CSP Improvement -Part 5

The updates here are made to improve Acrolinx scores and fix format errors as per Task : 5864419. Thanks!

windows/client-management/mdm/policy-csp-admx-cpls.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_Cpls
-description: Policy CSP - ADMX_Cpls
+description: Learn about the Policy CSP - ADMX_Cpls.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -64,7 +64,7 @@ manager: dansimp
 This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
 
 > [!NOTE] 
-> The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed.
+> The default account picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg.` The default guest picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg.` If the default pictures do not exist, an empty frame is displayed.
 
 If you enable this policy setting, the default user account picture will display for all users on the system with no customization allowed.
 
@@ -84,6 +84,8 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-
 <!--/Policies-->
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-credentialproviders.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_CredentialProviders
-description: Policy CSP - ADMX_CredentialProviders
+description: Learn about the Policy CSP - ADMX_CredentialProviders.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -122,7 +122,7 @@ This policy setting allows the administrator to assign a specified credential pr
 
 If you enable this policy setting, the specified credential provider is selected on other user tile.
 
-If you disable or do not configure this policy setting, the system picks the default credential provider on other user tile.
+If you disable or don't configure this policy setting, the system picks the default credential provider on other user tile.
 
 > [!NOTE]
 > A list of registered credential providers and their GUIDs can be found in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.
@@ -191,3 +191,7 @@ ADMX Info:
 
 
 <!--/Policies-->
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-credssp.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_CredSsp
-description: Policy CSP - ADMX_CredSsp
+description: Learn about the Policy CSP - ADMX_CredSsp.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -97,7 +97,7 @@ This policy setting applies when server authentication was achieved via NTLM.
 
 If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows).
 
-If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any machine.
+If you disable or don't configure (by default) this policy setting, delegation of default credentials isn't permitted to any machine.
 
 > [!NOTE]
 > The "Allow delegating default credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated.  The use of a single wildcard character is permitted when specifying the SPN.
@@ -156,7 +156,7 @@ If you enable this policy setting, you can specify the servers to which the user
 
 The policy becomes effective the next time the user signs on to a computer running Windows.
 
-If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, see KB.
+If you disable or don't configure (by default) this policy setting, delegation of default credentials isn't permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, see KB.
 
 FWlink for KB:
 https://go.microsoft.com/fwlink/?LinkId=301508
@@ -215,14 +215,14 @@ Some versions of the CredSSP protocol are vulnerable to an encryption oracle att
 
 If you enable this policy setting, CredSSP version support will be selected based on the following options:
 
-- Force Updated Clients: Client applications which use CredSSP will not be able to fall back to the insecure versions and services using CredSSP will not accept unpatched clients. 
+- Force Updated Clients: Client applications that use CredSSP won't be able to fall back to the insecure versions and services using CredSSP won't accept unpatched clients. 
 
     > [!NOTE]
     > This setting should not be deployed until all remote hosts support the newest version.
 
-- Mitigated: Client applications which use CredSSP will not be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients.
+- Mitigated: Client applications that use CredSSP won't be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients.
 
-- Vulnerable: Client applications which use CredSSP will expose the remote servers to attacks by supporting fall back to the insecure versions and services using CredSSP will accept unpatched clients.
+- Vulnerable: Client applications, which use CredSSP will expose the remote servers to attacks by supporting fall-back to the insecure versions and services using CredSSP will accept unpatched clients.
 
 For more information about the vulnerability and servicing requirements for protection, see https://go.microsoft.com/fwlink/?linkid=866660
 
@@ -271,9 +271,9 @@ This policy setting applies when server authentication was achieved via a truste
 
 If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application).
 
-If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
+If you don't configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
 
-If you disable this policy setting, delegation of fresh credentials is not permitted to any machine.
+If you disable this policy setting, delegation of fresh credentials isn't permitted to any machine.
 
 > [!NOTE]
 > The "Allow delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard is permitted when specifying the SPN.
@@ -327,11 +327,11 @@ This policy setting applies to applications using the Cred SSP component (for ex
 
 This policy setting applies when server authentication was achieved via NTLM.
 
-If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application).
+If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you're prompted for when executing the application).
 
-If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
+If you don't configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
 
-If you disable this policy setting, delegation of fresh credentials is not permitted to any machine.
+If you disable this policy setting, delegation of fresh credentials isn't permitted to any machine.
 
 > [!NOTE]
 > The "Allow delegating fresh credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.
@@ -387,9 +387,9 @@ This policy setting applies when server authentication was achieved via a truste
 
 If you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).
 
-If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
+If you don't configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
 
-If you disable this policy setting, delegation of saved credentials is not permitted to any machine.
+If you disable this policy setting, delegation of saved credentials isn't permitted to any machine.
 
 > [!NOTE]
 > The "Allow delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.
@@ -555,9 +555,9 @@ ADMX Info:
 <!--Description-->
 This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
-If you enable this policy setting, you can specify the servers to which the user's fresh credentials cannot be delegated (fresh credentials are those that you are prompted for when executing the application).
+If you enable this policy setting, you can specify the servers to which the user's fresh credentials can't be delegated (fresh credentials are those that you're prompted for when executing the application).
 
-If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.
+If you disable or don't configure (by default) this policy setting, this policy setting doesn't specify any server.
 
 > [!NOTE]
 > The "Deny delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.
@@ -676,7 +676,7 @@ If you enable this policy setting, the following options are supported:
 - Require Remote Credential Guard: Participating applications must use Remote Credential Guard to connect to remote hosts.
 - Require Restricted Admin: Participating applications must use Restricted Admin to connect to remote hosts.
 
-If you disable or do not configure this policy setting, Restricted Admin and Remote Credential Guard mode are not enforced and participating apps can delegate credentials to remote devices.
+If you disable or do not configure this policy setting, Restricted Admin and Remote Credential Guard mode aren't enforced and participating apps can delegate credentials to remote devices.
 
 > [!NOTE]
 > To disable most credential delegation, it may be sufficient to deny delegation in Credential Security Support Provider (CredSSP) by modifying Administrative template settings (located at Computer Configuration\Administrative Templates\System\Credentials Delegation).
@@ -699,3 +699,6 @@ ADMX Info:
 
 <!--/Policies-->
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-credui.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_CredUI
-description: Policy CSP - ADMX_CredUI
+description: Learn about  the Policy CSP - ADMX_CredUI.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -67,11 +67,11 @@ manager: dansimp
 This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user’s Windows credentials.
 
 > [!NOTE]
-> This policy affects nonlogon authentication tasks only. As a security best practice, this policy should be enabled.
+> This policy affects non-logon authentication tasks only. As a security best practice, this policy should be enabled.
 
-If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop by means of the trusted path mechanism.
+If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop with the trusted path mechanism.
 
-If you disable or do not configure this policy setting, users will enter Windows credentials within the user’s desktop session, potentially allowing malicious code access to the user’s Windows credentials.
+If you disable or don't configure this policy setting, users will enter Windows credentials within the user’s desktop session, potentially allowing malicious code access to the user’s Windows credentials.
 
 <!--/Description-->
 
@@ -112,7 +112,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. If you turn this policy setting on, local users won’t be able to set up and use security questions to reset their passwords.
+Available in the latest Windows 10 Insider Preview Build. If you turn on this policy setting, local users won’t be able to set up and use security questions to reset their passwords.
 
 <!--/Description-->
 
@@ -129,3 +129,6 @@ ADMX Info:
 <
 <!--/Policies-->
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_CtrlAltDel
-description: Policy CSP - ADMX_CtrlAltDel
+description: Learn about the Policy CSP - ADMX_CtrlAltDel.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -74,7 +74,7 @@ This policy setting prevents users from changing their Windows password on deman
 
 If you enable this policy setting, the 'Change Password' button on the Windows Security dialog box will not appear when you press Ctrl+Alt+Del.
 
-However, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring.
+However, users will still be able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring.
 
 <!--/Description-->
 
@@ -119,11 +119,11 @@ ADMX Info:
 <!--Description-->
 This policy setting prevents users from locking the system.
 
-While locked, the desktop is hidden and the system cannot be used. Only the user who locked the system or the system administrator can unlock it.
+While locked, the desktop is hidden and the system can't be used. Only the user who locked the system or the system administrator can unlock it.
 
-If you enable this policy setting, users cannot lock the computer from the keyboard using Ctrl+Alt+Del.
+If you enable this policy setting, users can't lock the computer from the keyboard using Ctrl+Alt+Del.
 
-If you disable or do not configure this policy setting, users will be able to lock the computer from the keyboard using Ctrl+Alt+Del.
+If you disable or don't configure this policy setting, users will be able to lock the computer from the keyboard using Ctrl+Alt+Del.
 
 > [!TIP]
 > To lock a computer without configuring a setting, press Ctrl+Alt+Delete, and then click Lock this computer.
@@ -170,9 +170,9 @@ This policy setting prevents users from starting Task Manager.
 
 Task Manager (**taskmgr.exe**) lets users start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run.
 
-If you enable this policy setting, users will not be able to access Task Manager. If users try to start Task Manager, a message appears explaining that a policy prevents the action.
+If you enable this policy setting, users won't be able to access Task Manager. If users try to start Task Manager, a message appears explaining that a policy prevents the action.
 
-If you disable or do not configure this policy setting, users can access Task Manager to start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run.
+If you disable or don't configure this policy setting, users can access Task Manager to start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run.
 
 <!--/Description-->
 
@@ -215,11 +215,11 @@ ADMX Info:
 <!--Description-->
 This policy setting disables or removes all menu items and buttons that log the user off the system.
 
-If you enable this policy setting, users will not see the Log off menu item when they press Ctrl+Alt+Del. This will prevent them from logging off unless they restart or shutdown the computer, or clicking Log off from the Start menu.
+If you enable this policy setting, users won't see the Logoff menu item when they press Ctrl+Alt+Del. This will prevent them from logging off unless they restart or shut down the computer, or clicking Logoff from the Start menu.
 
 Also, see the 'Remove Logoff on the Start Menu' policy setting.
 
-If you disable or do not configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del.
+If you disable or do not configure this policy setting, users can see and select the Logoff menu item when they press Ctrl+Alt+Del.
 
 <!--/Description-->
 
@@ -237,3 +237,6 @@ ADMX Info:
 
 <!--/Policies-->
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-datacollection.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DataCollection
-description: Policy CSP - ADMX_DataCollection
+description: Learn about the Policy CSP - ADMX_DataCollection.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -63,7 +63,7 @@ manager: dansimp
 <!--Description-->
 This policy setting defines the identifier used to uniquely associate this device’s telemetry data as belonging to a given organization.
 
-If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program.
+If your organization is participating in a program that requires this device to be identified as belonging to your organization, then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program.
 
 If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its telemetry data with your organization.
 
@@ -86,3 +86,6 @@ ADMX Info:
 
 <!--/Policies-->
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-dcom.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DCOM
-description: Policy CSP - ADMX_DCOM
+description: Learn about the Policy CSP - ADMX_DCOM.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -66,10 +66,10 @@ manager: dansimp
 <!--Description-->
 This policy setting allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.
   
-- If you enable this policy setting, and DCOM does not find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list.
+- If you enable this policy setting, and DCOM doesn't find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list.
 
-- If you disable this policy setting, DCOM will not look in the locally configured DCOM activation security check exemption list.  
+- If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security-check exemption list.  
-If you do not configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy is not configured.
+If you don't configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy isn't configured.
 
 > [!NOTE]
 > This policy setting applies to all sites in Trusted zones.
@@ -119,19 +119,24 @@ DCOM ignores the second list when this policy setting is configured, unless the
 DCOM server application IDs added to this policy must be listed in curly brace format.
 
 For example, `{b5dcb061-cefb-42e0-a1be-e6a6438133fe}`.
+
 If you enter a non-existent or improperly formatted application ID DCOM will add it to the list without checking for errors.  
+
+If you add an application ID to this list and set its value to one, DCOM won't enforce the Activation security check for that DCOM server.
+
+If you add an application ID to this list and set its value to zero DCOM will always enforce the Activation security check for that DCOM server regardless of local settings.  
+
 - If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings. 
-
-If you add an application ID to this list and set its value to one, DCOM will not enforce the Activation security check for that DCOM server.   
-If you add an application ID to this list and set its value to zero DCOM will always enforce the Activation security check for that DCOM server regardless of local 
-settings.  
 - If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.  
+- If you don't configure this policy setting, the application ID exemption list defined by local computer administrators is used.  
+
+>[!Note]  
+> The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.
 
-If you do not configure this policy setting, the application ID exemption list defined by local computer administrators is used.  Notes:  The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.   
 This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults.  If the DCOM server's custom launch permission contains explicit DENY entries this may mean that object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead.  
 
 The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short term as an application compatibility deployment aid.  
-DCOM servers added to this exemption list are only exempted if their custom launch permissions do not contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups.  
+DCOM servers added to this exemption list are only exempted if their custom launch permissions don't contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups.  
 
 > [!NOTE]
 > Exemptions for DCOM Server Application IDs added to this list will apply to both 32-bit and 64-bit versions of the server if present.
@@ -154,3 +159,6 @@ ADMX Info:
 
 <!--/Policies-->
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-desktop.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_Desktop
-description: Policy CSP - ADMX_Desktop
+description: Learn about Policy CSP - ADMX_Desktop.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -145,13 +145,13 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results.
+Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying more filters to search results.
 
 If you enable this setting, the filter bar appears when the Active Directory Find dialog box opens, but users can hide it.
 
-If you disable this setting or do not configure it, the filter bar does not appear, but users can display it by selecting "Filter" on the "View" menu.
+If you disable this setting or don't configure it, the filter bar doesn't appear, but users can display it by selecting "Filter" on the "View" menu.
 
-To see the filter bar, open Network Locations, click Entire Network, and then click Directory. Right-click the name of a Windows domain, and click Find. Type the name of an object in the directory, such as  "Administrator." If the filter bar does not appear above the resulting display, on the View menu, click Filter.
+To see the filter bar, open Network Locations, click Entire Network, and then click Directory. Right-click the name of a Windows domain, and click Find. Type the name of an object in the directory, such as  "Administrator." If the filter bar doesn't appear above the resulting display, on the View menu, click Filter.
 
 <!--/Description-->
 
@@ -197,9 +197,9 @@ Hides the Active Directory folder in Network Locations.
 
 The Active Directory folder displays Active Directory objects in a browse window.
 
-If you enable this setting, the Active Directory folder does not appear in the Network Locations folder.
+If you enable this setting, the Active Directory folder doesn't appear in the Network Locations folder.
 
-If you disable this setting or do not configure it, the Active Directory folder appears in the Network Locations folder.
+If you disable this setting or don't configure it, the Active Directory folder appears in the Network Locations folder.
 
 This setting is designed to let users search Active Directory but not tempt them to casually browse Active Directory.
 
@@ -247,7 +247,7 @@ Specifies the maximum number of objects the system displays in response to a com
 
 If you enable this setting, you can use the "Number of objects returned" box to limit returns from an Active Directory search.
 
-If you disable this setting or do not configure it, the system displays up to 10,000 objects. This consumes approximately 2 MB of memory or disk space.
+If you disable this setting or don't configure it, the system displays up to 10,000 objects. This consumes approximately 2 MB of memory or disk space.
 
 This setting is designed to protect the network and the domain controller from the effect of expansive searches.
 
@@ -295,7 +295,7 @@ Enables Active Desktop and prevents users from disabling it.
 
 This setting prevents users from trying to enable or disable Active Desktop while a policy controls it.
 
-If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it.
+If you disable this setting or don't configure it, Active Desktop is disabled by default, but users can enable it.
 
 > [!NOTE]
 > If both the "Enable Active Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored.  If the "Turn on Classic Shell" setting (in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, Active Desktop is disabled, and both of these policies are ignored.
@@ -343,7 +343,7 @@ Disables Active Desktop and prevents users from enabling it.
 
 This setting prevents users from trying to enable or disable Active Desktop while a policy controls it.
 
-If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it.
+If you disable this setting or don't configure it, Active Desktop is disabled by default, but users can enable it.
 
 > [!NOTE]
 > If both the "Enable Active Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Classic Shell" setting (in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, Active Desktop is disabled, and both these policies are ignored.
@@ -390,7 +390,7 @@ ADMX Info:
 <!--Description-->
 Prevents the user from enabling or disabling Active Desktop or changing the Active Desktop configuration.
 
-This is a comprehensive setting that locks down the configuration you establish by using other policies in this folder. This setting removes the Web tab from Display in Control Panel. As a result, users cannot enable or disable Active Desktop. If Active Desktop is already enabled, users cannot add, remove, or edit Web content or disable, lock, or synchronize Active Desktop components.
+This is a comprehensive setting that locks down the configuration you establish by using other policies in this folder. This setting removes the Web tab from Display in Control Panel. As a result, users can't enable or disable Active Desktop. If Active Desktop is already enabled, users can't add, remove, or edit Web content or disable, lock, or synchronize Active Desktop components.
 
 <!--/Description-->
 
@@ -433,7 +433,7 @@ ADMX Info:
 <!--Description-->
 Removes icons, shortcuts, and other default and user-defined items from the desktop, including Briefcase, Recycle Bin, Computer, and Network Locations.
 
-Removing icons and shortcuts does not prevent the user from using another method to start the programs or opening the items they represent.
+Removing icons and shortcuts doesn't prevent the user from using another method to start the programs or opening the items they represent.
 
 Also, see "Items displayed in Places Bar" in User Configuration\Administrative Templates\Windows Components\Common Open File Dialog to remove the Desktop icon from the Places Bar. This will help prevent users from saving data to the Desktop.
 
@@ -479,9 +479,9 @@ ADMX Info:
 <!--Description-->
 Prevents users from using the Desktop Cleanup Wizard.
 
-If you enable this setting, the Desktop Cleanup wizard does not automatically run on a users workstation every 60 days. The user will also not be able to access the Desktop Cleanup Wizard.
+If you enable this setting, the Desktop Cleanup wizard doesn't automatically run on a users workstation every 60 days. The user will also not be able to access the Desktop Cleanup Wizard.
 
-If you disable this setting or do not configure it, the default behavior of the Desktop Clean Wizard running every 60 days occurs.
+If you disable this setting or don't configure it, the default behavior of the Desktop Clean Wizard running every 60 days occurs.
 
 > [!NOTE]
 > When this setting is not enabled, users can run the Desktop Cleanup Wizard, or have it run automatically every 60 days from Display, by clicking the Desktop tab and then clicking the Customize Desktop button.
@@ -528,7 +528,7 @@ ADMX Info:
 <!--Description-->
 Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.
 
-This setting does not prevent the user from starting Internet Explorer by using other methods.
+This setting doesn't prevent the user from starting Internet Explorer by using other methods.
 
 <!--/Description-->
 
@@ -576,7 +576,7 @@ If you enable this setting, Computer is hidden on the desktop, the new Start men
 
 If you disable this setting, Computer is displayed as usual, appearing as normal on the desktop, Start menu, folder tree pane, and Web views, unless restricted by another setting.
 
-If you do not configure this setting, the default is to display Computer as usual.
+If you don't configure this setting, the default is to display Computer as usual.
 
 > [!NOTE]
 > In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Computer icon. Hiding Computer and its contents does not hide the contents of the child folders of Computer. For example, if the users navigate into one of their hard drives, they see all of their folders and files there, even if this setting is enabled.
@@ -625,9 +625,9 @@ Removes most occurrences of the My Documents icon.
 
 This setting removes the My Documents icon from the desktop, from File Explorer, from programs that use the File Explorer windows, and from the standard Open dialog box.
 
-This setting does not prevent the user from using other methods to gain access to the contents of the My Documents folder.
+This setting doesn't prevent the user from using other methods to gain access to the contents of the My Documents folder.
 
-This setting does not remove the My Documents icon from the Start menu. To do so, use the "Remove My Documents icon from Start Menu" setting.
+This setting doesn't remove the My Documents icon from the Start menu. To do so, use the "Remove My Documents icon from Start Menu" setting.
 
 > [!NOTE]
 > To make changes to this setting effective, you must log off from and log back on to Windows 2000 Professional.
@@ -673,7 +673,7 @@ ADMX Info:
 <!--Description-->
 Removes the Network Locations icon from the desktop.
 
-This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network.
+This setting only affects the desktop icon. It doesn't prevent users from connecting to the network or browsing for shared computers on the network.
 
 > [!NOTE]
 > In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Network Places icon.
@@ -720,9 +720,9 @@ ADMX Info:
 <!--Description-->
 This setting hides Properties on the context menu for Computer.
 
-If you enable this setting, the Properties option will not be present when the user right-clicks My Computer or clicks Computer and then goes to the File menu.  Likewise, Alt-Enter does nothing when Computer is selected.
+If you enable this setting, the Properties option won't be present when the user right-clicks My Computer or clicks Computer and then goes to the File menu.  Likewise, Alt-Enter does nothing when Computer is selected.
 
-If you disable or do not configure this setting, the Properties option is displayed as usual.
+If you disable or don't configure this setting, the Properties option is displayed as usual.
 
 <!--/Description-->
 
@@ -766,17 +766,16 @@ ADMX Info:
 <!--Description-->
 This policy setting hides the Properties menu command on the shortcut menu for the My Documents icon.
 
-If you enable this policy setting, the Properties menu command will not be displayed when the user does any of the following:
+If you enable this policy setting, the Properties menu command won't be displayed when the user does any of the following:
 
 - Right-clicks the My Documents icon.
 - Clicks the My Documents icon, and then opens the File menu.
 - Clicks the My Documents icon, and then presses ALT+ENTER.
 
-If you disable or do not configure this policy setting, the Properties menu command is displayed.
+If you disable or don't configure this policy setting, the Properties menu command is displayed.
 
 <!--/Description-->
 
-
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Remove Properties from the Documents icon context menu*
@@ -814,11 +813,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Remote shared folders are not added to Network Locations whenever you open a document in the shared folder.
+Remote shared folders aren't added to Network Locations whenever you open a document in the shared folder.
 
-If you disable this setting or do not configure it, when you open a document in a remote shared folder, the system adds a connection to the shared folder to Network Locations.
+If you disable this setting or don't configure it, when you open a document in a remote shared folder, the system adds a connection to the shared folder to Network Locations.
 
-If you enable this setting, shared folders are not added to Network Locations automatically when you open a document in the shared folder.
+If you enable this setting, shared folders aren't added to Network Locations automatically when you open a document in the shared folder.
 
 <!--/Description-->
 
@@ -864,7 +863,7 @@ Removes most occurrences of the Recycle Bin icon.
 
 This setting removes the Recycle Bin icon from the desktop, from File Explorer, from programs that use the File Explorer windows, and from the standard Open dialog box.
 
-This setting does not prevent the user from using other methods to gain access to the contents of the Recycle Bin folder.
+This setting doesn't prevent the user from using other methods to gain access to the contents of the Recycle Bin folder.
 
 > [!NOTE]
 > To make changes to this setting effective, you must log off and then log back on.
@@ -910,9 +909,9 @@ ADMX Info:
 <!--Description-->
 Removes the Properties option from the Recycle Bin context menu.
 
-If you enable this setting, the Properties option will not be present when the user right-clicks on Recycle Bin or opens Recycle Bin and then clicks File. Likewise, Alt-Enter does nothing when Recycle Bin is selected.
+If you enable this setting, the Properties option won't be present when the user right-clicks on Recycle Bin or opens Recycle Bin and then clicks File. Likewise, Alt-Enter does nothing when Recycle Bin is selected.
 
-If you disable or do not configure this setting, the Properties option is displayed as usual.
+If you disable or don't configure this setting, the Properties option is displayed as usual.
 
 <!--/Description-->
 
@@ -956,7 +955,7 @@ ADMX Info:
 <!--Description-->
 Prevents users from saving certain changes to the desktop.
 
-If you enable this setting, users can change the desktop, but some changes, such as the position of open windows or the size and position of the taskbar, are not saved when users log off. However, shortcuts placed on the desktop are always saved.
+If you enable this setting, users can change the desktop, but some changes, such as the position of open windows or the size and position of the taskbar, aren't saved when users logoff. However, shortcuts placed on the desktop are always saved.
 
 <!--/Description-->
 
@@ -1000,9 +999,9 @@ ADMX Info:
 <!--Description-->
 Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse.
 
-If you enable this policy, application windows will not be minimized or restored when the active window is shaken back and forth with the mouse.
+If you enable this policy, application windows won't be minimized or restored when the active window is shaken back and forth with the mouse.
 
-If you disable or do not configure this policy, this window minimizing and restoring gesture will apply.
+If you disable or don't configure this policy, this window minimizing and restoring gesture will apply.
 
 <!--/Description-->
 
@@ -1047,9 +1046,9 @@ Specifies the desktop background ("wallpaper") displayed on all users' desktops.
 
 This setting lets you specify the wallpaper on users' desktops and prevents users from changing the image or its presentation. The wallpaper you specify can be stored in a bitmap (*.bmp) or JPEG (*.jpg) file.
 
-To use this setting, type the fully qualified path and name of the file that stores the wallpaper image. You can type a local path, such as C:\Windows\web\wallpaper\home.jpg or a UNC path, such as \\\Server\Share\Corp.jpg. If the specified file is not available when the user logs on, no wallpaper is displayed. Users cannot specify alternative wallpaper. You can also use this setting to specify that the wallpaper image be centered, tiled, or stretched. Users cannot change this specification.
+To use this setting, type the fully qualified path and name of the file that stores the wallpaper image. You can type a local path, such as C:\Windows\web\wallpaper\home.jpg or a UNC path, such as \\\Server\Share\Corp.jpg. If the specified file isn't available when the user logs on, no wallpaper is displayed. Users can't specify alternative wallpaper. You can also use this setting to specify that the wallpaper image be centered, tiled, or stretched. Users can't change this specification.
 
-If you disable this setting or do not configure it, no wallpaper is displayed. However, users can select the wallpaper of their choice.
+If you disable this setting or don't configure it, no wallpaper is displayed. However, users can select the wallpaper of their choice.
 
 Also, see the "Allow only bitmapped wallpaper" in the same location, and the "Prevent changing wallpaper" setting in User Configuration\Administrative Templates\Control Panel.
 
@@ -1097,7 +1096,7 @@ ADMX Info:
 <!--Description-->
 Prevents users from adding Web content to their Active Desktop.
 
-This setting removes the "New" button from Web tab in Display in Control Panel. As a result, users cannot add Web pages or pictures from the Internet or an intranet to the desktop. This setting does not remove existing Web content from their Active Desktop, or prevent users from removing existing Web content.
+This setting removes the "New" button from Web tab in Display in Control Panel. As a result, users can't add Web pages or pictures from the Internet or an intranet to the desktop. This setting doesn't remove existing Web content from their Active Desktop, or prevent users from removing existing Web content.
 
 Also, see the "Disable all items" setting.
 
@@ -1142,9 +1141,9 @@ ADMX Info:
 <!--Description-->
 Prevents users from removing Web content from their Active Desktop.
 
-In Active Desktop, you can add items to the desktop but close them so they are not displayed.
+In Active Desktop, you can add items to the desktop but close them so they aren't displayed.
 
-If you enable this setting, items added to the desktop cannot be closed; they always appear on the desktop. This setting removes the check boxes from items on the Web tab in Display in Control Panel.
+If you enable this setting, items added to the desktop can't be closed; they always appear on the desktop. This setting removes the check boxes from items on the Web tab in Display in Control Panel.
 
 > [!NOTE]
 > This setting does not prevent users from deleting items from their Active Desktop.
@@ -1193,7 +1192,7 @@ Prevents users from deleting Web content from their Active Desktop.
 
 This setting removes the Delete button from the Web tab in Display in Control Panel. As a result, users can temporarily remove, but not delete, Web content from their Active Desktop.
 
-This setting does not prevent users from adding Web content to their Active Desktop.
+This setting doesn't prevent users from adding Web content to their Active Desktop.
 
 Also, see the "Prohibit closing items" and "Disable all items" settings.
 
@@ -1239,7 +1238,7 @@ ADMX Info:
 <!--Description-->
 Prevents users from changing the properties of Web content items on their Active Desktop.
 
-This setting disables the Properties button on the Web tab in Display in Control Panel. Also, it removes the Properties item from the menu for each item on the Active Desktop. As a result, users cannot change the properties of an item, such as its synchronization schedule, password, or display characteristics.
+This setting disables the Properties button on the Web tab in Display in Control Panel. Also, it removes the Properties item from the menu for each item on the Active Desktop. As a result, users can't change the properties of an item, such as its synchronization schedule, password, or display characteristics.
 
 <!--/Description-->
 
@@ -1283,7 +1282,7 @@ ADMX Info:
 <!--Description-->
 Removes Active Desktop content and prevents users from adding Active Desktop content. 
 
-This setting removes all Active Desktop items from the desktop. It also removes the Web tab from Display in Control Panel. As a result, users cannot add Web pages or  pictures from the Internet or an intranet to the desktop.
+This setting removes all Active Desktop items from the desktop. It also removes the Web tab from Display in Control Panel. As a result, users can't add Web pages or  pictures from the Internet or an intranet to the desktop.
 
 > [!NOTE]
 > This setting does not disable Active Desktop. Users can  still use image formats, such as JPEG and GIF, for their desktop wallpaper.
@@ -1338,7 +1337,7 @@ You can also use this setting to delete particular Web-based items from users' d
 > Removing an item from the "Add" list for this setting is not the same as deleting it. Items that are removed from the "Add" list are not removed from the desktop. They are simply not added again.
 
 > [!NOTE]
-> For this setting to take affect, you must log off and log on to the system.
+> For this setting to take effect, you must log off and log on to the system.
 
 <!--/Description-->
 
@@ -1382,7 +1381,7 @@ ADMX Info:
 <!--Description-->
 Prevents users from manipulating desktop toolbars.
 
-If you enable this setting, users cannot add or remove toolbars from the desktop. Also, users cannot drag toolbars on to or off of docked toolbars.
+If you enable this setting, users can't add or remove toolbars from the desktop. Also, users can't drag toolbars on to or off of docked toolbars.
 
 > [!NOTE]
 > If users have added or removed toolbars, this setting prevents them from restoring the default configuration.
@@ -1432,9 +1431,9 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Prevents users from adjusting the length of desktop toolbars. Also, users cannot reposition items or toolbars on docked toolbars.
+Prevents users from adjusting the length of desktop toolbars. Also, users can't reposition items or toolbars on docked toolbars.
 
-This setting does not prevent users from adding or removing toolbars on the desktop.
+This setting doesn't prevent users from adding or removing toolbars on the desktop.
 
 > [!NOTE]
 > If users have adjusted their toolbars, this setting prevents them from restoring the default configuration.
@@ -1481,7 +1480,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Permits only bitmap images for wallpaper. This setting limits the desktop background ("wallpaper") to bitmap (.bmp) files. If users select files with other image formats, such as JPEG, GIF, PNG, or HTML, through the Browse button on the Desktop tab, the wallpaper does not load. Files that are autoconverted to a .bmp format, such as JPEG, GIF, and PNG, can be set as Wallpaper by right-clicking the image and selecting "Set as Wallpaper".
+Permits only bitmap images for wallpaper. This setting limits the desktop background ("wallpaper") to bitmap (.bmp) files. If users select files with other image formats, such as JPEG, GIF, PNG, or HTML, through the Browse button on the Desktop tab, the wallpaper doesn't load. Files that are auto-converted to a .bmp format, such as JPEG, GIF, and PNG, can be set as Wallpaper by right-clicking the image and selecting "Set as Wallpaper".
 
 Also, see the "Desktop Wallpaper" and the "Prevent changing wallpaper" (in User Configuration\Administrative Templates\Control Panel\Display) settings.
 
@@ -1501,3 +1500,6 @@ ADMX Info:
 
 <!--/Policies-->
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-devicecompat.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DeviceCompat
-description: Policy CSP - ADMX_DeviceCompat
+description: Learn about Policy CSP - ADMX_DeviceCompat.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -119,3 +119,7 @@ ADMX Info:
 <!--/Policy-->
 
 <!--/Policies-->
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-deviceguard.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DeviceGuard
-description: Policy CSP - ADMX_DeviceGuard
+description: Learn about Policy CSP - ADMX_DeviceGuard.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -71,8 +71,9 @@ or a locally valid path (for example, `C:\FolderName\SIPolicy.p7b)`.
  
 The local machine account (LOCAL SYSTEM) must have access permission to the policy file.    
 If using a signed and protected policy then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either:
-1. First update the policy to a non-protected policy and then disable the setting.  
+
-2. Disable the setting and then remove the policy from each computer, with a physically present user.
+- First update the policy to a non-protected policy and then disable the setting. (or)  
+- Disable the setting and then remove the policy from each computer, with a physically present user.
 
 <!--/Description-->
 
@@ -89,3 +90,6 @@ ADMX Info:
 
 <!--/Policies-->
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-deviceinstallation.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DeviceInstallation
-description: Policy CSP - ADMX_DeviceInstallation
+description: Learn about Policy CSP - ADMX_DeviceInstallation.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -86,7 +86,7 @@ This policy setting allows you to determine whether members of the Administrator
 
 If you enable this policy setting, members of the Administrators group can use the Add Hardware wizard or the Update Driver wizard to install and update the drivers for any device. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
 
-If you disable or do not configure this policy setting, members of the Administrators group are subject to all policy settings that restrict device installation.
+If you disable or don't configure this policy setting, members of the Administrators group are subject to all policy settings that restrict device installation.
 
 <!--/Description-->
 
@@ -132,7 +132,7 @@ This policy setting allows you to display a custom message to users in a notific
 
 If you enable this policy setting, Windows displays the text you type in the Detail Text box when a policy setting prevents device installation.
 
-If you disable or do not configure this policy setting, Windows displays a default message when a policy setting prevents device installation.
+If you disable or don't configure this policy setting, Windows displays a default message when a policy setting prevents device installation.
 
 <!--/Description-->
 
@@ -178,7 +178,7 @@ This policy setting allows you to display a custom message title in a notificati
 
 If you enable this policy setting, Windows displays the text you type in the Main Text box as the title text of a notification when a policy setting prevents device installation.
 
-If you disable or do not configure this policy setting, Windows displays a default title in a notification when a policy setting prevents device installation.
+If you disable or don't configure this policy setting, Windows displays a default title in a notification when a policy setting prevents device installation.
 
 <!--/Description-->
 
@@ -224,7 +224,7 @@ This policy setting allows you to configure the number of seconds Windows waits
 
 If you enable this policy setting, Windows waits for the number of seconds you specify before terminating the installation.
 
-If you disable or do not configure this policy setting, Windows waits 240 seconds for a device installation task to complete before terminating the installation.
+If you disable or don't configure this policy setting, Windows waits 240 seconds for a device installation task to complete before terminating the installation.
 
 <!--/Description-->
 
@@ -268,11 +268,12 @@ ADMX Info:
 <!--Description-->
 This policy setting establishes the amount of time (in seconds) that the system will wait to reboot in order to enforce a change in device installation restriction policies.
 
-If you enable this policy setting, set the amount of seconds you want the system to wait until a reboot.
+If you enable this policy setting, set the number of seconds you want the system to wait until a reboot.
 
-If you disable or do not configure this policy setting, the system does not force a reboot.
+If you disable or don't configure this policy setting, the system doesn't force a reboot.
 
-Note: If no reboot is forced, the device installation restriction right will not take effect until the system is restarted.
+>[!Note]
+> If no reboot is forced, the device installation restriction right won't take effect until the system is restarted.
 
 <!--/Description-->
 
@@ -314,11 +315,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example, a Universal Serial Bus (USB) device is reported to be removable by the drivers for the USB hub to which the device is connected. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
+This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it's connected indicates that the device is removable. For example, a Universal Serial Bus (USB) device is reported to be removable by the drivers for the USB hub to which the device is connected. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
 
-If you enable this policy setting, Windows is prevented from installing removable devices and existing removable devices cannot have their drivers updated. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of removable devices from a remote desktop client to the remote desktop server.
+If you enable this policy setting, Windows is prevented from installing removable devices and existing removable devices can't have their drivers updated. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of removable devices from a remote desktop client to the remote desktop server.
 
-If you disable or do not configure this policy setting, Windows can install and update device drivers for removable devices as allowed or prevented by other policy settings.
+If you disable or don't configure this policy setting, Windows can install and update device drivers for removable devices as allowed or prevented by other policy settings.
 <!--/Description-->
 
 
@@ -361,9 +362,9 @@ ADMX Info:
 <!--Description-->
 This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity, such as the installation of an unsigned driver. A system restore point enables you to more easily restore your system to its state before the activity. 
 
-If you enable this policy setting, Windows does not create a system restore point when one would normally be created.
+If you enable this policy setting, Windows doesn't create a system restore point when one would normally be created.
 
-If you disable or do not configure this policy setting, Windows creates a system restore point as it normally would.
+If you disable or don't configure this policy setting, Windows creates a system restore point as it normally would.
 
 <!--/Description-->
 
@@ -409,7 +410,7 @@ This policy setting specifies a list of device setup class GUIDs describing devi
 
 If you enable this policy setting, members of the Users group may install new drivers for the specified device setup classes. The drivers must be signed according to Windows Driver Signing Policy, or be signed by publishers already in the TrustedPublisher store.
 
-If you disable or do not configure this policy setting, only members of the Administrators group are allowed to install new device drivers on the system.
+If you disable or don't configure this policy setting, only members of the Administrators group are allowed to install new device drivers on the system.
 
 
 <!--/Description-->
@@ -427,3 +428,7 @@ ADMX Info:
 <hr/>
 
 <!--/Policies-->
+
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-devicesetup.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DeviceSetup
-description: Policy CSP - ADMX_DeviceSetup
+description: Learn about Policy CSP - ADMX_DeviceSetup.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -66,9 +66,9 @@ manager: dansimp
 <!--Description-->
 This policy setting allows you to turn off "Found New Hardware" balloons during device installation.
 
-If you enable this policy setting, "Found New Hardware" balloons do not appear while a device is being installed.
+If you enable this policy setting, "Found New Hardware" balloons don't appear while a device is being installed.
 
-If you disable or do not configure this policy setting, "Found New Hardware" balloons appear while a device is being installed, unless the driver for the device suppresses the balloons.
+If you disable or don't configure this policy setting, "Found New Hardware" balloons appear while a device is being installed, unless the driver for the device suppresses the balloons.
 
 <!--/Description-->
 
@@ -114,9 +114,12 @@ This policy setting allows you to specify the order in which Windows searches so
 
 If you enable this policy setting, you can select whether Windows searches for drivers on Windows Update unconditionally, only if necessary, or not at all.
 
-Note that searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows will not continually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching only if needed is specified, then Windows will search for a driver only if a driver is not locally available on the system.
+>[!Note]
+> Searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates. 
 
-If you disable or do not configure this policy setting, members of the Administrators group can determine the priority order in which Windows searches source locations for device drivers.
+This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching is enabled and only when needed is specified, then Windows will search for a driver only if a driver isn't locally available on the system.
+
+If you disable or don't configure this policy setting, members of the Administrators group can determine the priority order in which Windows searches source locations for device drivers.
 
 <!--/Description-->
 
@@ -133,3 +136,6 @@ ADMX Info:
 
 <!--/Policies-->
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-dfs.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DFS
-description: Policy CSP - ADMX_DFS
+description: Learn about Policy CSP - ADMX_DFS.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -63,10 +63,9 @@ manager: dansimp
 This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network. 
 By default, a DFS client attempts to discover domain controllers every 15 minutes.  
 
-- If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. 
+If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. This value is specified in minutes.  
-This value is specified in minutes.  
 
-- If you disable or do not configure this policy setting, the default value of 15 minutes applies.  
+If you disable or don't configure this policy setting, the default value of 15 minutes applies.  
 
 > [!NOTE]
 > The minimum value you can select is 15 minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied.
@@ -87,3 +86,6 @@ ADMX Info:
 
 <!--/Policies-->
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-digitallocker.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DigitalLocker
-description: Policy CSP - ADMX_DigitalLocker
+description: Learn about Policy CSP - ADMX_DigitalLocker.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -68,13 +68,12 @@ This policy setting specifies whether Digital Locker can run.
 
 Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.
 
-If you enable this setting, Digital Locker will not run.
+If you enable this setting, Digital Locker won't run.
 
-If you disable or do not configure this setting, Digital Locker can be run.
+If you disable or don't configure this setting, Digital Locker can be run.
 
