoft.CompanyAccount" />
      <System name="Microsoft.DateTime" />
      <System name="Microsoft.DoNotDisturb" />
      <System name="Microsoft.DrivingMode" />
      <System name="Microsoft.Feedback" />
      <System name="Microsoft.FindMyPhone" />
      <System name="Microsoft.KidZone" />
      <System name="Microsoft.Language" />
      <System name="Microsoft.Location" />
      <System name="Microsoft.MirrorUX" />
      <System name="Microsoft.NocenterSettings" />
      <System name="Microsoft.PhoneLock" />
      <System name="Microsoft.ProfileUpdate" />
      <System name="Microsoft.Proximity" />
      <System name="Microsoft.Regional" />
      <System name="Microsoft.RoamingCpl" />
      <System name="Microsoft.RotationLock" />
      <System name="Microsoft.SoftAP" />
      <System name="Microsoft.Sounds" />
      <System name="Microsoft.Speech" />
      <System name="Microsoft.StorageSettings" />
      <System name="Microsoft.Themes" />
      <System name="Microsoft.TouchKeyboard" />
      <System name="Microsoft.Updates" />
      <System name="Microsoft.VPN" />
      <System name="Microsoft.WiFi" />
      <Application name="Microsoft.Search" />
      <Application name="Microsoft.IE" />
      <Application name="Microsoft.Maps" />
      <Application name="Microsoft.Messaging" />
      <Application name="Microsoft.OfficeMobile" />
      <Application name="Microsoft.Contacts" />
      <Application name="Microsoft.Phone" />
      <Application name="Microsoft.Photos" />
      <Application name="Microsoft.Search" />
      <Application name="Microsoft.Marketplace" />
      <Application name="Microsoft.Wallet" />
      <Application name="Microsoft.AssistUX" />
    </Settings>
    <StartScreenSize>Small</StartScreenSize>
  </Default>
</HandheldLockdown>

Use the PolicyManager policy settings in conjunction with lockdown XML to block access to deep linking. Lockdown only blocks user-facing pieces of the experience, and does not prevent users from deep linking into 1st party and 3rd applications, and settings pages.

All top-level elements under <Default> are required to be included, even if no sub-elements are used.

Ensure that the XML is wrapped inside a SyncML body payload when being provisioned to the device

This XSD can be used to validate that the XML in the <Data> block constitutes valid XML that can be provisioned successfully onto the device.

The following features are not supported in Windows Phone 8.1:

  • Role Lists

  • CSP Runner

  • Button management for: Custom1, Custom2, Custom3


<xs:schema
  xmlns:xs="http://www.w3.org/2001/XMLSchema"
  elementFormDefault="qualified">
  <!-- COMPLEX TYPE: ROLE LIST TYPE -->
  <xs:complexType name="role_list_t">
    <xs:sequence minOccurs="1" maxOccurs="1">
      <xs:element name="Role" type="role_t" minOccurs="1" maxOccurs="unbounded"/>
    </xs:sequence>
  </xs:complexType>
  <!-- COMPLEX TYPE: START SCREEN SIZE TYPE -->
  <xs:simpleType name="startscreen_size_t">
    <xs:restriction base="xs:string">
      <!-- Small: 4 columns-->
      <xs:enumeration value="Small"/>
      <!-- Large: 6 columns-->
      <xs:enumeration value="Large"/>
    </xs:restriction>
  </xs:simpleType>
  <!-- COMPLEX TYPE: APPLICATION LIST TYPE -->
  <xs:complexType name="application_list_t">
    <xs:sequence minOccurs="0" maxOccurs="1">
      <xs:element name="Application" type="application_t" minOccurs="0" maxOccurs="unbounded" />
    </xs:sequence>
  </xs:complexType>
  <!-- COMPLEX TYPE: BUTTON LIST TYPE -->
  <xs:complexType name="button_list_t">
    <xs:sequence minOccurs="0" maxOccurs="1">
      <xs:element name="Button" minOccurs="0" maxOccurs="6" type="button_t"/>
    </xs:sequence>
  </xs:complexType>
  <!-- COMPLEX TYPE: MENU ITEM LIST TYPE -->
  <xs:complexType name="menu_item_list_t">
    <xs:sequence minOccurs="0" maxOccurs="1">
      <xs:element name="DisableMenuItems" minOccurs="0" maxOccurs="1"/>
    </xs:sequence>
  </xs:complexType>