 <!--/Description-->
 
-
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Do not allow Digital Locker to run*
@@ -116,9 +115,9 @@ This policy setting specifies whether Digital Locker can run.
 
 Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.
 
-If you enable this setting, Digital Locker will not run.
+If you enable this setting, Digital Locker won't run.
 
-If you disable or do not configure this setting, Digital Locker can be run.
+If you disable or don't configure this setting, Digital Locker can be run.
 
 <!--/Description-->
 
@@ -137,3 +136,6 @@ ADMX Info:
 
 <!--/Policies-->
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DiskDiagnostic
-description: Policy CSP - ADMX_DiskDiagnostic
+description: Learn about Policy CSP - ADMX_DiskDiagnostic.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -66,12 +66,13 @@ manager: dansimp
 <!--Description-->
 This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault.
 
-- If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
+If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
-- If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message. 
 
-No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. 
+If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message. 
 
-This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. 
+No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately. 
+
+This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. 
 The DPS can be configured with the Services snap-in to the Microsoft Management Console.
 
 > [!NOTE]
@@ -121,12 +122,15 @@ This policy setting determines the execution level for S.M.A.R.T.-based disk dia
 
 Self-Monitoring And Reporting Technology (S.M.A.R.T.) is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S.M.A.R.T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S.M.A.R.T. faults to the event log when they occur.
   
-- If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss.  
+If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss.  
-- If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken. 
-- If you do not configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.  
 
-No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. 
+If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken. 
-This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. 
+
+If you don't configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.  
+
+No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately.
+
+This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. 
 
 > [!NOTE]
 > For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.
@@ -147,3 +151,6 @@ ADMX Info:
 
 <!--/Policies-->
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-disknvcache.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DiskNVCache
-description: Policy CSP - ADMX_DiskNVCache
+description: Learn about Policy CSP - ADMX_DiskNVCache.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -67,14 +67,15 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-This policy setting turns off the boot and resume optimizations for the hybrid hard disks in the system.  
+This policy setting turns off the boot and resumes optimizations for the hybrid hard disks in the system.  
 
-If you enable this policy setting, the system does not use the non-volatile (NV) cache to optimize boot and resume.  
+If you enable this policy setting, the system doesn't use the non-volatile (NV) cache to optimize boot and resume.  
 
 If you disable this policy setting, the system uses the NV cache to achieve faster boot and resume.
+
 The system determines the data that will be stored in the NV cache to optimize boot and resume. 
 
-The required data is stored in the NV cache during shutdown and hibernate, respectively. This might cause a slight increase in the time taken for shutdown and hibernate.  If you do not configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations. 
+The required data is stored in the NV cache during shutdown and hibernate, respectively. This might cause a slight increase in the time taken for shutdown and hibernate.  If you don't configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations. 
 
 This policy setting is applicable only if the NV cache feature is on.
 
@@ -119,12 +120,11 @@ This policy setting turns off all support for the non-volatile (NV) cache on all
 
 To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties. The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache.  
 
-If you enable this policy setting, the system will not manage the NV cache and will not enable NV cache power saving mode.  
+If you enable this policy setting, the system won't manage the NV cache and won't enable NV cache power saving mode.  
 
 If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured. 
 
-This policy setting will take effect on next boot.  If you do not configure this policy setting, the default behavior is to turn on support for the NV cache.
+This policy setting will take effect on next boot. If you don't configure this policy setting, the default behavior is to turn on support for the NV cache.
-
 
 
 <!--/Description-->
@@ -172,7 +172,10 @@ If you enable this policy setting, frequently written files such as the file sys
 
 If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power. 
 
-This can cause increased wear of the NV cache.  If you do not configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache.  Note: This policy setting is applicable only if the NV cache feature is on.
+This can cause increased wear of the NV cache.  If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache.  
+
+>[!Note]
+> This policy setting is applicable only if the NV cache feature is on.
 
 
 <!--/Description-->
@@ -192,3 +195,6 @@ ADMX Info:
 
 <!--/Policies-->
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-diskquota.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DiskQuota
-description: Policy CSP - ADMX_DiskQuota
+description: Learn about Policy CSP - ADMX_DiskQuota.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -79,7 +79,7 @@ manager: dansimp
 <!--Description-->
 This policy setting extends the disk quota policies in this folder to NTFS file system volumes on the removable media.  
 
-If you disable or do not configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only. 
+If you disable or don't configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only. 
 
 When this policy setting is applied, the computer will apply the disk quota to both fixed and removable media.
 
@@ -124,13 +124,13 @@ ADMX Info:
 <!--Description-->
 This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting.  
 
-If you enable this policy setting, disk quota management is turned on, and users cannot turn it off.  
+If you enable this policy setting, disk quota management is turned on, and users can't turn it off.  
 
-If you disable the policy setting, disk quota management is turned off, and users cannot turn it on. When this policy setting is not configured then the disk quota management is turned off by default, and the administrators can turn it on. 
+If you disable the policy setting, disk quota management is turned off, and users can't turn it on. When this policy setting isn't configured then the disk quota management is turned off by default, and the administrators can turn it on. 
 
 To prevent users from changing the setting while a setting is in effect, the system disables the "Enable quota management" option on the Quota tab of NTFS volumes.
 
-This policy setting turns on disk quota management but does not establish or enforce a particular disk quota limit. 
+This policy setting turns on disk quota management but doesn't establish or enforce a particular disk quota limit. 
 
 To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit. 
 
@@ -180,9 +180,9 @@ This policy setting determines whether disk quota limits are enforced and preven
 
 If you enable this policy setting, disk quota limits are enforced. 
 
-If you disable this policy setting, disk quota limits are not enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceed quota limit" option on the Quota tab. Therefore, the administrators cannot make changes while the setting is in effect. 
+If you disable this policy setting, disk quota limits aren't enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceed quota limit" option on the Quota tab. Therefore, the administrators can't make changes while the setting is in effect. 
 
-If you do not configure this policy setting, the disk quota limit is not enforced by default, but administrators can change the setting. Enforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes. However, the users can continue to write to the volume as long as physical space is available. 
+If you don't configure this policy setting, the disk quota limit isn't enforced by default, but administrators can change the setting. Enforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes. However, the users can continue to write to the volume as long as physical space is available. 
 
 This policy setting overrides user settings that enable or disable quota enforcement on their volumes. 
 
@@ -232,9 +232,9 @@ This policy setting determines whether the system records an event in the local
 
 If you enable this policy setting, the system records an event when the user reaches their limit. 
 
-If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators cannot change the setting while a setting is in effect. If you do not configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting. 
+If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators can't change the setting while a setting is in effect. If you don't configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting. 
 
-This policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit. Also, this policy setting does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached their limit, because their status in the Quota Entries window changes. 
+This policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit. Also, this policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their limit, because their status in the Quota Entries window changes. 
 
 To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.
 
@@ -282,9 +282,9 @@ This policy setting determines whether the system records an event in the Applic
 
 If you enable this policy setting, the system records an event.
 
-If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators cannot change logging while a policy setting is in effect.  
+If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators can't change logging while a policy setting is in effect.  
 
-If you do not configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. This policy setting does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached their warning level because their status in the Quota Entries window changes. 
+If you don't configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. This policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their warning level because their status in the Quota Entries window changes. 
 
 To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.
 
@@ -332,11 +332,11 @@ This policy setting specifies the default disk quota limit and warning level for
 This policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit. 
 
 This setting overrides new users’ settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab. 
-This policy setting applies to all new users as soon as they write to the volume. It does not affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).  
+This policy setting applies to all new users as soon as they write to the volume. It doesn't affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).  
 
-If you disable or do not configure this policy setting, the disk space available to users is not limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it is reasonable for the range of volumes in the group. 
+If you disable or don't configure this policy setting, the disk space available to users isn't limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it's reasonable for the range of volumes in the group. 
 
-This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas are not enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume.
+This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas aren't enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume.
 
 <!--/Description-->
 
@@ -354,3 +354,6 @@ ADMX Info:
 
 <!--/Policies-->
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DistributedLinkTracking
-description: Policy CSP - ADMX_DistributedLinkTracking
+description: Learn about Policy CSP - ADMX_DistributedLinkTracking.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -62,7 +62,9 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
 This policy specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers. 
-The DLT client enables programs to track linked  files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on  another computer.   
+
+The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on  another computer.
+
 The DLT client can more reliably track links when allowed to use the DLT server.  
 This policy should not be set unless the DLT server is running on all domain controllers in the domain.
 
@@ -85,3 +87,6 @@ ADMX Info:
 
 <!--/Policies-->
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-dnsclient.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DnsClient
-description: Policy CSP - ADMX_DnsClient
+description: Learn about Policy CSP - ADMX_DnsClient.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -127,7 +127,7 @@ This policy setting specifies that NetBIOS over TCP/IP (NetBT) queries are issue
 
 If you enable this policy setting, NetBT queries will be issued for multi-label and fully qualified domain names, such as "www.example.com" in addition to single-label names.
 
-If you disable this policy setting, or if you do not configure this policy setting, NetBT queries will only be issued for single-label names, such as "example" and not for multi-label and fully qualified domain names.
+If you disable this policy setting, or if you don't configure this policy setting, NetBT queries will only be issued for single-label names, such as "example" and not for multi-label and fully qualified domain names.
 
 <!--/Description-->
 
@@ -180,7 +180,7 @@ If you enable this policy setting, suffixes are allowed to be appended to an unq
 
 If you disable this policy setting, no suffixes are appended to unqualified multi-label name queries if the original name query fails.
 
-If you do not configure this policy setting, computers will use their local DNS client settings to determine the query behavior for unqualified multi-label names.
+If you don't configure this policy setting, computers will use their local DNS client settings to determine the query behavior for unqualified multi-label names.
 
 <!--/Description-->
 
@@ -225,7 +225,7 @@ This policy setting specifies a connection-specific DNS suffix. This policy sett
 
 If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting.  
 
-If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffix, if configured.
+If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffix, if configured.
 
 <!--/Description-->
 
@@ -273,22 +273,22 @@ With devolution, a DNS client creates queries by appending a single-label, unqua
 
 The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box.
 
-Devolution is not enabled if a global suffix search list is configured using Group Policy.
+Devolution isn't enabled if a global suffix search list is configured using Group Policy.
 
-If a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:  
+If a global suffix search list isn't configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:  
 
 - The primary DNS suffix, as specified on the Computer Name tab of the System control panel.
 - Each connection-specific DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on the DNS tab in the Advanced TCP/IP Settings dialog box for each connection.
 
 For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server.
 
-If a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
+If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
 
-For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using this policy setting. The default devolution level is two.
+For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) until the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix can't be devolved beyond a devolution level of two. The devolution level can be configured using this policy setting. The default devolution level is two.
 
 If you enable this policy setting and DNS devolution is also enabled, DNS clients use the DNS devolution level that you specify.
 
-If you disable this policy setting or do not configure it, DNS clients use the default devolution level of two provided that DNS devolution is enabled.
+If you disable this policy setting or don't configure it, DNS clients use the default devolution level of two when DNS devolution is enabled.
 
 <!--/Description-->
 
@@ -333,9 +333,9 @@ ADMX Info:
 <!--Description-->
 This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on non-domain networks with no WINS servers configured.
 
-If this policy setting is enabled, IDNs are not converted to Punycode.
+If this policy setting is enabled, IDNs aren't converted to Punycode.
 
-If this policy setting is disabled, or if this policy setting is not configured, IDNs are converted to Punycode when the computer is on non-domain networks with no WINS servers configured.
+If this policy setting is disabled, or if this policy setting isn't configured, IDNs are converted to Punycode when the computer is on non-domain networks with no WINS servers configured.
 
 <!--/Description-->
 
@@ -381,7 +381,7 @@ This policy setting specifies whether the DNS client should convert internationa
 
 If this policy setting is enabled, IDNs are converted to the Nameprep form.
 
-If this policy setting is disabled, or if this policy setting is not configured, IDNs are not converted to the Nameprep form.
+If this policy setting is disabled, or if this policy setting isn't configured, IDNs aren't converted to the Nameprep form.
 
 <!--/Description-->
 
@@ -429,7 +429,7 @@ To use this policy setting, click Enabled, and then enter a space-delimited list
 
 If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting. 
 
-If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured.
+If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured.
 
 <!--/Description-->
 
@@ -475,7 +475,7 @@ This policy setting specifies that responses from link local name resolution pro
 
 If you enable this policy setting, responses from link local protocols will be preferred over DNS responses if the local responses are from a network with a higher binding order.
 
-If you disable this policy setting, or if you do not configure this policy setting, then DNS responses from networks lower in the binding order will be preferred over responses from link local protocols received from networks higher in the binding order.
+If you disable this policy setting, or if you don't configure this policy setting, then DNS responses from networks lower in the binding order will be preferred over responses from link local protocols received from networks higher in the binding order.
 
 > [!NOTE]
 > This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured.
@@ -531,7 +531,7 @@ If you enable this policy setting, it supersedes the primary DNS suffix configur
 
 You can use this policy setting to prevent users, including local administrators, from changing the primary DNS suffix.
 
-If you disable this policy setting, or if you do not configure this policy setting, each computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it is joined.
+If you disable this policy setting, or if you don't configure this policy setting, each computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it is joined.
 <!--/Description-->
 
 
@@ -580,9 +580,10 @@ If you enable this policy setting, a computer will register A and PTR resource r
 
 For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, a computer will register A and PTR resource records for mycomputer.VPNconnection and mycomputer.microsoft.com when this policy setting is enabled.
 
-Important: This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled.
+>[!Important]
+> This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled.
 
-If you disable this policy setting, or if you do not configure this policy setting, a DNS client computer will not register any A and PTR resource records using a connection-specific DNS suffix.
+If you disable this policy setting, or if you don't configure this policy setting, a DNS client computer won't register any A and PTR resource records using a connection-specific DNS suffix.
 <!--/Description-->
 
 
@@ -631,11 +632,11 @@ If you enable this policy setting, registration of PTR records will be determine
 
 To use this policy setting, click Enabled, and then select one of the following options from the drop-down list:
 
-- Do not register: Computers will not attempt to register PTR resource records
+- Do not register: Computers won't attempt to register PTR resource records.
 - Register: Computers will attempt to register PTR resource records even if registration of the corresponding A records was not successful.
 - Register only if A record registration succeeds: Computers will attempt to register PTR resource records only if registration of the corresponding A records was successful.
 
-If you disable this policy setting, or if you do not configure this policy setting, computers will use locally configured settings.
+If you disable this policy setting, or if you don't configure this policy setting, computers will use locally configured settings.
 <!--/Description-->
 
 
@@ -678,7 +679,7 @@ ADMX Info:
 <!--Description-->
 This policy setting specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.
 
-If you enable this policy setting, or you do not configure this policy setting, computers will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting must not be disabled.
+If you enable this policy setting, or you don't configure this policy setting, computers will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting must not be disabled.
 
 If you disable this policy setting, computers may not use dynamic DNS registration for any of their network connections, regardless of the configuration for individual network connections.
 
@@ -724,13 +725,13 @@ ADMX Info:
 <!--Description-->
 This policy setting specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.
 
-This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.
+This policy setting is designed for computers that register address (A) resource records in DNS zones that don't use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.
 
 During dynamic update of resource records in a zone that does not use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record that has the client's current IP address.
 
-If you enable this policy setting or if you do not configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting A resource records during dynamic update.
+If you enable this policy setting or if you don't configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting A resource records during dynamic update.
 
-If you disable this policy setting, existing A resource records that contain conflicting IP addresses will not be replaced during a dynamic update, and an error will be recorded in Event Viewer.
+If you disable this policy setting, existing A resource records that contain conflicting IP addresses won't be replaced during a dynamic update, and an error will be recorded in Event Viewer.
 
 <!--/Description-->
 
@@ -774,7 +775,7 @@ ADMX Info:
 <!--Description-->
 This policy setting specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.
 
-Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record has not changed. This reregistration is required to indicate to DNS servers that records are current and should not be automatically removed (scavenged) when a DNS server is configured to delete stale records.
+Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record hasn't changed. This reregistration is required to indicate to DNS servers that records are current and shouldn't be automatically removed (scavenged) when a DNS server is configured to delete stale records.
 
 > [!WARNING]
 > If record scavenging is enabled on the zone, the value of this policy setting should never be longer than the value of the DNS zone refresh interval. Configuring the registration refresh interval to be longer than the refresh interval of the DNS zone might result in the undesired deletion of A and PTR resource records.
@@ -783,7 +784,7 @@ To specify the registration refresh interval, click Enabled and then enter a val
 
 If you enable this policy setting, registration refresh interval that you specify will be applied to all network connections used by computers that receive this policy setting.
 
-If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied setting. By default, client computers configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed.
+If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied setting. By default, client computers configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed.
 
 <!--/Description-->
 
@@ -831,7 +832,7 @@ To specify the TTL, click Enabled and then enter a value in seconds (for example
 
 If you enable this policy setting, the TTL value that you specify will be applied to DNS resource records registered for all network connections used by computers that receive this policy setting.
 
-If you disable this policy setting, or if you do not configure this policy setting, computers will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes).
+If you disable this policy setting, or if you don't configure this policy setting, computers will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes).
 
 <!--/Description-->
 
@@ -883,7 +884,7 @@ To use this policy setting, click Enabled, and then enter a string value represe
 
 If you enable this policy setting, one DNS suffix is attached at a time for each query. If a query is unsuccessful, a new DNS suffix is added in place of the failed suffix, and this new query is submitted. The values are used in the order they appear in the string, starting with the leftmost value and proceeding to the right until a query is successful or all suffixes are tried.
 
-If you disable this policy setting, or if you do not configure this policy setting, the primary DNS suffix and network connection-specific DNS suffixes are appended to the unqualified queries.
+If you disable this policy setting, or if you don't configure this policy setting, the primary DNS suffix and network connection-specific DNS suffixes are appended to the unqualified queries.
 
 <!--/Description-->
 
@@ -926,11 +927,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance by issuing parallel DNS, link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT) queries across all networks. In the event that multiple positive responses are received, the network binding order is used to determine which response to accept.
+This policy setting specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance by issuing parallel DNS, link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT) queries across all networks. When multiple positive responses are received, the network binding order is used to determine which response to accept.
 
-If you enable this policy setting, the DNS client will not perform any optimizations.  DNS queries will be issued across all networks first. LLMNR queries will be issued if the DNS queries fail, followed by NetBT queries if LLMNR queries fail.
+If you enable this policy setting, the DNS client won't perform any optimizations.  DNS queries will be issued across all networks first. LLMNR queries will be issued if the DNS queries fail, followed by NetBT queries if LLMNR queries fail.
 
-If you disable this policy setting, or if you do not configure this policy setting, name resolution will be optimized when issuing DNS, LLMNR and NetBT queries.
+If you disable this policy setting, or if you don't configure this policy setting, name resolution will be optimized when issuing DNS, LLMNR and NetBT queries.
 
 <!--/Description-->
 
@@ -976,7 +977,7 @@ This policy setting specifies that the DNS client should prefer responses from l
 
 If you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all networks.  
 
-If you disable this policy setting, or if you do not configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks. 
+If you disable this policy setting, or if you don't configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks. 
 
 > [!NOTE]
 > This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured.
@@ -1030,7 +1031,7 @@ To use this policy setting, click Enabled and then select one of the following v
 
 If you enable this policy setting, computers that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting.
 
-If you disable this policy setting, or if you do not configure this policy setting, computers will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update.
+If you disable this policy setting, or if you don't configure this policy setting, computers will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update.
 
 <!--/Description-->
 
@@ -1078,7 +1079,7 @@ By default, a DNS client that is configured to perform dynamic DNS update will u
 
 If you enable this policy setting, computers send dynamic updates to any zone that is authoritative for the resource records that the computer needs to update, except the root zone.
 
-If you disable this policy setting, or if you do not configure this policy setting, computers do not send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the computer needs to update.
+If you disable this policy setting, or if you don't configure this policy setting, computers don't send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the computer needs to update.
 
 <!--/Description-->
 
@@ -1126,9 +1127,9 @@ With devolution, a DNS client creates queries by appending a single-label, unqua
 
 The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box.
 
-Devolution is not enabled if a global suffix search list is configured using Group Policy.
+Devolution isn't enabled if a global suffix search list is configured using Group Policy.
 
-If a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:
+If a global suffix search list isn't configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:
 
 The primary DNS suffix, as specified on the Computer Name tab of the System control panel.
 
@@ -1136,13 +1137,13 @@ Each connection-specific DNS suffix, assigned either through DHCP or specified i
 
 For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server.
 
-If a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
+If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
 
 For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using the primary DNS suffix devolution level policy setting. The default devolution level is two.
 
-If you enable this policy setting, or if you do not configure this policy setting, DNS clients attempt to resolve single-label names using concatenations of the single-label name to be resolved and the devolved primary DNS suffix.
+If you enable this policy setting, or if you don't configure this policy setting, DNS clients attempt to resolve single-label names using concatenations of the single-label name to be resolved and the devolved primary DNS suffix.
 
-If you disable this policy setting, DNS clients do not attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved primary DNS suffix.
+If you disable this policy setting, DNS clients don't attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved primary DNS suffix.
 
 <!--/Description-->
 
@@ -1186,11 +1187,11 @@ ADMX Info:
 <!--Description-->
 This policy setting specifies that link local multicast name resolution (LLMNR) is disabled on client computers.
 
-LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR does not require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution is not possible.
+LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR doesn't require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution isn't possible.
 
 If you enable this policy setting, LLMNR will be disabled on all available network adapters on the client computer.
 
-If you disable this policy setting, or you do not configure this policy setting, LLMNR will be enabled on all available network adapters.
+If you disable this policy setting, or you don't configure this policy setting, LLMNR will be enabled on all available network adapters.
 
 <!--/Description-->
 
@@ -1207,3 +1208,6 @@ ADMX Info:
 
 <!--/Policies-->
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

windows/client-management/mdm/policy-csp-admx-dwm.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DWM
-description: Policy CSP - ADMX_DWM
+description: Learn about Policy CSP - ADMX_DWM.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@@ -76,11 +76,11 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-This policy setting controls the default color for window frames when the user does not specify a color. 
+This policy setting controls the default color for window frames when the user doesn't specify a color. 
 
-If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color. 
+If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color. 
 
-If you disable or do not configure this policy setting, the default internal color is used, if the user does not specify a color. 
+If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color. 
 
 > [!NOTE]
 > This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users.
@@ -125,11 +125,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting controls the default color for window frames when the user does not specify a color. 
+This policy setting controls the default color for window frames when the user doesn't specify a color. 
 
-If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color. 
+If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color. 
 
-If you disable or do not configure this policy setting, the default internal color is used, if the user does not specify a color. 
+If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color. 
 
 > [!NOTE]
 > This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users.
@@ -178,7 +178,7 @@ This policy setting controls the appearance of window animations such as those f
 
 If you enable this policy setting, window animations are turned off. 
 
-If you disable or do not configure this policy setting, window animations are turned on. 
+If you disable or don't configure this policy setting, window animations are turned on. 
 
 Changing this policy setting requires a logoff for it to be applied.
 
@@ -226,7 +226,7 @@ This policy setting controls the appearance of window animations such as those f
 
 If you enable this policy setting, window animations are turned off. 
 
-If you disable or do not configure this policy setting, window animations are turned on. 
+If you disable or don't configure this policy setting, window animations are turned on. 
 
 Changing this policy setting requires a logoff for it to be applied.
 
@@ -274,7 +274,7 @@ This policy setting controls the ability to change the color of window frames.
 
 If you enable this policy setting, you prevent users from changing the default window frame color. 
 
-If you disable or do not configure this policy setting, you allow users to change the default window frame color. 
+If you disable or don't configure this policy setting, you allow users to change the default window frame color. 
 
 > [!NOTE]
 > This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users.
@@ -323,7 +323,7 @@ This policy setting controls the ability to change the color of window frames.
 
 If you enable this policy setting, you prevent users from changing the default window frame color. 
 
-If you disable or do not configure this policy setting, you allow users to change the default window frame color. 
+If you disable or don't configure this policy setting, you allow users to change the default window frame color. 
 
 > [!NOTE] 
 > This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users.
@@ -343,3 +343,6 @@ ADMX Info:
 
 <!--/Policies-->
 
+## Related topics
+
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)