  <!-- COMPLEX TYPE: DEFAULT TYPE -->
  <xs:complexType name="default_basic_t">
    <xs:sequence minOccurs="1">
      <xs:element name="ActionCenter" type="actioncenter_t" minOccurs="1"/>
      <xs:element name="Apps" type="application_list_t" minOccurs="1">
        <xs:unique name="duplicateAppsForbidden">
          <xs:selector xpath="Application"/>
          <xs:field xpath="@productId"/>
        </xs:unique>
      </xs:element>
      <xs:element name="Buttons" minOccurs="1">
        <xs:complexType>
          <xs:all>
            <xs:element name="ButtonLockdownList" type="button_list_t" minOccurs="0"/>
            <xs:element name="ButtonRemapList" type="button_list_t" minOccurs="0"/>
          </xs:all>
        </xs:complexType>
      </xs:element>
      <xs:element name="CSPRunner" minOccurs="0"/>
      <xs:element name="MenuItems" type="menu_item_list_t" minOccurs="1"/>
      <xs:element name="Settings" minOccurs="1">
        <xs:complexType>
          <xs:sequence>
            <xs:element name="System" type="setting_t" minOccurs="0" maxOccurs="unbounded" />
            <xs:element name="Application" type="setting_t" minOccurs="0" maxOccurs="unbounded" />
          </xs:sequence>
        </xs:complexType>
      </xs:element>
    </xs:sequence>
  </xs:complexType>
  <!-- COMPLEX TYPE: ROLE TYPE -->
  <xs:complexType name="role_t">
    <xs:complexContent>
      <xs:extension base="default_basic_t">
        <xs:attribute name="guid" type="guid_t" use="required"/>
        <xs:attribute name="name" type="xs:string" use="required"/>
      </xs:extension>
    </xs:complexContent>
  </xs:complexType>
  <!-- COMPLEX TYPE: DEFAULT ROLE TYPE -->
  <xs:complexType name="default_role_t">
    <xs:complexContent>
      <xs:extension base="default_basic_t">
        <xs:sequence minOccurs="1">
          <xs:element name="StartScreenSize" type="startscreen_size_t" minOccurs="1"/>
        </xs:sequence>
      </xs:extension>
    </xs:complexContent>
  </xs:complexType>
  <!-- COMPLEX TYPE: Action Center -->
  <xs:complexType name="actioncenter_t">
    <xs:attribute type="xs:boolean" name="enabled" use="required"/>
  </xs:complexType>
  <!-- COMPLEX TYPE: APPLICATION TYPE -->
  <xs:complexType name="application_t">
    <xs:all minOccurs="0">
      <xs:element name="PinToStart" type="start_tile_t" />
    </xs:all>
    <xs:attribute name="productId" type="guid_t" use="required"/>
    <xs:attribute name="parameters" type="xs:string" use="optional"/>
    <xs:attribute name="autoRun" type="xs:boolean" use="optional"/>
  </xs:complexType>
  <!-- COMPLEX TYPE: START SCREEN TILE CONFIGURATION TYPE-->
  <xs:complexType name="start_tile_t">
    <xs:all minOccurs="1" maxOccurs="1">
      <xs:element name="Size" type="tile_size_t" minOccurs="1" />
      <xs:element name="Location" type="tile_location_t" minOccurs="1" />
    </xs:all>
  </xs:complexType>
  <!-- COMPLEX TYPE: SETTING TYPE -->
  <xs:complexType name="setting_t">
    <xs:attribute name="name" type="xs:string" use="required"/>
  </xs:complexType>
  <!-- COMPLEX TYPE: BUTTON TYPE -->
  <xs:complexType name="button_t">
    <xs:sequence minOccurs="0" maxOccurs="1">
      <xs:element name="ButtonEvent" type="button_event_t" minOccurs="0" maxOccurs="2"/>
    </xs:sequence>
    <xs:attribute name="name" type="supported_button_t" use="required"/>
  </xs:complexType>
  <!-- COMPLEX TYPE: BUTTON EVENT TYPE -->
  <xs:complexType name="button_event_t">
    <xs:all minOccurs="0" maxOccurs="1">
      <xs:element name="Application" type="application_t" minOccurs="0" maxOccurs="1" />
    </xs:all>
    <xs:attribute name="name" type="supported_button_event_t" use="required"/>
  </xs:complexType>

  <!--COMPLEX TYPE: START TILE TYPE-->
  <xs:complexType name="tile_location_t">
    <xs:sequence minOccurs="0" maxOccurs="1">
      <xs:element name="LocationX" type="xs:unsignedLong"/>
      <xs:element name="LocationY" type="xs:unsignedLong"/>
    </xs:sequence>
  </xs:complexType>

  <!-- SIMPLE TYPE: SUPPORTED BUTTON TYPE -->
  <xs:simpleType name="supported_button_t">
    <xs:restriction base="xs:string">
      <xs:enumeration value="Start"/>
      <xs:enumeration value="Search"/>
      <xs:enumeration value="Camera"/>
      <xs:enumeration value="Custom1"/>
      <xs:enumeration value="Custom2"/>
      <xs:enumeration value="Custom3"/>
    </xs:restriction>
  </xs:simpleType>
  <!-- SIMPLE TYPE: SUPPORTED BUTTON EVENT TYPE -->
  <xs:simpleType name="supported_button_event_t">
    <xs:restriction base="xs:string">
      <xs:enumeration value="All"/>
      <xs:enumeration value="Press"/>
      <xs:enumeration value="PressAndHold"/>
    </xs:restriction>
  </xs:simpleType>
  <!-- SIMPLE TYPE: GUID -->
  <xs:simpleType name="guid_t">
    <xs:restriction base="xs:string">
      <xs:pattern value="\{[0-9a-fA-F]{8}\-([0-9a-fA-F]{4}\-){3}[0-9a-fA-F]{12}\}"/>
    </xs:restriction>
  </xs:simpleType>
  <!--SIMPLE TYPE: TILE SIZE-->
  <xs:simpleType name="tile_size_t">
    <xs:restriction base="xs:string">
      <xs:enumeration value="Small"/>
      <xs:enumeration value="Medium"/>
      <xs:enumeration value="Large"/>
    </xs:restriction>
  </xs:simpleType>

  <!-- SCHEMA -->
  <xs:element name="HandheldLockdown">
    <xs:complexType>
      <xs:all minOccurs="1">
        <xs:element name="Default" type="default_role_t"/>
        <xs:element name="RoleList" type="role_list_t" minOccurs="0">
          <xs:unique name="duplicateRolesForbidden">
            <xs:selector xpath="Role"/>
            <xs:field xpath="@guid"/>
          </xs:unique>
        </xs:element>
      </xs:all>
      <xs:attribute name="version" use="required" type="xs:decimal"/>
    </xs:complexType>
  </xs:element>
</xs:schema>

Show: