diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index ae1b99510e..85b9e8d303 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -1,6 +1,11 @@
 {
 "redirections": [
 {
+"source_path": "windows/deployment/update/waas-windows-insider-for-business.md",
+"redirect_url": "/windows-insider/at-work-pro/wip-4-biz-get-started",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set",
 "redirect_document_id": true
@@ -11,6 +16,16 @@
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md",
+"redirect_url": "/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agress.md",
+"redirect_url": "/windows/security/threat-protectionsecurity-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-application-control.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control",
 "redirect_document_id": true
@@ -13680,6 +13695,15 @@
 "redirect_url": "/windows/privacy/windows-diagnostic-data",
 "redirect_document_id": true
 },
-
+{
+"source_path": "windows/deployment/upgrade/windows-10-edition-downgrades.md",
+"redirect_url": "/windows/deployment/upgrade/windows-10-edition-upgrades",
+"redirect_document_id": true
+},
+{
+"source_path": "education/windows/windows-automatic-redeployment.md",
+"redirect_url": "/education/windows/autopilot-reset",
+"redirect_document_id": true
+},
 ]
 }
diff --git a/browsers/edge/Index.md b/browsers/edge/Index.md
index 12e65e0580..214a02e1d0 100644
--- a/browsers/edge/Index.md
+++ b/browsers/edge/Index.md
@@ -1,7 +1,7 @@
 ---
 description: Overview information about Microsoft Edge, the default browser for Windows 10. This topic includes links to other Microsoft Edge topics.
 ms.assetid: 70377735-b2f9-4b0b-9658-4cf7c1d745bb
-author: eross-msft
+author: shortpatti
 ms.prod: edge
 ms.mktglfcycl: general
 ms.sitesec: library
diff --git a/browsers/edge/TOC.md b/browsers/edge/TOC.md
index 9a9115a9ac..74016c002c 100644
--- a/browsers/edge/TOC.md
+++ b/browsers/edge/TOC.md
@@ -1,9 +1,20 @@
 #[Microsoft Edge - Deployment Guide for IT Pros](index.md)
+
+##[New Microsoft Edge Group Policies and MDM settings](new-policies.md)
+
+##[Deploy Microsoft Edge kiosk mode](microsoft-edge-kiosk-mode-deploy.md)
+
 ##[Change history for Microsoft Edge](change-history-for-microsoft-edge.md)
+
 ##[Enterprise guidance about using Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md)
+
 ##[Microsoft Edge requirements and language support](hardware-and-software-requirements.md)
+
 ##[Available policies for Microsoft Edge](available-policies.md)
+
 ##[Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md)
+
 ##[Security enhancements for Microsoft Edge](security-enhancements-microsoft-edge.md)
+
 ##[Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.md)
 
diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md
index 7c3c8a5909..f3f141bb30 100644
--- a/browsers/edge/available-policies.md
+++ b/browsers/edge/available-policies.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 title: Group Policy and Mobile Device Management settings for Microsoft Edge (Microsoft Edge for IT Pros)
 ms.localizationpriority: medium
-ms.date: 4/30/2018 
+ms.date: 07/20/2018 
 ---
 
 # Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge
@@ -29,628 +29,132 @@ Microsoft Edge works with the following Group Policy settings to help you manage
 Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\
 
 ## Allow a shared books folder
->*Supported versions: Windows 10, version 1803*<br>
->*Default setting: None*
-
-You can configure Microsoft Edge to store books from the Books Library to a default, shared folder for Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads book files automatically to a common, shared folder, and prevents users from removing the book from the library. For this policy to work properly, users must be signed in with a school or work account.  
-
-If you disable or don’t configure this policy, Microsoft Edge does not use a shared folder but downloads book files to a per-user folder for each user. 
- 
-
-
-**MDM settings in Microsoft Intune** 
-|   |   |
-|---|---|
-|MDM name |Browser/[UseSharedFolderForBooks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) |
-|Supported devices |Desktop  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/UseSharedFolderForBooks  |
-|Data type |Integer  |
-|Allowed values |<ul><li>**0** - Disabled.</li><li>**1** - Enabled.</li></ul> |
-
+[!INCLUDE [allow-shared-folder-books-include.md](includes/allow-shared-folder-books-include.md)] 
 
 ## Allow Address bar drop-down list suggestions
->*Supported versions: Windows 10, version 1703 or later*
+[!INCLUDE [allow-address-bar-suggestions-include.md](includes/allow-address-bar-suggestions-include.md)]
 
-By default, Microsoft Edge shows the Address bar drop-down list and makes it available.  If you want to minimize network connections from Microsoft Edge to Microsoft service, we recommend disabling this policy. Disabling this policy turns off the Address bar drop-down list functionality. 
-
-When disabled, Microsoft Edge also disables the user-defined policy Show search and site suggestions as I type. Because the drop-down shows the search suggestions, this policy takes precedence over the [Configure search suggestions in Address bar](https://docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies#configure-search-suggestions-in-address-bar) policy.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |Browser/[AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) |
-|Supported devices |Desktop  |
-|URI full path | ./Vendor/MSFT/Policy/Config/Browser/AllowAddressBarDropdown |
-|Data type | Integer |
-|Allowed values |<ul><li>**0** - Disabled. Not allowed.</li><li>**1 (default)** - Enabled or not configured. Allowed.</li></ul> |
-
- 
-## Allow Adobe Flash
->*Supported version: Windows 10*
-
-Adobe Flash is integrated with Microsoft Edge and updated via Windows Update. With this policy, you can configure Microsoft Edge to run Adobe Flash content or prevent Adobe Flash from running.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[AllowFlash](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash) |
-|Supported devices |Desktop  |
-|URI full path | ./Vendor/MSFT/Policy/Config/Browser/AllowAdobeFlash |
-|Data type | Integer |
-|Allowed values |<ul><li>**0** - Disabled. Microsoft Edge prevents Adobe Flash content from running.</li><li>**1 (default)** - Enabled or not configured. Microsoft Edge runs Adobe Flash content. </li></ul> |
+## Allow Adobe Flash 
+[!INCLUDE [allow-adobe-flash-include.md](includes/allow-adobe-flash-include.md)]
 
 ## Allow clearing browsing data on exit
->*Supported versions: Windows 10, version 1703*
-
-By default, Microsoft Edge does not clear the browsing data on exit, but users can configure the _Clear browsing data_ option in Settings.  Browsing data includes information you entered in forms, passwords, and even the websites visited. Enable this policy if you want to clear the browsing data automatically each time Microsoft Edge closes.
-
-
-**Microsoft Intune to manage your MDM settings**
-|   |   |
-|---|---|
-|MDM name |[ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) |
-|Supported devices |Desktop  |
-|URI full path | ./Vendor/MSFT/Policy/Config/Browser/ClearBrowsingDataOnExit  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Disabled or not configured. Microsoft Edge does not clear the browsing data on exit, but users can configure the _Clear browsing data_ option in Settings.</li><li>**1** - Enabled. Clears the browsing data each time Microsoft Edge closes.</li></ul> |
-
+[!INCLUDE [allow-clearing-browsing-data-include.md](includes/allow-clearing-browsing-data-include.md)]
 
 ## Allow configuration updates for the Books Library
->*Supported versions: Windows 10, version 1803*<br>
->*Default setting: Enabled or not configured*
-
-Microsoft Edge automatically retrieves the configuration data for the Books Library, when this policy is enabled or
-not configured. If disabled, Microsoft Edge does not retrieve the Books configuration data.
-
-**MDM settings in Microsoft Intune** 
-|   |   |
-|---|---|
-|MDM name |Browser/[AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) |
-|Supported devices |Desktop  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowConfigurationUpdateForBooksLibrary  |
-|Data type |Integer  |
-|Allowed values |<ul><li>**0** - Disable. Microsoft Edge cannot retrieve a configuration.</li><li>**1 (default)** - Enable (default). Microsoft Edge can retrieve a configuration for Books Library.</li></ul> |
-
+[!INCLUDE [allow-config-updates-books-include.md](includes/allow-config-updates-books-include.md)]
 
 ## Allow Cortana
->*Supported versions: Windows 10, version 1607 or later*
-
-Cortana is integrated with Microsoft Edge, and when enabled, Cortana allows you to use the voice assistant on your device. If disabled, Cortana is not available for use, but you can search to find items on your device. 
-
-**Microsoft Intune to manage your MDM settings**
-|   |   |
-|---|---|
-|MDM name |[AllowCortana](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) |
-|Supported devices |Mobile  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowCortana  |
-|Location |Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortana |
-|Data type | Integer |
-|Allowed values |<ul><li>**0** - Not allowed.</li><li>**1 (default)** - Allowed.</li></ul> |
+[!INCLUDE [allow-cortana-include.md](includes/allow-cortana-include.md)]
 
 ## Allow Developer Tools
->*Supported versions: Windows 10, version 1511 or later*
-
-F12 developer tools is a suite of tools to help you build and debug your webpage. By default, this policy is enabled making the F12 Developer Tools available to use.  
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[AllowDeveloperTools](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools) |
-|Supported devices |Desktop  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0** - The F12 Developer Tools are disabled.</li><li>**1 (default)** - The F12 Developer Tools are enabled.</li></ul> |
+[!INCLUDE [allow-dev-tools-include.md](includes/allow-dev-tools-include.md)]
 
 ## Allow extended telemetry for the Books tab
->*Supported versions: Windows 10, version 1803*<br>
->*Default setting: Disabled or not configured*
-
-If you enable this policy, both basic and additional diagnostic data is sent to Microsoft about the books you are
-reading from Books in Microsoft Edge. By default, this policy is disabled or not configured and only basic
-diagnostic data, depending on your device configuration, is sent to Microsoft.
-
-**MDM settings in Microsoft Intune** 
-|   |   |
-|---|---|
-|MDM name |Browser/[EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) |
-|Supported devices |Desktop  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/EnableExtendedBooksTelemetry  |
-|Data type |Integer  |
-|Allowed values |<ul><li>**0 (default)** - Disable. No additional diagnostic data.</li><li>**1** - Enable. Additional diagnostic data for schools.</li></ul> |
-
+[!INCLUDE [allow-ext-telemetry-books-tab-include.md](includes/allow-ext-telemetry-books-tab-include.md)]
 
 ## Allow Extensions
->*Supported versions: Windows 10, version 1607 or later*
-
-If you enable this policy, you can personalize and add new features to Microsoft Edge with extensions. By default, this policy is enabled. If you want to prevent others from installing unwanted extensions, disable this policy.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[AllowExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowextensions) |
-|Supported devices |Desktop  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowExtensions  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0** - Microsoft Edge extensions are disabled.</li><li>**1 (default)** - Microsoft Edge Extensions are enabled. </li></ul> |
+[!INCLUDE [allow-extensions-include.md](includes/allow-extensions-include.md)]
 
 ## Allow InPrivate browsing
->*Supported versions: Windows 10, version 1511 or later*
-
-InPrivate browsing, when enabled, prevents your browsing data is not saved on your device. Microsoft Edge deletes temporary data from your device after all your InPrivate tabs are closed. 
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[AllowInPrivate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate) |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowInPrivate  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0** - InPrivate browsing is disabled.</li><li>**1 (default)** - InPrivate browsing is enabled.</li></ul> |
+[!INCLUDE [allow-inprivate-browsing-include.md](includes/allow-inprivate-browsing-include.md)]
 
 ## Allow Microsoft Compatibility List
->*Supported versions: Windows 10, version 1703 or later*
-
-Microsoft Edge uses the compatibility list that helps websites with known compatibility issues display properly. When enabled, Microsoft Edge checks the list to determine if the website has compatibility issues during browser navigation. By default, this policy is enabled allowing periodic downloads and installation of updates. Visiting any site on the Microsoft compatibility list prompts the employee to use Internet Explorer 11, where the site renders as though it is in whatever version of IE is necessary for it to appear properly. If disabled, the compatibility list is not used.
-
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[AllowMicrosoftCompatibilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowMicrosoftCompatibilityList  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0** - Disabled. The Microsoft compatibility list is ignored.</li><li>**1 (default)** - Enabled. The Microsoft compatibility list is periodically update and used during browser navigation.</li></ul> |
+[!INCLUDE [allow-microsoft-compatibility-list-include.md](includes/allow-microsoft-compatibility-list-include.md)]
 
 ## Allow search engine customization
->*Supported versions: Windows 10, version 1703 or later*
+[!INCLUDE [allow-search-engine-customization-include.md](includes/allow-search-engine-customization-include.md)]
 
-This policy setting allows search engine customization for domain-joined or MDM-enrolled devices only. For example, you can change the default search engine or add a new search engine. By default, this setting is enabled allowing you to add new search engines and change the default under Settings. If disabled, you cannot add search engines or change the default.
-
-For more information, see [Microsoft browser extension policy](https://docs.microsoft.com/en-us/legal/windows/agreements/microsoft-browser-extension-policy).
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[AllowSearchEngineCustomization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowSearchEngineCustomization  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0** - Additional search engines are not allowed, and the default cannot be changed in the Address bar.</li><li>**1 (default)** - Additional search engines are allowed, and the default can be changed in the Address bar.</li></ul> |
+## Allow Start and New Tab page preload
+[!INCLUDE [allow-tab-preloading-include](includes/allow-tab-preloading-include.md)]
 
 ## Allow web content on New Tab page
->*Supported versions: Windows 10*
-
-This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. 
-
-If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.  
-
-If you disable this setting, Microsoft Edge opens a new tab with a blank page. If you use this setting, employees can't change it.  
-
-If you don't configure this setting, employees can choose how new tabs appears.
-
+[!INCLUDE [allow-web-content-new-tab-page-include.md](includes/allow-web-content-new-tab-page-include.md)]
 
 ## Always show the Books Library in Microsoft Edge
->*Supported versions: Windows 10, version 1709 or later*
-
-This policy settings specifies whether to always show the Books Library in Microsoft Edge. By default, this setting is disabled, which means the library is only visible in countries or regions where available. if enabled, the Books Library is always shown regardless of countries or region of activation.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[AlwaysEnableBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path | ./Vendor/MSFT/Policy/Config/Browser/AlwaysEnableBooksLibrary |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Disable. Use default visibility of the Books Library. The Library will be only visible in countries or regions where it’s available.</li><li>**1** - Enable. Always show the Books Library, regardless of countries or region of activation.</li></ul> |
+[!INCLUDE [always-enable-book-library-include.md](includes/always-enable-book-library-include.md)]
 
 ## Configure additional search engines
->*Supported versions: Windows 10, version 1703 or later*
-
-This policy setting, when enabled, lets you add up to five additional search engines. Employees cannot remove these search engines, but they can set any one as the default. By default, this setting is not configured and does not allow additional search engines to be added. If disabled, the search engines added are deleted.
-
-For each additional search engine, you add, specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/).
-
-This setting does not set the default search engine. For that, you must use the "Set default search engine" setting.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[ConfigureAdditionalSearchEngines](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines) |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/ConfigureAdditionalSearchEngines  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Additional search engines are not allowed.</li><li>**1** - Additional search engines are allowed.</li></ul> |
+[!INCLUDE [configure-additional-search-engines-include.md](includes/configure-additional-search-engines-include.md)]
 
 ## Configure Autofill
->*Supported versions: Windows 10*
-
-This policy setting specifies whether AutoFill on websites is allowed. By default, this setting is not configured allowing you to choose whether or not to use AutoFill. If enabled, AutoFill is used. If disabled, AutoFill is not used. 
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[AllowAutofill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) |
-|Supported devices |Desktop  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowAutofill  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0** - Employees cannot use Autofill to complete form fields.</li><li>**1 (default)** - Employees can use Autofill to complete form fields.</li></ul> |
+[!INCLUDE [configure-autofill-include.md](includes/configure-autofill-include.md)]
 
 ## Configure cookies
->*Supported versions: Windows 10*
-
-This policy setting specifies whether cookies are allowed. By default, this setting is enabled with the Block all cookies and Block only 3rd-party cookies options available.  If disabled or not configured, all cookies are allowed from all sites. 
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[AllowCookies](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowcookies) |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowCookies  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Allows all cookies from all sites.</li><li>**1** - Blocks only cookies from 3rd party websites.</li><li>**2** - Blocks all cookies from all sites.</li></ul> |
+[!INCLUDE [configure-cookies-include.md](includes/configure-cookies-include.md)]
 
 ## Configure Do Not Track
->*Supported versions: Windows 10*
-
-This policy setting specifies whether Do Not Track requests to websites is allowed. By default, this setting is not configured allowing you to choose if to send tracking information. If enabled, Do Not Track requests are always sent to websites asking for tracking information. If disabled, Do Not Track requests are never sent. 
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowDoNotTrack  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Stops you from sending Do Not Track headers to websites requesting tracking info.</li><li>**1** - Employees can send Do Not Track headers to websites requesting tracking info. </li></ul> |
-
+[!INCLUDE [configure-do-not-track-include.md](includes/configure-do-not-track-include.md)]
 
 ## Configure Favorites
->*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
-This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their favorites by adding or removing items at any time.
-
-If you enable this setting, you can configure what default Favorites appear for your employees. If this setting is enabled, you must also provide a list of Favorites in the Options section. This list is imported after your policy is deployed.
-
-If you disable or don't configure this setting, employees will see the Favorites that they set in the Favorites hub.
-
+[!INCLUDE [configure-favorites-include.md](includes/configure-favorites-include.md)]
 
 ## Configure Password Manager
->*Supported versions: Windows 10*
-
-This policy setting specifies whether saving and managing passwords locally on the device is allowed. By default, this setting is enabled allowing you to save their passwords locally. If not configured, you can choose if to save and manage passwords locally. If disabled, saving and managing passwords locally is turned off. 
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Employees cannot use Password Manager to save passwords locally.</li><li>**1** - Employees can use Password Manager to save passwords locally.</li></ul> |
+[!INCLUDE [configure-password-manager-include.md](includes/configure-password-manager-include.md)]
 
 ## Configure Pop-up Blocker
->*Supported versions: Windows 10*
-
-This policy setting specifies whether pop-up blocker is allowed or enabled. By default, pop-up blocker is turned on. If not configured, you can choose whether to turn on or turn off pop-up blocker. If disabled, pop-up blocker is turned off.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[AllowPopups](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpopups) |
-|Supported devices |Desktop  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowPopups  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Turns off Pop-up Blocker, allowing pop-up windows.</li><li>**1** - Turns on Pop-up Blocker, stopping pop-up windows. </li></ul> |
+[!INCLUDE [configure-pop-up-blocker-include.md](includes/configure-pop-up-blocker-include.md)]
 
 ## Configure search suggestions in Address bar
->*Supported versions: Windows 10*
-
-This policy setting specifies whether search suggestions are allowed in the address bar. By default, this setting is not configured allowing you to choose whether search suggestions appear in the address bar.  If enabled, search suggestions appear.  If disabled, search suggestions do not appear.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowSearchSuggestionsinAddressBar  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Employees cannot see search suggestions in the Address bar of Microsoft Edge.</li><li>**1** - Employees can see search suggestions in the Address bar of Microsoft Edge.</li></ul> |
+[!INCLUDE [configure-search-suggestions-address-bar-include.md](includes/configure-search-suggestions-address-bar-include.md)]
 
 ## Configure Start pages
->*Supported versions: Windows 10, version 1511 or later*
-
-This policy setting specifies your Start pages for domain-joined or MDM-enrolled devices. By default, this setting is disabled or not configured. Therefore, the Start page is the webpages specified in App settings. If enabled, you can configure one or more corporate Start pages. If enabling this setting, you must include URLs separating multiple pages by using XML-escaped characters < and >, for example, **<\support.contoso.com><\support.microsoft.com>**. 
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages) |
-|Supported devices |Desktop  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/HomePages  |
-|Data type |String |
-|Allowed values |Configure the Start page (previously known as Home page) URLs for your you. |
+[!INCLUDE [configure-start-pages-include.md](includes/configure-start-pages-include.md)]
 
 ## Configure the Adobe Flash Click-to-Run setting
->*Supported versions: Windows 10, version 1703 or later*
-
-This policy setting specifies whether you must take action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. By default, this setting is enabled. When the setting is enabled, you must click the content, Click-to-Run button, or have the site appear on an auto-allow list before the Adobe Flash content loads. If disabled, Adobe Flash loads and runs automatically.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) |
-|Supported devices |Desktop  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowFlashClickToRun  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0** - Adobe Flash content is automatically loaded and run by Microsoft Edge.</li><li>**1 (default)** - An employee must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.</li></ul> |
+[!INCLUDE [configure-adobe-flash-click-to-run-include.md](includes/configure-adobe-flash-click-to-run-include.md)]
 
 ## Configure the Enterprise Mode Site List
->*Supported versions: Windows 10*
-
-This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps. By default, this setting is disabled or not configured, which means the Enterprise Mode Site List is not used. In this case, you might experience compatibility problems while using legacy apps. If enabled, you must add the location to your site list in the **{URI}** box. when enabled, Microsoft Edge looks for the Enterprise Mode Site List XML file, which includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode.
-
->[!Note] 
->If there is a .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server has a different version number than the version in the cache container, the server file is used and stored in the cache container.<br><br>
->If you already use a site list, enterprise mode continues to work during the 65-second wait; it just uses the existing site list instead of the new one.  
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) |
-|Supported devices |Desktop  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/EnterpriseModeSiteList  |
-|Data type | String |
-|Allowed values |<ul><li>Not configured.</li><li>**1 (default)** - Use the Enterprise Mode Site List, if configured.</li><li>**2** - Specify the location to the site list.</li></ul> |
+[!INCLUDE [configure-enterprise-mode-site-list-include.md](includes/configure-enterprise-mode-site-list-include.md)]
 
 ## Configure Windows Defender SmartScreen
->*Supported versions: Windows 10*
-
-This policy setting specifies whether Windows Defender SmartScreen is allowed. By default, this setting is enabled or turned on, and you cannot turn it off. If disabled, Windows Defender SmartScreen is turned off, and you cannot turn it on. If not configured, you can choose whether to use Windows Defender SmartScreen.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Turns off Windows Defender SmartScreen.</li><li>**1** - Turns on Windows Defender SmartScreen, providing warning messages to your you about potential phishing scams and malicious software.</li></ul> |
+[!INCLUDE [configure-windows-defender-smartscreen-include.md](includes/configure-windows-defender-smartscreen-include.md)]
 
 ## Disable lockdown of Start pages
->*Supported versions: Windows 10, version 1703 or later*
+[!INCLUDE [disable-lockdown-of-start-pages-include.md](includes/disable-lockdown-of-start-pages-include.md)]
 
-This policy setting specifies whether the lockdown on the Start pages is disabled on domain-joined or MDM-enrolled devices. By default, this policy is enabled locking down the Start pages according to the settings specified in the Browser/HomePages policy. When enabled, users cannot change the Start pages. If disabled, users can modify the Start pages.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[DisableLockdownOfStartPages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages) |
-|Supported devices |Desktop  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/DisableLockdownOfStartPages  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Enable lockdown of the Start pages according to the settings specified in the Browser/HomePages policy. Users cannot change the Start pages.</li><li>**1** - Disable lockdown of the Start pages and allow users to modify them.</li></ul> |
-
- 
 ## Do not sync
->*Supported versions: Windows 10*
-
-This policy setting specifies whether you can use the Sync your Settings option to sync their settings to and from their device. By default, this setting is disabled or not configured, which means the Sync your Settings options are turned on, letting you pick what can sync on their device. If enabled, the Sync your Settings options are turned off and none of the Sync your Setting groups are synced on the device. You can use the Allow users to turn syncing on the option to turn the feature off by default, but to let the employee change this setting. For information about what settings are synced, see [About sync setting on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices).
-
-**Microsoft Intune to manage your MDM settings**
-|   |   |
-|---|---|
-|MDM name |[AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) |
-|Supported devices |Desktop  |
-|URI full path |./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings  |
-|Location |Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync |
-|Data type | Integer |
-|Allowed values |<ul><li>**0** - Disable syncing between PCs.</li><li>**1 (default)** - Allow syncing between PCs.</li></ul> |
+[!INCLUDE [do-not-sync-include.md](includes/do-not-sync-include.md)]
 
 ## Do not sync browser settings
->*Supported versions: Windows 10*
-
-This policy setting specifies whether a browser group can use the Sync your Settings options to sync their information to and from their device. Settings include information like History and Favorites. By default, this setting is disabled or not configured, which means the Sync your Settings options are turned on, letting browser groups pick what can sync on their device. If enabled, the Sync your Settings options are turned off so that browser groups are unable to sync their settings and info. You can use the Allow users to turn browser syncing on option to turn the feature off by default, but to let the employee change this setting.
-
-**MDM settings in Microsoft Intune** 
-|   |   |
-|---|---|
-|MDM name |Experience/DoNotSynBrowserSettings |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path |./Vendor/MSFT/Policy/Config/Experience/DoNotSynBrowserSettings  |
-|Data type |Integer  |
-|Allowed values |<ul><li>**0** - Disable browser syncing.</li><li>**1 (default)** - Allow browser syncing.</li></ul> |
+[!INCLUDE [do-not-sync-browser-settings-include.md](includes/do-not-sync-browser-settings-include.md)] 
 
 ## Keep favorites in sync between Internet Explorer and Microsoft Edge
->*Supported versions: Windows 10, version 1703 or later*
-
-This policy setting specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including additions, deletions, modifications, and ordering. By default, this setting is disabled or not configured. When disabled or not configured, you cannot sync their favorites. If enabled, you can sync their favorites and stops Microsoft Edge favorites from syncing between connected Windows 10 devices. This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. 
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge) |
-|Supported devices |Desktop  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/SyncFavoritesBetweenIEAndMicrosoftEdge  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Turn off synchronization.</li><li>**1** - Turn on synchronization.</li></ul> |
+[!INCLUDE [keep-fav-sync-ie-edge-include.md](includes/keep-fav-sync-ie-edge-include.md)] 
 
 ## Prevent access to the about:flags page
->*Supported versions: Windows 10, version 1607 or later*
-
-This policy setting specifies whether you can access the about:flags page, which is used to change developer settings and to enable experimental features. By default, this setting is disabled or not configured, which means you can access the about:flags page. If enabled, you cannot access the about:flags page.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge) |
-|Supported devices |Desktop  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventAccessToAboutFlagsInMicrosoftEdge  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Employees can access the about:flags page in Microsoft Edge.</li><li>**1** - Employees cannot access the about:flags page in Microsoft Edge.</li></ul> |
+[!INCLUDE [prevent-access-about-flag-include.md](includes/prevent-access-about-flag-include.md)] 
 
 ## Prevent bypassing Windows Defender SmartScreen prompts for files
->*Supported versions: Windows 10, version 1511 or later*
-
-This policy setting specifies whether you can override the Windows Defender SmartScreen warnings about downloading unverified files. By default, this setting is disabled or not configured (turned off), which means you can ignore the warnings and can continue the download process. If enabled (turned on), you cannot ignore the warnings and blocks them from downloading unverified files.  
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles) |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path | ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Lets you ignore the Windows Defender SmartScreen warnings about unverified files and lets them continue the download process.</li><li>**1** - Stops you from ignoring the Windows Defender SmartScreen warnings about unverified files.</li></ul> |
+[!INCLUDE [prevent-bypassing-win-defender-files-include.md](includes/prevent-bypassing-win-defender-files-include.md)] 
 
 ## Prevent bypassing Windows Defender SmartScreen prompts for sites
->*Supported versions: Windows 10, version 1511 or later*
-
-This policy setting specifies whether you can override the Windows Defender SmartScreen warnings about potentially malicious websites. By default, this setting is disabled or not configured (turned off), which means you can ignore the warnings and allows them to continue to the site. If enabled (turned on), you cannot ignore the warnings and blocks them from continuing to the site.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[PreventSmartScreenPromptOverride](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride) |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Turns off Windows Defender SmartScreen.</li><li>**1** - Turns on Windows Defender SmartScreen.</li></ul> |
+[!INCLUDE [prevent-bypassing-win-defender-sites-include.md](includes/prevent-bypassing-win-defender-sites-include.md)] 
 
 ## Prevent changes to Favorites on Microsoft Edge
->*Supported versions: Windows 10, version 1709*
-
-This policy setting specifies whether you can add, import, sort, or edit the Favorites list in Microsoft Edge. By default, this setting is disabled or not configured (turned on), which means the Favorites list is not locked down and you can make changes to the Favorites list. If enabled, you cannot make changes to the Favorites list. Also, the Save a Favorite, Import settings, and the context menu items, such as Create a new folder, are turned off. 
-
->[!Important]
->Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops you from syncing their favorites between Internet Explorer and Microsoft Edge.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[LockdownFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/LockdownFavorites  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Disabled. Do not lockdown Favorites.</li><li>**1** - Enabled. Lockdown Favorites.</li></ul> |
+[!INCLUDE [prevent-changes-to-favorites-include.md](includes/prevent-changes-to-favorites-include.md)] 
 
 ## Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
->*Supported versions: Windows 10, version 1703 or later*
-
-This policy setting specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. By default, this setting is disabled or not configured (turned off), which means Microsoft servers are contacted if a site is pinned. If enabled (turned on), Microsoft servers are not contacted if a site is pinned.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[PreventLiveTileDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection) |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventLiveTileDataCollection  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Microsoft servers will be contacted if a site is pinned to Start from Microsoft Edge.</li><li>**1** - Microsoft servers will not be contacted if a site is pinned to Start from Microsoft Edge.</li></ul> |
-
+[!INCLUDE [prevent-live-tile-pinning-start-include](includes/prevent-live-tile-pinning-start-include.md)]
 
 ## Prevent the First Run webpage from opening on Microsoft Edge
->*Supported versions: Windows 10, version 1703 or later*
-
-This policy setting specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, the First Run webpage hosted on microsoft.com opens automatically. This policy allows enterprises, such as those enrolled in a zero-emissions configuration, to prevent this page from opening. By default, this setting is disabled or not configured (turned off), which means you see the First Run page. If enabled (turned on), the you do not see the First Run page.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[PreventFirstRunPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage) |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path | ./Vendor/MSFT/Policy/Config/Browser/PreventFirstRunPage  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Employees see the First Run webpage.</li><li>**1** - Employees do not see the First Run webpage.</li></ul> |
+[!INCLUDE [prevent-first-run-webpage-open-include.md](includes/prevent-first-run-webpage-open-include.md)] 
 
 ## Prevent using Localhost IP address for WebRTC
->*Supported versions: Windows 10, version 1511 or later*
-
-
-This policy setting specifies whether localhost IP address is visible or hidden while making phone calls to the WebRTC protocol. By default, this setting is disabled or not configured (turned off), which means the localhost IP address is visible. If enabled (turned on), localhost IP addresses are hidden. 
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc) |
-|Supported devices |Desktop  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventUsingLocalHostIPAddressForWebRTC  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Shows an employee's LocalHost IP address while using the WebRTC protocol.</li><li>**1** - Does not show an employee's LocalHost IP address while using the WebRTC protocol.</li></ul> |
+[!INCLUDE [prevent-localhost-address-for-webrtc-include.md](includes/prevent-localhost-address-for-webrtc-include.md)] 
 
 ## Provision Favorites
->*Supported versions: Windows 10, version 1709*
-
-You can configure a default list of favorites that appear for your users in Microsoft Edge. 
-
-If disabled or not configured, a default list of favorites is not defined in Microsoft Edge. In this case, users can customize the Favorites list, such as adding folders for organizing, adding, or removing favorites.
-
-If enabled, a default list of favorites is defined for users in Microsoft Edge. Users are not allowed to add, import, or change the Favorites list. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off. 
-
-To define a default list of favorites, you can export favorites from Microsoft Edge and use the HTML file for provisioning user machines. In HTML format, specify the URL which points to the file that has all the data for provisioning favorites.
-
-URL can be specified as:
-- HTTP location: "SiteList"="http://localhost:8080/URLs.html"
-- Local network: "SiteList"="\network\shares\URLs.html"
-- Local file: "SiteList"="file:///c:\Users\\Documents\URLs.html"
-
->[!Important]
->You can only enable either this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy, but not both. Enabling both stops you from syncing favorites between Internet Explorer and Microsoft Edge. 
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[ProvisionFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/ProvisionFavorites  |
-|Data type | String |
-
+[!INCLUDE [provision-favorites-include](includes/provision-favorites-include.md)]
 
 ## Send all intranet sites to Internet Explorer 11
->*Supported versions: Windows 10*
-
-
-This policy setting specifies whether to send intranet traffic to Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge. By default, this setting is disabled or not configured (turned off), which means all websites, including intranet sites, open in Microsoft Edge. If enabled, all intranet sites are opened in Internet Explorer 11 automatically.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer) |
-|Supported devices |Desktop  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/SendIntranetTraffictoInternetExplorer  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Automatically opens all websites, including intranet sites, using Microsoft Edge.</li><li>**1** - Automatically opens all intranet sites using Internet Explorer 11.</li></ul> |
+[!INCLUDE [send-all-intranet-sites-ie-include.md](includes/send-all-intranet-sites-ie-include.md)] 
 
 ## Set default search engine
->*Supported versions: Windows 10, version 1703 or later*
-
-
-This policy setting allows you to configure the default search engine for domain-joined or MDM-enrolled devices. By default, this setting is not configured, which means the default search engine is specified in App settings. In this case, you can change the default search engine at any time unless you disable the "Allow search engine customization" setting, which restricts any changes. If enabled, you can configure a default search engine for you. When enabled, you cannot change the default search engine. If disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market. 
-
-To set the default search engine, you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see Search provider discovery. If you'd like your you to use the default Microsoft Edge settings for each market, you can set the string to EDGEDEFAULT. If you'd like your you to use Microsoft Bing as the default search engine, you can set the string to EDGEBING.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[SetDefaultSearchEngine](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine) |
-|Supported devices |Desktop<br>Mobile  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - The default search engine is set to the one specified in App settings.</li><li>**1** - Allows you to configure the default search engine for your you.</li></ul> |
+[!INCLUDE [set-default-search-engine-include.md](includes/set-default-search-engine-include.md)] 
 
 ## Show message when opening sites in Internet Explorer
->*Supported versions: Windows 10, version 1607 and later*
+[!INCLUDE [show-message-opening-sites-ie-include.md](includes/show-message-opening-sites-ie-include.md)] 
 
 
-This policy setting specifies whether you see an additional page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site List. By default, this policy is disabled, which means no additional page’s display. If enabled, you see an additional page.
-
-**Microsoft Intune to manage your MDM settings** 
-|   |   |
-|---|---|
-|MDM name |[ShowMessageWhenOpeningSitesInInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) |
-|Supported devices |Desktop  |
-|URI full path |./Vendor/MSFT/Policy/Config/Browser/ShowMessageWhenOpeningSitesInInternetExplorer  |
-|Data type | Integer |
-|Allowed values |<ul><li>**0 (default)** - Doesn’t show an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.</li><li>**1** - Shows an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.</li></ul> |
 
 ## Related topics
 * [Mobile Device Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885)
diff --git a/browsers/edge/docfx.json b/browsers/edge/docfx.json
index 31eafa6401..b3be0aa999 100644
--- a/browsers/edge/docfx.json
+++ b/browsers/edge/docfx.json
@@ -19,7 +19,7 @@
         "ROBOTS": "INDEX, FOLLOW",
 		"ms.technology": "microsoft-edge",
 		"ms.topic": "article",
-		"ms.author": "lizross",
+		"ms.author": "shortpatti",
 		"ms.date": "04/05/2017",
 	    "feedback_system": "GitHub",
         "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
diff --git a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md
index 19f3bdea2c..010a44e44b 100644
--- a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md
+++ b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Edge and Internet Explorer 11 (Microsoft Edge for IT Pros)
 description: Enterprise guidance for using Microsoft Edge and Internet Explorer 11.
-author: eross-msft
+author: shortpatti
 ms.prod: edge
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/browsers/edge/hardware-and-software-requirements.md b/browsers/edge/hardware-and-software-requirements.md
index 0d39502e6a..307e1293de 100644
--- a/browsers/edge/hardware-and-software-requirements.md
+++ b/browsers/edge/hardware-and-software-requirements.md
@@ -1,7 +1,7 @@
 ---
 description: Microsoft Edge is pre-installed on all Windows 10-capable devices that meet the minimum system requirements and are on the supported language list.
 ms.assetid: 3c5bc4c4-1060-499e-9905-2504ea6dc6aa
-author: eross-msft
+author: shortpatti
 ms.prod: edge
 ms.mktglfcycl: support
 ms.sitesec: library
diff --git a/browsers/edge/images/148766.png b/browsers/edge/images/148766.png
new file mode 100644
index 0000000000..cf568656a7
Binary files /dev/null and b/browsers/edge/images/148766.png differ
diff --git a/browsers/edge/images/148767.png b/browsers/edge/images/148767.png
new file mode 100644
index 0000000000..7f8b92a620
Binary files /dev/null and b/browsers/edge/images/148767.png differ
diff --git a/browsers/edge/images/Multi-app_kiosk_inFrame.png b/browsers/edge/images/Multi-app_kiosk_inFrame.png
new file mode 100644
index 0000000000..a1c62f8ffe
Binary files /dev/null and b/browsers/edge/images/Multi-app_kiosk_inFrame.png differ
diff --git a/browsers/edge/images/Normal_inFrame.png b/browsers/edge/images/Normal_inFrame.png
new file mode 100644
index 0000000000..fccb0d4e56
Binary files /dev/null and b/browsers/edge/images/Normal_inFrame.png differ
diff --git a/browsers/edge/images/SingleApp_contosoHotel_inFrame.png b/browsers/edge/images/SingleApp_contosoHotel_inFrame.png
new file mode 100644
index 0000000000..b7dfc0ee28
Binary files /dev/null and b/browsers/edge/images/SingleApp_contosoHotel_inFrame.png differ
diff --git a/browsers/edge/images/allow-smart-screen-validation.PNG b/browsers/edge/images/allow-smart-screen-validation.PNG
new file mode 100644
index 0000000000..f118ea8b9c
Binary files /dev/null and b/browsers/edge/images/allow-smart-screen-validation.PNG differ
diff --git a/browsers/edge/images/check-gn.png b/browsers/edge/images/check-gn.png
new file mode 100644
index 0000000000..8aab16a59a
Binary files /dev/null and b/browsers/edge/images/check-gn.png differ
diff --git a/browsers/edge/images/config-enterprise-site-list.png b/browsers/edge/images/config-enterprise-site-list.png
new file mode 100644
index 0000000000..82ffc30895
Binary files /dev/null and b/browsers/edge/images/config-enterprise-site-list.png differ
diff --git a/browsers/edge/images/config-open-me-with-scenarios-tab.PNG b/browsers/edge/images/config-open-me-with-scenarios-tab.PNG
new file mode 100644
index 0000000000..0e39d589d5
Binary files /dev/null and b/browsers/edge/images/config-open-me-with-scenarios-tab.PNG differ
diff --git a/browsers/edge/images/enterprise-mode-value-data.png b/browsers/edge/images/enterprise-mode-value-data.png
new file mode 100644
index 0000000000..9e9ece9c1a
Binary files /dev/null and b/browsers/edge/images/enterprise-mode-value-data.png differ
diff --git a/browsers/edge/images/home-buttom-custom-url-v4-sm.png b/browsers/edge/images/home-buttom-custom-url-v4-sm.png
new file mode 100644
index 0000000000..b1e0fac180
Binary files /dev/null and b/browsers/edge/images/home-buttom-custom-url-v4-sm.png differ
diff --git a/browsers/edge/images/home-buttom-custom-url-v4.png b/browsers/edge/images/home-buttom-custom-url-v4.png
new file mode 100644
index 0000000000..de5e47578c
Binary files /dev/null and b/browsers/edge/images/home-buttom-custom-url-v4.png differ
diff --git a/browsers/edge/images/home-button-hide-v4-sm.png b/browsers/edge/images/home-button-hide-v4-sm.png
new file mode 100644
index 0000000000..6e1162f0fc
Binary files /dev/null and b/browsers/edge/images/home-button-hide-v4-sm.png differ
diff --git a/browsers/edge/images/home-button-hide-v4.png b/browsers/edge/images/home-button-hide-v4.png
new file mode 100644
index 0000000000..e533b8a7fb
Binary files /dev/null and b/browsers/edge/images/home-button-hide-v4.png differ
diff --git a/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png b/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png
new file mode 100644
index 0000000000..f9870cbd47
Binary files /dev/null and b/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png differ
diff --git a/browsers/edge/images/home-button-start-new-tab-page-v4.png b/browsers/edge/images/home-button-start-new-tab-page-v4.png
new file mode 100644
index 0000000000..9d11f5096c
Binary files /dev/null and b/browsers/edge/images/home-button-start-new-tab-page-v4.png differ
diff --git a/browsers/edge/images/icon-thin-line-computer.png b/browsers/edge/images/icon-thin-line-computer.png
new file mode 100644
index 0000000000..e941caf0c1
Binary files /dev/null and b/browsers/edge/images/icon-thin-line-computer.png differ
diff --git a/browsers/edge/images/kiosk-mode-types.png b/browsers/edge/images/kiosk-mode-types.png
new file mode 100644
index 0000000000..1ae43b31ac
Binary files /dev/null and b/browsers/edge/images/kiosk-mode-types.png differ
diff --git a/browsers/edge/images/microsoft-edge-kiosk-mode.png b/browsers/edge/images/microsoft-edge-kiosk-mode.png
new file mode 100644
index 0000000000..ec794911b7
Binary files /dev/null and b/browsers/edge/images/microsoft-edge-kiosk-mode.png differ
diff --git a/browsers/edge/images/multi-app-kiosk-mode.PNG b/browsers/edge/images/multi-app-kiosk-mode.PNG
new file mode 100644
index 0000000000..fd924f92b0
Binary files /dev/null and b/browsers/edge/images/multi-app-kiosk-mode.PNG differ
diff --git a/browsers/edge/images/set-default-search-engine-v4-sm.png b/browsers/edge/images/set-default-search-engine-v4-sm.png
new file mode 100644
index 0000000000..d16f333174
Binary files /dev/null and b/browsers/edge/images/set-default-search-engine-v4-sm.png differ
diff --git a/browsers/edge/images/set-default-search-engine-v4.png b/browsers/edge/images/set-default-search-engine-v4.png
new file mode 100644
index 0000000000..4e6b03d9b9
Binary files /dev/null and b/browsers/edge/images/set-default-search-engine-v4.png differ
diff --git a/browsers/edge/images/single-app-kiosk-mode.PNG b/browsers/edge/images/single-app-kiosk-mode.PNG
new file mode 100644
index 0000000000..a939973c62
Binary files /dev/null and b/browsers/edge/images/single-app-kiosk-mode.PNG differ
diff --git a/browsers/edge/images/sync-settings.PNG b/browsers/edge/images/sync-settings.PNG
new file mode 100644
index 0000000000..5c72626abd
Binary files /dev/null and b/browsers/edge/images/sync-settings.PNG differ
diff --git a/browsers/edge/includes/allow-address-bar-suggestions-include.md b/browsers/edge/includes/allow-address-bar-suggestions-include.md
new file mode 100644
index 0000000000..a4176410a8
--- /dev/null
+++ b/browsers/edge/includes/allow-address-bar-suggestions-include.md
@@ -0,0 +1,40 @@
+<!-- ## Allow Address bar drop-down list suggestions -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*<br>
+>*Default setting:  Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-address-bar-drop-down-shortdesc](../shortdesc/allow-address-bar-drop-down-shortdesc.md)]
+
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled |0 |0 |Prevented/not allowed. Hide the Address bar drop-down functionality and disable the _Show search and site suggestions as I type_ toggle in Settings.  |![Most restricted value](../images/check-gn.png) |
+|Enabled or not configured **(default)** |1 |1 |Allowed. Show the Address bar drop-down list and make it available. | |
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow Address bar drop-down list suggestions
+- **GP name:** AllowAddressBarDropdown
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser\#browser-allowaddressbardropdown)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAddressBarDropdown 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\ServiceUI 
+- **Value name:** ShowOneBox
+- **Value type:** REG_DWORD
+
+
+### Related policies
+
+[Configure search suggestions in Address bar](../available-policies.md#configure-search-suggestions-in-address-bar): [!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)]
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/allow-adobe-flash-include.md b/browsers/edge/includes/allow-adobe-flash-include.md
new file mode 100644
index 0000000000..a00ce21139
--- /dev/null
+++ b/browsers/edge/includes/allow-adobe-flash-include.md
@@ -0,0 +1,34 @@
+<!-- ## Allow Adobe Flash -->
+>*Supported versions: Microsoft Edge on Windows 10*<br>
+>*Default setting:  Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-adobe-flash-shortdesc](../shortdesc/allow-adobe-flash-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |
+|---|:---:|:---:|---|
+|Disabled |0 |0 |Prevented/not allowed |
+|Enabled<br>**(default)** |1 |1 |Allowed |
+--- 
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow Adobe Flash
+- **GP name:** AllowFlash
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowFlash](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser\#browser-allowflash)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAdobeFlash 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\Software\Policies\Microsoft\MicrosoftEdge\Addons 
+- **Value name:** FlashPlayerEnabled
+- **Value type:** REG_DWORD
+
+<hr>
diff --git a/browsers/edge/includes/allow-clearing-browsing-data-include.md b/browsers/edge/includes/allow-clearing-browsing-data-include.md
new file mode 100644
index 0000000000..8e2a7e60bd
--- /dev/null
+++ b/browsers/edge/includes/allow-clearing-browsing-data-include.md
@@ -0,0 +1,35 @@
+<!-- ## Allow clearing browsing data on exit -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*<br>
+>*Default setting:  Disabled or not configured (Prevented/not allowed)*
+
+[!INCLUDE [allow-clearing-browsing-data-on-exit-shortdesc](../shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |Prevented/not allowed. Users can configure the _Clear browsing data_ option in Settings. | |
+|Enabled |1 |1 |Allowed. Clear the browsing data upon exit automatically. |![Most restricted value](../images/check-gn.png) |
+---
+
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:**  Allow clearing browsing data on exit
+- **GP name:**  AllowClearingBrowsingDataOnExit
+- **GP path:**  Windows Components/Microsoft Edge
+- **GP ADMX file name:**  MicrosoftEdge.admx 
+
+#### MDM settings
+- **MDM name:** Browser/[ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser\#browser-clearbrowsingdataonexit)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ClearBrowsingDataOnExit
+- **Data type:** Integer
+
+#### *Registry
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Privacy
+- **Value name:** ClearBrowsingHistoryOnExit
+- **Value type:** REG_DWORD 
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/allow-config-updates-books-include.md b/browsers/edge/includes/allow-config-updates-books-include.md
new file mode 100644
index 0000000000..325293262e
--- /dev/null
+++ b/browsers/edge/includes/allow-config-updates-books-include.md
@@ -0,0 +1,38 @@
+<!-- ## Allow configuration updates for the Books Library -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1802 or later*<br>
+>*Default setting:  Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-configuration-updates-for-books-library-shortdesc](../shortdesc/allow-configuration-updates-for-books-library-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled |0 |0 |Prevented/not allowed. |![Most restricted value](../images/check-gn.png) |
+|Enabled or not configured<br>**(default)** |1 |1 |Allowed. Microsoft Edge updates the configuration data for the Books Library automatically. | |
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow configuration updates for the Books Library
+- **GP name:** AllowConfigurationUpdateForBooksLibrary
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowConfigurationUpdateForBooksLibrary 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\BooksLibrary
+- **Value name:** AllowConfigurationUpdateForBooksLibrary 
+- **Value type:** REG_DWORD
+
+### Related topics
+
+[Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/en-us/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+<p>
+<hr>
diff --git a/browsers/edge/includes/allow-cortana-include.md b/browsers/edge/includes/allow-cortana-include.md
new file mode 100644
index 0000000000..a175001e68
--- /dev/null
+++ b/browsers/edge/includes/allow-cortana-include.md
@@ -0,0 +1,35 @@
+<!-- ## Allow Cortana -->
+>*Supported versions: Microsoft Edge on Windows 10*<br>
+>*Default setting:  Enabled (Allowed)*
+
+[!INCLUDE [allow-cortana-shortdesc](../shortdesc/allow-cortana-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled |0 |0 |Prevented/not allowed. Users can still search to find items on their device. |![Most restricted value](../images/check-gn.png) |
+|Enabled<br>**(default)** |1 |1 |Allowed. | |
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow Cortana
+- **GP name:** AllowCortana
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings 
+- **MDM name:** Experience/[AllowCortana](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowcortana)
+- **Supported devices:** Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/AllowCortana 
+- **Data type:** Integer
+ 
+#### Registry settings 
+- **Path:** HKLM\Software\Policies\Microsoft\Windows\Windows Search
+- **Value name:** AllowCortana
+- **Value type:** REG_DWORD 
+
+<hr>
+
diff --git a/browsers/edge/includes/allow-dev-tools-include.md b/browsers/edge/includes/allow-dev-tools-include.md
new file mode 100644
index 0000000000..919b4a9968
--- /dev/null
+++ b/browsers/edge/includes/allow-dev-tools-include.md
@@ -0,0 +1,36 @@
+<!-- ## Allow Developer Tools -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*<br>
+>*Default setting:  Enabled (Allowed)*
+
+[!INCLUDE [allow-developer-tools-shortdesc](../shortdesc/allow-developer-tools-shortdesc.md)]
+
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled |0 |0 |Prevented/not allowed |![Most restricted value](../images/check-gn.png) |
+|Enabled |1 |1 |Allowed | |
+---
+
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:**  Allow Developer Tools
+- **GP name:**  AllowDeveloperTools
+- **GP path:**  Windows Components/Microsoft Edge
+- **GP ADMX file name:**  MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowDeveloperTools](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools)
+- **Supported devices:** Desktop
+- **URI full Path:**	./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\F12
+- **Value name:**	AllowDeveloperTools
+- **Value type:** REG_DWORD
+
+<hr>    
\ No newline at end of file
diff --git a/browsers/edge/includes/allow-enable-book-library-include.md b/browsers/edge/includes/allow-enable-book-library-include.md
new file mode 100644
index 0000000000..1018a1cdd6
--- /dev/null
+++ b/browsers/edge/includes/allow-enable-book-library-include.md
@@ -0,0 +1,33 @@
+<!-- ## Always show the Books Library in Microsoft Edge -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1709 or later*<br>
+>*Default setting:  Disabled or not configured*
+
+[!INCLUDE [always-show-books-library-shortdesc](../shortdesc/always-show-books-library-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |Show the Books Library only in countries or regions where supported. |![Most restricted value](../images/check-gn.png) |
+|Enabled |1 |1 |Show the Books Library, regardless of the device’s country or region. | |
+---
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Always show the Books Library in Microsoft Edge
+- **GP name:** AlwaysEnableBooksLibrary
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[Browser/AlwaysEnableBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AlwaysEnableBooksLibrary
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** AlwaysEnableBooksLibrary
+- **Value type:** REG_DWORD
+
+<hr>
diff --git a/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md b/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md
new file mode 100644
index 0000000000..722b2ce5e8
--- /dev/null
+++ b/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md
@@ -0,0 +1,35 @@
+<!-- ## Allow extended telemetry for the Books tab -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1802 or later*<br>
+>*Default setting:  Disabled or not configured (Gather and send only basic diagnostic data)*
+
+[!INCLUDE [allow-extended-telemetry-for-books-tab-shortdesc](../shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |Depending on the device configuration, Microsoft Edge gathers only basic diagnostic data. |![Most restricted value](../images/check-gn.png) |
+|Enabled |1 |1 |Gathers both basic and additional diagnostic data. | |
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow extended telemetry for the Books tab
+- **GP name:** EnableExtendedBooksTelemetry
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[Browser/EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/EnableExtendedBooksTelemetry
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary
+- **Value name:** EnableExtendedBooksTelemetry
+- **Value type:** REG_DWORD
+
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/allow-extensions-include.md b/browsers/edge/includes/allow-extensions-include.md
new file mode 100644
index 0000000000..95895b9817
--- /dev/null
+++ b/browsers/edge/includes/allow-extensions-include.md
@@ -0,0 +1,39 @@
+<!-- ## Allow Extensions -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1607 or later*<br>
+>*Default setting:  Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-extensions-shortdesc](../shortdesc/allow-extensions-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |
+|---|:---:|:---:|---|
+|Disabled |0 |0 |Prevented/not allowed | 
+|Enabled or not configured<br>**(default)** |1 |1 |Allowed | 
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow Extensions
+- **GP name:** AllowExtensions 
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowextensions)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowExtensions 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Extensions
+- **Value name:** ExtensionsEnabled
+- **Value type:** REG_DWORD
+
+### Related topics
+
+[Microsoft browser extension policy](https://docs.microsoft.com/en-us/legal/windows/agreements/microsoft-browser-extension-policy):
+This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**.
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/allow-full-screen-include.md b/browsers/edge/includes/allow-full-screen-include.md
new file mode 100644
index 0000000000..c8fe9899a0
--- /dev/null
+++ b/browsers/edge/includes/allow-full-screen-include.md
@@ -0,0 +1,35 @@
+<!-- ## Allow fullscreen mode 
+>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
+>*Default setting:  Enabled or not configured (Allowed)*
+
+
+[!INCLUDE [allow-fullscreen-mode-shortdesc](../shortdesc/allow-fullscreen-mode-shortdesc.md)]  
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled |0 |0 |Prevented/not allowed |![Most restricted value](../images/check-gn.png) |
+|Enabled<br>**(default)** |1 |1 |Allowed | |
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow fullscreen mode
+- **GP name:** AllowFullScreenMode
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowFullscreen](../new-policies.md#allow-fullscreen-mode)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFullscreen 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\Software\Policies\Microsoft\MicrosoftEdge\Main 
+- **Value name:** AllowFullScreenMode
+- **Value type:** REG_DWORD
+
+<hr>
diff --git a/browsers/edge/includes/allow-inprivate-browsing-include.md b/browsers/edge/includes/allow-inprivate-browsing-include.md
new file mode 100644
index 0000000000..727ded18a6
--- /dev/null
+++ b/browsers/edge/includes/allow-inprivate-browsing-include.md
@@ -0,0 +1,36 @@
+<!-- ## Allow InPrivate browsing -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*<br>
+>*Default setting:  Enabled or not configured (Allowed)*
+
+
+[!INCLUDE [allow-inprivate-browsing-shortdesc](../shortdesc/allow-inprivate-browsing-shortdesc.md)]
+
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled |0 |0 |Prevented/not allowed |![Most restricted value](../images/check-gn.png) |
+|Enabled or not configured<br>**(default)** |1 |1 |Allowed | |
+---  
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow InPrivate browsing
+- **GP name:** AllowInPrivate 
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowInPrivate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowInPrivate 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main 
+- **Value name:** AllowInPrivate
+- **Value type:** REG_DWORD
+
+<hr>
diff --git a/browsers/edge/includes/allow-microsoft-compatibility-list-include.md b/browsers/edge/includes/allow-microsoft-compatibility-list-include.md
new file mode 100644
index 0000000000..aabd2fb773
--- /dev/null
+++ b/browsers/edge/includes/allow-microsoft-compatibility-list-include.md
@@ -0,0 +1,34 @@
+<!-- ## Allow Microsoft Compatibility List -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1607 or later*<br>
+>*Default setting:  Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-microsoft-compatibility-list-shortdesc](../shortdesc/allow-microsoft-compatibility-list-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled |0 |0 |Prevented/not allowed |![Most restricted value](../images/check-gn.png) |
+|Enabled or not configured<br>**(default)** |1 |1 |Allowed | |
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow Microsoft Compatibility List
+- **GP name:** AllowCVList
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowMicrosoftCompatibilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowMicrosoftCompatibilityList 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BrowserEmulation
+- **Value name:** MSCompatibilityMode
+- **Value type:** REG_DWORD
+
+<hr>
diff --git a/browsers/edge/includes/allow-prelaunch-include.md b/browsers/edge/includes/allow-prelaunch-include.md
new file mode 100644
index 0000000000..6165cb2c67
--- /dev/null
+++ b/browsers/edge/includes/allow-prelaunch-include.md
@@ -0,0 +1,35 @@
+
+<!-- Allow Prelaunch 
+>*Supported versions: Microsoft Edge on Windows 10, next major version*<br>  -->
+>*Default setting:  Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-prelaunch-shortdesc](../shortdesc/allow-prelaunch-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled |0 |0 |Prevented/not allowed |![Most restrictive value](../images/check-gn.png) |
+|Enabled or not configured<br>**(default)** |1 |1 |Allowed | |
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow Prelaunch
+- **GP name:** AllowPreLaunch
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowPrelaunch](../new-policies.md#allow-prelaunch)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPrelaunch 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\Software\Policies\Microsoft\MicrosoftEdge\ 
+- **Value name:** AllowPrelaunch
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/allow-printing-include.md b/browsers/edge/includes/allow-printing-include.md
new file mode 100644
index 0000000000..6260c4a5a8
--- /dev/null
+++ b/browsers/edge/includes/allow-printing-include.md
@@ -0,0 +1,34 @@
+<!-- ## Allow printing  
+>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
+>*Default setting:  Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-printing-shortdesc](../shortdesc/allow-printing-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled |0 |0 |Prevented/not allowed |![Most restrictive value](../images/check-gn.png) |
+|Enabled or not configured<br>**(default)** |1 |1 |Allowed | |
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow printing
+- **GP name:** AllowPrinting
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowPrinting](../new-policies.md#allow-printing)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPrinting 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main 
+- **Value name:** AllowPrinting
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/allow-saving-history-include.md b/browsers/edge/includes/allow-saving-history-include.md
new file mode 100644
index 0000000000..c072916f81
--- /dev/null
+++ b/browsers/edge/includes/allow-saving-history-include.md
@@ -0,0 +1,35 @@
+<!-- ## Allow Saving History 
+>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
+>*Default setting:  Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-saving-history-shortdesc](../shortdesc/allow-saving-history-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled |0 |0 |Prevented/not allowed |![Most restricted value](../images/check-gn.png) |
+|Enabled or not configured<br>**(default)** |1 |1 |Allowed | |
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow saving history
+- **GP name:** AllowSavingHistory
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowSavingHistory](../new-policies.md#allow-saving-history)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSavingHistory 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:**  HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
+- **Value name:** AllowSavingHistory
+- **Value type:** REG_DWORD
+
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/allow-search-engine-customization-include.md b/browsers/edge/includes/allow-search-engine-customization-include.md
new file mode 100644
index 0000000000..b4b58ca9a5
--- /dev/null
+++ b/browsers/edge/includes/allow-search-engine-customization-include.md
@@ -0,0 +1,63 @@
+<!-- ## Allow search engine customization -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*<br>
+>*Default setting:  Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-search-engine-customization-shortdesc](../shortdesc/allow-search-engine-customization-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled |0 |0 |Prevented/not allowed |![Most restricted value](../images/check-gn.png) |
+|Enabled or not configured<br>**(default)** |1 |1 |Allowed | |
+---
+
+
+### Configuration options
+
+| **Set default search engine** | **Allow search engine customization** | **Configure additional search engines** | **Outcome** |
+| --- | --- | --- | --- |
+| Not configured (default) | Disabled | Disabled or not configured (default) | Default search engine specified in App settings. Users cannot make changes. |
+| Not configured (default) | Enabled or not configured (default) | Disabled or not configured (default) | Default search engine specified in App settings. Users can make changes to the default search engine at any time. |
+| Disabled | Disabled | Disabled or not configured (default) | Users cannot add, remove, or change any of the search engines, but they can set a default search engine. |
+| Disabled | Enabled or not configured (default) | Disabled or not configured (default) | Users can add new search engines or change the default search engine, in Settings. |
+| Enabled | Disabled | Disabled or not configured (default) | Set the default search engine preventing users from making changes. |
+| Enabled | Enabled or not configured (default) | Disabled or not configured (default) | Set the default search engine and allow users to add search engines or make changes. |
+---
+
+![Set default search engine configurations](../images/set-default-search-engine-v4-sm.png)
+
+
+### ADMX info and settings
+
+##### ADMX info
+- **GP English name:** Allow search engine customization
+- **GP name:** AllowSearchEngineCustomization
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowSearchEngineCustomization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchEngineCustomization
+- **Data type:** Integer
+
+
+#### Registry settings
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Protected
+- **Value name:** AllowSearchEngineCustomization
+- **Value type:** REG_DWORD
+
+
+### Related policies
+
+- [Set default search engine](../available-policies.md#set-default-search-engine): [!INCLUDE [set-default-search-engine-shortdesc](../shortdesc/set-default-search-engine-shortdesc.md)]
+
+- [Configure additional search engines](../available-policies.md#configure-additional-search-engines): [!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)]
+
+### Related topics
+- [Microsoft browser extension policy](https://docs.microsoft.com/en-us/legal/windows/agreements/microsoft-browser-extension-policy): This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**.
+
+- [Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery): Rich search integration is built into the Microsoft Edge address bar, including search suggestions, results from the web, your browsing history, and favorites. 
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/allow-shared-folder-books-include.md b/browsers/edge/includes/allow-shared-folder-books-include.md
new file mode 100644
index 0000000000..16ea570af7
--- /dev/null
+++ b/browsers/edge/includes/allow-shared-folder-books-include.md
@@ -0,0 +1,33 @@
+<!-- ## Allow a shared books folder -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1803*<br>
+>*Default setting: Disabled or not configured (Not allowed)*
+
+[!INCLUDE [allow-a-shared-books-folder-shortdesc](../shortdesc/allow-a-shared-books-folder-shortdesc.md)]
+
+### Supported values
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |Prevented/not allowed, but Microsoft Edge downloads book files to a per-user folder for each user. |![Most restricted value](../images/check-gn.png) |
+|Enabled |1 |1 |Allowed. Microsoft Edge downloads book files to a shared folder.| |
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow a shared Books folder
+- **GP name:** UseSharedFolderForBooks 
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[UseSharedFolderForBooks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/UseSharedFolderForBooks 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary
+- **Value name:** UseSharedFolderForBooks
+- **Value type:** REG_DWORD
+
+<hr>
diff --git a/browsers/edge/includes/allow-sideloading-extensions-include.md b/browsers/edge/includes/allow-sideloading-extensions-include.md
new file mode 100644
index 0000000000..a860342788
--- /dev/null
+++ b/browsers/edge/includes/allow-sideloading-extensions-include.md
@@ -0,0 +1,44 @@
+<!-- ## Allow sideloading of Extensions
+>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
+>*Default setting: Enabled (Allowed)*
+
+[!INCLUDE [allow-sideloading-of-extensions-shortdesc](../shortdesc/allow-sideloading-of-extensions-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured |0 |0 |Prevented/not allowed. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, enable **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** policy, located at Windows Components > App Package Deployment.<p>For the MDM setting, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enabled). |![Most restricted value](../images/check-gn.png) |
+|Enabled<br>**(default)** |1 |1 |Allowed. | |
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow sideloading of Extensions
+- **GP name:** AllowSideloadingOfExtensions
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowSideloadingExtensions](../new-policies.md#allow-sideloading-of-extensions)
+- **Supported devices:** Desktop 
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSideloadingExtensions 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\Software\Policies\Microsoft\MicrosoftEdge\Extensions 
+- **Value name:** AllowSideloadingOfExtensions
+- **Value type:** REG_DWORD
+
+### Related policies
+
+- [Allows development of Windows Store apps and installing them from an integrated development environment (IDE)](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowdeveloperunlock): When you enable this policy and the **Allow all trusted apps to install** policy, you allow users to develop Windows Store apps and install them directly from an IDE.
+
+- [Allow all trusted apps to install](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowalltrustedapps): When you enable this policy, you can manage the installation of trusted line-of-business (LOB) or developer-signed Windows Store apps.
+
+### Related topics
+
+[Enable your device for development](https://docs.microsoft.com/en-us/windows/uwp/get-started/enable-your-device-for-development): Access development features, along with other developer-focused settings to make it possible for you to develop, test, and debug apps. Learn how to configure your environment for development, the difference between Developer Mode and sideloading, and the security risks of Developer mode. 
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/allow-tab-preloading-include.md b/browsers/edge/includes/allow-tab-preloading-include.md
new file mode 100644
index 0000000000..f4cd3d0291
--- /dev/null
+++ b/browsers/edge/includes/allow-tab-preloading-include.md
@@ -0,0 +1,34 @@
+<!-- ## Allow Start and New Tab page preload (aka: AllowStartAndNewTabPagePreload) 
+>*Supported versions: Microsoft Edge on Windows 10, version 1802*<br> -->
+>*Default setting:  Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-tab-preloading-shortdesc](../shortdesc/allow-tab-preloading-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Enabled or not configured<br>**(default)** |0 |0 |Allowed. Preload Start and New tab pages. | |
+|Disabled |1 |1 |Prevented/not allowed. |![Most restricted value](../images/check-gn.png) |
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow Microsoft Edge to start and load the Start and New Tab pages in the background at Windows startup and each time Microsoft Edge is closed
+- **GP name:** AllowTabPreloading
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowTabPreloading](../new-policies.md#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowTabPreloading 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\TabPreloader
+- **Value name:** AllowTabPreloading
+- **Value type:** REG_DWORD
+
+<hr>
diff --git a/browsers/edge/includes/allow-web-content-new-tab-page-include.md b/browsers/edge/includes/allow-web-content-new-tab-page-include.md
new file mode 100644
index 0000000000..8347bce439
--- /dev/null
+++ b/browsers/edge/includes/allow-web-content-new-tab-page-include.md
@@ -0,0 +1,37 @@
+<!-- ## Allow web content on New Tab page
+>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
+>*Default setting:  Enabled (Default New tab page loads)*
+
+
+[!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../shortdesc/allow-web-content-on-new-tab-page-shortdesc.md)]
+
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |
+|---|:---:|:---:|---|
+|Not configured |Blank |Blank |Users can choose what loads on the New tab page. | 
+|Disabled |0 |0 |Load a blank page instead of the default New tab page and prevent users from changing it. | 
+|Enabled **(default)** |1 |1 |Load the default New tab page. | 
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow web content on New Tab page
+- **GP name:** AllowWebContentOnNewTabPage
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowWebContentOnNewTabPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowWebContentOnNewTabPage 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI
+- **Value name:** AllowWebContentOnNewTabPage
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/always-enable-book-library-include.md b/browsers/edge/includes/always-enable-book-library-include.md
new file mode 100644
index 0000000000..d5f292b182
--- /dev/null
+++ b/browsers/edge/includes/always-enable-book-library-include.md
@@ -0,0 +1,35 @@
+<!-- ## Always show the Books Library in Microsoft Edge -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1709 or later*<br>
+>*Default setting:  Disabled or not configured*
+
+
+[!INCLUDE [always-show-books-library-shortdesc](../shortdesc/always-show-books-library-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |Show the Books Library only in countries or regions where supported. |![Most restricted value](../images/check-gn.png) |
+|Enabled |1 |1 |Show the Books Library, regardless of the device’s country or region. | |
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Always show the Books Library in Microsoft Edge
+- **GP name:** AlwaysEnableBooksLibrary
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AlwaysEnableBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AlwaysEnableBooksLibrary 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
+- **Value name:** AlwaysEnableBooksLibrary
+- **Value type:** REG_DWORD
+
+<hr>
diff --git a/browsers/edge/includes/browser-extension-policy-shortdesc-include.md b/browsers/edge/includes/browser-extension-policy-shortdesc-include.md
new file mode 100644
index 0000000000..4a64abb65c
--- /dev/null
+++ b/browsers/edge/includes/browser-extension-policy-shortdesc-include.md
@@ -0,0 +1 @@
+[Microsoft browser extension policy](https://docs.microsoft.com/en-us/legal/windows/agreements/microsoft-browser-extension-policy): This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**.
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-additional-search-engines-include.md b/browsers/edge/includes/configure-additional-search-engines-include.md
new file mode 100644
index 0000000000..f49aa45f71
--- /dev/null
+++ b/browsers/edge/includes/configure-additional-search-engines-include.md
@@ -0,0 +1,62 @@
+<!-- ## Configure additional search engines -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*<br>
+>*Default setting:  Disabled or not configured (Prevented/not allowed)*
+
+[!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |Prevented/not allowed. Microsoft Edge uses the search engine specified in App settings.<p><p>If you enabled this policy and now want to disable it, disabling removes all previously configured search engines. |![Most restricted value](../images/check-gn.png) |
+|Enabled |1 |1 |Allowed. Add up to five additional search engines and set any one of them as the default.<p><p>For each search engine added you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/).  |  |
+---
+
+
+### Configuration options
+
+| **Set default search engine** | **Allow search engine customization** | **Configure additional search engines** | **Outcome** |
+| --- | --- | --- | --- |
+| Not configured (default) | Disabled | Disabled or not configured (default) | Default search engine specified in App settings. Users cannot make changes. | 
+| Not configured (default) | Enabled or not configured (default) | Disabled or not configured (default) | Default search engine specified in App settings. Users can make changes to the default search engine at any time. |
+| Disabled | Disabled | Disabled or not configured (default) | Users cannot add, remove, or change any of the search engines, but they can set a default search engine. |
+| Disabled | Enabled or not configured (default) | Disabled or not configured (default) | Users can add new search engines or change the default search engine, in Settings. |
+| Enabled | Disabled | Disabled or not configured (default) | Set the default search engine preventing users from making changes. |
+| Enabled | Enabled or not configured (default) | Disabled or not configured (default) | Set the default search engine and allow users to add search engines or make changes. |
+---
+
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure additional search engines
+- **GP name:** ConfigureAdditionalSearchEngines
+- **GP element:** ConfigureAdditionalSearchEngines_Prompt
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[ConfigureAdditionalSearchEngines](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureAdditionalSearchEngines 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\OpenSearch
+- **Value name:** ConfigureAdditionalSearchEngines
+- **Value type:** REG_SZ
+
+### Related policies
+
+- [Set default search engine](../available-policies.md\#set-default-search-engine): [!INCLUDE [set-default-search-engine-shortdesc](../shortdesc/set-default-search-engine-shortdesc.md)]
+
+- [Allow search engine customization](../available-policies.md#allow-search-engine-customization): [!INCLUDE [allow-search-engine-customization-shortdesc](../shortdesc/allow-search-engine-customization-shortdesc.md)]
+
+
+### Related topics
+
+- [Microsoft browser extension policy](https://docs.microsoft.com/en-us/legal/windows/agreements/microsoft-browser-extension-policy): This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**.
+
+- [Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery): Rich search integration is built into the Microsoft Edge address bar, including search suggestions, results from the web, your browsing history, and favorites. 
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md b/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
new file mode 100644
index 0000000000..c1a93a7712
--- /dev/null
+++ b/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
@@ -0,0 +1,34 @@
+<!-- ## Configure the Adobe Flash Click-to-Run setting -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*<br> 
+>*Default setting: Enabled or not configured (Does not load content automatically)*
+
+[!INCLUDE [configure-adobe-flash-click-to-run-setting-shortdesc](../shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled |0 |0 |Load and run Adobe Flash content automatically. | |
+|Enabled or not configured<br>**(default)** |1 |1 |Do not load or run Adobe Flash content automatically. Requires action from the user.  |![Most restricted value](../images/check-gn.png) |
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Configure the Adobe Flash Click-to-Run setting
+- **GP name:**  AllowFlashClickToRun
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFlashClickToRun 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Security
+- **Value name:** FlashClickToRunMode
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-allow-flash-url-list-include.md b/browsers/edge/includes/configure-allow-flash-url-list-include.md
new file mode 100644
index 0000000000..1f13125cd7
--- /dev/null
+++ b/browsers/edge/includes/configure-allow-flash-url-list-include.md
@@ -0,0 +1,36 @@
+<!-- ## Configure allow flash for URL list -->
+>*Supported versions: Microsoft Edge on Windows 10*<br>
+>*Default setting:*   
+
+[!INCLUDE [configure-allow-flash-for-url-list-shortdesc](../shortdesc/configure-allow-flash-for-url-list-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+| | | | | |
+| | | | | |
+| | | | | |
+---
+
+![Most restricted value](../images/check-gn.png)
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** 
+- **GP name:** 
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[]()
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ 
+- **Data type:** Integer
+
+#### Registry settings 
+- **Path:** HLKM\Software\Policies\Microsoft\MicrosoftEdge\ 
+- **Value name:** 
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-autofill-include.md b/browsers/edge/includes/configure-autofill-include.md
new file mode 100644
index 0000000000..5d4adef785
--- /dev/null
+++ b/browsers/edge/includes/configure-autofill-include.md
@@ -0,0 +1,34 @@
+<!-- ## Configure Autofill -->
+>*Supported versions: Microsoft Edge on Windows 10*<br>
+>*Default setting:  Not configured*
+
+[!INCLUDE [configure-autofill-shortdesc](../shortdesc/configure-autofill-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Not configured<br>**(default)** | Blank |Blank |Users can choose to use AutoFill. | |
+|Disabled | 0 | no | Prevented. |![Most restricted value](../images/check-gn.png) |
+|Enabled |1 |yes | Allowed. | |
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Autofill
+- **GP name:** AllowAutofill
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowAutofill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser\#browser-allowautofill)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAutofill 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
+- **Value name:** Use FormSuggest
+- **Value type:** REG_SZ
+
+<hr>
diff --git a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
new file mode 100644
index 0000000000..f1b2a047e7
--- /dev/null
+++ b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
@@ -0,0 +1,46 @@
+<!-- Configure collection of browsing data for Microsoft 365 Analytics
+>*Supported versions: Microsoft Edge on Windows 10, next major version*<br>  -->
+>*Default setting:  Disabled or not configured (No data collected or sent)*
+
+[!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](../shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |No data collected or sent |![Most restricted value](../images/check-gn.png) |
+|Enabled |1 |1 |Send intranet history only | |
+|Enabled |2 |2 |Send Internet history only | |
+|Enabled |3 |3 |Send both intranet and Internet history | |
+---
+
+>[!IMPORTANT]
+>For this policy to work, enable the Allow Telemetry policy with the _Enhanced_ option and enable the Configure the Commercial ID policy by providing the Commercial ID.
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure collection of browsing data for Microsoft 365 Analytics
+- **GP name:** ConfigureTelemetryForMicrosoft365Analytics
+- **GP element:** ZonesListBox
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+
+#### MDM settings
+- **MDM name:** Browser/[ConfigureTelemetryForMicrosoft365Analytics](../new-policies.md#configure-collection-of-browsing-data-for-microsoft-365-analytics)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureTelemetryForMicrosoft365Analytics
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection
+- **Value name:** MicrosoftEdgeDataOptIn
+- **Value type:** REG_DWORD
+
+### Related policies
+- Allow Telemetry: Determine the highest level of Windows diagnostic data sent to Microsoft. When you enable this policy, users can change their Telemetry Settings but prevent users from choosing a higher level than configured.  
+
+- Configure the Commercial ID: Define the Commercial ID used to associate the device's telemetry data as belonging to a given organization.
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-cookies-include.md b/browsers/edge/includes/configure-cookies-include.md
new file mode 100644
index 0000000000..5b175d58bd
--- /dev/null
+++ b/browsers/edge/includes/configure-cookies-include.md
@@ -0,0 +1,35 @@
+<!-- ## Configure cookies -->
+>*Supported versions: Microsoft Edge on Windows 10*<br>
+>*Default setting: Disabled or not configured (Allow all cookies from all sites)*
+
+[!INCLUDE [configure-cookies-shortdesc](../shortdesc/configure-cookies-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Enabled |0 |0 |Block all cookies from all sites |![Most restricted value](../images/check-gn.png) |
+|Enabled |1 |1 |Block only coddies from third party websites | |
+|Disabled or not configured<br>**(default)** |2 |2 |Allow all cookies from all sites | |
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure cookies
+- **GP name:** Cookies
+- **GP element:** CookiesListBox
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowCookies](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser\#browser-allowcookies)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowCookies 
+- **Data type:** Integer
+
+#### Registry settings
+** |<ul><li>**Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main 
+**Value name:** Cookies
+**Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-do-not-track-include.md b/browsers/edge/includes/configure-do-not-track-include.md
new file mode 100644
index 0000000000..5b606480e8
--- /dev/null
+++ b/browsers/edge/includes/configure-do-not-track-include.md
@@ -0,0 +1,34 @@
+<!-- ## Configure Do Not Track -->
+>*Supported versions: Microsoft Edge on Windows 10*<br>
+>*Default setting:  Not configured (Do not send tracking information)*
+
+[!INCLUDE [configure-do-not-track-shortdesc](../shortdesc/configure-do-not-track-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Not configured |Blank |Blank |Do not send tracking information but let users choose to send tracking information to sites they visit. | |
+|Disabled |1 |1 |Never send tracking information. | |
+|Enabled<br>**(default)** |1 |1 |Send tracking information. |![Most restricted value](../images/check-gn.png) |
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Do Not Track
+- **GP name:** AllowDoNotTrack
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowDoNotTrack 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
+- **Value name:** DoNotTrack
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md b/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md
new file mode 100644
index 0000000000..db8e2d926a
--- /dev/null
+++ b/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md
@@ -0,0 +1,45 @@
+<!-- ## Configure kiosk reset after idle timeout
+>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
+>*Default setting: 5 minutes*
+
+[!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](../shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)]
+
+You must set the Configure kiosk mode policy to enabled (1 - InPrivate public browsing) and configure Microsoft Edge as a single-app in assigned access for this policy to take effect; otherwise, Microsoft Edge ignores this setting. To learn more about assigned access and kiosk configuration, see [Configure kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shared-pc).
+
+### Supported values
+
+-   **Any integer from 1-1440 (5 minutes is the default)** – The time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration. A confirmation dialog displays for the user to cancel or continue and automatically continues after 30 seconds.
+
+-   **0** – No idle timer.
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure kiosk reset after idle timeout
+- **GP name:** ConfigureKioskResetAfterIdleTimeout
+- **GP element:** ConfigureKioskResetAfterIdleTimeout_TextBox
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[ConfigureKioskResetAfterIdleTimeout](../new-policies.md#configure-kiosk-reset-after-idle-timeout)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\Software\Policies\Microsoft\MicrosoftEdge\KioskMode
+- **Value name:**ConfigureKioskResetAfterIdleTimeout
+- **Value type:** REG_DWORD
+
+
+
+### Related policies
+
+[Configure kiosk mode](../new-policies.md#configure-kiosk-mode): [!INCLUDE [configure-kiosk-mode-shortdesc](../shortdesc/configure-kiosk-mode-shortdesc.md)] 
+
+
+
+### Related topics
+[Deploy Microsoft Edge kiosk mode](../microsoft-edge-kiosk-mode-deploy.md): Microsoft Edge kiosk mode works with assigned access to allow IT administrators, to create a tailored browsing experience designed for kiosk devices. In this deployment guidance, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device.  You also learn about the other group policies to help you enhance the how to setup your Microsoft Edge kiosk mode experience.
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-enterprise-mode-site-list-include.md b/browsers/edge/includes/configure-enterprise-mode-site-list-include.md
new file mode 100644
index 0000000000..2bd2ad900f
--- /dev/null
+++ b/browsers/edge/includes/configure-enterprise-mode-site-list-include.md
@@ -0,0 +1,121 @@
+<!-- ## Configure the Enterprise Mode Site List -->
+>*Supported versions: Microsoft Edge on Windows 10*<br>
+>*Default setting:  Disabled or not configured*
+
+
+[!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../shortdesc/configure-enterprise-mode-site-list-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |Turned off. Microsoft Edge does not check the Enterprise Mode Site List, and in this case, users might experience problems while using legacy apps. | |
+|Enabled |1 |1 |Turned on. Microsoft Edge checks the Enterprise Mode Site List if configured.  If an XML file exists in the cache container, IE11 waits 65 seconds and then checks the local cache for a new version from the server. If the server has a different version, Microsoft Edge uses the server file and stores it in the cache container. If you already use a site list, Enterprise Mode continues to work during the 65 second, but uses the existing file.  To add the location to your site list, enter it in the **{URI}** box.<p>For details on how to configure the Enterprise Mode Site List, see the [Instructions](#instructions) section below.   | |
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Configure the Enterprise Mode Site List 
+- **GP name:** EnterpriseModeSiteList
+- **GP element:** EnterSiteListPrompt
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+-  **MDM name:** Browser/[EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/EnterpriseModeSiteList 
+- **Data type:** String
+ 
+#### Registry settings
+-  **Path:** HLKM\Software\Policies\Microsoft\MicrosoftEdge\Main\EnterpriseMode
+- **Value name:** SiteList
+- **Value type:** REG_SZ
+
+### Related Policies
+
+[Show message opening sites in IE](../available-policies.md#show-message-when-opening-sites-in-internet-explorer):
+[!INCLUDE
+[show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
+
+### Related topics
+
+-   [Use Enterprise Mode to improve compatibility](https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibility). If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11. Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
+
+-   [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager). You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
+
+-   [Enterprise Mode for Internet Explorer 11](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11). Learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company.
+
+-   [Enterprise Mode and the Enterprise Mode Site List](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode). Internet Explorer and Microsoft Edge can work together to support your legacy web apps, while still defaulting to the higher bar for security and modern experiences enabled by Microsoft Edge. Working with multiple browsers can be difficult, particularly if you have a substantial number of internal sites. To help manage this dual-browser experience, we are introducing a new web tool specifically targeted towards larger  organizations: the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal).
+
+-   [Enterprise Mode and the Enterprise Mode Site List XML file](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode#enterprise-mode-and-the-enterprise-mode-site-list-xml-file). The Enterprise Mode Site List is an XML document that specifies a list of sites, their compat mode, and their intended browser. Using Enterprise Mode Site List Manager (schema v.2), you can automatically start a webpage using a specific browser. In the case of IE11, the webpage can also be launched in a specific compat mode, so it always renders correctly. Your  users can easily view this site list by typing about:compat in either Microsoft Edge or IE11.
+
+### Scenarios
+
+Certain sites or web apps still use ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology, which Microsoft Edge does not support. If you have web sites or web apps that still use this technology and need IE11 to run, you must use Enterprise Mode and the Enterprise Mode Site List to address common compatibility issues with legacy apps. Enterprise Mode is a compatibility
+mode that runs on Internet Explorer 11 and Microsoft Edge on Windows 10 devices.
+
+### Instructions
+
+
+You build your Enterprise Mode list with the Enterprise Mode Site List Manager and apply it with Group Policy.
+<!-- work on these instructions.  it seems like it doesn't flow from this policy to the Use the Enterprise Mode IE website list policy.  Give me more reasons to click on the link.  and why is it equivalent to the this policy? -->
+To turn it on for IE 11, you enable [Use the Enterprise Mode IE website list](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list),
+which is the equivalent to this Microsoft Edge policy.
+
+>[!NOTE] 
+>We recommend that you store and download your website list from a secure web server (https://), to help protect against data tampering. After the list is downloaded, it is stored locally on your user's computer so if the centralized file location is unavailable, they can still use Enterprise Mode.
+
+- [Step 1. Turn on Enterprise Mode](#step-1-turn-on-enterprise-mode)
+- [Step 2. (Optional) Import your Enterprise Mode Site List](#step-2-optional-import-your-enterprise-mode-site-list)
+- [Step 3. Add sites to your list](#step-3-add-sites-to-your-list)
+- [Step 4. Turn on Enterprise Mode and use a site list](#step-4-set-up-microsoft-edge-to-use-the-enterprise-mode-site-list)  
+- [Step 5. Send all intranet sites to Internet Explorer 11](#step-5-send-all-intranet-sites-to-internet-explorer-11)
+
+#### Step 1. Turn on Enterprise Mode
+
+[!INCLUDE [turn-on-enterprise-mode-and-use-a-site-list](../../enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md)]
+
+#### Step 2. (Optional) Import your Enterprise Mode Site List
+
+[!INCLUDE [import-into-the-enterprise-mode-site-list-mgr-include](../../includes/import-into-the-enterprise-mode-site-list-mgr-include.md)]
+
+#### Step 3. Add sites to your list
+
+1.  In the Enterprise Mode Site List Manager, click **Add**.
+
+2.  In the **URL** box, type or paste the URL for the website experiencing compatibility problems, like *\<domain\>*.com or     *\<domain\>*.com/*\<path\>*.<p>You do not need to include the `http://` or `https://` designation. The tool automatically tries both versions during validation.
+
+3.  In the **Notes about URL**, enter any comments about the website.<p>Administrators can only see comments while they are in this tool.
+
+4.  Click in the **Open in IE** column next to the URL that should open in IE11.<p>The path within a domain can require a different compatibility mode from the  domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, Enterprise Mode is automatically selected.
+
+5.  Click **Save** to validate your website and to add it to the site list for your enterprise.<p>If your site passes validation, it is added to the global compatibility list. If the site fails to pass validation, an error message displays explaining the problem. You can either cancel the site or ignore the validation problem and add it to your list anyway.
+
+6.  On the **File** menu, go to where you want to save the file, and then click **Save to XML**.<p>You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your Group Policy setting.
+
+#### Step 4. Set up Microsoft Edge to use the Enterprise Mode Site List
+
+add the steps here, if there are steps
+
+#### Step 5. Send all intranet sites to Internet Explorer 11
+
+Enabling the Send all intranet sites to Internet Explorer 11 policy automatically opens all intranet sites in IE11, even if the users have Microsoft Edge as their default browser.
+
+1. In Group Policy Editor, navigate to:<p>**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**
+
+2. Click **Enabled** and then refresh the policy and then vew the affected sites in Microsoft Edge.<p>A message displays saying that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.
+
+### Troubleshooting
+
+- If an XML already exists, make sure it is syntactically correct.
+
+- If an update or delete operation failed, check if the entry already exists in the site list.
+
+- If a user is not able to sign in, the account might not have access. Check if the account is marked as active.
+
+- Check if the Enterprise Mode Site List is loaded correctly by browsing to "about:compat" in both Microsoft Edge and Internet Explorer. Deselect the Microsoft Compatibility List to see your custom entries.
+
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-favorites-bar-include.md b/browsers/edge/includes/configure-favorites-bar-include.md
new file mode 100644
index 0000000000..f5da78bf9a
--- /dev/null
+++ b/browsers/edge/includes/configure-favorites-bar-include.md
@@ -0,0 +1,36 @@
+<!-- ##Configure Favorites Bar
+>*Supported versions: Microsoft Edge on Windows 10, new major release*<br> -->
+>*Default setting:  Not configured (Hidden)*
+
+
+[!INCLUDE [allow-favorites-bar-shortdesc](../shortdesc/configure-favorites-bar-shortdesc.md)]
+
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |
+|---|:---:|:---:|---|
+|Not configured<br>**(default)** |Blank |Blank |Hide the favorites bar but show it on the Start and New tab pages. The favorites bar toggle, in Settings, is set to Off but enabled allowing users to make changes. | 
+|Disabled |0 |0 |Hide the favorites bar on all pages. Also, the favorites bar toggle, in Settings, is set to Off and disabled preventing users from making changes. Microsoft Edge also hides the “show bar/hide bar” option in the context menu. | 
+|Enabled |1 |1 |Show the favorites bar on all pages. Also, the favorites bar toggle, in Settings, is set to On and disabled preventing users from making changes. Microsoft Edge also hides the “show bar/hide bar” option in the context menu. | 
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Favorites Bar
+- **GP name:** ConfigureFavoritesBar
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[ConfigureFavoritesBar](../new-policies.md#configure-favorites-bar)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureFavoritesBar 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\Software\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** ConfigureFavoritesBar
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-favorites-include.md b/browsers/edge/includes/configure-favorites-include.md
new file mode 100644
index 0000000000..6ea76affc3
--- /dev/null
+++ b/browsers/edge/includes/configure-favorites-include.md
@@ -0,0 +1,2 @@
+<!-- ## Configure Favorites -->
+>Use [Provision Favorites](../available-policies.md#provision-favorites) in place of this policy.
diff --git a/browsers/edge/includes/configure-home-button-include.md b/browsers/edge/includes/configure-home-button-include.md
new file mode 100644
index 0000000000..eed541dc4b
--- /dev/null
+++ b/browsers/edge/includes/configure-home-button-include.md
@@ -0,0 +1,58 @@
+<!-- ## Configure Home Button
+>*Supported versions: Microsoft Edge on Windows 10*<br> -->
+>*Default setting: Disabled or not configured (Show home button and load the Start page)*
+
+
+[!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
+
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |
+|---|:---:|:---:|---|
+|Disabled or not configured<br>**(default)** |0 |0 |Show home button and load the Start page. |
+|Enabled |1 |1 |Show home button and load the New tab page. |
+|Enabled |2 |2 |Show home button and load the custom URL defined in the Set Home Button URL policy. |
+|Enabled |3 |3 |Hide home button. |
+---
+
+>[!TIP]
+>If you want to make changes to this policy:<ol><li>Enable the **Unlock Home Button** policy.</li><li>Make changes to the **Configure Home Button** policy or **Set Home Button URL** policy.</li><li>Disable the **Unlock Home Button** policy.</li></ol>
+
+
+
+### Configuration options
+
+![Show home button and load Start page or New tab page](../images/home-button-start-new-tab-page-v4-sm.png)
+
+![Show home button and load custom URL](../images/home-buttom-custom-url-v4-sm.png)
+
+![Hide home button](../images/home-button-hide-v4-sm.png)
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Home Button
+- **GP name:** ConfigureHomeButton
+- **GP element:** ConfigureHomeButtonDropdown
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[ConfigureHomeButton](../new-policies.md#configure-home-button)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings 
+- **Value name:** ConfigureHomeButton
+- **Value type:** REG_DWORD
+
+### Related policies
+
+- [Set Home button URL](../new-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
+ 
+- [Unlock Home button](../new-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)] 
+
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-inprivate-include.md b/browsers/edge/includes/configure-inprivate-include.md
new file mode 100644
index 0000000000..c04c0d0150
--- /dev/null
+++ b/browsers/edge/includes/configure-inprivate-include.md
@@ -0,0 +1,32 @@
+## Configure InPrivate
+
+>*Supported versions: Microsoft Edge on Windows 10*<br> 
+>*Default setting:  Disabled or not configured
+
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+| | | | | |
+| | | | | |
+| | | | | |
+---
+
+### ADMX info and settings
+#### ADMX info 
+- **GP English name:** 
+- **GP name:** 
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings 
+- **MDM name:** Browser/[]()
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ 
+- **Data type:** Integer 
+ 
+#### Registry settings 
+- **Path:** HLKM\Software\Policies\Microsoft\MicrosoftEdge\ 
+- **Value name:** 
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md b/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md
new file mode 100644
index 0000000000..2c4341113c
--- /dev/null
+++ b/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md
@@ -0,0 +1,46 @@
+
+<!-- ## Configure kiosk mode
+>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
+>*Default setting:  Not configured*
+
+[!INCLUDE [configure-kiosk-mode-shortdesc](../shortdesc/configure-kiosk-mode-shortdesc.md)]
+
+For this policy to work, you must configure Microsoft Edge in assigned access; otherwise, Microsoft Edge ignores the settings in this policy. To learn more about assigned access and kiosk configuration, see [Configure kiosk and shared devices running Windows desktop editions](https://aka.ms/E489vw).
+
+### Supported values
+
+| | |
+|---|---|
+|(0) Default or not configured |<ul><li>If it’s a single app, Microsoft Edge runs InPrivate full screen for digital signage or interactive displays.</li><li>If it’s one of many apps, Microsoft Edge runs as normal.</li></ul> |
+|(1) Enabled |<ul><li>If it’s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy.<p>**_For single-app public browsing_**: If you do not configure the Configure kiosk reset after idle timeout policy and you enable this policy, Microsoft Edge kiosk resets after 5 minutes of idle time.</li><li>If it’s one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can’t customize Microsoft Edge.</li></ul> |
+---
+
+![Microsoft Edge kiosk experience](../images/microsoft-edge-kiosk-mode.png)
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure kiosk mode
+- **GP name:** ConfigureKioskMode
+- **GP element:** ConfigureKioskMode_TextBox
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[ConfigureKioskMode](../new-policies.md#configure-kiosk-mode)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\Software\Policies\Microsoft\MicrosoftEdge\KioskMode
+- **Value name:** ConfigureKioskMode
+- **Value type:** REG_SZ
+
+### Related policies
+[Configure kiosk reset after idle timeout](../new-policies.md#configure-kiosk-reset-after-idle-timeout): [!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](../shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)] 
+
+
+### Related topics
+[Deploy Microsoft Edge kiosk mode](../microsoft-edge-kiosk-mode-deploy.md): Microsoft Edge kiosk mode works with assigned access to allow IT administrators, to create a tailored browsing experience designed for kiosk devices. In this deployment guidance, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device.  You also learn about the other group policies to help you enhance the how to setup your Microsoft Edge kiosk mode experience.
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-open-edge-with-include.md b/browsers/edge/includes/configure-open-edge-with-include.md
new file mode 100644
index 0000000000..726bf48ac3
--- /dev/null
+++ b/browsers/edge/includes/configure-open-edge-with-include.md
@@ -0,0 +1,67 @@
+<!-- Configure Open Microsoft Edge With
+
+>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
+>*Default setting:  Enabled (A specific page or pages)*
+
+[!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
+
+**Version 1703 or later:**<br>If you don't want to send traffic to Microsoft, use the \<about:blank\> value, which honors both domain and non domain-joined devices when it's the only configured URL.
+
+**Version 1810:**<br>When you enable this policy (Configure Open Microsoft Edge With) and select an option, and also enable the Configure Start Pages policy, Microsoft Edge ignores the Configure Start Page policy.<p>
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |
+|---|:---:|:---:|---|
+|Not configured |Blank |Blank |If you don't configure this policy and you enable the Disable Lockdown of Start Pages policy, users can change or customize the Start page. |
+|Enabled |0 |0 |Loads the Start page. |
+|Enabled |1 |1 |Load the New tab page. |
+|Enabled |2 |2 |Load the previous pages. |
+|Enabled<br>**(default)** |3 |3 |Load a specific page or pages. |
+---
+
+>[!TIP]
+>If you want to make changes to this policy:<ol><li>Set the **Disabled Lockdown of Start Pages** policy to not configured.</li><li>Make changes to the **Configure Open Microsoft With** policy.</li><li>Enable the **Disabled Lockdown of Start Pages** policy.</li></ol>
+
+### Configuration options
+| **Configure Open Microsoft Edge With** | **Configure Start Pages** | **Disabled Lockdown of Start Pages** | **Outcome** |
+| --- | --- | --- | --- |
+| Enabled (applies to all options) | Enabled – String | Enabled (all configured start pages are editable) | Load URLs defined in the Configure Open Microsoft Edge With policy, and allow users to make changes. |
+| Disabled or not configured | Enabled – String | Enabled (any Start page configured in the Configured Start Pages policy) |  Load any start page and let users make changes .|
+| Enabled (Start page) | Enabled – String | Blank or not configured | Load Start page(s) and prevent users from making changes. |
+| Enabled (New tab page) | Enabled – String | Blank or not configured | Load New tab page and prevent users from making changes. |
+| Enabled (Previous pages) | Enabled – String | Blank or not configured | Load previously opened pages and prevent users from making changes. |
+| Enabled (A specific page or pages) | Enabled – String | Blank or not configured | Load a specific page or pages and prevent users from making changes. |
+| Enabled (A specific page or pages) | Enabled – String | Enabled (any Start page configured in Configure Start Pages policy) | Load a specific page or pages and let users make changes. |
+---
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Open Microsoft Edge With
+- **GP name:** ConfigureOpenMicrosoftEdgeWith
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[ConfigureOpenEdgeWith](../new-policies.md#configure-open-microsoft-edge-with)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureOpenEdgeWith
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
+- **Value name:** ConfigureOpenEdgeWith
+- **Value type:** REG_DWORD
+
+### Related policies
+
+- [Configure Start pages](../available-policies.md#configure-start-pages): [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
+
+- [Disable lockdown of Start pages](../available-policies.md#disable-lockdown-of-start-pages): [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
+
+
+
+
+
+---
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-password-manager-include.md b/browsers/edge/includes/configure-password-manager-include.md
new file mode 100644
index 0000000000..bf4710b123
--- /dev/null
+++ b/browsers/edge/includes/configure-password-manager-include.md
@@ -0,0 +1,39 @@
+<!-- ## Configure Password Manager -->
+>*Supported versions: Microsoft Edge on Windows 10*<br>
+>*Default setting:  Enabled (Allowed/users can change the setting)
+
+[!INCLUDE [configure-password-manager-shortdesc](../shortdesc/configure-password-manager-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Not configured |Blank |Blank |Users can choose to save and manage passwords locally. | |
+|Disabled |0 |no |Not allowed. |![Most restricted value](../images/check-gn.png) |
+|Enabled<br>**(default)** |1 |yes |Allowed. | |
+---
+
+Verify not allowed/disabled settings:
+1. In the upper-right corner of Microsoft Edge or Microsoft Edge for Windows 10 Mobile, click or tap ellipses (…).
+2. Click  **Settings** and select **View Advanced settings**.
+3. Verify the settings **Save Password** is toggled off or on and is greyed out.
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Password Manager
+- **GP name:** AllowPasswordManager
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\Software\Policies\Microsoft\MicrosoftEdge\Main 
+- **Value name:** FormSuggest Passwords
+- **Value type:** REG_SZ
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-pop-up-blocker-include.md b/browsers/edge/includes/configure-pop-up-blocker-include.md
new file mode 100644
index 0000000000..0b63fbd96e
--- /dev/null
+++ b/browsers/edge/includes/configure-pop-up-blocker-include.md
@@ -0,0 +1,34 @@
+<!-- ## Configure Pop-up Blocker -->
+>*Supported versions: Microsoft Edge on Windows 10*<br>
+>*Default setting:  Disabled (Turned off)*
+
+[!INCLUDE [configure-pop-up-blocker-shortdesc](../shortdesc/configure-pop-up-blocker-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Not configured |Blank |Blank |Users can choose to use Pop-up Blocker. | |
+|Disabled<br>**(default)** |0 |0 |Turn off Pop-up Blocker letting pop-up windows open. | |
+|Enabled |1 |1 |Turn on Pop-up Blocker stopping pop-up windows from opening. |![Most restricted value](../images/check-gn.png) |
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Pop-up Blocker
+- **GP name:** AllowPopups
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowPopups](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpopups)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPopups 
+- **Data type:** Integer
+
+### Registry
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
+- **Value name:** AllowPopups
+- **Value type:** REG_SZ
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-search-suggestions-address-bar-include.md b/browsers/edge/includes/configure-search-suggestions-address-bar-include.md
new file mode 100644
index 0000000000..5ee81ccabb
--- /dev/null
+++ b/browsers/edge/includes/configure-search-suggestions-address-bar-include.md
@@ -0,0 +1,34 @@
+<!-- ## Configure search suggestions in Address bar -->
+>*Supported versions: Microsoft Edge on Windows 10*<br>
+>*Default setting:  Not configured*
+
+[!INCLUDE [configure-search-suggestions-in-address-bar-shortdesc](../shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md)] 
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Not configured<br>**(default)** |Blank |Blank |Users can choose to see search suggestions. | |
+|Disabled |0 |0 |Prevented/not allowed. Hide the search suggestions. |![Most restricted value](../images/check-gn.png) |
+|Enabled |1 |1 |Allowed. Show the search suggestions. | |
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure search suggestions in Address bar
+- **GP name:** AllowSearchSuggestionsinAddressBar
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchSuggestionsinAddressBar
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes
+- **Value name:** ShowSearchSuggestionsGlobal
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-start-pages-include.md b/browsers/edge/includes/configure-start-pages-include.md
new file mode 100644
index 0000000000..cd0606243a
--- /dev/null
+++ b/browsers/edge/includes/configure-start-pages-include.md
@@ -0,0 +1,45 @@
+<!-- ## Configure Start Pages -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*<br>
+>*Default setting:  Blank or not configured (Load pages specified in App settings)*
+
+[!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |
+|---|:---:|:---:|---|
+|Not configured |Blank |Blank |Load the pages specified in App settings as the default Start pages. | 
+|Enabled |String |String |Enter the URLs of the pages you want to load as the Start pages, separating each page using angle brackets:<p>\<support.contoso.com\>\<support.microsoft.com\><p>**Version 1703 or later:**<br>If you do not want to send traffic to Microsoft, use the \<about:blank\> value, which honors both domain and non-domain-joined devices when it's the only configured URL.<p>**Version 1810:**<br>When you enable the Configure Open Microsoft Edge With policy with any option selected, and you enable the Configure Start Pages policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the Configure Start Pages policy.  | 
+---
+
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Start pages
+- **GP name:** HomePages
+- **GP element:** HomePagesPrompt
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages
+- **Data type:** String
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Internet Settings
+- **Value name:** ProvisionedHomePages
+- **Value type:** REG_SZ
+
+
+### Related policies
+
+- [Disable Lockdown of Start Pages](#disable-lockdown-of-start-pages-include): [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
+
+- [Configure Start Pages](#configure-start-pages-include): [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
+
+
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
new file mode 100644
index 0000000000..2baca3bc94
--- /dev/null
+++ b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
@@ -0,0 +1,40 @@
+<!-- ## Configure Windows Defender SmartScreen -->
+>*Supported versions: Microsoft Edge on Windows 10*<br>
+>*Default setting:  Enabled (Turned on)*
+
+[!INCLUDE [configure-windows-defender-smartscreen-shortdesc](../shortdesc/configure-windows-defender-smartscreen-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Not configured |Blank |Blank |Users can choose to use Windows Defender SmartScreen or not. | |
+|Disabled |0 |0 |Turned off. Do not protect users from potential threats and prevent users from turning it on. | |
+|Enabled |1 |1 |Turned on. Protect users from potential threats and prevent users from turning it off. |![Most restricted value](../images/check-gn.png) |
+---
+
+To verify Windows Defender SmartScreen is turned off (disabled):
+1. In the upper-right corner of Microsoft Edge or Microsoft Edge for Windows 10 Mobile, click or tap the ellipses (**...**).
+2. Click **Settings** and select **View Advanced Settings**.
+3. At the bottom, verify that **Help protect me from malicious sites and download with SmartScreen Filter** is greyed out.<p>![Verify that Windows Defender SmartScreen is turned off (disabled)](../images/allow-smart-screen-validation.PNG)
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Windows Defender SmartScreen
+- **GP name:** AllowSmartScreen
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen  
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter
+- **Value name:** EnabledV9
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/disable-lockdown-of-start-pages-include.md b/browsers/edge/includes/disable-lockdown-of-start-pages-include.md
new file mode 100644
index 0000000000..04803943be
--- /dev/null
+++ b/browsers/edge/includes/disable-lockdown-of-start-pages-include.md
@@ -0,0 +1,47 @@
+<!-- Disable Lockdown of Start Pages -->
+>*Supported versions: Microsoft Edge on Windows 10*<br>
+>*Default setting: Enabled (Start pages are not editable)*
+
+[!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
+ 
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Not configured |0 |0 |Lockdown Start pages configured in either the Configure Open Microsoft Edge With policy and Configure Start Pages policy. |![Most restricted value](../images/check-gn.png) |
+|Enabled |1 |1 |Unlocked. Users can make changes to all configured start pages.<p><p>When you enable this policy and define a set of URLs in the Configure Start Pages policy, Microsoft Edge uses the URLs defined in the Configure Open Microsoft Edge With policy. | |
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Disable lockdown of Start pages
+- **GP name:** DisableLockdownOfStartPages
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[DisableLockdownOfStartPages]()
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/DisableLockdownOfStartPages 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
+- **Value name:** DisableLockdownOfStartPages
+- **Value type:** REG_SZ
+
+
+
+
+
+### Related Policies
+- [Configure Start pages](../available-policies.md#configure-start-pages): [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]  
+
+- [Configure Open Microsoft Edge With](../new-policies.md#configure-open-microsoft-edge-with): [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
+
+
+### Related topics
+
+[Microsoft browser extension policy](aka.ms/browser policy)
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/do-not-prompt-client-cert-if-only-one-exists-include.md b/browsers/edge/includes/do-not-prompt-client-cert-if-only-one-exists-include.md
new file mode 100644
index 0000000000..b1fc2dd88c
--- /dev/null
+++ b/browsers/edge/includes/do-not-prompt-client-cert-if-only-one-exists-include.md
@@ -0,0 +1,31 @@
+<!-- ## Do not prompt client certificate when only one exists -->
+>*Supported versions: Microsoft Edge on Windows 10*<br>
+>*Default setting:  Disabled or not configured*
+
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+| | | | | |
+| | | | | |
+| | | | | |
+---
+
+### ADMX info and settings
+#### ADMX info 
+- **GP English name:** 
+- **GP name:** 
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings 
+- **MDM name:** Browser/[]()
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ 
+- **Data type:** Integer
+
+#### Registry settings 
+- **Path:** HLKM\Software\Policies\Microsoft\MicrosoftEdge\ 
+- **Value name:** 
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/do-not-sync-browser-settings-include.md b/browsers/edge/includes/do-not-sync-browser-settings-include.md
new file mode 100644
index 0000000000..a2cc5beeca
--- /dev/null
+++ b/browsers/edge/includes/do-not-sync-browser-settings-include.md
@@ -0,0 +1,68 @@
+<!-- ## Do not sync browser settings
+>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
+>*Default setting:  Disabled or not configured (Allowed/turned on)*
+
+[!INCLUDE [do-not-sync-browser-settings-shortdesc](../shortdesc/do-not-sync-browser-settings-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |
+|---|:---:|:---:|---|
+|Disabled or not configured<br>**(default)** |0 |0 |Allowed/turned on. The “browser” group syncs automatically between user’s devices and lets users to make changes. |
+|Enabled |2 |2 |Prevented/turned off.  The “browser” group does not use the Sync your Settings option. |
+---
+
+### Configuration options
+
+#### Sync the browser settings automatically:
+**Disable** both the Do not sync browser settings Prevent users from turning on browser syncing policies.
+
+#### Prevent syncing of browser settings and prevent users from turning it on:
+1. **Enable** the Do not sync browser settings policy.
+2. **Enable** or don’t configure this policy (Prevented/turned off).
+
+#### Prevent syncing of browser settings and give users a choice to turn on syncing:
+1. **Enable** the Do not sync browser settings policy.
+2. **Disable** this policy (Allowed/turned on).
+
+#### Syncing turned off by default but not disabled:
+1. **Enable** the Do not sync browser setting policy.
+2. Select the _Allow users to turn “browser” syncing_ option.
+
+#### Verify configuration
+To verify if syncing is turned on or off:
+1. In the upper-right corner of Microsoft Edge, click the ellipses \(**...**\).
+2. Click **Settings**.
+3. Under Account, see if the setting is toggled on or off.<p>![Verify configuration](../images/sync-settings.PNG)
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Do not sync browser settings
+- **GP name:** DoNotSyncBrowserSetting
+- **GP path:** Windows Components/Sync your settings
+- **GP ADMX file name:** SettingSync.admx
+
+#### MDM settings
+- **MDM name:** [Experience/DoNotSyncBrowserSetting](../available-policies.md#do-not-sync-browser-settings)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/DoNotSyncBrowserSetting
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\\Software\Policies\Microsoft\Windows\SettingSync
+- **Value name:** DisableWebBrowserSettingSyncUserOverride
+- **Value type:** REG_DWORD
+
+
+### Related policies
+
+[Prevent users from turning on browser syncing](../new-policies.md#prevent-users-from-turning-on-browser-syncing): [!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
+
+
+
+### Related topics
+
+[About sync setting on Microsoft Edge on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices)
+<p><p>
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/do-not-sync-include.md b/browsers/edge/includes/do-not-sync-include.md
new file mode 100644
index 0000000000..477476f826
--- /dev/null
+++ b/browsers/edge/includes/do-not-sync-include.md
@@ -0,0 +1,25 @@
+<!-- ## Do not sync -->
+>*Supported versions: Microsoft Edge on Windows 10*<br>
+>*Default setting:  Disabled or not configured (Turned on)*
+
+[!INCLUDE [do-not-sync-shortdesc](../shortdesc/do-not-sync-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |Allowed/turned on. Users can choose what to sync to their device. | |
+|Enabled |2 |2 |Prevented/turned off. Disables the Sync your Settings toggle and prevents syncing. |![Most restricted value](../images/check-gn.png) |
+---
+
+### ADMX info and settings
+| |
+|---|
+|**ADMX info**<ul><li>**GP English name:** Do not sync</li><li>**GP name:** AllowSyncMySettings</li><li>**GP path:** Windows Components/Microsoft Edge</li><li>**GP ADMX file name:** MicrosoftEdge.admx</li></ul>**MDM settings**<ul><li>**MDM name:** Experience/[AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings)</li><li>**Supported devices:** Desktop</li><li>**URI full path:** ./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings </li><li>**Data type:** Integer</li></ul>**Registry**<ul><li>**Path:** HKLM\Software\Policies\Microsoft\Windows\SettingSync</li><li>**Value name:** DisableSettingSync</li><li>**Value type:** REG_DWORD</li></ul>  |
+---
+
+### Related topics 
+[About sync setting on Microsoft Edge on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices): Learn about what settings are sync'ed.
+
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/edge-respects-applocker-lists-include.md b/browsers/edge/includes/edge-respects-applocker-lists-include.md
new file mode 100644
index 0000000000..3f6b0aa3ce
--- /dev/null
+++ b/browsers/edge/includes/edge-respects-applocker-lists-include.md
@@ -0,0 +1,22 @@
+<!-- ## Edge respects AppLocker Lists for Extensions -->
+>*Supported versions: Microsoft Edge on Windows 10*<br>
+>*Default setting:  Disabled or not configured
+
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+| | | | | |
+| | | | | |
+| | | | | |
+---
+
+### ADMX info and settings
+| | |
+|---|---|
+|ADMX info |<ul><li>**GP English name:** </li><li>**GP name:** </li><li>**GP path:** Windows Components/Microsoft Edge</li><li>**GP ADMX file name:** MicrosoftEdge.admx</li></ul> |
+|MDM settings |<ul><li>**MDM name:** Browser/[]()</li><li>**Supported devices:** Desktop and Mobile</li><li>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ </li><li>**Data type:** Integer</li></ul> |
+|Registry |<ul><li>**Path:** HLKM\Software\Policies\Microsoft\MicrosoftEdge\ </li><li>**Value name:** </li><li>**Value type:** REG_DWORD</li></ul>  |
+---
+
+
+---
\ No newline at end of file
diff --git a/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md b/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md
new file mode 100644
index 0000000000..f724a38af6
--- /dev/null
+++ b/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md
@@ -0,0 +1 @@
+[Enable your device for development](https://docs.microsoft.com/en-us/windows/uwp/get-started/enable-your-device-for-development): Developers can access special development features, along with other developer-focused settings, which makes it possible for them to develop, test, and debug apps. Learn how to configure your environment for development, the difference between Developer Mode and sideloading, and the security risks of Developer mode. 
\ No newline at end of file
diff --git a/browsers/edge/includes/keep-fav-sync-ie-edge-include.md b/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
new file mode 100644
index 0000000000..b53d665f3a
--- /dev/null
+++ b/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
@@ -0,0 +1,43 @@
+<!-- ## Keep favorites in sync between Internet Explorer and Microsoft Edge -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*<br>
+>*Default setting:  Disabled or not configured (Turned off/not syncing)*
+
+[!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |Turned off/not syncing. | |
+|Enabled |1 |1 |Turned on/syncing.  |![Most restricted value](../images/check-gn.png) |
+---
+
+### Configuration options
+### Configuration options
+| **Keep favorites in sync between IE and Microsoft Edge** | **Provision Favorites** | **Outcome** |
+| --- | --- | --- |
+| Disabled or not configured (default) | Disabled or not configured (default) | **Turned off/not syncing**. Microsoft Edge prevents users from syncing their favorites. |
+| Enabled (turned on/syncing) | Disabled or not configured (default) | **Turned on/syncing**. Syncs favorites between Internet Explorer and Microsoft Edge. |
+| Enabled (turned on/syncing) | Enabled (provision list of favorites) | **Turned off/not syncing**. Microsoft Edge prevents users from syncing their favorites. |
+| Disabled or not configured (default) | Enabled (provision list of Favorites) | **Turned on/syncing**. Syncs favorites between Internet Explorer and Microsoft Edge. |
+---
+
+### ADMX info and settings
+### ADMX info
+- **GP English name:** Keep favorites in sync between Internet Explorer and Microsoft Edge 
+- **GP name:** SyncFavoritesBetweenIEAndMicrosoftEdge
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SyncFavoritesBetweenIEAndMicrosoftEdge 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** SyncFavoritesBetweenIEAndMicrosoftEdge
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md b/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md
new file mode 100644
index 0000000000..c0590648fa
--- /dev/null
+++ b/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md
@@ -0,0 +1 @@
+[Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/en-us/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services): Learn about the network connections from Windows to Microsoft services. Also, learn about the privacy settings that affect the data shared with either Microsoft or apps and how to manage them in an enterprise. You can configure diagnostic data at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment.
\ No newline at end of file
diff --git a/browsers/edge/includes/prevent-access-about-flag-include.md b/browsers/edge/includes/prevent-access-about-flag-include.md
new file mode 100644
index 0000000000..a2f7492948
--- /dev/null
+++ b/browsers/edge/includes/prevent-access-about-flag-include.md
@@ -0,0 +1,33 @@
+<!-- ## Prevent access to the about:flags page -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1607 or later*<br>
+>*Default setting:  Disabled or not configured (Allowed)*
+
+[!INCLUDE [prevent-access-to-about-flags-page-shortdesc](../shortdesc/prevent-access-to-about-flags-page-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |Allowed. | |
+|Enabled |1 |1 |Prevents users from access the about:flags page. |![Most restricted value](../images/check-gn.png) |
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent access to the about:flags page in Microsoft Edge
+- **GP name:** PreventAccessToAboutFlagsInMicrosoftEdge
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventAccessToAboutFlagsInMicrosoftEdge 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** PreventAccessToAboutFlagsInMicrosoftEdge
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md b/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
new file mode 100644
index 0000000000..e547317eb3
--- /dev/null
+++ b/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
@@ -0,0 +1,33 @@
+<!-- ## Prevent bypassing Windows Defender SmartScreen prompts for files -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*<br>
+>*Default setting:  Disabled or not configured (Allowed/turned off)*
+
+[!INCLUDE [prevent-bypassing-windows-defender-prompts-for-files-shortdesc](../shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |Allowed/turned off. Users can ignore the warning and continue to download the unverified file(s). | |
+|Enabled |1 |1 |Prevented/turned on.  |![Most restricted value](../images/check-gn.png) |
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent bypassing Windows Defender SmartScreen prompts for files
+- **GP name:** PreventSmartScreenPromptOverrideForFiles
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter
+- **Value name:** PreventOverrideAppRepUnknown
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md b/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
new file mode 100644
index 0000000000..e57bb9f213
--- /dev/null
+++ b/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
@@ -0,0 +1,33 @@
+<!-- ## Prevent bypassing Windows Defender SmartScreen prompts for sites -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*<br>
+>*Default setting:  Disabled or not configured (Allowed/turned off)*
+
+[!INCLUDE [prevent-bypassing-windows-defender-prompts-for-sites-shortdesc](../shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |Allowed/turned off. Users can ignore the warning and continue to the site.| |
+|Enabled |1 |1 |Prevented/turned on. |![Most restricted value](../images/check-gn.png) |
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent bypassing Windows Defender SmartScreen prompts for sites 
+- **GP name:** PreventSmartscreenPromptOverride
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[PreventSmartscreenPromptOverride](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter 
+- **Value name:** PreventOverride
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/prevent-certificate-error-overrides-include.md b/browsers/edge/includes/prevent-certificate-error-overrides-include.md
new file mode 100644
index 0000000000..469a2dc632
--- /dev/null
+++ b/browsers/edge/includes/prevent-certificate-error-overrides-include.md
@@ -0,0 +1,31 @@
+<!-- ## Prevent certificate error overrides
+>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
+>*Default setting:  Disabled or not configured (Allowed/turned off)*
+
+[!INCLUDE [prevent-certificate-error-overrides-shortdesc](../shortdesc/prevent-certificate-error-overrides-shortdesc.md)]
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |Allowed/turned on. Override the security warning to sites that have SSL errors.  | |
+|Enabled |1 |1 |Prevented/turned on.  |![Most restricted value](../images/check-gn.png) |
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent certificate error overrides
+- **GP name:** PreventCertErrorOverrides
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[PreventCertErrorOverrides](../new-policies.md#prevent-certificate-error-overrides)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventCertErrorOverrides 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** Software\Policies\Microsoft\MicrosoftEdge\Internet Setting
+- **Value name:** PreventCertErrorOverrides
+- **Value type:** REG_DWORD
+
+<hr>
diff --git a/browsers/edge/includes/prevent-changes-to-favorites-include.md b/browsers/edge/includes/prevent-changes-to-favorites-include.md
new file mode 100644
index 0000000000..4bbb97f4b0
--- /dev/null
+++ b/browsers/edge/includes/prevent-changes-to-favorites-include.md
@@ -0,0 +1,33 @@
+<!-- ## Prevent changes to Favorites on Microsoft Edge -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1709 or later*<br>
+>*Default setting:  Disabled or not configured (Allowed/not locked down)*
+
+[!INCLUDE [prevent-changes-to-favorites-shortdesc](../shortdesc/prevent-changes-to-favorites-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |Allowed/not locked down.  Users can add, import, and make changes to the Favorites list. | |
+|Enabled |1 |1 |Prevented/locked down. |![Most restricted value](../images/check-gn.png) |
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent changes to Favorites on Microsoft Edge 
+- **GP name:** LockdownFavorites
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[LockdownFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/LockdownFavorites 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Favorites
+- **Value name:** LockdownFavorites
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/prevent-first-run-webpage-open-include.md b/browsers/edge/includes/prevent-first-run-webpage-open-include.md
new file mode 100644
index 0000000000..61192efbcf
--- /dev/null
+++ b/browsers/edge/includes/prevent-first-run-webpage-open-include.md
@@ -0,0 +1,33 @@
+<!-- ## Prevent the First Run webpage from opening on Microsoft Edge -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*<br>
+>*Default setting:  Disabled or not configured (Allowed)*
+
+[!INCLUDE [prevent-first-run-webpage-from-opening-shortdesc](../shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |Allowed. Microsoft Edge loads the welcome page. | |
+|Enabled |1 |1 |Prevented. |![Most restricted value](../images/check-gn.png) |
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent the First Run webpage from opening on Microsoft Edge
+- **GP name:** PreventFirstRunPage
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[PreventFirstRunPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventFirstRunPage 
+- **Data type:** Integer
+
+####Registry
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** PreventFirstRunPage
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/prevent-live-tile-pinning-start-include.md b/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
new file mode 100644
index 0000000000..6fc1c4e9e4
--- /dev/null
+++ b/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
@@ -0,0 +1,33 @@
+<!-- ## Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*<br>
+>*Default setting:  Disabled or not configured (Collected and sent)*
+
+[!INCLUDE [prevent-edge-from-gathering-live-tile-info-shortdesc](../shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |Collect and send Live Tile metadata. | |
+|Enabled |1 |1 |Not collected and sent. |![Most restricted value](../images/check-gn.png) |
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
+- **GP name:** PreventLiveTileDataCollection
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[PreventLiveTileDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventLiveTileDataCollection 
+- **Data type:** Integer
+
+#### Registry settings
+**<ul><li>**Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
+**Value name:** PreventLiveTileDataCollection
+**Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md b/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
new file mode 100644
index 0000000000..4ff1e1a4a1
--- /dev/null
+++ b/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
@@ -0,0 +1,33 @@
+<!-- ## Prevent using Localhost IP address for WebRTC -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*<br>
+>*Default setting:  Disabled or not configured (Allowed/show localhost IP addresses)*
+
+[!INCLUDE [prevent-using-localhost-ip-address-for-webrtc-shortdesc](../shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |Allowed. Shows localhost IP addresses. | |
+|Enabled |1 |1 |Prevented. |![Most restricted value](../images/check-gn.png) |
+---
+
+### ADMX info and settings
+#### ADMX info 
+- **GP English name:** Prevent using Localhost IP address for WebRTC 
+- **GP name:** HideLocalHostIPAddress 
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings 
+- **MDM name:** Browser/[PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventUsingLocalHostIPAddressForWebRTC
+- **Data type:** Integer
+
+#### Registry settings 
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** HideLocalHostIPAddress 
+- **Value type:** REG_DWORD
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
new file mode 100644
index 0000000000..1b8ba1c458
--- /dev/null
+++ b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
@@ -0,0 +1,45 @@
+<!-- ## Prevent turning off required extensions
+>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
+>*Default setting:  Disabled or not configured (Allowed)*
+
+[!INCLUDE [prevent-turning-off-required-extensions-shortdesc](../shortdesc/prevent-turning-off-required-extensions-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |Description |
+|---|---|
+|Disabled or not configured<br>**(default)** |Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored.  | 
+|Enabled |Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office Online extension prevents users from turning it off:<p><p>_Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe_ <p>After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension. | 
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent turning off required extensions
+- **GP name:** PreventTurningOffRequiredExtensions
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[PreventTurningOffRequiredExtensions](../new-policies.md#prevent-turning-off-required-extensions)
+- **Supported devices:** Desktop 
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventTurningOffRequiredExtensions 
+- **Data type:** String
+
+#### Registry settings
+- **Path:** HLKM\Software\Policies\Microsoft\MicrosoftEdge\Extensions 
+- **Value name:** PreventTurningOffRequiredExtensions
+- **Value type:** REG_SZ
+
+### Related policies
+[Allow Developer Tools](../available-policies.md#allow-developer-tools): [!INCLUDE [allow-developer-tools-shortdesc](../shortdesc/allow-developer-tools-shortdesc.md)]
+
+
+### Related topics
+
+- [Find a package family name (PFN) for per-app VPN](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn): There are two ways to find a PFN so that you can configure a per-app VPN.
+- [How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/en-us/intune/windows-store-for-business): The Microsoft Store for Business gives you a place to find and purchase apps for your organization, individually, or in volume. By connecting the store to Microsoft Intune, you can manage volume-purchased apps from the Azure portal. 
+- [How to assign apps to groups with Microsoft Intune](https://docs.microsoft.com/en-us/intune/apps-deploy): Apps can be assigned to devices whether or not they are managed by Intune. 
+- [Manage apps from the Microsoft Store for Business with System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business): Configuration Manager supports managing Microsoft Store for Business apps on both Windows 10 devices with the Configuration Manager client, and also Windows 10 devices enrolled with Microsoft Intune. 
+- [How to add Windows line-of-business (LOB) apps to Microsoft Intune](https://docs.microsoft.com/en-us/intune/lob-apps-windows): A line-of-business (LOB) app is one that you add from an app installation file. These types of apps are typically written in-house. 
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md b/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
new file mode 100644
index 0000000000..bb1ab1d431
--- /dev/null
+++ b/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
@@ -0,0 +1,46 @@
+
+<!-- Prevent users from turning on browser syncing
+>*Supported versions: Microsoft Edge on Windows 10, next major version*<br>  -->
+>*Default setting:  Enabled or not configured (Prevented/turned off)*
+
+[!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
+
+### Supported values
+|Group Policy  |MDM |Registry |Description |
+|---|:---:|:---:|---|
+|Disabled |0 |0 |Allowed/turned on. Users can sync the browser settings.  | 
+|Enabled or not configured<br>**(default)** |1 |1 |Prevented/turned off. | 
+---
+
+### Configuration options
+<!-- put the grids in a document that categorizes the policies  -->
+| **Do not sync browser settings** | **Prevent users from turning on browser syncing** | **Result** |
+| --- | --- | --- |
+| Disabled or not configured (0 default) – Turned on. Let users make changes | Disabled (0 default) | Sync browser settings automatically. |
+| Disabled or not configured (0 default) – Turned on. Let users make changes | Enabled or not configured (1) | Sync browser settings automatically. |
+| Enabled (2) – Prevented/turned off  | Disabled (0 default) | Prevent syncing of browser settings and let users choose to turn it on. |
+| Enabled (2) – Turned off | Enabled or not configured (1) | Prevent syncing of browser settings and prevents users from turning on syncing. |
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent users from turning on browser syncing
+- **GP name:** PreventUsersFromTurningOnBrowserSyncing
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Experience/[PreventUsersFromTurningOnBrowserSyncing](../new-policies.md#prevent-users-from-turning-on-browser-syncing)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/PreventUsersFromTurningOnBrowserSyncing 
+- **Data type:** String
+
+
+### Related policies
+[Do not sync browser settings](../available-policies.md#do-not-sync-browser-settings): [!INCLUDE [do-not-sync-browser-settings-shortdesc](../shortdesc/do-not-sync-browser-settings-shortdesc.md)].
+
+### Related topics
+[About sync setting on Microsoft Edge on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices)
+
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/provision-favorites-include.md b/browsers/edge/includes/provision-favorites-include.md
new file mode 100644
index 0000000000..ffa737f996
--- /dev/null
+++ b/browsers/edge/includes/provision-favorites-include.md
@@ -0,0 +1,49 @@
+<!-- ## Provision Favorites -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*<br>
+>*Default setting:  Disabled or not configured (Customizable)*
+
+[!INCLUDE [provision-favorites-shortdesc](../shortdesc/provision-favorites-shortdesc.md)]
+
+>[!IMPORTANT]
+>Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
+
+### Supported values
+
+|Group Policy  |Description |Most restricted |
+|---|---|:---:|
+|Disabled or not configured<br>**(default)** |Default list of favorites not defined in Microsoft Edge. In this case, the Favorites list is customizable, such as adding folders, or adding and removing favorites. | |
+|Enabled |Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.<p>To define a default list of favorites, do the following:<ol><li>In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.</li><li>Click **Import from another browser**, click **Export to file**, and save the file.</li><li>In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision.  Specify the URL as: <ul><li>HTTP location: "SiteList"=http://localhost:8080/URLs.html</li><li>Local network: "SiteList"="\network\shares\URLs.html"</li><li>Local file: "SiteList"=file:///c:\Users\\Documents\URLs.html</li></ul></li></ol> |![Most restricted value](../images/check-gn.png) | 
+---
+
+### Configuration options
+| **Keep favorites in sync between IE and Microsoft Edge** | **Provision Favorites** | **Results** |
+| --- | --- | --- |
+| Disabled or not configured (default) | Disabled or not configured (default) | **Turned off/not syncing**. Microsoft Edge prevents users from syncing their favorites. |
+| Enabled (turned on/syncing) | Disabled or not configured (default) | **Turned on/syncing**. Syncs favorites between Internet Explorer and Microsoft Edge. |
+| Enabled (turned on/syncing) | Enabled (provision list of favorites) | **Turned off/not syncing**. Microsoft Edge prevents users from syncing their favorites. |
+| Disabled or not configured (default) | Enabled (provision list of Favorites) | **Turned on/syncing**. Syncs favorites between Internet Explorer and Microsoft Edge. |
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Provision Favorites
+- **GP name:** ConfiguredFavorites
+- **GP element:** ConfiguredFavoritesPrompt
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[ProvisionFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ProvisionFavorites 
+- **Data type:** String
+
+#### Registry settings
+- **Path:** HLKM\Software\Policies\Microsoft\MicrosoftEdge\Favorites
+- **Value name:** ConfiguredFavorites
+- **Value type:** REG_SZ
+
+### Related policies
+[Keep favorites in sync between Internet Explorer and Microsoft Edge](../available-policies.md#keep-favorites-in-sync-between-internet-explorer-and-microsoft-edge): [!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/search-provider-discovery-shortdesc-include.md b/browsers/edge/includes/search-provider-discovery-shortdesc-include.md
new file mode 100644
index 0000000000..e550bc4e57
--- /dev/null
+++ b/browsers/edge/includes/search-provider-discovery-shortdesc-include.md
@@ -0,0 +1 @@
+[Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery): Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.
\ No newline at end of file
diff --git a/browsers/edge/includes/send-all-intranet-sites-ie-include.md b/browsers/edge/includes/send-all-intranet-sites-ie-include.md
new file mode 100644
index 0000000000..03e31b51f1
--- /dev/null
+++ b/browsers/edge/includes/send-all-intranet-sites-ie-include.md
@@ -0,0 +1,53 @@
+<!-- ## Send all intranet sites to Internet Explorer 11 -->
+>*Supported versions: Microsoft Edge on Windows 10*<br>
+>*Default setting:  Disabled or not configured*
+
+[!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../shortdesc/send-all-intranet-sites-to-ie-shortdesc.md)] 
+
+>[!TIP]
+>Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have websites or web apps that still use this technology and needs IE11 to run, you can add them to the Enterprise Mode site list, using Enterprise Mode Site List Manager. Allowed values.
+
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |All sites, including intranet sites, open in Microsoft Edge automatically. |![Most restricted value](../images/check-gn.png) |
+|Enabled |1 |1 |Only intranet sites open in Internet Explorer 11 automatically.<p>Enabling this policy automatically opens all intranet sites in IE11, even if the users have Microsoft Edge as their default browser.<ol><li>In Group Policy Editor, navigate to:<br>**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**</li><li>Click **Enabled** and then refresh the policy and then vew the affected sites in Microsoft Edge.<br><br>A message displays saying that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.</li></ol>| |
+---
+
+### Configuration options
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Send all intranet sites to Internet Explorer 11 
+- **GP name:** SendIntranetTraffictoInternetExplorer
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SendIntranetTraffictoInternetExplorer 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
+- **Value name:** SendIntranetTraffictoInternetExplorer
+- **Value type:** REG_DWORD
+
+### Related Policies
+- [Configure the Enterprise Mode Site List](../available-policies.md#configure-the-enterprise-mode-site-list): [!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../shortdesc/configure-enterprise-mode-site-list-shortdesc.md)]
+
+- [Show message when opening sites in Internet Explorer](../available-policies.md#show-message-when-opening-sites-in-internet-explorer): [!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
+
+
+### Related topics
+- [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035). Many customers depend on legacy features only available in older versions of Internet Explorer and are familiar with our Enterprise Mode tools for IE11. The Enterprise Mode has been extended to support to Microsoft Edge by opening any site specified on the Enterprise Mode Site List in IE11. IT Pros can use their existing IE11 Enterprise Mode Site List or they can create a new one specifically for Microsoft Edge. By keeping Microsoft Edge as the default browser in Windows 10 and only opening legacy line of business sites in IE11 when necessary, you can help keep newer development projects on track, using the latest web standards on Microsoft Edge. 
+
+- [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377).  Learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company.
+
+- [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager). You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/set-default-search-engine-include.md b/browsers/edge/includes/set-default-search-engine-include.md
new file mode 100644
index 0000000000..de82b057b7
--- /dev/null
+++ b/browsers/edge/includes/set-default-search-engine-include.md
@@ -0,0 +1,62 @@
+<!-- ## Set default search engine -->
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*<br>
+>*Default setting:  Not configured (Defined in App settings)*
+
+[!INCLUDE [set-default-search-engine-shortdesc](../shortdesc/set-default-search-engine-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Not configured<br>**(default)** |Blank |Blank |Microsoft Edge uses the default search engine specified in App settings. If you don't configure this policy and disable the [Allow search engine customization](#allow-search-engine-customization-include) policy, users cannot make changes. | |
+|Disabled |0 |0 |Microsoft Edge removes the policy-set search engine and uses the Microsoft Edge specified engine for the market. | |
+|Enabled |1 |1 |Microsoft Edge uses the policy-set search engine specified in the OpenSearch XML file. Users cannot change the default search engine.<p><p>Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.<p><p>If you want users to use the default Microsoft Edge settings for each market set the string to **EDGEDEFAULT**.<p><p>If you would like users to use Microsoft Bing as the default search engine set the string to **EDGEBING**. |![Most restricted value](../images/check-gn.png) |
+---
+
+### Configuration options
+
+| **Set default search engine** | **Allow search engine customization** | **Configure additional search engines** | **Outcome** |
+| --- | --- | --- | --- |
+| Not configured (default) | Disabled | Disabled or not configured (default) | Default search engine specified in App settings. Users cannot make changes. |
+| Not configured (default) | Enabled or not configured (default) | Disabled or not configured (default) | Default search engine specified in App settings. Users can make changes to the default search engine at any time. |
+| Disabled | Disabled | Disabled or not configured (default) | Users cannot add, remove, or change any of the search engines, but they can set a default search engine. |
+| Disabled | Enabled or not configured (default) | Disabled or not configured (default) | Users can add new search engines or change the default search engine, in Settings. |
+| Enabled | Disabled | Disabled or not configured (default) | Set the default search engine preventing users from making changes. |
+| Enabled | Enabled or not configured (default) | Disabled or not configured (default) | Set the default search engine and allow users to add search engines or make changes. |
+---
+
+![Set default search engine configurations](../images/set-default-search-engine-v4-sm.png)
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Set default search engine 
+- **GP name:** SetDefaultSearchEngine
+- **GP element:** SetDefaultSearchEngine_Prompt 
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** [SetDefaultSearchEngine](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine 
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HLKM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\OpenSearch
+- **Value name:** SetDefaultSearchEngine
+- **Value type:** REG_SZ
+
+### Related policies
+
+- [Configure additional search engines](../available-policies.md#configure-additional-search-engines): [!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)]
+
+- [Allow search engine customization](../available-policies.md#allow-search-engine-customization): [!INCLUDE [allow-search-engine-customization-shortdesc](../shortdesc/allow-search-engine-customization-shortdesc.md)]
+
+### Related topics
+
+- [Microsoft browser extension policy](https://docs.microsoft.com/en-us/legal/windows/agreements/microsoft-browser-extension-policy): This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**.
+
+- [Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery): Rich search integration is built into the Microsoft Edge address bar, including search suggestions, results from the web, your browsing history, and favorites. 
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/set-home-button-url-include.md b/browsers/edge/includes/set-home-button-url-include.md
new file mode 100644
index 0000000000..69cb4b2cb8
--- /dev/null
+++ b/browsers/edge/includes/set-home-button-url-include.md
@@ -0,0 +1,56 @@
+<!-- ## Set Home Button URL
+>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
+>*Default setting: Disabled or not configured (Blank)*
+
+[!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |
+|---|:---:|:---:|---|
+|Disabled or not configured<br>**(default)** |Blank |Blank |Show the home button and loads the Start page and locks down the home button to prevent users from changing what page loads. |
+|Enabled - String |String |String |A custom URL loads when clicking the home button.  You must also enable the [Configure Home Button](../new-policies.md#configure-home-button) policy and select the _Show home button & set a specific page_ option.<p>Enter a URL in string format, for example, https://www.msn.com.   |
+---
+
+### Configuration options
+
+#### Show the home button, load a custom URL, and let users make changes:
+1. **Configure Home Button:** Enable and select the _Show the home button & set a specific page_ option.
+2. **Set Home Button URL:** Enter a URL in string format, for example, https://www.bing.com. 
+3. **Unlock Home Button:** Enable to let users make changes.
+
+#### Show the home button, load a custom URL, and prevent users from making changes:
+1. **Configure Home Button:** Enable and select the _Show the home button & set a specific page_ option.
+2. **Set Home Button URL:** Enter a URL in string format, for example, https://www.bing.com.
+3. **Unlock Home Button:** Leave disabled or not configured.
+
+#### Hide the home button:
+Enable the **Configure Home Button** policy and select the _Hide home button_ option.
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Set Home Button URL
+- **GP name:** SetHomeButtonURL
+- **GP element:** SetHomeButtonURLPrompt
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[SetHomeButtonURL](../new-policies.md#set-home-button-url)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL 
+- **Data type:** String
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
+- **Value name:** ConfigureHomeButtonURL
+- **Value type:** REG_SZ
+
+### Related policies
+
+- [Configure Home Button](../new-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
+
+- [Unlock Home button](../new-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
+
+<hr>
diff --git a/browsers/edge/includes/set-new-tab-url-include.md b/browsers/edge/includes/set-new-tab-url-include.md
new file mode 100644
index 0000000000..c639ffe195
--- /dev/null
+++ b/browsers/edge/includes/set-new-tab-url-include.md
@@ -0,0 +1,40 @@
+<!-- ## Set New Tab page URL
+>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
+>*Default setting:  Disabled or not configured (Blank)*
+
+[!INCLUDE [set-new-tab-url-shortdesc](../shortdesc/set-new-tab-url-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |
+|---|:---:|:---:|---|
+|Disabled or not configured<br>**(default)** |Blank |Blank |Load the default New tab page. |
+|Enabled - String |String |String |Prevent users from changing the New tab page.<p><p>Enter a URL in string format, for example, https://www.msn.com. |
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Set New Tab page URL
+- **GP name:** SetNewTabPageURL
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[SetNewTabPageURL](../new-policies.md#set-new-tab-page-url)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL 
+- **Data type:** String
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings 
+- **Value name:** NewTabPageUR
+- **Value type:** REG_SZ
+
+
+### Related policies
+
+[Allow web content on New Tab page](../available-policies.md#allow-web-content-on-new-tab-page):  [!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../shortdesc/allow-web-content-on-new-tab-page-shortdesc.md)]
+ 
+
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/show-message-opening-sites-ie-include.md b/browsers/edge/includes/show-message-opening-sites-ie-include.md
new file mode 100644
index 0000000000..96bedad850
--- /dev/null
+++ b/browsers/edge/includes/show-message-opening-sites-ie-include.md
@@ -0,0 +1,42 @@
+<!-- ## Show message when opening sites in Internet Explorer
+>*Supported versions: Microsoft Edge on Windows 10, version 1607 and later*<br> -->
+>*Default setting:  Disabled or not configured (No additional message)*
+
+<!-- RS5 update: add option for showing interstitial page with stay in Edge link (Koch) -->
+[!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |Most restricted |
+|---|:---:|:---:|---|:---:|
+|Disabled or not configured<br>**(default)** |0 |0 |No additional message displays. |![Most restricted value](../images/check-gn.png) |
+|Enabled |1 |1 |Show an additional message stating that a site has opened in IE11. | |
+|Enabled |2 |2 |Show an additional message with a "Keep going in Microsoft Edge" link to allow users to open the site in Microsoft Edge. | |
+---
+
+### ADMX info and settings
+#### ADMX info 
+- **GP English name:** Show message when opening sites in Internet Explorer 
+- **GP name:** ShowMessageWhenOpeningSitesInInternetExplorer
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[ShowMessageWhenOpeningSitesInInternetExplorer](../new-policies.md#show-message-when-opening-sites-in-internet-explorer)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ShowMessageWhenOpeningSitesInInternetExplorer
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** ShowMessageWhenOpeningSitesInInternetExplorer
+- **Value type:** REG_DWORD
+
+### Related policies
+
+- [Configure the Enterprise Mode Site List](../available-policies.md#configure-the-enterprise-mode-site-list): [!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../shortdesc/configure-enterprise-mode-site-list-shortdesc.md)] 
+
+- [Send all intranet sites to Internet Explorer 11](../available-policies.md#send-all-intranet-sites-to-internet-explorer-11): [!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../shortdesc/send-all-intranet-sites-to-ie-shortdesc.md)]
+
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/includes/unlock-home-button-include.md b/browsers/edge/includes/unlock-home-button-include.md
new file mode 100644
index 0000000000..0e5841829f
--- /dev/null
+++ b/browsers/edge/includes/unlock-home-button-include.md
@@ -0,0 +1,40 @@
+<!-- ## Unlock Home Button
+>*Supported versions: Microsoft Edge on Windows 10, next major version*<br> -->
+>*Default setting: Disabled or not configured (Home button is locked)*
+
+[!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
+
+### Supported values
+
+|Group Policy  |MDM |Registry |Description |
+|---|:---:|:---:|---|
+|Disabled or not configured<br>**(default)** |0 |0 |Lock down the home button to prevent users from making changes to the home button settings. | 
+|Enabled |1 |1 |Let users make changes. | 
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Unlock Home Button
+- **GP name:** UnlockHomeButton
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[UnlockHomeButton](../new-policies.md#unlock-home-button)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/UnlockHomeButton
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Internet Settings
+- **Value name:** UnlockHomeButton
+- **Value type:** REG_DWORD
+
+### Related policies
+
+- [Configure Home Button](../new-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)] 
+ 
+- [Set Home button URL](../new-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
+
+
+<hr>
\ No newline at end of file
diff --git a/browsers/edge/microsoft-edge-faq.md b/browsers/edge/microsoft-edge-faq.md
index e3fb48eabf..59299f93a9 100644
--- a/browsers/edge/microsoft-edge-faq.md
+++ b/browsers/edge/microsoft-edge-faq.md
@@ -1,8 +1,8 @@
 ---
 title: Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros (Microsoft Edge for IT Pros)
 description: Answering frequently asked questions about Microsoft Edge features, integration, support, and potential problems.
-author: eross-msft
-ms.author: lizross
+author: shortpatti
+ms.author: pashort
 ms.prod: edge
 ms.mktglfcycl: general
 ms.sitesec: library
diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
new file mode 100644
index 0000000000..efc5b0ab89
--- /dev/null
+++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
@@ -0,0 +1,272 @@
+---
+description: Microsoft Edge kiosk mode works with assigned access to allow IT, administrators, to create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access.
+ms.assetid: 
+author: shortpatti
+ms.author: pashort
+ms.prod: edge
+ms.sitesec: library
+title: Deploy Microsoft Edge kiosk mode
+ms.localizationpriority: high
+ms.date: 07/18/2018 
+---
+
+# Deploy Microsoft Edge kiosk mode (Preview)
+
+>Applies to: Microsoft Edge on Windows 10 <br>
+>Preview build 17713+
+
+Microsoft Edge kiosk mode works with assigned access to let IT administrators create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access. Learn more about [Configuring kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shared-pc).
+
+When you configure Microsoft Edge kiosk mode in assigned access, you can set it up to show only a single URL in full-screen, in the case of digital/interactive signage on a single-app kiosk device. You can restrict Microsoft Edge for public browsing (on a single and multi-app kiosk device) which runs a multi-tab version of InPrivate with limited functionality. Also, you can configure a multi-app kiosk device to run a full or normal version of Microsoft Edge. 
+
+Digital/Interactive signage and public browsing protects the user’s data by running Microsoft Edge InPrivate. In single-app public browsing, there is both an idle timer and an 'End Session' button. The idle timer resets the browsing session after a specified time of user inactivity.  
+
+In this deployment guidance, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn how to setup your Microsoft Edge kiosk mode experience.
+
+
+
+## Microsoft Edge kiosk types
+Microsoft Edge kiosk mode supports **four** types, depending on how Microsoft Edge is set up in assigned access; single-app or multi-app kiosk. Learn more about [assigned access](https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/assigned-access).
+
+### Single-app kiosk
+
+When you set up Microsoft Edge kiosk mode in single-app assigned access, Microsoft Edge runs InPrivate either in full-screen or a limited multi-tab version for public browsing. For more details about setting up a single-app kiosk, see [Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education](https://docs.microsoft.com/en-us/windows/configuration/setup-kiosk-digital-signage).  
+
+The single-app Microsoft Edge kiosk mode types include:
+
+1. **Digital / Interactive signage** devices display a specific site in full-screen mode in which Microsoft Edge runs InPrivate mode. Examples of Digital signage are a rotating advertisement or menu. Examples of Interactive signage include an interactive museum display or a restaurant order/pay station.
+
+2. **Public browsing** devices run a limited multi-tab version of InPrivate and Microsoft Edge is the only app available. Users can’t minimize, close, or open new Microsoft Edge windows or customize Microsoft Edge. Users can clear browsing data, downloads and restart Microsoft Edge by clicking the “End session” button. You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy. A public library or hotel concierge desk are two examples of public browsing in single-app kiosk device. 
+
+    ![Public browsing Microsoft Edge kiosk mode on a single-app kiosk device](images/SingleApp_contosoHotel_inFrame.png)
+
+### Multi-app kiosk
+When you set up Microsoft Edge kiosk mode in multi-app assigned access, Microsoft Edge runs a limited multi-tab version of InPrivate or a normal browsing version.  For more details about running a multi-app kiosk, or fixed-purpose device, see [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps). Here you learn how to create kiosks that run more than one app and the benefits of a multi-app kiosk, or fixed-purpose device.
+
+The multi-app Microsoft Edge kiosk mode types include:
+
+3.  **Public browsing** supports browsing the internet and runs InPrivate with minimal features available. In this configuration, Microsoft Edge can be one of many apps available. Users can close and open multiple InPrivate windows. On a multi-app kiosk device, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access. You can enable Enterprise Mode to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.  Examples of public browsing include an information kiosk device at a public library or hotel concierge desk that provides access to Microsoft Edge and other app(s).
+
+    ![Public browsing Microsoft Edge kiosk mode on a multi-app kiosk device](images/Multi-app_kiosk_inFrame.png)
+
+4.  **Normal mode** mode runs a full version of Microsoft Edge, but some features may not work depending on what other apps you configured in assigned access. For example, if Internet Explorer 11 is set up in assigned access, you can enable Enterprise Mode to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support. 
+
+    ![Normal Microsoft Edge kiosk mode on a multi-app kiosk device](images/Normal_inFrame.png)
+
+## Let’s get started!
+Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Edge in assigned access. You can set up Microsoft Edge kiosk mode in assigned access using:
+
+-   **Microsoft Intune or other MDM service.** Best for setting up multiple devices as a kiosk. With this method, you configure Microsoft Edge in assigned access and configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access.
+
+    >[!NOTE]
+    >For other MDM service, check with your provider for instructions.
+
+-   **Windows PowerShell.** Best for setting up multiple devices as a kiosk. With this method, you can set up single-app or multi-app assigned access using a PowerShell script. For details, see For details, see [Set up a kiosk or digital sign using Windows PowerShell](https://docs.microsoft.com/en-us/windows/configuration/setup-kiosk-digital-signage#set-up-a-kiosk-or-digital-sign-using-windows-powershell). 
+
+-   **Windows Configuration Designer.** Best for setting up multiple kiosk devices. Download and install both the latest version of the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) and [Windows Configuration Manager](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-install-icd#install-windows-configuration-designer-1).
+
+### Prerequisites
+
+-   Microsoft Edge on Windows 10, version 1809 (Professional, Enterprise, and Education).
+
+-   Configuration and deployment service, such as Windows PowerShell, Microsoft Intune or other MDM service, or Windows Configuration Designer.  With these methods, you must have the  [AppUserModelID](https://docs.microsoft.com/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app); this does not apply to the Windows Settings method.
+
+>[!Important]
+>If you are using a local account as a kiosk account in Intune or provisioning package, make sure to sign into this account and then sign out before configuring the assigned access single-app kiosk.
+
+### Use Microsoft Intune or other MDM service
+
+With this method, you can use Microsoft Intune or other MDM services to configure Microsoft Edge kiosk mode in assigned access and how it behaves on a kiosk device.  
+
+1.  In Microsoft Intune or other MDM service, configure [AssignedAccess](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to prevent users from accessing the file system, running executables, or other apps.
+
+2.  Configure the following MDM settings to control a web browser app on the kiosk device.
+
+    |   |   |
+    |---|---|
+    | **[ConfigureKioskMode](new-policies.md#configure-kiosk-mode)**<p>![](images/icon-thin-line-computer.png) | Configure the display mode for Microsoft Edge as a kiosk app.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode<p>**Data type:**  Integer<p>**Allowed values:**<ul><li>**Single-app kiosk experience**<ul><li>**0** - Digital signage and interactive display</li><li>**1** - InPrivate Public browsing</li></ul></li><li>**Multi-app kiosk experience**<ul><li>**0** - Normal Microsoft Edge running in assigned access</li><li>**1** - InPrivate public browsing with other apps</li></ul></li></ul> |
+    | **[ConfigureKioskResetAfterIdleTimeout](new-policies.md#configure-kiosk-reset-after-idle-timeout)**<p>![](images/icon-thin-line-computer.png) | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**0** - No idle timer</li><li>**1-1440 (5 minutes is the default)** - Set reset on idle timer</li></ul>  |
+    | **[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)**<p>![](images/icon-thin-line-computer.png)  | Set one or more start pages, URLs, to load when Microsoft Edge launches.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages<p>**Data type:** String<p>**Allowed values:**<p>Enter one or more URLs, for example,<br>&nbsp;&nbsp;&nbsp;\<https://www.msn.com\>\<https:/www.bing.com\>  |
+    | **[ConfigureHomeButton](new-policies.md#configure-home-button)**<p>![](images/icon-thin-line-computer.png)  | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul>   |
+    | **[SetNewTabPageURL](new-policies.md#set-new-tab-page-url)**<p>![](images/icon-thin-line-computer.png)   | Set a custom URL for the New tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com      |
+    | **[SetHomeButtonURL](new-policies.md#set-home-button-url)**<p>![](images/icon-thin-line-computer.png)    | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com    |
+    ---
+<br>
+3.  Restart the device and sign in using the kiosk app user account.
+
+**_Congratulations!_** You’ve finished setting up a kiosk or digital signage and configuring policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service.
+
+**_Next steps._** Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
+
+### Use a provisioning package 
+
+With this method, you can use a provisioning package to configure Microsoft Edge kiosk mode in assigned access. After you set up the provisioning package for configuring Microsoft Edge in assigned access, you configure how Microsoft Edge behaves on a kiosk device. 
+
+1.  Open Windows Configuration Designer to create a provisioning package and configure Microsoft Edge in assigned access. 
+
+2.  After creating the provisioning package and configuring assigned access, and before you build the package, switch to the advanced editor.
+
+3.  Navigate to **Runtime settings \> Policies \> Browser** and set the following policies:
+
+    |   |   |
+    |---|---|
+    | **[ConfigureKioskMode](new-policies.md#configure-kiosk-mode)**<p>![](images/icon-thin-line-computer.png) | Configure the display mode for Microsoft Edge as a kiosk app.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode<p>**Data type:**  Integer<p>**Allowed values:**<ul><li>**Single-app kiosk experience**<ul><li>**0** - Digital signage and interactive display</li><li>**1** - InPrivate Public browsing</li></ul></li><li>**Multi-app kiosk experience**<ul><li>**0** - Normal Microsoft Edge running in assigned access</li><li>**1** - InPrivate public browsing with other apps</li></ul></li></ul> |
+    | **[ConfigureKioskResetAfterIdleTimeout](new-policies.md#configure-kiosk-reset-after-idle-timeout)**<p>![](images/icon-thin-line-computer.png) | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**0** - No idle timer</li><li>**1-1440 (5 minutes is the default)** - Set reset on idle timer</li></ul>  |
+    | **[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)**<p>![](images/icon-thin-line-computer.png)  | Set one or more start pages, URLs, to load when Microsoft Edge launches.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages<p>**Data type:** String<p>**Allowed values:**<p>Enter one or more URLs, for example,<br>&nbsp;&nbsp;&nbsp;\<https://www.msn.com\>\<https:/www.bing.com\>  |
+    | **[ConfigureHomeButton](new-policies.md#configure-home-button)**<p>![](images/icon-thin-line-computer.png)  | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul>   |
+    | **[SetNewTabPageURL](new-policies.md#set-new-tab-page-url)**<p>![](images/icon-thin-line-computer.png)   | Set a custom URL for the New tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com      |
+    | **[SetHomeButtonURL](new-policies.md#set-home-button-url)**<p>![](images/icon-thin-line-computer.png)    | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com    |
+    ---
+<br>
+4.  After you’ve configured the Microsoft Edge kiosk mode policies, including any of the related policies, it’s time to build the package.
+
+5.  Click **Finish**. The wizard closes taking you back to the Customizations page.
+
+6.  Apply the provisioning package to the device, which you can do during the first-run experience (out-of-box experience or OOBE) and after (runtime). For more details, see [Apply a provisioning package](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package).
+
+**_Congratulations!_** You’ve finished creating your provisioning package for Microsoft Edge kiosk mode.
+
+**_Next steps._** Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
+
+## Relevant policies
+
+Use any of the Microsoft Edge policies listed below to enhance the kiosk experience depending on the Microsoft Edge kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser).
+
+| **MDM Setting**  | **Digital /<br>Interactive signage** | **Public browsing<br>single-app** | **Public browsing<br>multi-app**   | **Normal<br>mode**   |
+|------------------|:---------:|:---------:|:---------:|:---------:|
+| [AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown)    | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [AllowAutofill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill)                                                          | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [AllowBrowser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowbrowser)                                                           | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Not supported](images/148766.png) |
+| [AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary)                                | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [AllowCookies](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowcookies)                                                           | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [AllowDeveloperTools](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools)                                                    | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack)                                                        | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png)  | ![Supported](images/148767.png)   |
+| [AllowExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowextensions)                                                        | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [AllowFlash](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash)                                                             | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun)                                                   | ![Supported](images/148767.png)<sup>2</sup>    | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [AllowFullscreen](new-policies.md#allow-fullscreen-mode)\*                                                   | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [AllowInPrivate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate)                                                         | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [AllowMicrosoftCompatibilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist)                                        | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)<sup>1</sup> | ![Supported](images/148767.png)   |
+| [AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager)                                                   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [AllowPopups](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpopups)                                                            | ![Not supported](images/148766.png) | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [AllowPrelaunch](new-policies.md#allow-prelaunch)\*                                                       | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [AllowPrinting](new-policies.md#allow-printing)\*                                                        | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [AllowSavingHistory](new-policies.md#allow-saving-history)\*                                                   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [AllowSearchEngineCustomization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization)                                         | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization)                                     | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [AllowSideloadingOfExtensions](new-policies.md#allow-sideloading-of-extensions)\*                                         | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen)                                                       | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings)                                                    | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)   |
+| [AllowTabPreloading](new-policies.md#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)\*                                                   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [AllowWebContentOnNewTabPage](available-policies.md#allow-web-content-on-new-tab-page)\*                                          | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [AlwaysEnabledBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary)                                              | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit)                                                | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines)                                       | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [ConfigureFavoritesBar](new-policies.md#configure-favorites-bar)\*                                                | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [ConfigureHomeButton](new-policies.md#configure-home-button)\*                                                  | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+|  [ConfigureKioskMode](new-policies.md#configure-kiosk-mode)\*                                                  | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+|  [ConfigureKioskResetAfterIdleTimeout](new-policies.md#configure-kiosk-reset-after-idle-timeout)\*                                 | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)     | ![Not supported](images/148766.png)    | ![Not supported](images/148766.png) |
+| [ConfigureOpenMicrosoftEdgeWith](new-policies.md#configure-open-microsoft-edge-with)\*                                       | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [ConfigureTelemetryForMicrosoft365Analytics](new-policies.md#configure-collection-of-browsing-data-for-microsoft-365-analytics)\*                           | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [DisableLockdownOfStartPages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages)                                            | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [DoNotSyncBrowserSetting](available-policies.md#do-not-sync-browser-settings)\* and [PreventUsersFromTurningOnBrowserSyncing](new-policies.md#prevent-users-from-turning-on-browser-syncing)\* | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)   |
+| [EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry)                                           | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist)                                                 | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)<sup>1</sup> | ![Supported](images/148767.png)   |
+| [FirstRunURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-firstrunurl)                                                            | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Not supported](images/148766.png) |
+| [HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)                                                              | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [LockdownFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites)                                                      | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge)                               | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [PreventCertErrorOverrides](new-policies.md#prevent-certificate-error-overrides)\*                                            | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [PreventFirstRunPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage)                                                    | ![Supported](images/148767.png) | ![Supported](images/148767.png)| ![Supported](images/148767.png)  | ![Supported](images/148767.png)   |
+| [PreventLiveTileDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection)                                          | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride)                                       | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles)                               | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [PreventTurningOffRequiredExtensions](new-policies.md#prevent-turning-off-required-extensions)\*                                  | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc)                               | ![Supported](images/148767.png)                                            | ![Supported](images/148767.png)                                            | ![Supported](images/148767.png)                                             | ![Supported](images/148767.png)   |
+| [ProvisionFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites)                                                     | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer)                                  | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)<sup>1</sup>         | ![Supported](images/148767.png)   |
+| [SetDefaultSearchEngine](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine)                                                 | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [SetHomeButtonURL](new-policies.md#set-home-button-url)\*                                                     | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [SetNewTabPageURL](new-policies.md#set-new-tab-page-url)\*                                                     | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
+| [ShowMessageWhenOpeningInteretExplorerSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer)                             | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)     | ![Supported](images/148767.png)<sup>1</sup> | ![Supported](images/148767.png)   |
+| [SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge)                                 | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)<sup>1</sup>  | ![Supported](images/148767.png)   |
+| [UnlockHomeButton](new-policies.md#unlock-home-button)\*                                                     | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [UseSharedFolderForBooks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks)                                               | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+---
+
+*\* New policy coming in the next release of Windows 10.*<p>
+*1) For multi-app assigned access, you must configure Internet Explorer 11.*<br>
+*2) For digital/interactive signage to enable Flash, set [AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) to 0.*
+
+**Legend:**<p>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ![Not supported](images/148766.png) = Not applicable or not supported <br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ![Supported](images/148767.png) = Supported
+
+
+## Related topics
+
+-  **[Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education](https://docs.microsoft.com/en-us/windows/configuration/setup-kiosk-digital-signage)**: Learn about the different methods to configuring your kiosks and digitals signs.  Also, learn about the settings you can use to lock down the kiosk for a more secure kiosk experience.
+
+-   **[Create a Kiosk Experience](https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/create-a-kiosk-image):** Learn how to set up single-function kiosk devices, such as restaurant menus, and optional features for a welcome screen or power button availability. Also, learn how to create a multi-app kiosk, or fixed-purpose device, to provide an easy-to-understand experience giving users the things they need to use.
+
+-   **[Configure a Windows 10 kiosk that runs multiple apps](https://aka.ms/Ckmq4n):** Learn how to create kiosks that run more than one app and the benefits of a multi-app kiosk, or fixed-purpose device.
+
+-   **[Kiosk apps for assigned access best practices](https://aka.ms/H1s8y4):** In Windows 10, you can use assigned access to create a kiosk device, which enables users to interact with just a single Universal Windows app. Learn about the best practices for implementing a kiosk app.
+
+-   **[Guidelines for choosing an app for assigned access (kiosk mode)](https://aka.ms/Ul7dw3):** Assigned access restricts a local standard user account on the device so that it only has access to a single-function device, like a kiosk. Learn about the guidelines for choosing a Windows app, web browsers, and securing your information. Also, learn about additional configurations required for some apps before it can work properly in assigned access.
+
+-   **[Other settings to lock down](https://docs.microsoft.com/en-us/windows/configuration/setup-kiosk-digital-signage#other-settings-to-lock-down):** Learn how to configure a more secure kiosk experience. In addition to the settings, learn how to set up **automatic logon** for your kiosk device. For example, when the kiosk device restarts, you can log back into the device manually or by setting up automatic logon.
+
+-   **[Add apps to Microsoft Intune](https://docs.microsoft.com/en-us/intune/apps-add):** Learn about and understand a few app fundamentals and requirements before adding them to Intune and making them available to your users.
+
+-   **[AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/en-us/windows/client-management/mdm/assignedaccess-csp):** The AssignedAccess configuration service provider (CSP) sets the device to run in kiosk mode. Once the CSP has executed, then the next user login associated with the kiosk mode puts the device into the kiosk mode running the application specified in the CSP configuration.
+
+-   **[Create a provisioning page for Windows 10](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package):** Learn to use Windows Configuration Designer (WCD) to create a provisioning package (.ppkg) for configuring devices running Windows 10. The WCD wizard options provide a simple interface to configure desktop, mobile, and kiosk device settings.
+
+## Known issues with RS_PRERELEASE build 17713+
+
+- When you set up Microsoft Edge kiosk mode on a single-app kiosk device you must set the “ConfigureKioskMode” policy because the default behavior is not honored. 
+    - **Expected behavior** – Microsoft Edge kiosk mode launches in full-screen mode. 
+    - **Actual behavior** – Normal Microsoft Edge launches.
+
+- When you enable or set the “Configure Favorites bar” policy to 1, the favorites bar does not show in Microsoft Edge kiosk mode. 
+    - **Expected behavior** – Microsoft Edge kiosk mode shows the favorites bar. 
+    - **Actual behavior** – The favorites bar is hidden.
+
+- Extensions should not be available in Public browsing multi-app kiosk. 
+    - **Expected behavior** – Extensions are disabled in _Settings and more_ menu. 
+    - **Actual behavior** – Extensions are accessible in _Settings and more_ menu.
+
+- Books should not be available in Public browsing multi-app kiosk. 
+    - **Expected behavior** – Books are disabled in _Settings and more_ menu. 
+    - **Actual behavior** – Books are accessible in _Settings and more_ menu.
+
+
+## Provide feedback or get support
+
+To provide feedback on Microsoft Edge kiosk mode in Feedback Hub, select **Microsoft Edge** as the  **Category**, and **All other issues** as the subcategory. 
+
+**_For multi-app kiosk only._** If you have set up the Feedback Hub in assigned access, you can you submit the feedback from the device running Microsoft Edge in kiosk mode in which you can include diagnostic logs. In the Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory.
+
+## Feature comparison of kiosk mode and kiosk browser app
+In the following table, we show you the features available in both Microsoft Edge kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access.
+
+| **Feature**   | **Microsoft Edge kiosk mode**  | **Kiosk Browser**    |
+|---------------|:----------------:|:---------------:|
+| Print support   | ![Supported](images/148767.png)   | ![Not supported](images/148766.png)   |
+| Multi-tab support    | ![Supported](images/148767.png)   | ![Not supported](images/148766.png)   |
+| Allow URL support    | ![Supported](images/148767.png) <p>*\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* | ![Supported](images/148767.png)  |
+| Block URL support    | ![Supported](images/148767.png)<p>*\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* | ![Supported](images/148767.png)     |
+| Configure Home button   | ![Supported](images/148767.png)   | ![Supported](images/148767.png)      |
+| Set Start page(s) URL    | ![Supported](images/148767.png)      | ![Supported](images/148767.png) <p>*Same as Home button URL*     |
+| Set New Tab page URL  | ![Supported](images/148767.png)    | ![Not supported](images/148766.png)   |
+| Favorites management     | ![Supported](images/148767.png)     | ![Not supported](images/148766.png) |
+| End session button    | ![Supported](images/148767.png)   | ![Supported](images/148767.png)<p>*In Intune, must create custom URI to enable. Dedicated UI configuration targeted for 1808.* |
+| Reset on inactivity  | ![Supported](images/148767.png) | ![Supported](images/148767.png)   |
+| Internet Explorer integration (Enterprise Mode site list) | ![Supported](images/148767.png)<p>*Multi-app mode only*  | ![Not supported](images/148766.png)     |
+---
+
+**\*Windows Defender Firewall**<p>
+To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both.  For more details, see [Windows Defender Firewall with Advanced Security Deployment](https://docs.microsoft.com/en-us/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide).
+
+---
\ No newline at end of file
diff --git a/browsers/edge/new-policies.md b/browsers/edge/new-policies.md
new file mode 100644
index 0000000000..89bec2907f
--- /dev/null
+++ b/browsers/edge/new-policies.md
@@ -0,0 +1,117 @@
+---
+description: Microsoft Edge now has new Group Policies and MDM Settings for IT administrators to configure Microsoft Edge. The new policies allow you to enable/disabled full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure New tab page, Home button and startup options, as well as manage extensions.
+ms.assetid: 
+author: shortpatti
+ms.author: pashort
+ms.prod: edge
+ms.mktglfcycl: explore
+ms.sitesec: library
+title: New Microsoft Edge Group Policies and MDM settings
+ms.localizationpriority: 
+ms.date: 07/19/2018 
+---
+
+# New Microsoft Edge Group Policies and MDM settings (Preview)
+
+> Applies to: Microsoft Edge on Windows 10 <br>
+> Preview build 17713+
+
+The Microsoft Edge team introduces new Group Policies and MDM Settings for the Windows 10 Insider Preview Build 17713+. The new policies allow IT administrators to enable/disable full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure New tab page, Home button and startup options, as well as manage extensions.
+
+We are discontinuing the use of the **Configure Favorites** group policy. Use the **[Provision Favorites](available-policies.md#provision-favorites)** in place of Configure Favorites. 
+
+
+
+>You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor:
+> 
+>>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;*Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\*
+<p>
+<!-- add links to the below policies -->
+
+
+| **Group Policy** | **New/update?** | **MDM Setting** | **New/update?** |
+| --- | --- | --- | --- |
+| [Allow fullscreen mode](#allow-fullscreen-mode) | New |  AllowFullscreen | New |
+| [Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed) | New | PreventTabPreloading | New |
+| [Allow Prelaunch](#allow-prelaunch) | New | AllowPrelaunch | New |
+| [Allow printing](#allow-printing) | New |  AllowPrinting | New |
+| [Allow Saving History](#allow-saving-history) | New | AllowSavingHistory | New |
+| [Allow sideloading of Extensions](#allow-sideloading-of-extensions) | New | AllowSideloadingOfExtensions | New |
+| [Allow web content on new tab page](available-policies.md#allow-web-content-on-new-tab-page) | -- | [AllowWebContentOnNewTabPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | New |
+| [Configure collection of browsing data for Microsoft 365 Analytics](#configure-collection-of-browsing-data-for-microsoft-365-analytics) | New | ConfigureTelemetryForMicrosoft365Analytics | New |
+| [Configure Favorites Bar](#configure-favorites-bar) | New | ConfigureFavoritesBar | New |
+| [Configure Home Button](#configure-home-button) | New | ConfigureHomeButton | New |
+| [Configure kiosk mode](#configure-kiosk-mode) | New |  ConfigureKioskMode | New |
+| [Configure kiosk reset after idle timeout](#configure-kiosk-reset-after-idle-timeout) | New |  ConfigureKioskResetAfterIdleTimeout | New |
+| [Configure Open Microsoft Edge With](#configure-open-microsoft-edge-with) | New | ConfigureOpenMicrosoftEdgeWith | New |
+| [Do not sync browser settings](available-policies.md#do-not-sync-browser-settings) | -- | Experience/DoNotSyncBrowserSetting  | New |
+| [Prevent certificate error overrides](#prevent-certificate-error-overrides) | New | PreventCertErrorOverrides | New |
+| [Prevent users from turning on browser syncing](#preventusersfromturningonbrowsersyncing) | New | PreventUsersFromTurningOnBrowserSyncing | New |
+| [Prevent turning off required extensions](#prevent-turning-off-required-extensions) | New | PreventTurningOffRequiredExtensions | New |
+| [Set Home button URL](#set-home-button-url) | New | SetHomeButtonURL | New |
+| [Set New Tab page URL](#set-new-tab-page-url) | New | SetNewTabPageURL | New |
+| [Show message when opening sites in Internet Explorer](#showmessagewhenopeninginteretexplorersites) | Updated | ShowMessageWhenOpeningInteretExplorerSites | Updated |
+| [Unlock Home button](#unlock-home-button) | New | UnlockHomeButton | New |
+---
+
+ 
+ <!-- RS5 policies -->
+
+## Allow fullscreen mode
+[!INCLUDE [allow-full-screen-include](includes/allow-full-screen-include.md)]
+
+## Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
+[!INCLUDE [allow-tab-preloading-include](includes/allow-tab-preloading-include.md)]
+
+## Allow Prelaunch
+[!INCLUDE [allow-prelaunch-include](includes/allow-prelaunch-include.md)]
+
+## Allow printing
+[!INCLUDE [allow-printing-include.md](includes/allow-printing-include.md)]
+
+## Allow Saving History
+[!INCLUDE [allow-saving-history-include.md](includes/allow-saving-history-include.md)]
+
+## Allow sideloading of Extensions
+[!INCLUDE [allow-sideloading-extensions-include.md](includes/allow-sideloading-extensions-include.md)]
+
+
+## Configure collection of browsing data for Microsoft 365 Analytics
+[!INCLUDE [configure-browser-telemetry-for-m365-analytics-include](includes/configure-browser-telemetry-for-m365-analytics-include.md)]
+
+## Configure Favorites Bar
+[!INCLUDE [configure-favorites-bar-include.md](includes/configure-favorites-bar-include.md)]
+
+## Configure Home Button
+[!INCLUDE [configure-home-button-include.md](includes/configure-home-button-include.md)]
+
+## Configure kiosk mode
+[!INCLUDE [configure-microsoft-edge-kiosk-mode-include.md](includes/configure-microsoft-edge-kiosk-mode-include.md)]
+
+## Configure kiosk reset after idle timeout
+[!INCLUDE [configure-edge-kiosk-reset-idle-timeout-include.md](includes/configure-edge-kiosk-reset-idle-timeout-include.md)]
+
+## Configure Open Microsoft Edge With
+[!INCLUDE [configure-open-edge-with-include.md](includes/configure-open-edge-with-include.md)]
+
+## Prevent certificate error overrides
+[!INCLUDE [prevent-certificate-error-overrides-include.md](includes/prevent-certificate-error-overrides-include.md)]
+
+## Prevent turning off required extensions
+[!INCLUDE [prevent-turning-off-required-extensions-include.md](includes/prevent-turning-off-required-extensions-include.md)]
+
+## Prevent users from turning on browser syncing
+[!INCLUDE [prevent-users-to-turn-on-browser-syncing-include](includes/prevent-users-to-turn-on-browser-syncing-include.md)]
+
+## Set Home button URL
+[!INCLUDE [set-home-button-url-include](includes/set-home-button-url-include.md)]
+
+## Set New Tab page URL
+[!INCLUDE [set-new-tab-url-include.md](includes/set-new-tab-url-include.md)]
+
+## Show message when opening sites in Internet Explorer
+[!INCLUDE [show-message-opening-sites-ie-include](includes/show-message-opening-sites-ie-include.md)]
+
+## Unlock Home button
+[!INCLUDE [unlock-home-button-include.md](includes/unlock-home-button-include.md)]
+
diff --git a/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md b/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md
new file mode 100644
index 0000000000..ab30ba7a07
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md
@@ -0,0 +1 @@
+You can configure Microsoft Edge to store books from the Books Library to a default, shared folder in Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads book files automatically to a common, shared folder, and prevents users from removing the book from the library. When disabled, Microsoft Edge does not use a shared folder but downloads book files to a folder for each user. For this policy to work properly, users must be signed in with a school or work account.  
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md b/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md
new file mode 100644
index 0000000000..4a49c8dc67
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge shows the Address bar drop-down list and makes it available by default, which takes precedence over the Configure search suggestions in Address bar policy. We recommend disabling this policy if you want to minimize network connections from Microsoft Edge to Microsoft service, which hides the functionality of the Address bar drop-down list. When you disable this policy, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md b/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md
new file mode 100644
index 0000000000..6c0c3cf0be
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md
@@ -0,0 +1 @@
+Adobe Flash is integrated with Microsoft Edge and runs Adobe Flash content by default. With this policy, you can configure Microsoft Edge to prevent Adobe Flash content from running.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md b/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md
new file mode 100644
index 0000000000..31127ca2d7
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge does not clear the browsing data on exit by default, but users can configure the _Clear browsing data_ option in Settings.  Browsing data includes information you entered in forms, passwords, and even the websites visited. With this policy, you can configure Microsoft Edge to clear the browsing data automatically each time Microsoft Edge closes.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md b/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md
new file mode 100644
index 0000000000..e5fd1dde74
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge automatically updates the configuration data for the Books library. Disabling this policy prevents Microsoft Edge from updating the configuration data. If Microsoft receives feedback about the amount of data about the Books library, the data comes as a JSON file.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-cortana-shortdesc.md b/browsers/edge/shortdesc/allow-cortana-shortdesc.md
new file mode 100644
index 0000000000..2857a93d27
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-cortana-shortdesc.md
@@ -0,0 +1 @@
+Since Microsoft Edge is integration with Cortana, Microsoft Edge allows users to use Cortana voice assistant by default. With this policy, you can configure Microsoft Edge to prevent users from using Cortana but can still search to find items on their device.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md b/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md
new file mode 100644
index 0000000000..b9bab04325
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge allows users to use the F12 developer tools to build and debug web pages by default. With this policy, you can configure Microsoft Edge to prevent users from using the F12 developer tools.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md b/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md
new file mode 100644
index 0000000000..1c11de47c0
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md
@@ -0,0 +1 @@
+By default, and depending on the device configuration, Microsoft Edge gathers basic diagnostic data about the books in the Books Library and sends it to Microsoft. Enabling this policy gathers and sends both basic and additional diagnostic data, such as usage data.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-extensions-shortdesc.md b/browsers/edge/shortdesc/allow-extensions-shortdesc.md
new file mode 100644
index 0000000000..2d1f8ec802
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-extensions-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md b/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md
new file mode 100644
index 0000000000..0ce0f11a60
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge allows full-screen mode by default, which shows only the web content and hides the Microsoft Edge UI. When allowing full-screen mode, users and extensions must have the proper permissions. Disabling this policy prevents full-screen mode in Microsoft Edge. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md b/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md
new file mode 100644
index 0000000000..75def749bb
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md
@@ -0,0 +1 @@
+By default, Microsoft Edge allows InPrivate browsing, and after closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device.  With this policy, you can configure Microsoft Edge to prevent InPrivate web browsing.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md b/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md
new file mode 100644
index 0000000000..a56056d3e9
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md
@@ -0,0 +1 @@
+During browser navigation, Microsoft Edge checks the Microsoft Compatibility List for websites with known compatibility issues. If found, users are prompted to use Internet Explorer, where the site loads and displays correctly. Periodically during browser navigation, Microsoft Edge downloads the latest version of the list and applies the updates.  With this policy, you can configure Microsoft Edge to ignore the compatibility list.  You can view the compatibility list at about:compat.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md b/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md
new file mode 100644
index 0000000000..cf14ea8715
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge pre-launches during Windows startup when the system is idle, and each time Microsoft Edge closes by default. When Microsoft Edge pre-launches, it runs as a background process waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent Microsoft Edge from pre-launching.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-printing-shortdesc.md b/browsers/edge/shortdesc/allow-printing-shortdesc.md
new file mode 100644
index 0000000000..07e8e98f42
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-printing-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge allows users to print web content by default. With this policy though, you can configure Microsoft Edge to prevent users from printing web content. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-saving-history-shortdesc.md b/browsers/edge/shortdesc/allow-saving-history-shortdesc.md
new file mode 100644
index 0000000000..bec7172c23
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-saving-history-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge saves the browsing history of visited websites and shows them in the History pane by default. Disabling this policy prevents Microsoft Edge from saving the browsing history. If browsing history existed before disabling this policy, the previous browsing history remains in the History pane.  Disabling this policy does not stop roaming of existing browsing history or browsing history from other devices.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md b/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md
new file mode 100644
index 0000000000..2b4e25a7c3
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md
@@ -0,0 +1 @@
+By default, users can add new search engines or change the default search engine, in Settings. With this policy, you can prevent users from customizing the search engine in Microsoft Edge. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md b/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md
new file mode 100644
index 0000000000..bb723ab0c6
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md
@@ -0,0 +1 @@
+By default, Microsoft Edge allows sideloading, which installs and runs unverified extensions.  Disabling this policy prevents sideloading of extensions but does not prevent sideloading using Add-AppxPackage via PowerShell.  You can only install extensions through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage).  
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md b/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md
new file mode 100644
index 0000000000..5349cf7350
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge allows preloading of the Start and New tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab.  With this policy, you can configure Microsoft Edge to prevent preloading of tabs.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md b/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md
new file mode 100644
index 0000000000..911267bdb1
--- /dev/null
+++ b/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge loads the default New tab page by default. Disabling this policy loads a blank page instead of the New tab page and prevents users from changing it. Not configuring this policy lets users choose how the New tab page appears.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/always-show-books-library-shortdesc.md b/browsers/edge/shortdesc/always-show-books-library-shortdesc.md
new file mode 100644
index 0000000000..9a382427fa
--- /dev/null
+++ b/browsers/edge/shortdesc/always-show-books-library-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy you can configure Microsoft Edge to show the Books Library regardless of the device’s country or region.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md b/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md
new file mode 100644
index 0000000000..105441a2b9
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md
@@ -0,0 +1 @@
+By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the [[Set default search engine]](../available-policies.md#set-default-search-engine) policy. With this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md b/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md
new file mode 100644
index 0000000000..c58d446834
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the **Click-to-Run** button.  Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-allow-flash-for-url-list-shortdesc.md b/browsers/edge/shortdesc/configure-allow-flash-for-url-list-shortdesc.md
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/browsers/edge/shortdesc/configure-autofill-shortdesc.md b/browsers/edge/shortdesc/configure-autofill-shortdesc.md
new file mode 100644
index 0000000000..247308fee8
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-autofill-shortdesc.md
@@ -0,0 +1 @@
+By default, users can choose to use the Autofill feature to automatically populate the form fields.  With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md b/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md
new file mode 100644
index 0000000000..6a9cce12e0
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge does not send browsing history data to Microsoft 365 Analytics by default.  With this policy though, you can configure Microsoft Edge to send intranet history only, internet history only, or both to Microsoft 365 Analytics for enterprise devices with a configured Commercial ID.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-cookies-shortdesc.md b/browsers/edge/shortdesc/configure-cookies-shortdesc.md
new file mode 100644
index 0000000000..a35c4d0f31
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-cookies-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge allows all cookies from all websites by default.  With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md b/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md
new file mode 100644
index 0000000000..d3026c51e7
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge does not send ‘Do Not Track’ requests to websites asking for tracking information, but users can choose to send tracking information to sites they visit. With this policy, you can configure Microsoft Edge to send or never send tracking information.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md b/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md
new file mode 100644
index 0000000000..80383e4f0a
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology.  If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md b/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md
new file mode 100644
index 0000000000..4536456e59
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge hides the favorites bar by default but shows the favorites bar on the Start and New tab pages. Also, by default, the favorites bar toggle, in Settings, is set to Off but enabled allowing users to make changes. With this policy, you can configure Microsoft Edge to either show or hide the favorites bar on all pages.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-favorites-shortdesc.md b/browsers/edge/shortdesc/configure-favorites-shortdesc.md
new file mode 100644
index 0000000000..d61df8e460
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-favorites-shortdesc.md
@@ -0,0 +1 @@
+Use the **[Provision Favorites](../available-policies.md#provision-favorites)** in place of Configure Favorites. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-home-button-shortdesc.md b/browsers/edge/shortdesc/configure-home-button-shortdesc.md
new file mode 100644
index 0000000000..2c132ae367
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-home-button-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the Home button to load the New tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-inprivate-shortdesc.md b/browsers/edge/shortdesc/configure-inprivate-shortdesc.md
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md b/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md
new file mode 100644
index 0000000000..a0e1cbf398
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md
@@ -0,0 +1 @@
+Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single-app or as one of many apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with limited functionality, or normal Microsoft Edge.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md b/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md
new file mode 100644
index 0000000000..4772d2d2dd
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md
@@ -0,0 +1 @@
+You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md b/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md
new file mode 100644
index 0000000000..7383d68455
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md
@@ -0,0 +1 @@
+By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allow users to make changes. With this policy, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-password-manager-shortdesc.md b/browsers/edge/shortdesc/configure-password-manager-shortdesc.md
new file mode 100644
index 0000000000..63a62cfff5
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-password-manager-shortdesc.md
@@ -0,0 +1 @@
+By default, Microsoft Edge uses Password Manager automatically, allowing users to manager passwords locally. Disabling this policy restricts Microsoft Edge from using Password Manager. Don’t configure this policy if you want to let users choose to save and manage passwords locally using Password Manager. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md b/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md
new file mode 100644
index 0000000000..e89395a2ab
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge turns off Pop-up Blocker allowing pop-up windows to appear. Enabling this policy turns on Pop-up Blocker stopping pop-up windows from appearing. Don’t configure this policy to let users choose to use Pop-up Blocker. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md b/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md
new file mode 100644
index 0000000000..e95e652f45
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md
@@ -0,0 +1 @@
+By default, users can choose to see search suggestions in the Address bar of Microsoft Edge.  Disabling this policy hides the search suggestions and enabling this policy shows the search suggestions.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-start-pages-shortdesc.md b/browsers/edge/shortdesc/configure-start-pages-shortdesc.md
new file mode 100644
index 0000000000..f027fdb17e
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-start-pages-shortdesc.md
@@ -0,0 +1 @@
+By default, Microsoft Edge loads the pages specified in App settings as the default Start pages.  With this policy, you can configure one or more Start pages when you enable this policy and enable the Configure Open Microsoft Edge With policy. Once you set the Start pages, either in this policy or Configure Open Microsoft Edge With policy, users cannot make changes. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md b/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md
new file mode 100644
index 0000000000..752f554dca
--- /dev/null
+++ b/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software by default.  Also, by default, users cannot disable (turn off) Windows Defender SmartScreen. Enabling this policy turns off Windows Defender SmartScreen and prevent users from turning it on.  Don’t configure this policy to let users choose to turn Windows defender SmartScreen on or off. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md b/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md
new file mode 100644
index 0000000000..9286227f0e
--- /dev/null
+++ b/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md
@@ -0,0 +1 @@
+By default, the Start pages configured in either the Configure Start Pages policy or Configure Open Microsoft Edge policies cannot be changed and remain locked down. Enabling this policy unlocks the Start pages, and lets users make changes to either all configured Start page or any Start page configured with the Configure Start pages policy.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md b/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md
new file mode 100644
index 0000000000..5e485a0200
--- /dev/null
+++ b/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md
@@ -0,0 +1 @@
+By default, the “browser” group syncs automatically between user’s devices and allowing users to choose to make changes.  The “browser” group uses the _Sync your Settings_ option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option.  If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/do-not-sync-shortdesc.md b/browsers/edge/shortdesc/do-not-sync-shortdesc.md
new file mode 100644
index 0000000000..1e9ac07094
--- /dev/null
+++ b/browsers/edge/shortdesc/do-not-sync-shortdesc.md
@@ -0,0 +1 @@
+By default, Microsoft Edge turns on the Sync your Settings toggle in Settings and let users choose what to sync on their device. Enabling this policy turns off and disables the Sync your Settings toggle in Settings, preventing syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md b/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
new file mode 100644
index 0000000000..71de365bde
--- /dev/null
+++ b/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
@@ -0,0 +1 @@
+By default, Microsoft Edge does not sync the user’s favorites between IE and Microsoft Edge.  Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md b/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md
new file mode 100644
index 0000000000..132291b931
--- /dev/null
+++ b/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md
@@ -0,0 +1 @@
+This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md b/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md
new file mode 100644
index 0000000000..b13677be33
--- /dev/null
+++ b/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md
@@ -0,0 +1 @@
+By default, users can access the about:flags page in Microsoft Edge, which is used to change developer settings and enable experimental features. Enabling this policy prevents users from accessing the about:flags page.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
new file mode 100644
index 0000000000..135bd4f574
--- /dev/null
+++ b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
@@ -0,0 +1 @@
+By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of unverified file(s).
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
new file mode 100644
index 0000000000..56a2ecdd15
--- /dev/null
+++ b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
@@ -0,0 +1 @@
+By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious sites, allowing them to continue to the site. With this policy though, you can configure Microsoft Edge to prevent users from bypassing the warnings, blocking them from continuing to the site.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md b/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md
new file mode 100644
index 0000000000..0d4351e0cb
--- /dev/null
+++ b/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md
@@ -0,0 +1 @@
+Web security certificates are used to ensure a site that users go to is legitimate, and in some circumstances, encrypts the data. By default, Microsoft Edge allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md b/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md
new file mode 100644
index 0000000000..195318866f
--- /dev/null
+++ b/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md
@@ -0,0 +1 @@
+By default, users can add, import, and make changes to the Favorites list in Microsoft Edge. Enabling this policy locks down the Favorites list in Microsoft Edge, preventing users from making changes. When enabled, Microsoft Edge turns off the Save a Favorite, Import settings, and context menu items, such as Create a new folder. Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md b/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md
new file mode 100644
index 0000000000..4be519322f
--- /dev/null
+++ b/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md
@@ -0,0 +1 @@
+By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a more complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users a limited experience. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md b/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md
new file mode 100644
index 0000000000..f587cc839c
--- /dev/null
+++ b/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md
@@ -0,0 +1 @@
+By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via a FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md b/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md
new file mode 100644
index 0000000000..e428d938ed
--- /dev/null
+++ b/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge allows users to uninstall extensions by default. Enabling this policy prevents users from uninstalling extensions but lets them configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. If you enabled this policy and now you want to disable it, the list of extension package family names (PFNs) defined in this policy get ignored after disabling this policy.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md b/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md
new file mode 100644
index 0000000000..1211a69dfa
--- /dev/null
+++ b/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md
@@ -0,0 +1 @@
+By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md b/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
new file mode 100644
index 0000000000..defb76bdf5
--- /dev/null
+++ b/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
@@ -0,0 +1 @@
+By default, Microsoft Edge shows localhost IP address while making calls using the WebRTC protocol. Enabling this policy hides the localhost IP addresses. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/provision-favorites-shortdesc.md b/browsers/edge/shortdesc/provision-favorites-shortdesc.md
new file mode 100644
index 0000000000..7f02b200c8
--- /dev/null
+++ b/browsers/edge/shortdesc/provision-favorites-shortdesc.md
@@ -0,0 +1 @@
+By default, users can customize the Favorites list in Microsoft Edge. With this policy though, you provision a standard list of favorites, which can include folders, to appear in the Favorites list in addition to the user’s favorites. Edge. Once you provision the Favorites list, users cannot customize it, such as adding folders for organizing, and adding or removing any of the favorites configured. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md b/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md
new file mode 100644
index 0000000000..c5684bc753
--- /dev/null
+++ b/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md b/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md
new file mode 100644
index 0000000000..296965ba86
--- /dev/null
+++ b/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md
@@ -0,0 +1 @@
+By default, all websites, including intranet sites, open in Microsoft Edge automatically.  Only enable this policy if there are known compatibility problems with Microsoft Edge.  Enabling this policy loads only intranet sites in Internet Explorer 11 automatically.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md b/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md
new file mode 100644
index 0000000000..839e07428b
--- /dev/null
+++ b/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md
@@ -0,0 +1 @@
+By default, Microsoft Edge uses the default search engine specified in App settings. In this case, users can make changes to the default search engine at any time unless the Allow search engine customization policy is disabled, which restricts users from making any changes.  Disabling this policy removes the policy-set search engine and uses the Microsoft Edge specified engine for the market. Enabling this policy uses the policy-set search engine specified in the OpenSearch XML file, prevent users from changing the default search engine. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/set-home-button-url-shortdesc.md b/browsers/edge/shortdesc/set-home-button-url-shortdesc.md
new file mode 100644
index 0000000000..80b7cf8040
--- /dev/null
+++ b/browsers/edge/shortdesc/set-home-button-url-shortdesc.md
@@ -0,0 +1 @@
+By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md b/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md
new file mode 100644
index 0000000000..35ae30c337
--- /dev/null
+++ b/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge loads the default New tab page by default. Enabling this policy lets you set a New tab page URL in Microsoft Edge, preventing users from changing it.  When you enable this policy, and you disable the Allow web content on New tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank. 
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/shortdesc-test.md b/browsers/edge/shortdesc/shortdesc-test.md
new file mode 100644
index 0000000000..2c796253ef
--- /dev/null
+++ b/browsers/edge/shortdesc/shortdesc-test.md
@@ -0,0 +1 @@
+UI settings for the home button are disabled preventing your users from making changes
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md b/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md
new file mode 100644
index 0000000000..7601ad77fc
--- /dev/null
+++ b/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md
@@ -0,0 +1 @@
+Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge.  If you want users to continue in Microsoft Edge, enable this policy to show the “Keep going in Microsoft Edge” link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/unlock-home-button-shortdesc.md b/browsers/edge/shortdesc/unlock-home-button-shortdesc.md
new file mode 100644
index 0000000000..aff697e8f0
--- /dev/null
+++ b/browsers/edge/shortdesc/unlock-home-button-shortdesc.md
@@ -0,0 +1 @@
+By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings.  When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies. 
\ No newline at end of file
diff --git a/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md b/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md
new file mode 100644
index 0000000000..72e501af4b
--- /dev/null
+++ b/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md
@@ -0,0 +1,65 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how to add employees to the Enterprise Mode Site List Portal.
+author: eross-msft
+ms.prod: ie11
+title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+# Add employees to the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+After you get the Enterprise Mode Site List Portal up and running, you must add your employees. During this process, you'll also assign roles and groups.
+
+The available roles are:
+
+- **Requester.** The primary role to assign to employees that need to access the Enterprise Mode Site List Portal. The Requester can create change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal change requests, and sign off and close personal change requests.
+
+- **App Manager.** This role is considered part of the Approvers group. The App Manager can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests.
+
+- **Group Head.** This role is considered part of the Approvers group. The Group Head can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests.
+
+- **Administrator.** The role with the highest-level rights; we recommend limiting the number of employees you grant this role. The Administrator can perform any task that can be performed by the other roles, in addition to adding employees to the portal, assigning employee roles, approving registrations to the portal, configuring portal settings (for example, determining the freeze schedule, determining the pre-production and production XML paths, and determining the attachment upload location), and using the standalone Enterprise Mode Site List Manager page.
+
+**To add an employee to the Enterprise Mode Site List Portal**
+1. Open the Enterprise Mode Site List Portal and click the **Employee Management** icon in the upper-right area of the page.
+
+   The **Employee management** page appears.
+
+2.  Click **Add a new employee**.
+
+    The **Add a new employee** page appears.
+
+3. Fill out the fields for each employee, including:
+
+   - **Email.** Add the employee's email address.
+   
+   - **Name.** This box autofills based on the email address.
+   
+   - **Role.** Pick a single role for the employee, based on the list above.
+   
+   - **Group name.** Pick the name of the employee's group. The group association also assigns a group of Approvers.
+   
+   - **Comments.** Add optional comments about the employee.
+   
+   - **Active.** Click the check box to make the employee active in the system. If you want to keep the employee in the system, but you want to prevent access, clear this check box.
+
+4. Click **Save**.
+
+**To export all employees to an Excel spreadsheet**
+1. On the **Employee management** page, click **Export to Excel**.
+
+2. Save the EnterpriseModeUsersList.xlsx file.
+
+   The Excel file includes all employees with access to the Enterprise Mode Site List Portal, including user name, email address, role, and group name.
\ No newline at end of file
diff --git a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
new file mode 100644
index 0000000000..595d31fa6f
--- /dev/null
+++ b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
@@ -0,0 +1,109 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c
+title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)
+
+**Applies to:**
+
+-   Windows 8.1
+-   Windows 7
+
+You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the **Bulk add from file** area of the Enterprise Mode Site List Manager. You can only add specific URLs, not Internet or Intranet Zones.
+
+If you want to add your websites one at a time, see Add sites to the [Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md).
+
+## Create an Enterprise Mode site list (TXT) file
+You can create and use a custom text file to add multiple sites to your Enterprise Mode site list at the same time. <p>**Important**<br>This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company.
+
+You must separate each site using commas or carriage returns. For example:
+
+```
+microsoft.com, bing.com, bing.com/images
+```
+**-OR-**
+
+```
+microsoft.com
+bing.com
+bing.com/images
+```
+
+## Create an Enterprise Mode site list (XML) file using the v.1 version of the Enterprise Mode schema
+You can create and use a custom XML file with the Enterprise Mode Site List Manager to add multiple sites to your Enterprise Mode site list at the same time. For more info about the v.1 version of the Enterprise Mode schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
+
+Each XML file must include:
+
+-   **Version number.** This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded. <p>**Important**<br>After this check, IE11 won’t look for an updated list again until you restart the browser.
+
+-   **&lt;emie&gt; tag.** This tag specifies the domains and domain paths that must be rendered using IE7 Enterprise Mode, IE8 Enterprise Mode, or the default IE11 browser environment.<p>**Important**<br>If you decide a site requires IE7 Enterprise Mode, you must add `forceCompatView=”true”` to your XML file. That code tells Enterprise Mode to check for a `DOCTYPE` tag on the specified webpage. If there is, the site renders using Windows Internet Explorer 7. If there’s no tag, the site renders using Microsoft Internet Explorer 5.
+
+-   **&lt;docMode&gt; tag.**This tag specifies the domains and domain paths that need either to appear using the specific doc mode you assigned to the site. Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
+
+### Enterprise Mode v.1 XML schema example
+The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
+
+```
+<rules version="1">
+  <emie>
+    <domain exclude="false">www.cpandl.com</domain>
+    <domain exclude="true">www.woodgrovebank.com</domain>
+    <domain exclude="false" forceCompatView="true">adatum.com</domain>
+    <domain exclude="true">contoso.com</domain>
+    <domain exclude="true">relecloud.com
+      <path exclude="false">/about</path>
+    </domain>
+    <domain exclude="false">fabrikam.com
+      <path exclude="true">/products</path>
+    </domain>
+  </emie>
+  <docMode>
+    <domain>contoso.com
+      <path docMode="7">/travel</path>
+    </domain>
+    <domain>fabrikam.com
+      <path docMode="7">/products</path>
+    </domain>
+  </docMode>
+</rules>
+```
+
+To make sure your site list is up-to-date; wait 65 seconds after opening IE and then check that the `CurrentVersion` value in the `HKEY\CURRENT\USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode\` registry key matches the version number in your file.<p>**Important**<br>If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (.
+
+## Add multiple sites to the Enterprise Mode Site List Manager (schema v.1)
+After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.1).
+
+ **To add multiple sites**
+
+1.  In the Enterprise Mode Site List Manager (schema v.1), click **Bulk add from file**.
+
+2.  Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.<p>
+Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
+
+3.  Click **OK** to close the **Bulk add sites to the list** menu.
+
+4.  On the **File** menu, click **Save to XML**, and save your file.<p>
+You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
+
+## Next steps
+After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
+
+## Related topics
+- [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
new file mode 100644
index 0000000000..c8077d0f92
--- /dev/null
+++ b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
@@ -0,0 +1,119 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2).
+author: eross-msft
+ms.prod: ie11
+ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
+title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 10/24/2017
+---
+
+
+# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+
+You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the **Bulk add from file** area of the Enterprise Mode Site List Manager (schema v.2). You can only add specific URLs, not Internet or Intranet Zones.
+
+To add your websites one at a time, see [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md).
+
+## Create an Enterprise Mode site list (TXT) file
+
+You can create and use a custom text file with the Enterprise Mode Site List Manager (schema v.2) to add multiple sites to your Enterprise Mode site list at the same time.
+
+>**Important:**<br>This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company.
+
+You must separate each site using commas or carriage returns. For example:
+
+```
+microsoft.com, bing.com, bing.com/images
+```
+**-OR-**
+
+```
+microsoft.com
+bing.com
+bing.com/images
+```
+
+## Create an Enterprise Mode site list (XML) file using the v.2 version of the Enterprise Mode schema
+
+You can create and use a custom XML file with the Enterprise Mode Site List Manager (schema v.2) to add multiple sites to your Enterprise Mode site list at the same time.
+
+Each XML file must include:
+
+-   **site-list version number**. This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded. <p>**Important**<br>After this check, IE11 won’t look for an updated list again until you restart the browser. 
+
+-   **&lt;compat-mode&gt; tag.** This tag specifies what compatibility setting are used for specific sites or domains.
+
+-   **&lt;open-in&gt; tag.** This tag specifies what browser opens for each sites or domain.
+
+### Enterprise Mode v.2 XML schema example
+
+The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
+
+```
+<site-list version="205">
+    <!--- File creation header --->
+    <created-by>
+        <tool>EnterpriseSitelistManager</tool>
+        <version>10240</version>
+        <date-created>20150728.135021</date-created>
+    </created-by>
+    <!--- Begin Site List ---> 
+    <site url="www.cpandl.com">
+        <compat-mode>IE8Enterprise</compat-mode>
+        <open-in>MSEdge</open-in>
+    </site>
+    <site url="www.cpandl.com/images">
+        <compat-mode>IE7Enterprise</compat-mode>
+        <open-in>IE11</open-in>
+    </site>
+    <site url="contoso.com">
+        <compat-mode>default</compat-mode>
+        <open-in>IE11</open-in>
+    </site>
+</site-list>
+```
+In the above example, the following is true:
+
+-   www.cpandl.com, as the main domain, must use IE8 Enterprise Mode. However, www.cpandl.com/images must use IE7 Enterprise Mode.
+
+-   contoso.com, and all of its domain paths, can use the default compatibility mode for the site.
+
+To make sure your site list is up-to-date; wait 65 seconds after opening IE and then check that the `CurrentVersion` value in the `HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode\` registry key matches the version number in your file. <p>**Important**<br>If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (schema v.2).
+
+## Add multiple sites to the Enterprise Mode Site List Manager (schema v.2)
+After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.2).
+
+ **To add multiple sites**
+
+1.  In the Enterprise Mode Site List Manager (schema v.2), click **Bulk add from file**.
+
+2.  Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.<p>
+Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
+
+3.  Click **OK** to close the **Bulk add sites to the list** menu.
+
+4.  On the **File** menu, click **Save to XML**, and save your file.<p>
+You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
+
+## Next steps
+After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
+
+## Related topics
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md)
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
new file mode 100644
index 0000000000..f6061375ab
--- /dev/null
+++ b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
@@ -0,0 +1,63 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26
+title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)
+
+**Applies to:**
+
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.<p>**Important**<br>You can only add specific URLs, not Internet or Intranet Zones.
+
+<p>**Note**<br>If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see [Add multiple sites to the Enterprise Mode site list using a file and the Windows 7 and 8.1 Enterprise Mode Site List Manager](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md).
+
+## Adding a site to your compatibility list
+You can add individual sites to your compatibility list by using the Enterprise Mode Site List Manager.
+<p>**Note**<br>If you're using the v.2 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md).
+
+ **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.1)**
+
+1.  In the Enterprise Mode Site List Manager (schema v.1), click **Add**.
+
+2.  Type the URL for the website that’s experiencing compatibility problems, like *&lt;domain&gt;.com* or *&lt;domain&gt;.com*/*&lt;path&gt;* into the **URL** box.<p>
+Don't include the `http://` or `https://` designation. The tool automatically tries both versions during validation.
+
+3.  Type any comments about the website into the **Notes about URL** box.<p>
+Administrators can only see comments while they’re in this tool.
+
+4.  Choose **IE7 Enterprise Mode**, **IE8 Enterprise Mode**, or the appropriate document mode for sites that must be rendered using the emulation of a previous version of IE, or pick **Default IE** if the site should use the latest version of IE.
+
+The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected.
+
+Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
+
+5.  Click **Save** to validate your website and to add it to the site list for your enterprise.<p>
+If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
+
+6.  On the **File** menu, go to where you want to save the file, and then click **Save to XML**.<p>
+You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
+
+## Next steps
+After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
+
+## Related topics
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
new file mode 100644
index 0000000000..eafa1921a5
--- /dev/null
+++ b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
@@ -0,0 +1,79 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
+title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+
+Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.<p>**Important**<br>You can only add specific URLs, not Internet or Intranet Zones.
+
+<p>**Note**<br>If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) topic, based on your operating system.
+
+## Adding a site to your compatibility list
+You can add individual sites to your compatibility list by using the Enterprise Mode Site List Manager.<p>
+**Note**<br>If you're using the v.1 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see [Add sites to the Enterprise Mode site list using the WEnterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md).
+
+ **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.2)**
+
+1.  In the Enterprise Mode Site List Manager (schema v.2), click **Add**.
+
+2.  Type the URL for the website that’s experiencing compatibility problems, like *&lt;domain&gt;.com* or *&lt;domain&gt;.com*/*&lt;path&gt;* into the **URL** box.<p>
+Don't include the `http://` or `https://` designation. The tool automatically tries both versions during validation.
+
+3.  Type any comments about the website into the **Notes about URL** box.<p>
+Administrators can only see comments while they’re in this tool.
+
+4.  In the **Compat Mode** box, choose one of the following:
+
+    -   **IE8Enterprise**. Loads the site in IE8 Enterprise Mode.
+
+    -   **IE7Enterprise**. Loads the site in IE7 Enterprise Mode.
+
+    -   **IE\[*x*\]**. Where \[x\] is the document mode number and the site loads in the specified document mode.
+
+    -   **Default Mode**. Loads the site using the default compatibility mode for the page.
+
+   The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected.
+   
+   Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
+
+5.  In conjunction with the compatibility mode, you'll need to use the **Open in** box to pick which browser opens the site.
+
+    -   **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee.
+
+    -   **MSEdge**. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.
+
+    -   **None**. Opens in whatever browser the employee chooses.
+
+6.  Click **Save** to validate your website and to add it to the site list for your enterprise.<p>
+If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
+
+7.  On the **File** menu, go to where you want to save the file, and then click **Save to XML**.<p>
+You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
+
+## Next steps
+After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
+
+## Related topics
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/administrative-templates-and-ie11.md b/browsers/enterprise-mode/administrative-templates-and-ie11.md
new file mode 100644
index 0000000000..8f22d23808
--- /dev/null
+++ b/browsers/enterprise-mode/administrative-templates-and-ie11.md
@@ -0,0 +1,79 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
+description: Administrative templates and Internet Explorer 11
+author: eross-msft
+ms.prod: ie11
+ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3
+title: Administrative templates and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Administrative templates and Internet Explorer 11
+
+Administrative Templates are made up of a hierarchy of policy categories and subcategories that define how your policy settings appear in the Local Group Policy Editor, including:
+
+-   What registry locations correspond to each setting.
+
+-   What value options or restrictions are associated with each setting.
+
+-   The default value for many settings.
+
+-   Text explanations about each setting and the supported version of Internet Explorer.
+
+For a conceptual overview of Administrative Templates, see [Managing Group Policy ADMX Files Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=214519).
+
+## What are Administrative Templates?
+Administrative Templates are XML-based, multi-language files that define the registry-based Group Policy settings in the Local Group Policy Editor. There are two types of Administrative Templates:
+
+-   **ADMX.** A language-neutral setup file that states the number and type of policy setting, and the location by category, as it shows up in the Local Group Policy Editor.
+
+-   **ADML.** A language-specific setup file that provides language-related information to the ADMX file. This file lets the policy setting show up in the right language in the Local Group Policy Editor. You can add new languages by adding new ADML files in the required language.
+
+## How do I store Administrative Templates?
+As an admin, you can create a central store folder on your SYSVOL directory, named **PolicyDefinitions**. For example, %*SystemRoot*%\\PolicyDefinitions. This folder provides a single, centralized storage location for your Administrative Templates (both ADMX and ADML) files, so they can be used by your domain-based Group Policy Objects (GPOs).
+<p>**Important**<br>Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see [Scenario 1: Editing the Local GPO Using ADMX Files](https://go.microsoft.com/fwlink/p/?LinkId=276810).
+
+## Administrative Templates-related Group Policy settings
+When you install Internet Explorer 11, it updates the local administrative files, Inetres.admx and Inetres.adml, both located in the **PolicyDefinitions** folder.
+<p>**Note**<br>You won't see the new policy settings if you try to view or edit your policy settings on a computer that isn't running IE11. To fix this, you can either install IE11, or you can copy the updated Inetres.admx and Inetres.adml files from another computer to the **PolicyDefinitions** folder on this computer.
+
+IE11 provides these new policy settings, which are editable in the Local Group Policy Editor, and appear in the following policy paths:
+
+-   Computer Configuration\\Administrative Templates\\Windows Components\\
+
+-   User Configuration\\Administrative Templates\\Windows Components\\
+
+
+|Catalog                                           |Description                                  |
+| ------------------------------------------------ | --------------------------------------------|
+|IE                                                |Turns standard IE configuration on and off.  |
+|Internet Explorer\Accelerators                    |Sets up and manages Accelerators.            |
+|Internet Explorer\Administrator Approved Controls |Turns ActiveX controls on and off.           |
+|Internet Explorer\Application Compatibility       |Turns the **Cut**, **Copy**, or **Paste** operations on or off. This setting also requires that `URLACTION_SCRIPT_PASTE` is set to **Prompt**.   |
+|Internet Explorer\Browser Menus                   |Shows or hides the IE menus and menu options.|
+|Internet Explorer\Corporate Settings              |Turns off whether you specify the code download path for each computer.  |
+|Internet Explorer\Delete Browsing History         |Turns the **Delete Browsing History** settings on and off.   |
+|Internet Explorer\Internet Control Panel          |Turns pages on and off in the **Internet Options** dialog box. Also turns on and off the subcategories that manage settings on the **Content**, **General**, **Security** and **Advanced** pages.      |
+|Internet Explorer\Internet Settings               |Sets up and manages the **Advanced settings**, **AutoComplete**, **Display Settings**, and **URL Encoding** options.                 |
+|Internet Explorer\Persistence Behavior            |Sets up and manages the file size limits for Internet security zones.    |
+|Internet Explorer\Privacy                         |Turns various privacy-related features on and off.         |
+|Internet Explorer\Security Features               |Turns various security-related features on and off in the browser, Windows Explorer, and other applications.                       |
+|Internet Explorer\Toolbars                        |Turns on and off the ability for users to edit toolbars in the browser. You can also set the default toolbar buttons here.               |
+|RSS Feeds                                         |Sets up and manages RSS feeds in the browser.              |
+
+
+## Editing Group Policy settings
+Regardless which tool you're using to edit your Group Policy settings, you'll need to follow one of these guides for step-by-step editing instructions:
+
+-   **If you're using the Group Policy Management Console (GPMC) or the Local Group Policy Editor.** See [Edit Administrative Template Policy Settings](https://go.microsoft.com/fwlink/p/?LinkId=214521) for step-by-step instructions about editing your Administrative Templates.
+
+-   **If you're using GPMC with Advanced Group Policy Management (AGPM).** See [Checklist: Create, Edit, and Deploy a GPO](https://go.microsoft.com/fwlink/p/?LinkId=214522) for step-by-step instructions about how to check out a GPO from the AGPM archive, edit it, and request deployment.
+
+## Related topics
+- [Administrative templates (.admx) for Windows 10 download](https://go.microsoft.com/fwlink/p/?LinkId=746579)
+- [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580)
+
diff --git a/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md b/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md
new file mode 100644
index 0000000000..24078753c7
--- /dev/null
+++ b/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md
@@ -0,0 +1,59 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
+author: eross-msft
+ms.prod: ie11
+title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+# Approve a change request using the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+After a change request is successfully submitted to the pre-defined Approver(s), employees granted the role of **App Manager**, **Group Head**, or **Administrator**, they must approve the changes.
+
+## Approve or reject a change request
+The Approvers get an email stating that a Requester successfully opened, tested, and submitted the change request to the Approvers group. The Approvers can accept or reject a change request.
+
+**To approve or reject a change request**
+1. The Approver logs onto the Enterprise Mode Site List Portal, **All Approvals** page.
+
+   The Approver can also get to the **All Approvals** page by clicking **Approvals Pending** from the left pane.
+
+2. The Approver clicks the expander arrow (**\/**) to the right side of the change request, showing the list of Approvers and the **Approve** and **Reject** buttons.
+
+3. The Approver reviews the change request, making sure it's correct. If the info is correct, the Approver clicks **Approve** to approve the change request. If the info seems incorrect, or if the app shouldn't be added to the site list, the Approver clicks **Reject**.
+
+   An email is sent to the Requester, the Approver(s) group, and the Administrator(s) group, with the updated status of the request.
+
+
+## Send a reminder to the Approver(s) group
+If the change request is sitting in the approval queue for too long, the Requester can send a reminder to the group.
+
+- From the **My Approvals** page, click the checkbox next to the name of each Approver to be reminded, and then click **Send reminder**.
+
+  An email is sent to the selected Approver(s).
+
+
+## View rejected change requests
+The original Requester, the Approver(s) group, and the Administrator(s) group can all view the rejected change request.
+
+**To view the rejected change request**
+
+- In the Enterprise Mode Site List Portal, click **Rejected** from the left pane.
+
+   All rejected change requests appear, with role assignment determining which ones are visible.
+
+
+## Next steps
+After an Approver approves the change request, it must be scheduled for inclusion in the production Enterprise Mode Site List. For the scheduling steps, see the [Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md) topic.
\ No newline at end of file
diff --git a/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md
new file mode 100644
index 0000000000..cf0a576c0e
--- /dev/null
+++ b/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md
@@ -0,0 +1,49 @@
+---
+title: Check for a new Enterprise Mode site list xml file (Internet Explorer 11 for IT Pros)
+description: You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode.
+ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df
+ms.prod: ie11
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+ms.sitesec: library
+author: eross-msft
+ms.author: lizross
+ms.date: 08/14/2017
+ms.localizationpriority: low
+---
+
+
+# Check for a new Enterprise Mode site list xml file
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode. You can add and remove sites from your XML list as frequently as you want, changing which sites should render in Enterprise Mode for your employees. For information about turning on Enterprise Mode and using site lists, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
+
+The information in this topic only covers HTTPS protocol. We strongly recommend that you use HTTPS protocol instead of file protocol due to increased performance.
+
+**How Internet Explorer 11 looks for an updated site list**
+
+1.  Internet Explorer starts up and looks for an updated site list in the following places:
+
+    1.  **In the cache container.** IE first checks the cache container to see if it finds your XML site list.
+
+    2.  **In the local cache.** If there’s nothing in the cache container, IE checks your local cache for the site list.
+
+    3.  **On the server.** Based on standard IE caching rules, IE might look for a copy of your site list in the location you put specified in the **SiteList** value of the registry.
+
+2.  If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.<p>**Note**<br>If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.
+
+     
+
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
new file mode 100644
index 0000000000..ff584c1c9d
--- /dev/null
+++ b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
@@ -0,0 +1,479 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
+title: Collect data using Enterprise Site Discovery
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+# Collect data using Enterprise Site Discovery
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7 with Service Pack 1 (SP1)
+
+Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades.
+
+>**Upgrade Analytics and Windows upgrades**<br>
+>You can use Upgrade Analytics to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Analytics to review several site discovery reports. Check out Upgrade Analytics from [here](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-analytics-get-started).
+
+
+## Before you begin
+Before you start, you need to make sure you have the following:
+
+-   Latest cumulative security update (for all supported versions of Internet Explorer):
+
+    1.  Go to the [Microsoft Security Bulletin](https://go.microsoft.com/fwlink/p/?LinkID=718223) page, and change the filter to **Windows Internet Explorer 11**.
+
+        ![microsoft security bulletin techcenter](images/securitybulletin-filter.png)
+
+    2.  Click the title of the latest cumulative security update, and then scroll down to the **Affected software** table.
+
+        ![affected software section](images/affectedsoftware.png)
+
+    3.  Click the link that represents both your operating system version and Internet Explorer 11, and then follow the instructions in the **How to get this update** section.
+
+-   [Setup and configuration package](https://go.microsoft.com/fwlink/p/?LinkId=517719), including:
+
+    -   Configuration-related PowerShell scripts
+
+    -   IETelemetry.mof file
+
+    -   Sample System Center 2012 report templates
+
+        You must use System Center 2012 R2 Configuration Manager or later for these samples to work.
+
+Both the PowerShell script and the Managed Object Format (.MOF) file need to be copied to the same location on the client device, before you run the scripts.
+
+## What data is collected?
+Data is collected on the configuration characteristics of IE and the sites it browses, as shown here.
+
+|Data point              |IE11 |IE10 |IE9  |IE8  |Description                                                             |
+|------------------------|-----|-----|-----|-----|------------------------------------------------------------------------|
+|URL                     |  X  |  X  |  X  |  X  |URL of the browsed site, including any parameters included in the URL.  |
+|Domain                  |  X  |  X  |  X  |  X  |Top-level domain of the browsed site.                                   |
+|ActiveX GUID            |  X  |  X  |  X  |  X  |GUID of the ActiveX controls loaded by the site.                        |
+|Document mode           |  X  |  X  |  X  |  X  |Document mode used by IE for a site, based on page characteristics.     |
+|Document mode reason    |  X  |  X  |     |     |The reason why a document mode was set by IE.                           |
+|Browser state reason    |  X  |  X  |     |     |Additional information about why the browser is in its current state. Also called, browser mode.           |
+|Hang count              |  X  |  X  |  X  |  X  |Number of visits to the URL when the browser hung.                      |
+|Crash count             |  X  |  X  |  X  |  X  |Number of visits to the URL when the browser crashed.                   |
+|Most recent navigation failure (and count) |  X  |  X  |  X  |  X  |Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened.  |
+|Number of visits        |  X  |  X  |  X  |  X  |Number of times a site has been visited.                                |
+|Zone                    |  X  |  X  |  X  |  X  |Zone used by IE to browse sites, based on browser settings.             |
+
+
+>**Important**<br>By default, IE doesn’t collect this data; you have to turn this feature on if you want to use it. After you turn on this feature, data is collected on all sites visited by IE, except during InPrivate sessions. Additionally, the data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
+
+### Understanding the returned reason codes
+The following tables provide more info about the Document mode reason, Browser state reason, and the Zone codes that are returned as part of your data collection.
+
+#### DocMode reason
+The codes in this table can tell you what document mode was set by IE for a webpage.<br>These codes only apply to Internet Explorer 10 and Internet Explorer 11.
+
+|Code |Description |
+|-----|------------|
+|3 |Page state is set by the `FEATURE_DOCUMENT_COMPATIBLE_MODE` feature control key.|
+|4 |Page is using an X-UA-compatible meta tag. |
+|5 |Page is using an X-UA-compatible HTTP header. |
+|6 |Page appears on an active **Compatibility View** list. |
+|7 |Page is using native XML parsing. |
+|8 |Page is using a special Quirks Mode Emulation (QME) mode that uses the modern layout engine, but the quirks behavior of Internet Explorer 5. |
+|9 |Page state is set by the browser mode and the page's DOCTYPE.|
+
+#### Browser state reason
+The codes in this table can tell you why the browser is in its current state. Also called “browser mode”.<br>These codes only apply to Internet Explorer 10 and Internet Explorer 11.
+
+|Code |Description |
+|-----|------------|
+|1 |Site is on the intranet, with the **Display intranet sites in Compatibility View** box checked. |
+|2 |Site appears on an active **Compatibility View** list, created in Group Policy. |
+|3 |Site appears on an active **Compatibility View** list, created by the user. |
+|4 |Page is using an X-UA-compatible tag. |
+|5 |Page state is set by the **Developer** toolbar. |
+|6 |Page state is set by the `FEATURE_BROWSER_EMULATION` feature control key. |
+|7 |Site appears on the Microsoft **Compatibility View (CV)** list. |
+|8 |Site appears on the **Quirks** list, created in Group Policy. |
+|11 |Site is using the default browser. |
+
+#### Zone
+The codes in this table can tell you what zone is being used by IE to browse sites, based on browser settings.<br>These codes apply to Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.
+
+|Code |Description |
+|-----|------------|
+|-1 |Internet Explorer is using an invalid zone. |
+|0 |Internet Explorer is using the Local machine zone. |
+|1 |Internet Explorer is using the Local intranet zone. |
+|2 |Internet Explorer is using the Trusted sites zone. |
+|3 |Internet Explorer is using the Internet zone. |
+|4 |Internet Explorer is using the Restricted sites zone. |
+
+## Where is the data stored and how do I collect it?
+The data is stored locally, in an industry-standard WMI class, .MOF file or in an XML file, depending on your configuration. This file remains on the client computer until it’s collected. To collect the files, we recommend:
+
+-   **WMI file**. Use Microsoft Configuration Manager or any agent that can read the contents of a WMI class on your computer.
+
+-   **XML file**. Any agent that works with XML can be used.
+
+## WMI Site Discovery suggestions
+We recommend that you collect your data for at most a month at a time, to capture a user’s typical workflow. We don’t recommend collecting data longer than that because the data is stored in a WMI provider and can fill up your computer’s hard drive. You may also want to collect data only for pilot users or a representative sample of people, instead of turning this feature on for everyone in your company.
+
+On average, a website generates about 250bytes of data for each visit, causing only a minor impact to Internet Explorer’s performance. Over the course of a month, collecting data from 20 sites per day from 1,000 users, you’ll get about 150MB of data:<p>250 bytes (per site visit) X 20 sites/day X 30 days = (approximately) 150KB X 1000 users = (approximately) 150MB 
+
+>**Important**<br>The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
+
+## Getting ready to use Enterprise Site Discovery
+Before you can start to collect your data, you must run the provided PowerShell script (IETelemetrySetUp.ps1) on your client devices to start generating the site discovery data and to set up a place to store this data locally. Then, you must start collecting the site discovery data from the client devices, using one of these three options:
+
+- Collect your hardware inventory using the MOF Editor, while connecting to a client device.<p>
+-OR-
+- Collect your hardware inventory using the MOF Editor with a .MOF import file.<p>
+-OR-
+- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+
+### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges
+You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
+
+>**Important**<br>You must run this script if you’re using WMI as your data output. It's not necessary if you're using XML as your data output.
+
+**To set up Enterprise Site Discovery**
+
+- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
+
+### WMI only: Set up your firewall for WMI data
+If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps:
+
+**To set up your firewall**
+
+1.	In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
+
+2.	In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
+
+3.	Restart your computer to start collecting your WMI data.
+
+## Use PowerShell to finish setting up Enterprise Site Discovery
+You can determine which zones or domains are used for data collection, using PowerShell. If you don’t want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery).
+
+>**Important**<br>The .ps1 file updates turn on Enterprise Site Discovery and WMI collection for all users on a device.
+
+- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process.
+
+- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process.
+
+**To set up data collection using a domain allow list**
+ 
+ - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
+ 
+    >**Important**<br>Wildcards, like \*.microsoft.com, aren’t supported.
+
+**To set up data collection using a zone allow list**
+ 
+ - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
+ 
+    >**Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
+
+## Use Group Policy to finish setting up Enterprise Site Discovery
+You can use Group Policy to finish setting up Enterprise Site Discovery. If you don’t want to use Group Policy, you can do this using PowerShell. For more info, see [Use Powershell to finish setting up Enterprise Site Discovery](#use-powershell-to-finish-setting-up-enterprise-site-discovery).
+
+>**Note**<br> All of the Group Policy settings can be used individually or as a group.
+
+ **To set up Enterprise Site Discovery using Group Policy**
+
+-   Open your Group Policy editor, and go to these new settings:
+
+    |Setting name and location  |Description  |Options  |
+    |---------------------------|-------------|---------|
+    |Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output |Writes collected data to a WMI class, which can be aggregated using a client-management solution like Configuration Manager. |<ul><li>**On.** Turns on WMI recording.</li><li>**Off.** Turns off WMI recording.</li></ul> |
+    |Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output |Writes collected data to an XML file, which is stored in your specified location. |<ul><li>**XML file path.** Including this turns on XML recording.</li><li>**Blank.** Turns off XML recording.</li></ul> |
+    |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by Zone |Manages which zone can collect data. |To specify which zones can collect data, you must include a binary number that represents your selected zones, based on this order:<p>0 – Restricted Sites zone<br>0 – Internet zone<br>0 – Trusted Sites zone<br>0 – Local Intranet zone<br>0 – Local Machine zone<p>**Example 1:** Include only the Local Intranet zone<p>Binary representation: *00010*, based on:<p>0 – Restricted Sites zone<br>0 – Internet zone<br>0 – Trusted Sites zone<br>1 – Local Intranet zone<br>0 – Local Machine zone<p>**Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones<p>Binary representation: *10110*, based on:<p>1 – Restricted Sites zone<br>0 – Internet zone<br>1 – Trusted Sites zone<br>1 – Local Intranet zone<br>1 – Local Machine zone |
+    |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by domain |Manages which domains can collect data |To specify which domains can collect data, you must include your selected domains, one domain per line, in the provided box. It should look like:<p>microsoft.sharepoint.com<br>outlook.com<br>onedrive.com<br>timecard.contoso.com<br>LOBApp.contoso.com |
+
+### Combining WMI and XML Group Policy settings
+You can use both the WMI and XML settings individually or together:
+
+**To turn off Enterprise Site Discovery**
+<table>
+    <tr>
+        <th>Setting name</th>
+        <th>Option</th>
+    </tr>
+    <tr>
+        <td>Turn on Site Discovery WMI output</td>
+        <td>Off</td>
+    </tr>
+        <tr>
+        <td>Turn on Site Discovery XML output</td>
+        <td>Blank</td>
+    </tr>
+</table>
+
+**Turn on WMI recording only**
+<table>
+    <tr>
+        <th>Setting name</th>
+        <th>Option</th>
+    </tr>
+    <tr>
+        <td>Turn on Site Discovery WMI output</td>
+        <td>On</td>
+    </tr>
+        <tr>
+        <td>Turn on Site Discovery XML output</td>
+        <td>Blank</td>
+    </tr>
+</table>
+
+**To turn on XML recording only**
+<table>
+    <tr>
+        <th>Setting name</th>
+        <th>Option</th>
+    </tr>
+    <tr>
+        <td>Turn on Site Discovery WMI output</td>
+        <td>Off</td>
+    </tr>
+        <tr>
+        <td>Turn on Site Discovery XML output</td>
+        <td>XML file path</td>
+    </tr>
+</table>
+ 
+**To turn on both WMI and XML recording**
+<table>
+    <tr>
+        <th>Setting name</th>
+        <th>Option</th>
+    </tr>
+    <tr>
+        <td>Turn on Site Discovery WMI output</td>
+        <td>On</td>
+    </tr>
+        <tr>
+        <td>Turn on Site Discovery XML output</td>
+        <td>XML file path</td>
+    </tr>
+</table>
+
+## Use Configuration Manager to collect your data
+After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options:
+
+- Collect your hardware inventory using the MOF Editor, while connecting to a client device.<p>
+-OR-
+- Collect your hardware inventory using the MOF Editor with a .MOF import file.<p>
+-OR-
+- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+
+### Collect your hardware inventory using the MOF Editor while connected to a client device
+You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices.
+
+ **To collect your inventory**
+
+1.  From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
+
+    ![Configuration Manager, showing the hardware inventory settings for client computers](images/configmgrhardwareinventory.png)
+
+2.  Click **Add**, click **Connect**, and connect to a computer that has completed the setup process and has already existing classes.
+
+3.  Change the **WMI Namespace** to `root\cimv2\IETelemetry`, and click **Connect**.
+
+    ![Configuration Manager, with the Connect to Windows Management Instrumentation (WMI) box](images/ie11-inventory-addclassconnectscreen.png)
+
+4.  Select the check boxes next to the following classes, and then click **OK**:
+
+    -   IESystemInfo
+
+    -   IEURLInfo
+
+    -   IECountInfo
+
+5.  Click **OK** to close the default windows.<br>
+Your environment is now ready to collect your hardware inventory and review the sample reports.
+
+### Collect your hardware inventory using the MOF Editor with a .MOF import file
+You can collect your hardware inventory using the MOF Editor and a .MOF import file.
+
+ **To collect your inventory**
+
+1.  From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
+
+2.  Click **Import**, choose the MOF file from the downloaded package we provided, and click **Open**.
+
+3.  Pick the inventory items to install, and then click **Import**.
+
+4.  Click **OK** to close the default windows.<br>
+Your environment is now ready to collect your hardware inventory and review the sample reports.
+
+### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
+
+**To collect your inventory**
+
+1.  Using a text editor like Notepad, open the SMS\DEF.MOF file, located in your `<configmanager_install_location>\inboxes\clifiles.src\hinv` directory.
+
+2.  Add this text to the end of the file:
+
+    ``` 
+    [SMS_Report     (TRUE),
+     SMS_Group_Name ("IESystemInfo"),
+     SMS_Class_ID   ("MICROSOFT|IESystemInfo|1.0"),
+     Namespace      ("root\\\\cimv2\\\\IETelemetry")  ]
+    Class IESystemInfo: SMS_Class_Template
+    {
+        [SMS_Report (TRUE), Key  ]
+            String SystemKey;
+        [SMS_Report (TRUE)       ]
+            String IEVer;
+    };
+
+    [SMS_Report     (TRUE),
+     SMS_Group_Name ("IEURLInfo"),
+     SMS_Class_ID   ("MICROSOFT|IEURLInfo|1.0"),
+     Namespace      ("root\\\\cimv2\\\\IETelemetry")  ]
+    Class IEURLInfo: SMS_Class_Template
+    {
+        [SMS_Report (TRUE), Key  ]
+            String URL;
+        [SMS_Report (TRUE)       ]
+            String Domain;
+        [SMS_Report (TRUE)       ]
+            UInt32 DocMode;
+        [SMS_Report (TRUE)       ]
+            UInt32 DocModeReason;
+        [SMS_Report (TRUE)       ]
+            UInt32 Zone;
+        [SMS_Report (TRUE)       ]
+            UInt32 BrowserStateReason;
+        [SMS_Report (TRUE)       ]
+            String ActiveXGUID[];
+        [SMS_Report (TRUE)       ]
+            UInt32 CrashCount;
+        [SMS_Report (TRUE)       ]
+            UInt32 HangCount;
+        [SMS_Report (TRUE)       ]
+            UInt32 NavigationFailureCount;
+        [SMS_Report (TRUE)       ]
+            UInt32 NumberOfVisits;
+        [SMS_Report (TRUE)       ]
+            UInt32 MostRecentNavigationFailure;
+    };
+
+    [SMS_Report     (TRUE),
+     SMS_Group_Name ("IECountInfo"),
+     SMS_Class_ID   ("MICROSOFT|IECountInfo|1.0"),
+     Namespace      ("root\\\\cimv2\\\\IETelemetry")  ]
+    Class IECountInfo: SMS_Class_Template
+    {
+        [SMS_Report (TRUE), Key  ]
+            String CountKey;
+        [SMS_Report (TRUE)       ]
+            UInt32 CrashCount;
+        [SMS_Report (TRUE)       ]
+            UInt32 HangCount;
+        [SMS_Report (TRUE)       ]
+            UInt32 NavigationFailureCount;
+    };
+    ```
+
+3.  Save the file and close it to the same location.
+    Your environment is now ready to collect your hardware inventory and review the sample reports.
+
+## View the sample reports with your collected data
+The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
+
+### SCCM Report Sample – ActiveX.rdl
+Gives you a list of all of the ActiveX-related sites visited by the client computer.
+
+![ActiveX.rdl report, lists all ActiveX-related sites visited by the client computer](images/configmgractivexreport.png)
+
+### SCCM Report Sample – Site Discovery.rdl
+Gives you a list of all of the sites visited by the client computer.
+
+![Site Discovery.rdl report, lists all websites visited by the client computer](images/ie-site-discovery-sample-report.png)
+
+## View the collected XML data
+After the XML files are created, you can use your own solutions to extract and parse the data. The data will look like:
+
+``` xml
+<IETelemetry>
+     <IECountInfo>
+          <CrashCount>[dword]</CrashCount>
+          <HangCount>[dword]</HangCount>
+          <NavigationFailureCount>[dword]</NavigationFailureCount>
+     </IECountInfo>
+     <IEURLInfo>
+          <URL>[string]</URL>
+          <ActiveXGUID>
+               <GUID>[guid]</GUID>
+          </ActiveXGUID>
+          <DocModeReason>[dword]</DocModeReason>
+          <DocMode>[dword]</DocMode>
+          <NumberOfVisits>[dword]</NumberOfVisits>
+          <BrowserStateReason>[dword]</BrowserStateReason>
+          <Zone>[dword]</Zone>
+          <CrashCount>[dword]</CrashCount>
+          <HangCount>[dword]</HangCount>
+          <NavigationFailureCount>[dword]</NavigationFailureCount>
+          <Domain>[string]</Domain>
+          <MostRecentNavigationFailure>[dword]</MostRecentNavigationFailure>
+     </IEURLInfo>
+     <IEURLInfo>…</IEURLInfo>
+     <IEURLInfo>…</IEURLInfo>
+</IETelemetry>
+```
+You can import this XML data into the correct version of the Enterprise Mode Site List Manager, automatically adding the included sites to your Enterprise Mode site list.
+
+**To add your XML data to your Enterprise Mode site list**
+
+1.  Open the Enterprise Mode Site List Manager, click **File**, and then click **Bulk add from file**.
+
+    ![Enterprise Mode Site List Manager with Bulk add from file option](images/bulkadd-emiesitelistmgr.png)
+
+2.  Go to your XML file to add the included sites to the tool, and then click **Open**.<br>Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
+
+3.  Click **OK** to close the **Bulk add sites to the list** menu.
+
+## Turn off data collection on your client devices
+After you’ve collected your data, you’ll need to turn Enterprise Site Discovery off.
+
+**To stop collecting data, using PowerShell**
+
+-   On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1 –IEFeatureOff`.
+
+    >**Note**<br>Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer.
+
+
+**To stop collecting data, using Group Policy**
+
+1.  Open your Group Policy editor, go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output`, and click **Off**.
+
+2.  Go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output`, and clear the file path location.
+
+### Delete already stored data from client computers
+You can completely remove the data stored on your employee’s computers.
+
+**To delete all existing data**
+
+-   On the client computer, start PowerShell in elevated mode (using admin privileges) and run these four commands:
+
+    -   `Remove-WmiObject -Namespace root/cimv2/IETelemetry IEURLInfo`
+
+    -   `Remove-WmiObject -Namespace root/cimv2/IETelemetry  IESystemInfo`
+
+    -   `Remove-WmiObject -Namespace root/cimv2/IETelemetry  IECountInfo`
+
+    -   `Remove-Item -Path 'HKCU:\Software\Microsoft\Internet Explorer\WMITelemetry'`
+
+## Related topics
+* [Enterprise Mode Site List Manager (schema v.2) download](https://go.microsoft.com/fwlink/?LinkId=746562)
+* [Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md)
+ 
+
+
+
diff --git a/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md b/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md
new file mode 100644
index 0000000000..36066de055
--- /dev/null
+++ b/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md
@@ -0,0 +1,94 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes.
+author: eross-msft
+ms.prod: ie11
+title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+# Use the Settings page to finish setting up the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+The **Settings** page lets anyone with Administrator rights set up groups and roles, set up the Enterprise Mode Site List Portal environment, and choose the freeze dates for production changes.
+
+## Use the Environment settings area
+This area lets you specify the location of your production and pre-production environments, where to store your attachments, your settings location, and the website domain for email notifications.
+
+**To add location info**
+1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
+
+   The **Settings** page appears.
+
+2. In the **Environment settings** area of the page, provide the info for your **Pre-production environment**, your **Production environment**, your **Attachments location**, your **Settings location**, and your **Website domain for email notifications**.
+
+3. Click **Credentials** to add the appropriate domain, user name, and password for each location, and then click **OK**.
+
+## Use the Group and role settings area
+After you set up your email credentials, you'll be able to add or edit your Group info, along with picking which roles must be Approvers for the group.
+
+**To add a new group and determine the required change request Approvers**
+1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
+
+   The **Settings** page appears.
+
+2. In the **Group and role settings** area of the page, click **Group details**.
+
+    The **Add or edit group names** box appears.
+
+3. Click the **Add group** tab, and then add the following info:
+
+    - **New group name.** Type name of your new group.
+    
+    - **Group head email.** Type the email address for the primary contact for the group.
+
+    - **Group head name.** This box automatically fills, based on the email address.
+
+    - **Active.** Click the check box to make the group active in the system. If you want to keep the group in the system, but you want to prevent access, clear this check box.
+
+4. Click **Save**.
+
+
+**To set a group's required Approvers**
+1. In the **Group and role settings** area of the page, choose the group name you want to update with Approvers from the **Group name** box.
+
+2. In the **Required approvers** area, choose which roles are required to approve a change request for the group. You can choose one or many roles.
+
+    - **App Manager.** All employees in the selected group must get change request approval by someone assigned this role. 
+
+        You can change the name of this role by clicking the pencil icon and providing a new name in the **Edit role name** box.
+
+    - **Group Head.** All employees in the selected group must get change request approval by someone assigned this role.
+
+        You can change the name of this role by clicking the pencil icon and providing a new name in the **Edit role name** box.
+
+    - **Administrator.** All employees in the selected group must get change request approval by someone assigned this role.
+
+## Use the Freeze production changes area
+This optional area lets you specify a period when your employees must stop adding changes to the current Enterprise Mode Site List. This must include both a start and an end date.
+
+**To add the start and end dates**
+1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
+
+   The **Settings** page appears.
+
+2. In the **Freeze production changes** area of the page, use the calendars to provide the **Freeze start date** and the **Freeze end date**. Your employees can't add apps to the production Enterprise Mode Site List during this span of time.
+
+3. Click **Save**.
+
+## Related topics
+- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
+
+- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
+
+- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) 
\ No newline at end of file
diff --git a/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md b/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
new file mode 100644
index 0000000000..18b8b34406
--- /dev/null
+++ b/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
@@ -0,0 +1,70 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how to create a change request within the Enterprise Mode Site List Portal.
+author: eross-msft
+ms.prod: ie11
+title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+# Create a change request using the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+Employees assigned to the Requester role can create a change request. A change request is used to tell the Approvers and the Administrator that a website needs to be added or removed from the Enterprise Mode Site List. The employee can navigate to each stage of the process by using the workflow links provided at the top of each page of the portal.
+
+>[!Important]
+>Each Requester must have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct. 
+
+**To create a new change request**
+1. The Requester (an employee that has been assigned the Requester role) signs into the Enterprise Mode Site List Portal, and clicks **Create new request**.
+
+   The **Create new request** page appears.
+
+2. Fill out the required fields, based on the group and the app, including:
+
+    - **Group name.** Select the name of your group from the dropdown box.
+    
+    - **App name.** Type the name of the app you want to add, delete, or update in the Enterprise Mode Site List.
+
+        - **Search all apps.** If you can't remember the name of your app, you can click **Search all apps** and search the list.
+
+        - **Add new app.** If your app isn't listed, you can click **Add new app** to add it to the list.
+
+    - **Requested by.** Automatically filled in with your name.
+
+    - **Description.** Add descriptive info about the app.
+
+    - **Requested change.** Select whether you want to **Add to EMIE**, **Delete from EMIE**, or **Update to EMIE**.
+
+    - **Reason for request.** Select the best reason for why you want to update, delete, or add the app.
+
+    - **Business impact (optional).** An optional area where you can provide info about the business impact of this app and the change.
+
+    - **App location (URL).** The full URL location to the app, starting with http:// or https://.
+
+    - **App best viewed in.** Select the best browser experience for the app. This can be Internet Explorer 5 through Internet Explorer 11 or one of the IE7Enterprise or IE8Enterprise modes.
+
+    - **Is an x-ua tag used?** Select **Yes** or **No** whether an x-ua-compatible tag is used by the app. For more info about x-ua-compatible tags, see the topics in [Defining document compatibility](https://msdn.microsoft.com/en-us/library/cc288325(v=vs.85).aspx).
+    
+4. Click **Save and continue** to save the request and get the app info sent to the pre-production environment site list for testing.
+    
+    A message appears that the request was successful, including a **Request ID** number, saying that the change is being made to the pre-production environment site list.
+
+5. The Requester gets an email with a batch script, that when run, configures their test machine for the pre-production environment, along with the necessary steps to make sure the changed info is correct.
+
+    - **If the change is correct.** The Requester asks the approvers to approve the change request by selecting **Successful** and clicking **Send for approval**.
+        
+    - **If the change is incorrect.** The Requester can rollback the change in pre-production or ask for help from the Administrator.
+
+## Next steps
+After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see the [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md) topic.
\ No newline at end of file
diff --git a/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
new file mode 100644
index 0000000000..13fd5539cd
--- /dev/null
+++ b/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -0,0 +1,46 @@
+---
+ms.localizationpriority: low
+description: Delete a single site from your global Enterprise Mode site list.
+ms.pagetype: appcompat
+ms.mktglfcycl: deploy
+author: eross-msft
+ms.prod: ie11
+ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a
+title: Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+
+ **To delete a single site from your global Enterprise Mode site list**
+
+-   From the Enterprise Mode Site List Manager, pick the site you want to delete, and then click **Delete**.<br>
+The site is permanently removed from your list.
+
+If you delete a site by mistake, you’ll need to manually add it back using the instructions in the following topics, based on operating system.
+
+-   [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
+
+-   [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
+
+## Related topics
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
new file mode 100644
index 0000000000..c6e03cadc0
--- /dev/null
+++ b/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
@@ -0,0 +1,50 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea
+title: Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
+
+If you need to edit a lot of websites, you probably don’t want to do it one at a time. Instead, you can edit your saved XML or TXT file and add the sites back again. For information about how to do this, depending on your operating system and schema version, see [Add multiple sites to the Enterprise Mode site list using a file and Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md).
+
+ **To change how your page renders**
+
+1.  In the Enterprise Mode Site List Manager, double-click the site you want to change.
+
+2.  Change the comment or the compatibility mode option.
+
+3.  Click **Save** to validate your changes and to add the updated information to your site list.<br>
+If your change passes validation, it’s added to the global site list. If the update doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the update or ignore the validation problem and add it to your list anyway. For more information about fixing validation issues, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
+
+4.  On the **File** menu, click **Save to XML**, and save the updated file.<br>
+You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
+
+## Related topics
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md b/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md
new file mode 100644
index 0000000000..20155271eb
--- /dev/null
+++ b/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md
@@ -0,0 +1,50 @@
+## Enterprise Mode and the Enterprise Mode Site List XML file
+The Enterprise Mode Site List is an XML document that specifies a list of sites, their compat mode, and their intended browser. Using [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853), you can automatically start a webpage using a specific browser. In the case of IE11, the webpage can also be launched in a specific compat mode, so it always renders correctly. Your employees can easily view this site list by typing _about:compat_ in either Microsoft Edge or IE11.
+
+Starting with Windows 10, version 1511 (also known as the Anniversary Update), you can also [restrict IE11 to only the legacy web apps that need it](https://blogs.windows.com/msedgedev/2016/05/19/edge14-ie11-better-together/), automatically sending sites not included in the Enterprise Mode Site List to Microsoft Edge.
+
+### Site list xml file
+<!-- rework this entire paragraph -->
+This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypflug/9e9961de771d2fcbd86b#file-emie-v2-schema-xml). There are equivalent Enterprise Mode Site List policies for both [Microsoft Edge](https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibility) and [Internet Explorer 11](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list). The Microsoft Edge list is used to determine which sites should open in IE11; while the IE11 list is used to determine the compat mode for a site, and which sites should open in Microsoft Edge. We recommend using one list for both browsers, where each policy points to the same XML file location.
+
+```xml
+<site-list version="205">
+	<!--- File creation header --->
+	<created-by>
+		<tool>EnterpriseSiteListManager</tool>
+		<version>10586</version>
+		<date-created>20150728.135021</date-created>
+	</created-by>
+  	<!--- Begin Site List ---> 
+	<site url="www.cpandl.com">
+		<compat-mode>IE8Enterprise</compat-mode>
+		<open-in>IE11</open-in>
+	</site>
+	<site url="www.woodgrovebank.com">
+		<compat-mode>default</compat-mode>
+		<open-in>IE11</open-in>
+	</site>
+	<site url="adatum.com">
+		<compat-mode>IE7Enterprise</compat-mode>
+		<open-in>IE11</open-in>
+	</site>
+	<site url="relecloud.com"/>  
+	<!-- default for self-closing XML tag is 
+		<compat-mode>default</compat-mode>
+		<open-in>none</open-in>
+	-->
+	<site url="relecloud.com/products">  
+		<compat-mode>IE8Enterprise"</compat-mode>
+		<open-in>IE11</open-in>
+	</site>
+	<site url="contoso.com/travel">
+		<compat-mode>IE7</compat-mode>
+		<open-in>IE11</open-in>
+	</site>
+	<site url="fabrikam.com">
+		 <compat-mode>IE7</compat-mode>
+		 <open-in>IE11</open-in>
+	</site>
+</site-list>
+
+```
\ No newline at end of file
diff --git a/browsers/enterprise-mode/enterprise-mode-features-include.md b/browsers/enterprise-mode/enterprise-mode-features-include.md
new file mode 100644
index 0000000000..8090fc9ba8
--- /dev/null
+++ b/browsers/enterprise-mode/enterprise-mode-features-include.md
@@ -0,0 +1,16 @@
+### Enterprise Mode features
+Enterprise Mode includes the following features:
+
+- **Improved web app and website compatibility.** Through improved emulation, Enterprise Mode lets many legacy web apps run unmodified on IE11, supporting several site patterns that aren’t currently supported by existing document modes.
+
+- **Tool-based management for website lists.** Use the Enterprise Mode Site List Manager to add website domains and domain paths and to specify whether a site renders using Enterprise Mode.
+Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378), based on your operating system and schema.
+
+- **Centralized control.** You can specify the websites or web apps to interpret using Enterprise Mode, through an XML file on a website or stored locally. Domains and paths within those domains can be treated differently, allowing granular control. Use Group Policy to let users turn Enterprise Mode on or off from the Tools menu and to decide whether the Enterprise browser profile appears on the Emulation tab of the F12 developer tools.
+
+    >[!Important]
+    >All centrally-made decisions override any locally-made choices. 
+
+- **Integrated browsing.** When Enterprise Mode is set up, users can browse the web normally, letting the browser change modes automatically to accommodate Enterprise Mode sites.
+
+- **Data gathering.** You can configure Enterprise Mode to collect local override data, posting back to a named server. This lets you "crowd source" compatibility testing from key users; gathering their findings to add to your central site list.
\ No newline at end of file
diff --git a/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md b/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md
new file mode 100644
index 0000000000..b7d9399d77
--- /dev/null
+++ b/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md
@@ -0,0 +1,51 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Use the topics in this section to learn how to set up and use Enterprise Mode, Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal for your company.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e
+title: Enterprise Mode for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Enterprise Mode for Internet Explorer 11
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+Use the topics in this section to learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company.
+
+## In this section
+|Topic                                                          |Description                                                                        |
+|---------------------------------------------------------------|-----------------------------------------------------------------------------------|
+|[Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)|Includes descriptions of the features of Enterprise Mode.                          |
+|[Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) |Guidance about how to turn on local control of Enterprise Mode and how to use ASP or the GitHub sample to collect data from your local computers. |
+|[Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md) |Guidance about how to turn on Enterprise Mode and set up a site list, using Group Policy or the registry. |
+|[Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) |Guidance about how to write the XML for your site list, including what not to include, how to use trailing slashes, and info about how to target specific sites. |
+|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) |Guidance about how to write the XML for your site list, including what not to include, how to use trailing slashes, and info about how to target specific sites. |
+|[Check for a new Enterprise Mode site list xml file](check-for-new-enterprise-mode-site-list-xml-file.md) |Guidance about how the Enterprise Mode functionality looks for your updated site list. |
+|[Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md) |Guidance about how to turn on local control of Enterprise Mode, using Group Policy or the registry.|
+|[Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) |Guidance about how to use the Enterprise Mode Site List Manager, including how to add and update sites on your site list. |
+|[Use the Enterprise Mode Site List Portal](use-the-enterprise-mode-portal.md) |Guidance about how to set up and use the Enterprise Mode Site List Manager, including how to add and update sites on your site list. |
+|[Using Enterprise Mode](using-enterprise-mode.md)                           |Guidance about how to turn on either IE7 Enterprise Mode or IE8 Enterprise Mode.    |
+|[Fix web compatibility issues using document modes and the Enterprise Mode Site List](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md) |Guidance about how to decide and test whether to use document modes or Enterprise Mode to help fix compatibility issues. |
+|[Remove sites from a local Enterprise Mode site list](remove-sites-from-a-local-enterprise-mode-site-list.md) |Guidance about how to remove websites from a device's local Enterprise Mode site list. |
+|[Remove sites from a local compatibility view list](remove-sites-from-a-local-compatibililty-view-list.md) |Guidance about how to remove websites from a device's local compatibility view list. |
+|[Turn off Enterprise Mode](turn-off-enterprise-mode.md)                     |Guidance about how to stop using your site list and how to turn off local control, using Group Policy or the registry. |
+ 
+
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
new file mode 100644
index 0000000000..88711fd787
--- /dev/null
+++ b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
@@ -0,0 +1,233 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 7 or Windows 8.1 Update.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: 17c61547-82e3-48f2-908d-137a71938823
+title: Enterprise Mode schema v.1 guidance (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Enterprise Mode schema v.1 guidance
+
+**Applies to:**
+
+- Windows 10
+- Windows 8.1
+- Windows 7
+
+Use the Enterprise Mode Site List Manager (schema v.1) to create and update your Enterprise Mode site list for devices running the v.1 version of the schema, or the Enterprise Mode Site List Manager (schema v.2) to create and update your Enterprise Mode site list for devices running the v.2 version of the schema. We strongly recommend moving to the new schema, v.2. For more info, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md). 
+
+If you don't want to use the Enterprise Mode Site List Manager, you also have the option to update your XML schema using Notepad, or any other XML-editing app.
+
+## Enterprise Mode schema v.1 example
+The following is an example of the Enterprise Mode schema v.1. This schema can run on devices running Windows 7 and Windows 8.1.
+
+**Important**<br>
+Make sure that you don't specify a protocol when adding your URLs. Using a URL like `<domain>contoso.com</domain>` automatically applies to both http://contoso.com and https://contoso.com.
+
+``` xml
+<rules version="1">
+  <emie>
+    <domain exclude="false">www.cpandl.com</domain>
+    <domain exclude="true">www.woodgrovebank.com</domain>
+    <domain exclude="false" forceCompatView="true">adatum.com</domain>
+    <domain exclude="true">contoso.com</domain>
+    <domain exclude="true">relecloud.com
+      <path exclude="false">/about</path>
+    </domain>
+    <domain exclude="false">fabrikam.com
+      <path exclude="true">/products</path>
+    </domain>
+  </emie>
+  <docMode>
+    <domain>contoso.com
+      <path docMode="7">/travel</path>
+    </domain>
+    <domain>fabrikam.com
+      <path docMode="7">/products</path>
+    </domain>
+  </docMode>
+</rules>
+```
+
+### Schema elements
+This table includes the elements used by the Enterprise Mode schema.
+
+<table>
+<thead>
+<tr class="header">
+<th>Element</th>
+<th>Description</th>
+<th>Supported browser</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>&lt;rules&gt;</td>
+<td>Root node for the schema.
+<p><b>Example</b>
+<pre class="syntax">
+&lt;rules version="205"&gt;
+  &lt;emie&gt;
+    &lt;domain&gt;contoso.com&lt;/domain&gt;
+  &lt;/emie&gt;
+&lt;/rules&gt;</pre></td>
+<td>Internet Explorer 11 and Microsoft Edge</td>
+</tr>
+<tr>
+<td>&lt;emie&gt;</td>
+<td>The parent node for the Enterprise Mode section of the schema. All &lt;domain&gt; entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied.
+<p><b>Example</b>
+<pre class="syntax">
+&lt;rules version="205"&gt;
+  &lt;emie&gt;
+    &lt;domain&gt;contoso.com&lt;/domain&gt;
+  &lt;/emie&gt;
+&lt;/rules&gt;</pre>
+<strong>-or-</strong>
+<p>For IPv6 ranges:<pre class="syntax">&lt;rules version="205"&gt;
+  &lt;emie&gt;
+    &lt;domain&gt;[10.122.34.99]:8080&lt;/domain&gt;
+  &lt;/emie&gt;
+  &lt;/rules&gt;</pre>
+<strong>-or-</strong>
+<p>For IPv4 ranges:<pre class="syntax">&lt;rules version="205"&gt;
+  &lt;emie&gt;
+    &lt;domain&gt;10.122.34.99:8080&lt;/domain&gt;
+  &lt;/emie&gt;
+  &lt;/rules&gt;</pre></td>
+<td>Internet Explorer 11 and Microsoft Edge</td>
+</tr>
+<tr>
+<td>&lt;docMode&gt;</td>
+<td>The parent node for the document mode section of the section. All &lt;domain&gt; entries will get IE5 - IE11 document modes applied. If there's a &lt;domain&gt; element in the &lt;docMode&gt; section that uses the same value as a &lt;domain&gt; element in the &lt;emie&gt; section, the &lt;emie&gt; element is applied.
+<p><b>Example</b>
+<pre class="syntax">
+&lt;rules version="205"&gt;
+  &lt;docMode&gt;
+    &lt;domain docMode="7"&gt;contoso.com&lt;/domain&gt;
+  &lt;/docMode&gt;
+&lt;/rules&gt;</pre></td>
+<td>Internet Explorer 11</td>
+</tr>
+<tr>
+<td>&lt;domain&gt;</td>
+<td>A unique entry added for each site you want to put on the Enterprise Mode site list. The first &lt;domain&gt; element will overrule any additional &lt;domain&gt; elements that use the same value for the section. You can use port numbers for this element.
+<p><b>Example</b>
+<pre class="syntax">
+&lt;emie&gt;
+  &lt;domain&gt;contoso.com:8080&lt;/domain&gt;
+&lt;/emie&gt;</pre></td>
+<td>Internet Explorer 11 and Microsoft Edge</td>
+</tr>
+<tr>
+<td>&lt;path&gt;</td>
+<td>A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The &lt;path&gt; element is a child of the &lt;domain&gt; element. Additionally, the first &lt;path&gt; element will overrule any additional &lt;path&gt; elements in the schema section.
+<p><b>Example</b>
+<pre class="syntax">
+&lt;emie&gt;
+  &lt;domain exclude="false"&gt;fabrikam.com
+    &lt;path exclude="true"&gt;/products&lt;/path&gt;
+  &lt;/domain&gt;
+&lt;/emie&gt;</pre><p>
+Where http://fabrikam.com doesn't use IE8 Enterprise Mode, but http://fabrikam.com/products does.</td>
+<td>Internet Explorer 11 and Microsoft Edge</td>
+</tr>
+</table>
+
+### Schema attributes
+This table includes the attributes used by the Enterprise Mode schema.
+
+<table>
+<thead>
+<tr class="header">
+<th>Attribute</th>
+<th>Description</th>
+<th>Supported browser</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>&lt;version&gt;</td>
+<td>Specifies the version of the Enterprise Mode Site List. This attribute is supported for the &lt;rules&gt; element.</td>
+<td>Internet Explorer 11 and Microsoft Edge</td>
+</tr>
+<tr>
+<td>&lt;exclude&gt;</td>
+<td>Specifies the domain or path that is excluded from getting the behavior applied. This attribute is supported on the &lt;domain&gt; and &lt;path&gt; elements.
+<p><b>Example</b>
+<pre class="syntax">
+&lt;emie&gt;
+  &lt;domain exclude="false"&gt;fabrikam.com
+    &lt;path exclude="true"&gt;/products&lt;/path&gt;
+  &lt;/domain&gt;
+&lt;/emie&gt;</pre><p>
+Where http://fabrikam.com doesn't use IE8 Enterprise Mode, but http://fabrikam.com/products does.</td>
+<td>Internet Explorer 11 and Microsoft Edge</td>
+</tr>
+<tr>
+<td>&lt;docMode&gt;</td>
+<td>Specifies the document mode to apply. This attribute is only supported on &lt;domain&gt; or &lt;path&gt; elements in the &lt;docMode&gt; section.
+<p><b>Example</b>
+<pre class="syntax">
+&lt;docMode&gt;
+  &lt;domain exclude="false"&gt;fakrikam.com
+    &lt;path docMode="7"&gt;/products&lt;/path&gt;
+  &lt;/domain&gt;
+&lt;/docMode&gt;</pre></td>
+<td>Internet Explorer 11</td>
+</tr>
+</table>
+
+### Using Enterprise Mode and document mode together
+If you want to use both Enterprise Mode and document mode together, you need to be aware that  &lt;emie&gt; entries override &lt;docMode&gt; entries for the same domain. 
+
+For example, say you want all of the sites in the contoso.com domain to open using IE8 Enterprise Mode, except test.contoso.com, which needs to open in document mode 11. Because Enterprise Mode takes precedence over document mode, if you want test.contoso.com to open using document mode, you'll need to explicitly add it as an exclusion to the &lt;emie&gt; parent node.
+
+```xml
+<rules version="1">
+  <emie>
+    <domain exclude="false">contoso.com</domain>
+    <domain exclude="true">test.contoso.com</domain>
+  </emie>
+  <docMode>
+    <domain docMode="11">test.contoso.com</domain>
+  </docMode>
+</rules>
+```
+
+### What not to include in your schema
+We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
+- Don’t use protocols. For example, `http://`, `https://`, or custom protocols. They break parsing.
+- Don’t use wildcards.
+- Don’t use query strings, ampersands break parsing.
+
+## How to use trailing slashes
+You can use trailing slashes at the path-level, but not at the domain-level:
+- **Domain-level.** Don’t add trailing slashes to a domain, it breaks parsing.
+- **Path-level.** Adding a trailing slash to a path means that the path ends at that point. By not adding a trailing slash, the rule applies to all of the sub-paths.
+
+**Example**
+
+``` xml
+<domain exclude="true">contoso.com
+  <path exclude="false">/about/</path>
+</domain>
+```
+In this example, `contoso.com/about/careers` will use the default version of Internet Explorer, even though `contoso.com/about/` uses Enterprise Mode.
+
+
+## How to target specific sites
+If you want to target specific sites in your organization.
+
+|Targeted site |Example |Explanation |
+|--------------|--------|------------|
+|You can specify subdomains in the domain tag. |<code>&lt;docMode&gt;<br>&lt;domain docMode="5"&gt;contoso.com&lt;/domain&gt;<br>&lt;domain docMode="9"&gt;info.contoso.com&lt;/domain&gt;<br>&lt;docMode&gt;</code> |<ul><li>contoso.com uses document mode 5.</li><li>info.contoso.com uses document mode 9.</li><li>test.contoso.com also uses document mode 5.</li></ul>|
+|You can specify exact URLs by listing the full path. |<code>&lt;emie&gt;<br>&lt;domain exclude="false"&gt;bing.com&lt;/domain&gt;<br>&lt;domain exclude="false" forceCompatView="true"&gt;contoso.com&lt;/domain&gt;<br>&lt;emie&gt;</code>|<ul><li>bing.com uses IE8 Enterprise Mode.</li><li>contoso.com uses IE7 Enterprise Mode.</li></ul>|
+|You can nest paths underneath domains. |<code>&lt;emie&gt;<br>&lt;domain exclude="true"&gt;contoso.com<br>&lt;path exclude="false"&gt;/about&lt;/path&gt;<br>&lt;path exclude="true"&gt;<br>/about/business&lt;/path&gt;<br>&lt;/domain&gt;<br>&lt;/emie&gt;</code> |<ul><li>contoso.com will use the default version of IE.</li><li>contoso.com/about and everything underneath that node will load in Enterprise Mode, except contoso.com/about/business, which will load in the default version of IE.</li></ul> |
+|You can’t add a path underneath a path. The file will still be parsed, but the sub-path will be ignored. |<code>&lt;emie&gt;<br>&lt;domain exclude="true"&gt;contoso.com<br>&lt;path&gt;/about<br>&lt;path exclude="true"&gt;/business&lt;/path&gt;<br>&lt;/path&gt;<br>&lt;/domain&gt;<br>&lt;/emie&gt;</code> |<ul><li>contoso.com will use the default version of IE.</li><li>contoso.com/about and everything underneath that node will load in Enterprise Mode, including contoso.com/about/business because the last rule is ignored.</li></ul> |
\ No newline at end of file
diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
new file mode 100644
index 0000000000..df6a01cb68
--- /dev/null
+++ b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
@@ -0,0 +1,298 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
+title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 12/04/2017
+---
+
+
+# Enterprise Mode schema v.2 guidance
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+
+Use the Enterprise Mode Site List Manager to create and update your site list for devices running Windows 7, Windows 8.1, and Windows 10, using the version 2.0 (v.2) of the Enterprise Mode schema. If you don't want to use the Enterprise Mode Site List Manager, you also have the option to update your XML schema using Notepad, or any other XML-editing app.
+
+**Important**<br>
+If you're running Windows 7 or Windows 8.1 and you've been using the version 1.0 (v.1) of the schema, you can continue to do so, but you won't get the benefits that come with the updated schema. For info about the v.1 schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
+
+## Enterprise Mode schema v.2 updates
+Because of the schema changes, you can't combine the old version (v.1) with the new version (v.2) of the schema. If you look at your XML file, you can tell which version you're using by:
+
+-   &lt;rules&gt;. If your schema root node includes this key, you're using the v.1 version of the schema.
+
+-   &lt;site-list&gt;. If your schema root node includes this key, you're using the v.2 version of the schema.
+
+You can continue to use the v.1 version of the schema on Windows 10, but you won't have the benefits of the new v.2 version schema updates and new features. Additionally, saving the v.1 version of the schema in the new Enterprise Mode Site List Manager (schema v.2) automatically updates the file to use the v.2 version of the schema.
+
+### Enterprise Mode v.2 schema example
+The following is an example of the v.2 version of the Enterprise Mode schema.
+
+**Important**<br>
+Make sure that you don't specify a protocol when adding your URLs. Using a URL like `<url="contoso.com">`, automatically applies to both http://contoso.com and https://contoso.com.
+ 
+``` xml
+<site-list version="205">
+	<!--- File creation header --->
+	<created-by>
+		<tool>EnterpriseSitelistManager</tool>
+		<version>10240</version>
+		<date-created>20150728.135021</date-created>
+	</created-by>
+  	<!--- Begin Site List ---> 
+	<site url="www.cpandl.com">
+		<compat-mode>IE8Enterprise</compat-mode>
+		<open-in>MSEdge</open-in>
+	</site>
+	<site url="www.woodgrovebank.com">
+		<compat-mode>default</compat-mode>
+		<open-in>IE11</open-in>
+	</site>
+	<site url="adatum.com">
+		<compat-mode>IE7Enterprise</compat-mode>
+		<open-in>IE11</open-in>
+	</site>
+	<site url="contoso.com">
+		<compat-mode>default</compat-mode>
+		<open-in>IE11</open-in>
+	</site>
+	<site url="relecloud.com"/>  
+		<compat-mode>default</compat-mode>
+		<open-in>none</open-in>
+	<site url="relecloud.com/about">  
+		<compat-mode>IE8Enterprise"</compat-mode>
+	</site>
+	<site url="contoso.com/travel">
+		<compat-mode>IE7</compat-mode>
+		<open-in>IE11</open-in>
+	</site>
+	<site url="fabrikam.com">
+		 <compat-mode>IE8Enterprise</compat-mode>
+		 <open-in>IE11</open-in>
+	</site>
+	<site url="fabrikam.com/products">
+		 <compat-mode>IE7</compat-mode>
+		 <open-in>IE11</open-in>
+	</site>	
+</site-list>
+```
+
+### Updated schema elements
+This table includes the elements used by the v.2 version of the Enterprise Mode schema.
+
+<table>
+<thead>
+<tr class="header">
+<th>Element</th>
+<th>Description</th>
+<th>Supported browser</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>&lt;site-list&gt;</td>
+<td>A new root node with this text is using the updated v.2 version of the schema. It replaces &lt;rules&gt;.
+<p><b>Example</b>
+<pre class="syntax">
+&lt;site-list version="205"&gt;
+  &lt;site url="contoso.com"&gt;
+    &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
+    &lt;open-in&gt;IE11&lt;/open-in&gt;
+  &lt;/site&gt;
+&lt;/site-list&gt;</pre></td>
+<td>Internet Explorer 11 and Microsoft Edge</td>
+</tr>
+<tr>
+<td>&lt;site&gt;</td>
+<td>A unique entry added for each site you want to put on the Enterprise Mode site list. The first &lt;site&gt; element will overrule any additional &lt;site&gt; elements that use the same value for the &lt;url&gt; element.
+<p><b>Example</b>
+<pre class="syntax">
+&lt;site url="contoso.com"&gt;
+  &lt;compat-mode&gt;default&lt;/compat-mode&gt;
+  &lt;open-in&gt;none&lt;/open-in&gt;
+&lt;/site&gt;</pre>
+<strong>-or-</strong>
+<p>For IPv4 ranges:<pre class="syntax">&lt;site url="10.122.34.99:8080"&gt;
+  &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
+&lt;site&gt;</pre><p>
+<strong>-or-</strong>
+<p>For IPv6 ranges:<pre class="syntax">&lt;site url="[10.122.34.99]:8080"&gt;
+  &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
+&lt;site&gt;</pre><p>
+You can also use the self-closing version, &lt;url="contoso.com" /&gt;, which also sets:
+<ul>
+  <li>&lt;compat-mode&gt;default&lt;/compat-mode&gt;</li>
+  <li>&lt;open-in&gt;none&lt;/open-in&gt;</li>
+</ul></td>
+<td>Internet Explorer 11 and Microsoft Edge</td>
+</tr>
+<tr>
+<td>&lt;compat-mode&gt;</td>
+<td>A child element that controls what compatibility setting is used for specific sites or domains. This element is only supported in IE11.
+<p><b>Example</b>
+<pre class="syntax">
+&lt;site url="contoso.com"&gt;
+  &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
+&lt;/site&gt;</pre>
+<strong>-or-</strong>
+<p>For IPv4 ranges:<pre class="syntax">&lt;site url="10.122.34.99:8080"&gt;
+  &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
+&lt;site&gt;</pre><p>
+<strong>-or-</strong>
+<p>For IPv6 ranges:<pre class="syntax">&lt;site url="[10.122.34.99]:8080"&gt;
+  &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
+&lt;site&gt;</pre><p>
+Where:
+<ul>
+  <li><b>IE8Enterprise.</b> Loads the site in IE8 Enterprise Mode.<br>This element is required for sites included in the <b>EmIE</b> section of the v.1 schema and is needed to load in IE8 Enterprise Mode.</li><p>
+  <li><b>IE7Enterprise.</b> Loads the site in IE7 Enterprise Mode.<br>This element is required for sites included in the <b>EmIE</b> section of the v.1 schema and is needed to load in IE7 Enterprise Mode.<p><b>Important</b><br>This tag replaces the combination of the `"forceCompatView"="true"` attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.</li><p>
+  <li><b>IE<i>[x]</i>.</b> Where <i>[x]</i> is the document mode number into which the site loads.</li><p>
+  <li><b>Default or not specified.</b> Loads the site using the default compatibility mode for the page. In this situation, X-UA-compatible meta tags or HTTP headers are honored.</li>
+</ul></td>
+<td>Internet Explorer 11</td>
+</tr>
+<tr>
+<td>&lt;open-in&gt;</td>
+<td>A child element that controls what browser is used for sites. This element supports the <b>Open in IE11</b> or <b>Open in Microsoft Edge</b> experiences, for devices running Windows 10.
+<p><b>Example</b>
+<pre class="syntax">
+&lt;site url="contoso.com"&gt;
+  &lt;open-in&gt;none&lt;/open-in&gt;
+&lt;/site&gt;</pre><p>
+Where:
+<ul>
+  <li><b>IE11.</b> Opens the site in IE11, regardless of which browser is opened by the employee.</li><p>
+  <li><b>MSEdge.</b> Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.</li><p>
+  <li><b>None or not specified.</b> Opens in whatever browser the employee chooses.</li>
+</ul></td>
+<td>Internet Explorer 11 and Microsoft Edge</td>
+</tr>
+</table>
+
+### Updated schema attributes
+The &lt;url&gt; attribute, as part of the &lt;site&gt; element in the v.2 version of the schema, replaces the &lt;domain&gt; element from the v.1 version of the schema.
+
+<table>
+<thead>
+<tr class="header">
+<th>Attribute</th>
+<th>Description</th>
+<th>Supported browser</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>allow-redirect</td>
+<td>A boolean attribute of the &lt;open-in&gt; element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser).
+<p><b>Example</b>
+<pre class="syntax">
+&lt;site url="contoso.com/travel"&gt;
+  &lt;open-in allow-redirect="true"&gt;IE11&lt;/open-in&gt;
+&lt;/site&gt;</pre>
+In this example, if http://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.</td>
+<td>Internet Explorer 11 and Microsoft Edge</td>
+</tr>
+<tr>
+<td>version</td>
+<td>Specifies the version of the Enterprise Mode Site List. This attribute is supported for the &lt;site-list&gt; element.</td>
+<td>Internet Explorer 11 and Microsoft Edge</td>
+</tr>
+<tr>
+<td>url</td>
+<td>Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
+<br><b>Note</b><br>
+Make sure that you don't specify a protocol. Using &lt;site url="contoso.com"&gt; applies to both http://contoso.com and https://contoso.com.
+<p><b>Example</b>
+<pre class="syntax">
+&lt;site url="contoso.com:8080"&gt;
+  &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
+  &lt;open-in&gt;IE11&lt;/open-in&gt;
+&lt;/site&gt;</pre>
+In this example, going to http://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode.</td>
+<td>Internet Explorer 11 and Microsoft Edge</td>
+</tr>
+</table>
+
+### Deprecated attributes
+These v.1 version schema attributes have been deprecated in the v.2 version of the schema:
+
+<table>
+<thead>
+<tr class="header">
+<th>Deprecated attribute</th>
+<th>New attribute</th>
+<th>Replacement example</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>&lt;forceCompatView&gt;</td>
+<td>&lt;compat-mode&gt;</td>
+<td>Replace &lt;forceCompatView="true"&gt; with &lt;compat-mode&gt;IE7Enterprise&lt;/compat-mode&gt;</td>
+</tr>
+<tr>
+<td>&lt;docMode&gt;</td>
+<td>&lt;compat-mode&gt;</td>
+<td>Replace &lt;docMode="IE5"&gt; with &lt;compat-mode&gt;IE5&lt;/compat-mode&gt;</td>
+</tr>
+<tr>
+<td>&lt;doNotTransition&gt;</td>
+<td>&lt;open-in&gt;</td>
+<td>Replace &lt;doNotTransition="true"&gt; with &lt;open-in&gt;none&lt;/open-in&gt;</td>
+</tr>
+<tr>
+<td>&lt;domain&gt; and &lt;path&gt;</td>
+<td>&lt;site&gt;</td>
+<td>Replace:
+<pre class="syntax">
+&lt;emie&gt;
+  &lt;domain exclude="false"&gt;contoso.com&lt;/domain&gt;
+&lt;/emie&gt;</pre>
+With:
+<pre class="syntax">
+&lt;site url="contoso.com"/&gt;
+  &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
+&lt;/site&gt;</pre>
+<b>-AND-</b><p>
+Replace:
+<pre class="syntax">
+&lt;emie&gt;
+  &lt;domain exclude="true"&gt;contoso.com
+     &lt;path exclude="false" forceCompatView="true"&gt;/about&lt;/path&gt;
+  &lt;/domain&gt;
+&lt;/emie&gt;</pre>
+With:
+<pre class="syntax">
+&lt;site url="contoso.com/about"&gt;
+  &lt;compat-mode&gt;IE7Enterprise&lt;/compat-mode&gt;
+&lt;/site&gt;</pre></td>
+</tr>
+</table>
+
+While the old, replaced attributes aren't supported in the v.2 version of the schema, they'll continue to work in the v.1 version of the schema. If, however, you're using the v.2 version of the schema and these attributes are still there, the v.2 version schema takes precedence. We don’t recommend combining the two schemas, and instead recommend that you move to the v.2 version of the schema to take advantage of the new features.
+
+**Important**<br>
+Saving your v.1 version of the file using the new Enterprise Mode Site List Manager (schema v.2) automatically updates the XML to the new v.2 version of the schema.
+
+### What not to include in your schema
+We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
+
+- Don’t use protocols. For example, http://, https://, or custom protocols. They break parsing.
+- Don’t use wildcards.
+- Don’t use query strings, ampersands break parsing.
+
+## Related topics
+- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
+
+
+
+
diff --git a/browsers/enterprise-mode/enterprise-mode-site-list-mgr-portal-tools-include.md b/browsers/enterprise-mode/enterprise-mode-site-list-mgr-portal-tools-include.md
new file mode 100644
index 0000000000..f1c67006ba
--- /dev/null
+++ b/browsers/enterprise-mode/enterprise-mode-site-list-mgr-portal-tools-include.md
@@ -0,0 +1,36 @@
+## Enterprise Mode Site List Manager and the Enterprise Mode Site List Portal tools
+You can build and manage your Enterprise Mode Site List is by using any generic text editor. However, we’ve also provided a couple tools that can make that process even easier.
+
+### Enterprise Mode Site List Manager
+This tool helps you create error-free XML documents with simple n+1 versioning and URL verification. We recommend using this tool if your site list is relatively small. For more info about this tool, see the [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics.
+
+There are 2 versions of this tool, both supported on Windows 7, Windows 8.1, and Windows 10:
+
+- [Enterprise Mode Site List Manager (schema v.1)](https://www.microsoft.com/download/details.aspx?id=42501). This is an older version of the schema that you must use if you want to create and update your Enterprise Mode Site List for devices running the v.1 version of the schema.
+
+	We strongly recommend moving to the new schema, v.2. For more info, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
+
+- [Enterprise Mode Site List Manager (schema v.2)](https://www.microsoft.com/download/details.aspx?id=49974). The updated version of the schema, including new functionality. You can use this version of the schema to create and update your Enterprise Mode Site List for devices running the v.2 version of the schema.
+
+	If you open a v.1 version of your Enterprise Mode Site List using this version, it will update the schema to v.2, automatically. For more info, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
+
+If your list is too large to add individual sites, or if you have more than one person managing the site list, we recommend using the Enterprise Site List Portal.
+
+### Enterprise Mode Site List Portal
+The [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) is an open-source web tool on GitHub that allows you to manage your Enterprise Mode Site List, hosted by the app, with multiple users. The portal is designed to use IIS and a SQL Server backend, leveraging Active Directory (AD) for employee management.
+
+In addition to all the functionality of the Enterprise Mode Site List Manager tool, the Enterprise Mode Site List Portal helps you:
+
+- Manage site lists from any device supporting Windows 7 or greater.
+
+- Submit change requests.
+
+- Operate offline through an on-premise solution.
+
+- Provide role-based governance.
+
+- Test configuration settings before releasing to a live environment.
+
+Updates to your site list are made by submitting new change requests, which are then approved by a designated group of people, put into a pre-production environment for testing, and then deployed immediately, or scheduled for deployment later.
+
+Because the tool is open-source, the source code is readily available for examination and experimentation. We encourage you to [fork the code, submit pull requests, and send us your feedback](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)! For more info about the Enterprise Mode Site List Portal, see the [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics.
\ No newline at end of file
diff --git a/browsers/enterprise-mode/enterprise-mode-site-list-mgr-versions-include.md b/browsers/enterprise-mode/enterprise-mode-site-list-mgr-versions-include.md
new file mode 100644
index 0000000000..4ead83795d
--- /dev/null
+++ b/browsers/enterprise-mode/enterprise-mode-site-list-mgr-versions-include.md
@@ -0,0 +1,7 @@
+## Enterprise Mode Site List Manager versions
+There are currently two versions of the Enterprise Site List Manager, both based on your schema and operating system. Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) tool, based on your operating system.
+
+|Schema version |Operating system |Enterprise Site List Manager version |
+|-----------------|---------------|------------------------------------|
+|Enterprise Mode schema, version 2 (v.2) |Windows 10<br>-OR-<br>Windows 8.1<br>-OR-<br>Windows 7|Uses the Enterprise Mode Site List Manager (schema v.2) and the v.2 version of the schema. If you import a v.1 version schema into the Enterprise Mode Site List Manager (schema v.2),  the XML is saved into the v.2 version of the schema.<br><br>For more info about the v.2 version of the schema, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).|
+|Enterprise Mode schema, version 1 (v.1) |Windows 10<br>-OR-<br>Windows 8.1<br>-OR-<br>Windows 7|Uses the Enterprise Mode Site List Manager (schema v.1) and the v.1 version of the schema. <br><br> For more info about the v.1 version of the schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)|
\ No newline at end of file
diff --git a/browsers/enterprise-mode/enterprise-mode.md b/browsers/enterprise-mode/enterprise-mode.md
new file mode 100644
index 0000000000..663a632588
--- /dev/null
+++ b/browsers/enterprise-mode/enterprise-mode.md
@@ -0,0 +1,57 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
+description: Use this section to learn about how to turn on Enterprise Mode.
+author: shortpatti
+ms.author: pashort
+ms.prod: edge, ie11
+ms.assetid: 
+title: Enterprise Mode for Microsoft Edge
+ms.sitesec: library
+ms.date: ''
+---
+
+# Enterprise Mode for Microsoft Edge
+Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8. Running in this mode helps to avoid many of the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
+
+Many customers identify web app compatibility as a significant cost to upgrading because web apps need to be tested and upgraded before adopting a new browser. The improved compatibility provided by Enterprise Mode can help give customers the confidence to upgrade to IE11, letting customers benefit from modern web standards, increased performance, improved security, and better reliability.
+
+## Available dual-browser experiences
+
+
+## Enterprise Mode features
+
+
+
+
+## Enterprise Mode Site List management tools
+...description of what you can do with these tools; also specify if you must use both or if each tool works independently and no dependencies on the other tool...  I think these tools are for two different scenarios...
+
+You can build and manage your Enterprise Mode Site List is by using any generic text editor. However, we’ve also provided a couple of tools that can make that process even easier.
+
+|  |  |
+|---------|---------|
+|Enterprise Mode Site List Manager     |Use if your site list is relatively small.          |
+|Enterprise Mode Site List Portal     |Use if your site list is too large to add individual sites, or if you have more than one person managing the sites.         |
+
+### Enterprise Mode Site List Manager
+
+
+### Enterprise Mode Site List Portal
+
+
+
+## Enterprise Mode Site List XML file
+[!INCLUDE [enterprise-mode-and-enterprise-site-list-include](enterprise-mode-and-enterprise-site-list-include.md)]
+
+
+## Turn on Enterprise Mode
+
+
+### Add a single site to the site list
+
+
+### Add mulitple sites to the site list
+
+
diff --git a/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
new file mode 100644
index 0000000000..8e779574c1
--- /dev/null
+++ b/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
@@ -0,0 +1,46 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d
+title: Export your Enterprise Mode site list from the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Export your Enterprise Mode site list from the Enterprise Mode Site List Manager
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file. This file includes all of your URLs, including your compatibility mode selections and should be stored somewhere safe. If your list gets deleted by mistake you can easily import this file and return everything back to when this file was last saved.
+
+**Important**<br> 
+This file is not intended for distribution to your managed devices. Instead, it is only for transferring data and comments from one manager to another. For example, if one administrator leaves and passes the existing data to another administrator. Internet Explorer doesn’t read this file.
+
+ **To export your compatibility list**
+
+1.  On the **File** menu of the Enterprise Mode Site List Manager, click **Export**.
+
+2.  Export the file to your selected location. For example, `C:\Users\<user_name>\Documents\sites.emie`.
+
+## Related topics
+
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/images/config-enterprise-site-list.png b/browsers/enterprise-mode/images/config-enterprise-site-list.png
new file mode 100644
index 0000000000..82ffc30895
Binary files /dev/null and b/browsers/enterprise-mode/images/config-enterprise-site-list.png differ
diff --git a/browsers/enterprise-mode/images/enterprise-mode-value-data.png b/browsers/enterprise-mode/images/enterprise-mode-value-data.png
new file mode 100644
index 0000000000..9e9ece9c1a
Binary files /dev/null and b/browsers/enterprise-mode/images/enterprise-mode-value-data.png differ
diff --git a/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
new file mode 100644
index 0000000000..963880eb75
--- /dev/null
+++ b/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -0,0 +1,45 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Instructions about how to clear all of the sites from your global Enterprise Mode site list.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: 90f38a6c-e0e2-4c93-9a9e-c425eca99e97
+title: Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+You can clear all of the sites from your global Enterprise Mode site list.
+
+**Important**  
+This is a permanent removal and erases everything. However, if you determine it was a mistake, and you saved an XML copy of your list, you can add the file again by following the steps in the [Add multiple sites to the Enterprise Mode site list using a file and Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md), depending on your operating system.
+
+ **To clear your compatibility list**
+
+1.  On the **File** menu of the Enterprise Mode Site List Manager, click **Clear list**.
+
+2.  Click **Yes** in the warning message.<p>Your sites are all cleared from your list.
+
+## Related topics
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md b/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md
new file mode 100644
index 0000000000..546fe2133e
--- /dev/null
+++ b/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md
@@ -0,0 +1,39 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Instructions about how to remove sites from a local compatibility view list.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9
+title: Remove sites from a local compatibility view list (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Remove sites from a local compatibility view list
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+Remove websites that were added to a local compatibility view list by mistake or because they no longer have compatibility problems.
+
+ **To remove sites from a local compatibility view list**
+
+1.  Open Internet Explorer 11, click **Tools**, and then click **Compatibility View Settings**.
+
+2.  Pick the site to remove, and then click **Remove**.<p>
+Sites can only be removed one at a time. If one is removed by mistake, it can be added back using this same box and the **Add** section.
+
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md
new file mode 100644
index 0000000000..8b15e9ddd5
--- /dev/null
+++ b/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md
@@ -0,0 +1,55 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Instructions about how to remove sites from a local Enterprise Mode site list.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2
+title: Remove sites from a local Enterprise Mode site list (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Remove sites from a local Enterprise Mode site list
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+Remove websites that were added to a local Enterprise Mode site list by mistake or because the sites no longer have compatibility problems.
+
+**Note**<br>The changes described in this topic only impact sites added to a local Enterprise Mode site list and not the list of sites deployed to all employees by an administrator. Employees can't delete sites added to the list by an administrator.
+
+  **To remove single sites from a local Enterprise Mode site list**
+
+1.  Open Internet Explorer 11 and go to the site you want to remove.
+
+2.  Click **Tools**, and then click **Enterprise Mode**.<p>
+The checkmark disappears from next to Enterprise Mode and the site is removed from the list.
+
+**Note**<br>If the site is removed by mistake, it can be added back by clicking **Enterprise Mode** again.
+
+ **To remove all sites from a local Enterprise Mode site list**
+
+1.  Open IE11, click **Tools**, and then click **Internet options**.
+
+2.  Click the **Delete** button from the **Browsing history** area.
+
+3.  Click the box next to **Cookies and website data**, and then click **Delete**.
+
+**Note**<br>This removes all of the sites from a local Enterprise Mode site list.
+
+     
+
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
new file mode 100644
index 0000000000..7ec1867c5b
--- /dev/null
+++ b/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
@@ -0,0 +1,43 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a
+title: Save your site list to XML in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Save your site list to XML in the Enterprise Mode Site List Manager
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
+
+ **To save your list as XML**
+
+1.  On the **File** menu of the Enterprise Mode Site List Manager, click **Save to XML**.
+
+2.  Save the file to the location you specified in your Enterprise Mode registry key, set up when you turned on Enterprise Mode for use in your company. For information about the Enterprise Mode registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).<p>
+The first time a user starts Internet Explorer 11 on a managed device; Internet Explorer will look for a new version of the site list at the specified location. If the browser finds an updated site list, IE downloads the new XML site list and uses it.
+
+## Related topics
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md b/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md
new file mode 100644
index 0000000000..f49ad80a75
--- /dev/null
+++ b/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md
@@ -0,0 +1,50 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal.
+author: eross-msft
+ms.prod: ie11
+title: Schedule approved change requests for production using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+# Schedule approved change requests for production using the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+After a change request is approved, the original Requester can schedule the change for the production environment. The change can be immediate or set for a future time.
+
+**To schedule an immediate change**
+1. The Requester logs onto the Enterprise Mode Site List Portal and clicks **In Progress** from the left pane.
+
+2. The Requester clicks the **Approved** status for the change request.
+
+   The **Schedule changes** page appears.
+
+3. The Requester clicks **Now**, and then clicks **Save**.
+
+   The update is scheduled to immediately update the production environment, and an email is sent to the Requester. After the update finishes, the Requester is asked to verify the changes.
+
+
+**To schedule the change for a different day or time**
+1. The Requester logs onto the Enterprise Mode Site List Portal and clicks **In Progress** from the left pane.
+
+2. The Requester clicks the **Approved** status for the change request.
+
+   The **Schedule changes** page appears.
+
+3. The Requester clicks **Schedule**, sets the **Preferred day**, **Preferred start time**, and the **Preferred end time**, and then clicks **Save**.
+
+   The update is scheduled to update the production environment on that day and time and an email is sent to the Requester. After the update finishes, the Requester will be asked to verify the changes.
+
+
+## Next steps
+After the update to the production environment completes, the Requester must again test the change. If the testing succeeds, the Requester can sign off on the change request. If the testing fails, the Requester can contact the Administrator group for more help. For the production environment testing steps, see the [Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md) topic.
\ No newline at end of file
diff --git a/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
new file mode 100644
index 0000000000..5292cf3570
--- /dev/null
+++ b/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -0,0 +1,41 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Search to see if a specific site already appears in your global Enterprise Mode site list.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9
+title: Search your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Search your Enterprise Mode site list in the Enterprise Mode Site List Manager
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+You can search to see if a specific site already appears in your global Enterprise Mode site list so you don’t try to add it again.
+
+ **To search your compatibility list**
+
+-   From the Enterprise Mode Site List Manager, type part of the URL into the **Search** box.<p>
+The search query searches all of the text. For example, entering *“micro”* will return results like, www.microsoft.com, microsoft.com, and microsoft.com/images. Wildcard characters aren’t supported.
+
+## Related topics
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
new file mode 100644
index 0000000000..bfb9659bd0
--- /dev/null
+++ b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
@@ -0,0 +1,157 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Set up and turn on Enterprise Mode logging and data collection in your organization.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
+title: Set up Enterprise Mode logging and data collection (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Set up Enterprise Mode logging and data collection
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+Using Group Policy, you can turn on Enterprise Mode for Internet Explorer and then you can turn on local user control using the **Let users turn on and use Enterprise Mode from the Tools menu** setting, located in the `Administrative Templates\Windows Components\Internet Explorer` category path. After you turn this setting on, your users can turn on Enterprise Mode locally, from the IE **Tools** menu.
+
+![enterprise mode option on the tools menu](images/ie-emie-toolsmenu.png)
+
+The **Let users turn on and use Enterprise Mode from the Tools menu** setting also lets you decide where to send the user reports (as a URL). We recommend creating a custom HTTP port 81 to let your incoming user information go to a dedicated site. A dedicated site is important so you can quickly pick out the Enterprise Mode traffic from your other website traffic.
+
+![group policy to turn on enterprise mode](images/ie-emie-grouppolicy.png)
+
+Getting these reports lets you find out about sites that aren’t working right, so you can add them to your Enterprise Mode site list, without having to locate them all yourself. For more information about creating and using a site list, see the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) topic, based on your operating system.
+
+## Using ASP to collect your data
+When you turn logging on, you need a valid URL that points to a server that can be listened to for updates to a user’s registry key. This means you need to set up an endpoint server for the incoming POST messages, which are sent every time the user turns Enterprise Mode on or off from the **Tools** menu.
+
+ **To set up an endpoint server**
+
+1.  Configure an IIS server to work with your Enterprise Mode data collection process. If you’re unsure how to set up IIS, see the [IIS installation webpage](https://go.microsoft.com/fwlink/p/?LinkId=507609).
+
+2.  Open Internet Information Services (IIS) and turn on the ASP components from the **Add Roles and Features Wizard**, **Server Roles** page.<p>
+This lets you create an ASP form that accepts the incoming POST messages.
+
+3.  Open the Internet Information Services (IIS) Manager, click **Bindings**, highlight **Port 81**, click **Edit**, and then change the website information to point to Port 81 so it matches your custom-created port.
+
+    ![IIS Manager, editing website bindings](images/ie-emie-editbindings.png)
+
+4.  Open the **Logging** feature, pick **W3C** for the format, and click **Select Fields** to open the **W3C Logging Fields** box.
+
+    ![IIS Manager, setting logging options](images/ie-emie-logging.png)
+
+5.  Change the WC3 logging fields to include only the **Date**, **Client IP**, **User Name**, and **URI Query** standard fields, and then click **OK**.<p>
+Using only these fields keeps the log file simple, giving you the date, client IP address, and the website URI information for any site changed by your users.
+
+6.  Apply these changes to your default website and close the IIS Manager.
+
+7.  Put your EmIE.asp file into the root of the web server, using this command:
+
+   ``` 
+    <% @ LANGUAGE=javascript %>
+    <%
+    Response.AppendToLog(" ;" + Request.Form("URL") + " ;" + Request.Form("EnterpriseMode"));
+    %>
+    ```
+This code logs your POST fields to your IIS log file, where you can review all of the collected data.
+
+
+### IIS log file information
+This is what your log files will look like after you set everything up and at least one of your users has turned on Enterprise Mode locally from the **Tools** menu. You can see the URL of the problematic website and client IP address of the user that turned on Enterprise Mode.
+
+![Enterprise Mode log file](images/ie-emie-logfile.png)
+
+
+## Using the GitHub sample to collect your data
+Microsoft has created the [EMIE-Data-Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) that shows how to collect your Enterprise Mode reports. This sample only shows how to collect data, it doesn’t show how to aggregate the data into your Enterprise Mode site list.<p>
+This sample starts with you turning on Enterprise Mode and logging (either through Group Policy, or by manually setting the EnterpriseMode registry key) so that your users can use Enterprise Mode locally. For the steps to do this, go to [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
+
+**Note**<br>If you decide to manually change the registry key, you can change the **Enable** setting to `[deployment url]/api/records/`, which automatically sends your reports to this page.
+
+### Setting up, collecting, and viewing reports
+For logging, you’re going to need a valid URL that points to a server that can be listened to for updates to a user’s registry key. This means you need to set up an endpoint server for the incoming POST messages, which are sent every time the user turns Enterprise Mode on or off from the **Tools** menu. These POST messages go into your database, aggregating the report data by URL, giving you the total number of reports where users turned on Enterprise Mode, the total number of reports where users turned off Enterprise Mode, and the date of the last report.
+
+ **To set up the sample**
+
+1.  Set up a server to collect your Enterprise Mode information from your users.
+
+2.  Go to the Internet Explorer/[EMIE-Data_Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) page on GitHub and tap or click the **Download ZIP** button to download the complete project.
+
+3.  Open Microsoft Visual Studio 2013 with Update 2, and then open the PhoneHomeSample.sln file.
+
+4.  On the **Build** menu, tap or click **Build Solution**.<p>
+The required packages are automatically downloaded and included in the solution.
+
+ **To set up your endpoint server**
+
+1.  Right-click on the name, PhoneHomeSample, and click **Publish**.
+
+    ![Visual Studio, Publish menu](images/ie-emie-publishsolution.png)
+
+2.  In the **Publish Web** wizard, pick the publishing target and options that work for your organization.
+
+   **Important**<br>
+   Make sure you have a database associated with your publishing target. Otherwise, your reports won’t be collected and you’ll have problems deploying the website. 
+
+    ![Visual Studio, Publish Web wizard](images/ie-emie-publishweb.png)
+
+   After you finish the publishing process, you need to test to make sure the app deployed successfully.
+
+ **To test, deploy, and use the app**
+
+1.  Open a registry editor on the computer where you deployed the app, go to the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` key, and change the **Enable** string to:
+
+    ``` "Enable"="http://<deploy_URL>/api/records/"
+    ```
+ Where `<deploy_URL>` points to your deployment URL.
+
+2.  After you’re sure your deployment works, you can deploy it to your users using one of the following:
+
+    -   Turn on the **Let users turn on and use Enterprise Mode from the Tools menu** Group Policy setting, putting your `<deploy_URL>` information into the **Options** box.
+
+    -   Deploy the registry key in Step 3 using System Center or other management software.
+
+3.  Get your users to visit websites, turning Enterprise Mode on or off locally, as necessary.
+
+ **To view the report results**
+
+-   Go to `http://<deploy_URL>/List` to see the report results.<p>
+If you’re already on the webpage, you’ll need to refresh the page to see the results.
+
+    ![Enterprise Mode Result report with details](images/ie-emie-reportwdetails.png)
+
+
+### Troubleshooting publishing errors
+If you have errors while you’re publishing your project, you should try to update your packages.
+
+ **To update your packages**
+
+1.  From the **Tools** menu of Microsoft Visual Studio, click **NuGet Package Manager**, and click **Manage NuGet Packages for Solution**.
+
+    ![Nuget Package Manager for package updates](images/ie-emie-packageupdate.png)
+
+2.  Click **Updates** on the left side of the tool, and click the **Update All** button.<p>
+You may need to do some additional package cleanup to remove older package versions.
+
+## Related topics
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [What is Enterprise Mode?](what-is-enterprise-mode.md)
+- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
+- [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-portal.md b/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
new file mode 100644
index 0000000000..0aca62e070
--- /dev/null
+++ b/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
@@ -0,0 +1,232 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how to set up the Enterprise Mode Site List Portal for your organization.
+author: eross-msft
+ms.prod: ie11
+title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+# Set up the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+The Enterprise Mode Site List Portal is an open-source web tool on GitHub that allows you to manage your Enterprise Mode Site List, hosted by the app, with multiple users. The portal is designed to use IIS and a SQL Server backend, leveraging Active Directory (AD) for employee management. Updates to your site list are made by submitting new change requests, which are then approved by a designated group of people, put into a pre-production environment for testing, and then deployed immediately, or scheduled for deployment later.
+
+Before you can begin using the Enterprise Mode Site List Portal, you must set up your environment.
+
+## Step 1 - Copy the deployment folder to the web server
+You must download the deployment folder (**EMIEWebPortal/**), which includes all of the source code for the website, from the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) site to your web server.
+
+**To download the source code**
+1. Download the deployment folder from the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) source code to your web server.
+
+2. Install the Node.js® package manager, [npm](https://www.npmjs.com/).
+
+    >[!Note]   
+    >You need to install the npm package manager to replace all the third-party libraries we removed to make the Enterprise Mode Site List Portal open-source.
+
+3. Open File Explorer and then open the **EMIEWebPortal/** folder.
+
+4. Press and hold **Shift**, right-click the window, then click **Open PowerShell window here**.
+
+5. Type _npm i_ into the command prompt, then press **Enter**.
+
+   Installs the npm package manager and bulk adds all the third-party libraries back into your codebase.
+
+6. Go back up a directory, open the solution file **EMIEWebPortal.sln** in Visual Studio, and then build the entire solution.
+
+7. Copy the contents of the **EMIEWebPortal/** folder to a dedicated folder on your file system. For example, _D:\EMIEWebApp_. In a later step, you'll designate this folder as your website in the IIS Manager.
+
+## Step 2 - Create the Application Pool and website, by using IIS
+Create a new Application Pool and the website, by using the IIS Manager.
+
+**To create a new Application Pool**
+1. In IIS Manager, expand your local computer in the **Connections** pane, right-click **Application Pools**, then click **Add Application Pool**.
+   
+   The **Add Application Pool** box appears.
+
+2. In the **Add Application Pool** box, enter the following info:
+    
+    - **Name.** Type the name of your new application pool. For example, _EMIEWebAppPool_.
+
+    - **.NET CLR version.** Pick the version of .NET CLR used by your application pool from the drop-down box. It must be version 4.0 or higher.
+
+    - **Managed pipeline mode.** Pick **Integrated** from the drop-down box. IIS uses the integrated IIS and ASP.NET request-processing pipeline for managed content.
+
+3. Click **OK**.
+
+4. Select your new application pool from the **Application Pool** pane, click **Advanced Settings** from the **Edit Application Pool** area of the **Actions** pane.
+
+   The **Advanced Settings** box appears.
+
+5. Make sure your **Identity** value is **ApplicationPoolIdentity**, click **OK**, and then close the box.
+
+6. Open File Explorer and go to your deployment directory, created in Step 1. For example, _D:\EMIEWebApp_.
+
+7. Right-click on the directory, click **Properties**, and then click the **Security** tab.
+
+8. Add your new application pool to the list (for example, _IIS AppPool\EMIEWebAppPool_) with **Full control access**, making sure the location searches the local computer.
+
+9. Add **Everyone** to the list with **Read & execute access**.
+
+**To create the website**
+1. In IIS Manager, expand your local computer in the **Connections** pane, right-click **Sites**, then click **Add Website**.
+   
+   The **Add Website** box appears.
+
+2. In the **Add Website** box, type the name of your website into the **Site name** box. For example, _EMIEWebApp_, and then click **Select**.
+
+   The **Select Application Pool** box appears.
+
+4. Pick the name of the application pool created earlier in this step, and then click **OK**. For example, _EMIEWebAppPool_.
+
+5. In the **Physical path** box, browse to your folder that contains your deployment directory. For example, _D:\EMIEWebApp_.
+
+6. Set up your **Binding**, including your **Binding Type**, **IP address**, and **Port**, as appropriate for your organization.
+
+7. Clear the **Start Website immediately** check box, and then click **OK**.
+
+8. In IIS Manager, expand your local computer, and then double-click your new website. For example, _EMIEWebApp_.
+
+   The **<<i>website_name</i>> Home** pane appears.
+
+9. Double-click the **Authentication** icon, right-click on **Windows Authentication**, and then click **Enable**. 
+
+    >[!Note]
+    >You must also make sure that **Anonymous Authentication** is marked as **Enabled**.
+
+10. Return to the **<<i>website_name</i>> Home** pane, and double-click the **Connection Strings** icon.
+
+11. Open the **LOBMergedEntities Connection String** to edit: 
+
+    - **Data source.** Type the name of your local computer.
+
+    - **Initial catalog.** The name of your database.
+
+        >[!Note]
+        >Step 3 of this topic provides the steps to create your database.
+
+## Step 3 - Create and prep your database
+Create a SQL Server database and run our custom query to create the Enterprise Mode Site List tables.
+
+**To create and prep your database**
+1. Start SQL Server Management Studio.
+
+2. Open **Object Explorer** and then connect to an instance of the SQL Server Database Engine.
+
+3. Expand the instance, right-click on **Databases**, and then click **New Database**.
+
+4. Type a database name. For example, _EMIEDatabase_.
+
+5. Leave all default values for the database files, and then click **OK**.
+
+6. Open the **DatabaseScripts/Create DB Tables/1_CreateEMIETables.sql** query file, located in the deployment directory.
+
+7. Replace the database name placeholder with the database name you created earlier. For example, _EMIEDatabase_.
+
+8. Run the query.
+
+## Step 4 - Map your Application Pool to a SQL Server role
+Map your ApplicationPoolIdentity to your database, adding the db_owner role.
+
+**To map your ApplicationPoolIdentity to a SQL Server role**
+1. Start SQL Server Management Studio and connect to your database.
+
+2. Expand the database instance and then open the server-level **Security** folder.
+    
+    > [!IMPORTANT]
+    > Make sure you open the **Security** folder at the server level and not for the database.
+
+3. Right-click **Logins**, and then click **New Login**.
+
+   The **Login-New** dialog box appears.  
+
+4. Type the following into the **Login name** box, based on your server instance type:
+
+    - **Local SQL Server instance.** If you have a local SQL Server instance, where IIS and SQL Server are on the same server, type the name of your Application Pool. For example, _IIS AppPool\EMIEWebAppPool_.
+
+    - **Remote SQL Server instance.** If you have a remote SQL Server instance, where IIS and SQL Server are on different servers, type `Domain\ServerName$`.
+
+        > [!IMPORTANT]
+        > Don't click **Search** in the **Login name** box. Login name searches will resolve to a ServerName\AppPool Name account and SQL Server Management Studio won't be able to resolve the account's virtual Security ID (SID).
+
+5. Click **User Mapping** from the **Select a page** pane, click the checkbox for your database (for example, _EMIEDatabase_) from the **Users mapped to this login** pane, and then click **db_owner** from the list of available roles in the **Database role membership** pane. 
+
+6. Click **OK**.
+
+## Step 5 - Restart the Application Pool and website
+Using the IIS Manager, you must restart both your Application Pool and your website.
+
+**To restart your Application Pool and website**
+1. In IIS Manager, expand your local computer in the **Connections** pane, select your website, then click **Restart** from the **Manage Website** pane.
+
+2. In the **Connections** pane, select your Application Pool, and then click **Recycle** from the **Application Pool Tasks** pane.
+
+## Step 6 - Registering as an administrator
+After you've created your database and website, you'll need to register yourself (or another employee) as an administrator for the Enterprise Mode Site List Portal.
+
+**To register as an administrator**
+1. Open Microsoft Edge and type your website URL into the Address bar. For example, http://emieportal:8085.
+
+2. Click **Register now**.
+
+3. Type your name or alias into the **Email** box, making sure it matches the info in the drop-down box.
+
+4. Click **Administrator** from the **Role** box, and then click **Save**.
+
+5. Append your website URL with `/#/EMIEAdminConsole` in the Address bar to go to your administrator console. For example, http://emieportal:8085/#/EMIEAdminConsole.
+
+   A dialog box appears, prompting you for the system user name and password. The default user name is EMIEAdmin and the default password is Admin123. We strongly recommend that you change the password by using the **Change password** link as soon as you're done with your first visit.
+
+6. Select your name from the available list, and then click **Activate**.
+
+7. Go to the Enterprise Mode Site List Portal Home page and sign in.
+
+## Step 7 - Configure the SMTP server and port for email notification
+After you've set up the portal, you need to configure your SMTP server and port for email notifications from the system.
+
+**To set up your SMTP server and port for emails**
+1. Open Visual Studio, and then open the web.config file from your deployment directory.
+
+2. Update the SMTP server and port info with your info, using this format:
+
+    ```
+       <add key="host" value="SMTPHOST.corp.contoso.com"/>
+       <add key="port" value="2500"/>
+    ```
+3. Open the **Settings** page in the Enterprise Mode Site List Portal, and then update the email account and password info.
+
+## Step 8 - Register the scheduler service
+Register the EMIEScheduler tool and service for production site list changes.
+
+**To register the scheduler service**
+
+1. Open File Explorer and go to EMIEWebPortal.SchedulerService\EMIEWebPortal.SchedulerService in your deployment directory, and then copy the **App_Data**, **bin**, and **Logs** folders to a separate folder. For example, C:\EMIEService\.
+ 
+    >[!Important]
+    >If you can't find the **bin** and **Logs** folders, you probably haven't built the Visual Studio solution. Building the solution creates the folders and files.
+
+2. In Visual Studio start the Developer Command Prompt as an administrator, and then change the directory to the location of the InstallUtil.exe file. For example, _C:\Windows\Microsoft.NET\Framework\v4.0.30319_.
+
+3. Run the command, `InstallUtil "<path_to_service>"`. For example, _InstallUtil "C:\EMIEService\bin\Debug\EMIEWebPortal.SchedulerService.exe"._
+ 
+   You'll be asked for your user name and password for the service.
+
+4. Open the **Run** command, type `Services.msc`, and then start the EMIEScheduler service.
+
+## Related topics
+- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
+
+- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
+
+- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) 
\ No newline at end of file
diff --git a/browsers/enterprise-mode/turn-off-enterprise-mode.md b/browsers/enterprise-mode/turn-off-enterprise-mode.md
new file mode 100644
index 0000000000..12a4ee7ffd
--- /dev/null
+++ b/browsers/enterprise-mode/turn-off-enterprise-mode.md
@@ -0,0 +1,77 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: How to turn Enteprrise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3
+title: Turn off Enterprise Mode (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Turn off Enterprise Mode
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+It’s important that you test the sites you’re adding, or considering removing, from your Enterprise Mode site list. To make this testing easier, you can turn off the site list or the entire Enterprise Mode functionality. For example, you might have an intranet site on your list that you’ve upgraded to be compatible with the new web standards . If you test the site while the site list is active, Internet Explorer 11 will automatically switch to Enterprise Mode. By turning off the site list, you can see what the page actually looks like and decide whether to remove it from your site list.
+
+In addition, if you no longer want your users to be able to turn Enterprise Mode on locally, you can remove Enterprise Mode from the local **Tools** menu.
+
+**Important**<br>
+Turning off both of these features turns off Enterprise Mode for your company. Turning off Enterprise Mode also causes any websites included in your employee’s manual site lists to not appear in Enterprise Mode.
+
+  **To turn off the site list using Group Policy**
+
+1.  Open your Group Policy editor, like Group Policy Management Console (GPMC).
+
+2.  Go to the **Use the Enterprise Mode IE website list** setting, and then click **Disabled**.<p>
+Enterprise Mode will no longer look for the site list, effectively turning off Enterprise Mode. However, if you previously turned on local control for your employees, Enterprise Mode will still be available from the **Tools** menu. You need to turn that part of the functionality off separately.
+
+ **To turn off local control using Group Policy**
+
+1.  Open your Group Policy editor, like Group Policy Management Console (GPMC).
+
+2.  Go to the **Let users turn on and use Enterprise Mode from the Tools menu** setting, and then click **Disable**.
+
+3.  Enterprise Mode no longer shows up on the **Tools** menu for your employees. However, if you are still using an Enterprise Mode site list, all of the globally listed sites will still appear in Enterprise Mode. If you want to turn off all of Enterprise Mode, you will need to also turn off the site list functionality.
+
+ **To turn off the site list using the registry**
+
+1.  Open a registry editor, such as regedit.exe.
+
+2.  Go to `HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **SiteList** value.<p>
+You can also use HKEY_LOCAL_MACHINE, depending whether you want to turn off the Enterprise Mode site list for users or for computers.
+
+3.  Close all and restart all instances of Internet Explorer.<p>
+IE11 stops looking at the site list for rendering instructions. However, Enterprise Mode is still available to your users locally (if it was turned on).
+
+ **To turn off local control using the registry**
+
+1.  Open a registry editor, such as regedit.exe.
+
+2.  Go `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **Enable** value.<p>
+You can also use HKEY_CURRENT_USER, depending whether you want to turn off Enterprise Mode for users or for computers.
+
+3.  Close and restart all instances of IE.<p>
+Enterprise Mode is no longer a user option on the **Tools** menu in IE11. However, IE11 still looks at the site list (if it was turned on).
+
+## Related topics
+- [What is Enterprise Mode?](what-is-enterprise-mode.md)
+- [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
+- [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md)
+- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md
new file mode 100644
index 0000000000..e4e3d83ec8
--- /dev/null
+++ b/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md
@@ -0,0 +1,47 @@
+Before you can use a site list with Enterprise Mode, you must turn the functionality on and set up the system for centralized control. By allowing
+centralized control, you can create one global list of websites that render using Enterprise Mode. Approximately 65 seconds after Internet Explorer 11 starts, it looks for a properly formatted site list. If a new site list if found, with a different version number than the active list, IE11 loads and uses the newer version. After the initial check, IE11 won’t look for an updated list again until you restart the browser.
+
+>[!NOTE] 
+>We recommend that you store and download your website list from a secure web server (https://), to help protect against data tampering. After the list is downloaded, it's stored locally on your employees' computers so if the centralized file location is unavailable, they can still use Enterprise Mode.
+
+**Group Policy**
+
+1.  Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Microsoft Edge\\Configure the Enterprise Mode     Site List** setting.<p>Turning this setting on also requires you to create and store a site list.
+
+<!-- 
+    ![Local Group Policy Editor for using a site list](../edge/images/config-enterprise-site-list.png)
+-->
+
+2.  Click **Enabled**, and then in the **Options** area, type the location to your site list.
+
+3.  Refresh your policy and then view the affected sites in Microsoft Edge.<p>The site shows a message in Microsoft Edge, saying that the page needs IE. At the same time, the page opens in IE11; in a new frame if it's not yet running, or in a new tab if it is.
+
+**Registry**
+
+All of your managed devices must have access to this location if you want them to be able to access and use Enterprise Mode and your site list.
+
+1.  **To turn on Enterprise Mode for all users on the PC:** Open the registry editor and go to     `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MicrosoftEdge\Main\EnterpriseMode`.
+
+2.  Edit the `SiteList` registry key to point to where you want to keep your Enterprise Mode site list file.<p>For example:
+    <!--
+    ![Enterprise mode with site list in the registry](../edge/images/enterprise-mode-value-data.png) -->
+
+    -   **HTTPS location:** `"SiteList"="https://localhost:8080/sites.xml"`
+
+    -   **Local network:** `"SiteList"="\\network\shares\sites.xml"`
+
+    -   **Local file:**   `"SiteList"="file:///c:\\Users\\<user>\\Documents\\testList.xml"`
+
+    >   **Example:**  
+    >>  _Web URL_ http://localhost:8080/EnterpriseMode.xml
+    >>
+    >>   _Network Share_ \\NetworkShare.xml (Place this inside the group policy folder on Sysvol)
+    >>
+    >>   _Drive Letter_ C:.xml
+
+    All of your managed devices must have access to this location if you want them to use Enterprise Mode and your site list.
+
+3.  Refresh the policy in your organization and then view the affected sites in
+    Microsoft Edge.<p>The site shows a message in Microsoft Edge, saying that the page needs IE.
+    At the same time, the page opens in IE11; in a new frame if it is not yet
+    running, or in a new tab if it is.
diff --git a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
new file mode 100644
index 0000000000..0f5ff8d1f9
--- /dev/null
+++ b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
@@ -0,0 +1,61 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Turn on local user control and logging for Enterprise Mode.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: 6622ecce-24b1-497e-894a-e1fd5a8a66d1
+title: Turn on local control and logging for Enterprise Mode (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Turn on local control and logging for Enterprise Mode
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+You can turn on local control of Enterprise Mode so that your users can turn Enterprise Mode on from the **Tools** menu. Turning on this feature also adds the **Enterprise** browser profile to the **Emulation** tab of the F12 developer tools.
+
+Besides turning on this feature, you also have the option to provide a URL for Enterprise Mode logging. If you turn logging on, Internet Explorer initiates a simple POST back to the supplied address, including the URL and a specification that **EnterpriseMode** was turned on or off through the **Tools** menu.
+
+ **To turn on local control of Enterprise Mode using Group Policy**
+
+1.  Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Internet Explorer\\Let users turn on and use Enterprise Mode from the Tools menu** setting.
+
+    ![group policy editor with emie setting](images/ie-emie-editpolicy.png)
+
+2.  Click **Enabled**, and then in the **Options** area, type the location for where to receive reports about when your employees use this functionality to turn Enterprise Mode on or off from the **Tools** menu.
+
+ **To turn on local control of Enterprise Mode using the registry**
+
+1.  Open a registry editor, like regedit.exe and go to `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`.
+
+2.  In the right pane, right-click and click **New**, click **String Value**, and then name the new value **Enable**.
+
+3.  Right-click the **Enable** key, click **Modify**, and then type a **Value data** to point to a server that you can listen to for updates.
+
+    ![edit registry string for data collection location](images/ie-emie-editregistrystring.png)
+
+Your **Value data** location can be any of the following types:
+
+-   **URL location (like, http://www.emieposturl.com/api/records or http://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.<p>**Important**<br>
+The `http://www.emieposturl.com/api/records` example will only work if you’ve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you don’t have the sample, you won’t have the web API.
+-   **Local network location (like, http://*emieposturl*/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu.
+-   **Empty string**. If you leave the **Value data** box blank; your employees will be able to turn Enterprise Mode on and off from the **Tools** menu, but you won’t collect any logging data.
+
+For information about how to collect the data provided when your employees turn Enterprise Mode on or off from the **Tools** menu, see [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md).
+
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/use-the-enterprise-mode-portal.md b/browsers/enterprise-mode/use-the-enterprise-mode-portal.md
new file mode 100644
index 0000000000..d57c5f411b
--- /dev/null
+++ b/browsers/enterprise-mode/use-the-enterprise-mode-portal.md
@@ -0,0 +1,80 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Portal.
+ms.prod: ie11
+title: Use the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+# Use the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
+
+The Enterprise Mode Site List Portal is an open-source web tool on GitHub that allows you to manage your Enterprise Mode Site List, hosted by the app, with multiple users. The portal is designed to use IIS and a SQL Server backend, leveraging Active Directory (AD) for employee management. Updates to your site list are made by submitting new change requests, which are then approved by a designated group of people, put into a pre-production environment for testing, and then deployed immediately, or scheduled for deployment later.
+
+You can use IE11 and the Enterprise Mode Site List Portal to manage your Enterprise Mode Site List, hosted by the app, with multiple users.
+
+## Minimum system requirements for portal and test machines
+Some of the components in this table might also need additional system resources. Check the component's documentation for more information.
+
+|Item |Description |
+|-----|------------|
+|Operating system |Windows 7 or later |
+|Memory |16 GB RAM |
+|Hard drive space |At least 8 GB of free space, formatted using the NTFS file system for better security |
+|Active Directory (AD) |Devices must be domain-joined |
+|SQL Server |Microsoft SQL Server Enterprise Edition 2012 or later |
+|Visual Studio |Visual Studio 2015 or later |
+|Node.js® package manager |npm Developer version or higher |
+|Additional server infrastructure |Internet Information Service (IIS) 6.0 or later |
+
+## Role assignments and available actions
+Admins can assign roles to employees for the Enterprise Mode Site List Portal, allowing the employees to perform specific actions, as described in this table.
+
+|Role assignment |Available actions |
+|----------------|------------------|
+|Requester |<ul><li>Create a change request</li><br><br><li>Validate changes in the pre-production environment</li><br><br><li>Rollback pre-production and production changes in case of failure</li><br><br><li>Send approval requests</li><br><br><li>View own requests</li><br><br><li>Sign off and close own requests</li></ul> |
+|Approver<br><br>(includes the App Manager and Group Head roles) |<ul><li>All of the Requester actions, plus:</li><br><br><li>Approve requests</li></ul> |
+|Administrator |<ul><li>All of the Requester and Approver actions, plus:</li><br><br><li>Add employees to the portal</li><br><br><li>Assign employee roles</li><br><br><li>Approve registrations to the portal</li><br><br><li>Configure portal settings (for example, determine the freeze schedule, determine the pre-production and production XML paths, and determine the attachment upload location)</li><br><br><li>Use the standalone Enterprise Mode Site List Manager page</li><br><br><li>View reports</li></ul> |
+
+## Enterprise Mode Site List Portal workflow by employee role
+The following workflow describes how to use the Enterprise Mode Site List Portal.
+
+1. [The Requester submits a change request for an app](create-change-request-enterprise-mode-portal.md)
+
+2. [The Requester tests the change request info, verifying its accuracy](verify-changes-preprod-enterprise-mode-portal.md)
+
+3. [The Approver(s) group accepts the change request](approve-change-request-enterprise-mode-portal.md)
+
+4. [The Requester schedules the change for the production environment](schedule-production-change-enterprise-mode-portal.md)
+
+5. [The change is verified against the production site list and signed off](verify-changes-production-enterprise-mode-portal.md)
+
+
+## Related topics
+- [Set up the Enterprise Mode Site List Portal](set-up-enterprise-mode-portal.md)
+
+- [Workflow-based processes for employees using the Enterprise Mode Site List Portal](workflow-processes-enterprise-mode-portal.md)
+
+- [How to use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) 
+
+- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
+
+- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md
new file mode 100644
index 0000000000..fbe6ddff8f
--- /dev/null
+++ b/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md
@@ -0,0 +1,61 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Manager.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
+title: Use the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 12/04/2017
+---
+
+
+# Use the Enterprise Mode Site List Manager
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
+
+You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
+
+[!INCLUDE [enterprise-mode-site-list-mgr-versions-include](../../enterprise-mode/enterprise-mode-site-list-mgr-versions-include.md)]
+
+## Using the Enterprise Mode Site List Manager
+The following topics give you more information about the things that you can do with the Enterprise Mode Site List Manager.
+
+|Topic |Description |
+|------|------------|
+|[Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md) |How to add websites to your site list using the Enterprise Mode Site List Manager (schema v.2). |
+|[Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md) |How to add websites to your site list using the Enterprise Mode Site List Manager (schema v.1). |
+|[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the Enterprise Mode Site List Manager (schema v.2). |
+|[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the WEnterprise Mode Site List Manager (schema v.1). |
+|[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md) |How to edit the compatibility mode for specific websites.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
+|[Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md) |How to fix common site list validation errors.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
+|[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to look to see if a site is already in your global Enterprise Mode site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
+|[Save your site list to XML in the Enterprise Mode Site List Manager](save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md) |How to save a site list as XML, so you can deploy and use it with your managed systems.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
+|[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md) |How to export your site list so you can transfer your data and contents to someone else.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
+|[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](import-into-the-enterprise-mode-site-list-manager.md) |How to import your site list to replace a corrupted or out-of-date list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
+|[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete a website from your site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
+|[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete all of the websites in a site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
+
+## Related topics
+
+
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md)
+- [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/using-enterprise-mode.md b/browsers/enterprise-mode/using-enterprise-mode.md
new file mode 100644
index 0000000000..313a07e8e8
--- /dev/null
+++ b/browsers/enterprise-mode/using-enterprise-mode.md
@@ -0,0 +1,57 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
+description: Use this section to learn about how to turn on and use IE7 Enterprise Mode or IE8 Enterprise Mode.
+author: eross-msft
+ms.prod: ie11
+ms.assetid: 238ead3d-8920-429a-ac23-02f089c4384a
+title: Using IE7 Enterprise Mode or IE8 Enterprise Mode (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Using IE7 Enterprise Mode or IE8 Enterprise Mode
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+Enterprise Mode gives you a way for your legacy websites and apps to run using emulated versions of Windows Internet Explorer 7 or Windows Internet Explorer 8, while your new sites and apps run using Internet Explorer 11, including modern standards and features.
+
+Although it’s called IE7 Enterprise Mode, it actually turns on Enterprise Mode along with Internet Explorer 7 or Microsoft Internet Explorer 5 Compatibility View. Compatibility View chooses which document mode to use based on whether there’s a `DOCTYPE` tag in your code:
+
+-   **DOCTYPE tag found.** Webpages render using the Internet Explorer 7 document mode.
+-   **No DOCTYPE tag found.** Webpages render using the Internet Explorer 5 document mode.
+
+**Important**<br>
+Because we’ve added the IE7 Enterprise Mode option, we’ve had to rename the original functionality of Enterprise Mode to be IE8 Enterprise Mode. We’ve also replaced Edge Mode with IE11 Document Mode, so you can explicitly use IE11 on Windows 10.
+
+## Turning on and using IE7 Enterprise Mode or IE8 Enterprise Mode
+For instructions about how to add IE7 Enterprise Mode or IE8 Enterprise Mode to your webpages and apps, see:
+
+-   [Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
+
+-   [Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
+
+-   [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
+
+-   [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
+
+For instructions and more info about how to fix your compatibility issues using Enterprise Mode, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
+
+## Related topics
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
+ 
+
+ 
+
+
+
diff --git a/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md b/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
new file mode 100644
index 0000000000..94de88ee4e
--- /dev/null
+++ b/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
@@ -0,0 +1,67 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how to make sure your change request info is accurate within the pre-production environment of the Enterprise Mode Site List Portal.
+author: eross-msft
+ms.prod: ie11
+title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+# Verify your changes using the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+>[!Important]
+>This step requires that each Requester have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct. 
+
+The Requester successfully submits a change request to the Enterprise Mode Site List Portal and then gets an email, including:
+
+- **EMIE_RegKey**. A batch file that when run, sets the registry key to point to the local pre-production Enterprise Mode Site List. 
+
+- **Test steps**. The suggested steps about how to test the change request details to make sure they're accurate in the pre-production environment.
+
+- **EMIE_Reset**. A batch file that when run, reverts the changes made to the pre-production registry.
+
+## Verify and send the change request to Approvers
+The Requester tests the changes and then goes back into the Enterprise Mode Site List Portal, **Pre-production verification** page to verify whether the testing was successful.
+
+**To verify changes and send to the Approver(s)**
+1. On the **Pre-production verification** page, the Requester clicks **Successful** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the change request and testing results.
+
+2. The Requester reviews the pre-defined Approver(s), and then clicks **Send for approval**.
+
+   The Requester, the Approver group, and the Administrator group all get an email, stating that the change request is waiting for approval.
+
+
+**To rollback your pre-production changes**
+1. On the **Pre-production verification** page, the Requester clicks **Failed** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the change request and testing results.
+
+2. Add a description about the issue into the **Issue description** box, and then click **Send failure details**.
+
+   The change request and issue info are sent to the Administrators.
+
+3. The Requester clicks **Roll back** to roll back the changes in the pre-production environment.
+
+    After the Requester rolls back the changes, the request can be updated and re-submitted.
+
+
+## View rolled back change requests
+The original Requester and the Administrator(s) group can view the rolled back change requests.
+
+**To view the rolled back change request**
+
+- In the Enterprise Mode Site List Portal, click **Rolled back** from the left pane.
+
+   All rolled back change requests appear, with role assignment determining which ones are visible.
+
+## Next steps
+If the change request is certified as successful, the Requester must next send it to the Approvers for approval. For the Approver-related steps, see the [Approve a change request using the Enterprise Mode Site List Portal](approve-change-request-enterprise-mode-portal.md) topic.
diff --git a/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md b/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md
new file mode 100644
index 0000000000..00fb099e3f
--- /dev/null
+++ b/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md
@@ -0,0 +1,42 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how the Requester makes sure that the change request update is accurate within the production environment using the Enterprise Mode Site List Portal.
+author: eross-msft
+ms.prod: ie11
+title: Verify the change request update in the production environment using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+# Verify the change request update in the production environment using the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+## Verify and sign off on the update in the production environment
+The Requester tests the changes in the production environment and then goes back into the Enterprise Mode Site List Portal, **Production verification** page to verify whether the testing was successful.
+
+**To verify the changes and sign off**
+- On the **Production verification** page, the Requester clicks **Successful**, optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the testing results, optionally includes a description of the change, and then clicks **Sign off**.
+
+   The Requester, Approver group, and Administrator group all get an email, stating that the change request has been signed off.
+
+
+**To rollback production changes**
+1. On the **Production verification** page, the Requester clicks **Failed** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the testing results.
+
+2. Add a description about the issue into the **Change description** box, and then click **Send failure details**.
+
+   The info is sent to the Administrators.
+
+3. The Requester clicks **Roll back** to roll back the changes in the production environment.
+
+    After the Requester rolls back the changes, the request is automatically handled in the production and pre-production environment site lists.
+
diff --git a/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md b/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md
new file mode 100644
index 0000000000..29d1d8afe9
--- /dev/null
+++ b/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md
@@ -0,0 +1,38 @@
+---
+ms.localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how to view the active Enterprise Mode Site List from the Enterprise Mode Site List Portal.
+author: eross-msft
+ms.prod: ie11
+title: View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+# View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+Any employee with access to the Enterprise Mode Site List Portal can view the apps included in the current Enterprise Mode Site List.
+
+**To view the active Enterprise Mode Site List**
+1. Open the Enterprise Mode Site List Portal and click the **Production sites list** icon in the upper-right area of the page.
+
+    The **Production sites list** page appears, with each app showing its URL, the compatibility mode to use, and the assigned browser to open the site.
+
+2. Click any URL to view the actual site, using the compatibility mode and opening in the correct browser.
+ 
+
+**To export the active Enterprise Mode Site List**
+1. On the **Production sites list** page, click **Export**.
+
+2. Save the ProductionSiteList.xlsx file.
+
+   The Excel file includes all apps in the current Enterprise Mode Site List, including URL, compatibility mode, and assigned browser.
diff --git a/browsers/enterprise-mode/what-is-enterprise-mode-include.md b/browsers/enterprise-mode/what-is-enterprise-mode-include.md
new file mode 100644
index 0000000000..34359d6f1b
--- /dev/null
+++ b/browsers/enterprise-mode/what-is-enterprise-mode-include.md
@@ -0,0 +1,4 @@
+## What is Enterprise Mode?
+Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8. Running in this mode helps to avoid many of the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
+
+Many customers identify web app compatibility as a significant cost to upgrading because web apps need to be tested and upgraded before adopting a new browser. The improved compatibility provided by Enterprise Mode can help give customers confidence to upgrade to IE11, letting customers benefit from modern web standards, increased performance, improved security, and better reliability.
\ No newline at end of file
diff --git a/browsers/includes/available-duel-browser-experiences-include.md b/browsers/includes/available-duel-browser-experiences-include.md
new file mode 100644
index 0000000000..175646f824
--- /dev/null
+++ b/browsers/includes/available-duel-browser-experiences-include.md
@@ -0,0 +1,12 @@
+## Available dual-browser experiences
+Based on the size of your legacy web app dependency, determined by the data collected with [Windows Upgrade Analytics](https://blogs.windows.com/windowsexperience/2016/09/26/new-windows-10-and-office-365-features-for-the-secure-productive-enterprise/), there are several options from which you can choose to configure your enterprise browsing environment:
+
+- Use Microsoft Edge as your primary browser.
+
+- Use Microsoft Edge as your primary browser and use Enterprise Mode to open sites in Internet Explorer 11 (IE11) that use IE proprietary technologies.
+
+- Use Microsoft Edge as your primary browser and open all intranet sites in IE11.
+
+- Use IE11 as your primary browser and use Enterprise Mode to open sites in Microsoft Edge that use modern web technologies.
+
+For more info about when to use which option, and which option is best for you, see the [Continuing to make it easier for Enterprise customers to upgrade to Internet Explorer 11 — and Windows 10](https://blogs.windows.com/msedgedev/2015/11/23/windows-10-1511-enterprise-improvements) blog.
\ No newline at end of file
diff --git a/browsers/includes/configuration-options.md b/browsers/includes/configuration-options.md
new file mode 100644
index 0000000000..2b2516dfe2
--- /dev/null
+++ b/browsers/includes/configuration-options.md
@@ -0,0 +1,11 @@
+## Configuration options
+You can make changes to your deployment through the software management system you have chosen. 
+
+### Choosing an update channel
+
+### Configure policies using Group Policy Editor
+
+### Configure policies using Registry Editor
+
+### Configure policies using Intune
+
diff --git a/browsers/includes/control-browser-content.md b/browsers/includes/control-browser-content.md
new file mode 100644
index 0000000000..e32eda17a8
--- /dev/null
+++ b/browsers/includes/control-browser-content.md
@@ -0,0 +1,18 @@
+## Controlling browser content
+This section explains how to control content in the browser.
+
+### Configure Pop-up Blocker
+[configure-pop-up-blocker-include](../edge/includes/configure-pop-up-blocker-include.md)
+
+### Allow exentions
+[allow-extensions-include](../edge/includes/allow-extensions-include.md)
+
+[send-all-intranet-sites-ie-include](../edge/includes/send-all-intranet-sites-ie-include.md)
+
+[keep-fav-sync-ie-edge-include](../edge/includes/keep-fav-sync-ie-edge-include.md)
+
+extensions
+javascript
+Tracking your browser:
+- Do not track
+
diff --git a/browsers/includes/control-browsing-behavior.md b/browsers/includes/control-browsing-behavior.md
new file mode 100644
index 0000000000..067eba3f7d
--- /dev/null
+++ b/browsers/includes/control-browsing-behavior.md
@@ -0,0 +1,90 @@
+<!-- update the links with the Titles of the article  -->
+# Control browsing behavior
+This section explains how to contol the behavior of Microsoft Edge in certain circumstances.  Besides changing how sites deplay and the look and feel of the browser itself, you can also change how the browser behaves, for example, you can change the settings for security.
+
+
+
+## Security settings
+
+## Cookies 
+
+[configure-cookies-include](../edge/includes/configure-cookies-include.md)
+
+## Search engine settings
+...shortdesc of search engines...how admins can control the default search engine...
+
+### Allow address bar suggestions
+[allow-address-bar-suggestions-include](../edge/includes/allow-address-bar-suggestions-include.md)
+
+[configure-search-suggestions-address-bar-include](../edge/includes/configure-search-suggestions-address-bar-include.md)
+
+[allow-search-engine-customization-include](../edge/includes/allow-search-engine-customization-include.md)
+
+[configure-additional-search-engines-include](../edge/includes/configure-additional-search-engines-include.md)
+
+[set-default-search-engine-include](../edge/includes/set-default-search-engine-include.md)
+
+
+
+
+## Extensions
+Extensions allow you to add features and functionality directly into the browser itself. Choose from a range of extensions from the Microsoft Store. 
+
+
+
+[Allow Extensions](../edge/available-policies.md#allow-extensions)
+
+[allow-sideloading-extensions-include](../edge/includes/allow-sideloading-extensions-include.md)
+
+[prevent-turning-off-required-extensions-include](../edge/includes/prevent-turning-off-required-extensions-include.md)
+
+## Home button settings
+The Home page...
+
+
+### Scenarios
+You can specify www.bing.com or www.google.com as the startup pages for Microsoft Edge using "HomePages" (MDM) or Configure Start Pages (GP).  You can also enable the Disable Lockdown of Start pages (GP) policy or set the the DisableLockdownOfStartPages (MDM) setting to 1 allowing users to change the Microsoft Edge start options.  Additionally, you can enable the Disable Lockdown of Start Pages or set the DisableLockdownOfStartPages to 2 locking down the IT-provided URLs, but allowing users to add or remove additional URLs. Users cannot switch Startup setting to another, for example, to load New Tab page or "previous pages" at startup.
+<!-- stem sentence to the table so that we can get rid of the ### Configuration combinations header. -->
+### Configuration combinations
+
+| **Configure Home Button**       | **Set Home Button URL** | **Unlock Home Button** | **Results**                     |
+|---------------------------------|-------------------------|------------------------|---------------------------------|
+| Not configured (0/Null default) | N/A                     | N/A                    | Shows home button and loads the Start page.     |
+| Enabled (1)                     | N/A                     | Disabled (0 default)   | Shows home button, loads the New tab page, and prevent users from making changes to it. |
+| Enabled (1)                     | N/A                     | Disabled (0 default)   | Shows home button, loads the New tab page, and let users from making changes to it. |
+| Enabled (2)                     | Enabled                 | Disabled (0 default)   | Shows home button, loads custom URL defined in the Set Home Button URL policy, prevent users from changing what page loads.      |
+| Enabled (2)                     | Enabled                 | Enabled                | Shows home button, loads custom URL defined in the Set Home Button URL policy, and allow users to change what page loads.    |
+| Enabled (3)                     | N/A                     | N/A                    | Hides home button.           |
+---
+
+[configure-home-button-include](configure-home-button-include.md)
+
+[set-home-button-url-include](set-home-button-url-include.md)
+
+[unlock-home-button-include](unlock-home-button-include.md)
+
+## Start page settings
+
+[configure-start-pages-include](configure-start-pages-include.md)
+
+[disable-lockdown-of-start-pages-include](disable-lockdown-of-start-pages-include.md)
+
+
+
+## New Tab page settings
+
+[set-new-tab-url-include](set-new-tab-url-include.md)
+
+[allow-web-content-new-tab-page-include](allow-web-content-new-tab-page-include.md)
+
+
+## Exit tasks
+
+[allow-clearing-browsing-data-include](allow-clearing-browsing-data-include.md)
+
+
+## Kiosk mode
+
+[Configure kiosk mode](configure-microsoft-edge-kiosk-mode-include.md)
+
+[Configure kiosk reset after idle timeout](configure-edge-kiosk-reset-idle-timeout-include.md)
diff --git a/browsers/includes/customize-look-and-feel.md b/browsers/includes/customize-look-and-feel.md
new file mode 100644
index 0000000000..5bada8092e
--- /dev/null
+++ b/browsers/includes/customize-look-and-feel.md
@@ -0,0 +1,2 @@
+## Customize the look and feel
+
diff --git a/browsers/includes/helpful-topics-include.md b/browsers/includes/helpful-topics-include.md
new file mode 100644
index 0000000000..21a3238bd5
--- /dev/null
+++ b/browsers/includes/helpful-topics-include.md
@@ -0,0 +1,28 @@
+<!-- Helpful information and additional resources -->
+## Helpful information and additional resources
+- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
+
+- [Technical guidance, tools, and resources on Enterprise browsing](https://technet.microsoft.com/ie)
+
+- [Enterprise Mode Site List Manager (schema v.1)](https://www.microsoft.com/download/details.aspx?id=42501)
+
+- [Enterprise Mode Site List Manager (schema v.2)](https://www.microsoft.com/download/details.aspx?id=49974)
+
+- [Use the Enterprise Mode Site List Manager](../enterprise-mode/use-the-enterprise-mode-site-list-manager.md) 
+
+- [Collect data using Enterprise Site Discovery](../enterprise-mode/collect-data-using-enterprise-site-discovery.md)
+
+- [Web Application Compatibility Lab Kit](https://technet.microsoft.com/microsoft-edge/mt612809.aspx)
+
+- [Microsoft Services Support](https://www.microsoft.com/en-us/microsoftservices/support.aspx)
+
+- [Find a Microsoft partner on Pinpoint](https://partnercenter.microsoft.com/pcv/search)
+
+
+
+
+
+- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/browser/mt612809.aspx)
+- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956)
+- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646)
+- [Fix web compatibility issues using document modes and the Enterprise Mode site list](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list)
diff --git a/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md b/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
new file mode 100644
index 0000000000..2e8b76896b
--- /dev/null
+++ b/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
@@ -0,0 +1,12 @@
+If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
+
+>[!IMPORTANT] 
+>Importing your file overwrites everything that’s currently in the tool, so make sure it’s what want to do.
+
+1.  In the Enterprise Mode Site List Manager, click **File \> Import**.
+
+2.  Go to the exported .EMIE file.<p>For example, `C:\users\<user_name>\documents\sites.emie`
+
+1.  Click **Open**.
+
+2.  Review the alert message about all of your entries being overwritten and click **Yes**.
diff --git a/browsers/includes/interoperability-goals-enterprise-guidance.md b/browsers/includes/interoperability-goals-enterprise-guidance.md
new file mode 100644
index 0000000000..5937eb6bef
--- /dev/null
+++ b/browsers/includes/interoperability-goals-enterprise-guidance.md
@@ -0,0 +1,28 @@
+## Interoperability goals and enterprise guidance
+
+Our primary goal is that your websites work in Microsoft Edge. To that end, we've made Microsoft Edge the default browser.
+
+You must continue using IE11 if web apps use any of the following:
+
+* ActiveX controls
+
+* x-ua-compatible headers
+
+* &lt;meta&gt; tags
+
+* Enterprise mode or compatibility view to address compatibility issues
+
+* legacy document modes [what is this?]
+
+If you have uninstalled IE11, you can download it from the Microsoft Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. 
+
+>[!TIP]
+>If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714).
+
+
+|Technology  |Why it existed  |Why we don't need it anymore  |
+|---------|---------|---------|
+|ActiveX     |ActiveX is a binary extension model introduced in 1996 which allowed developers to embed native Windows technologies (COM/OLE) in web pages. These controls can be downloaded and installed from a site and were subsequently loaded in-process and rendered in Internet Explorer.         |         |
+|Browser Helper Objects (BHO)     |BHOs are a binary extension model introduced in 1997 which enabled developers to write COM objects that were loaded in-process with the browser and could perform actions on available windows and modules. A common use was to build toolbars that installed into Internet Explorer.         |         |
+|Document modes     | Starting with IE8, Internet Explorer introduced a new “document mode” with every release. These document modes could be requested via the x-ua-compatible header to put the browser into a mode which emulates legacy versions.        |Similar to other modern browsers, Microsoft Edge will have a single “living” document mode. In order to minimize the compatibility burden, features will be tested behind switches in about:flags until they are stable and ready to be turned on by default.         |
+
diff --git a/browsers/internet-explorer/docfx.json b/browsers/internet-explorer/docfx.json
index b7a205ddd2..34e8b2d487 100644
--- a/browsers/internet-explorer/docfx.json
+++ b/browsers/internet-explorer/docfx.json
@@ -17,7 +17,7 @@
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
 		"breadcrumb_path": "/internet-explorer/breadcrumb/toc.json",
         "ROBOTS": "INDEX, FOLLOW",
-		"ms.author": "lizross",
+		"ms.author": "shortpatti",
 		"author": "eross-msft",
 		"ms.technology": "internet-explorer",
 		"ms.topic": "article",
diff --git a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
index e322e33728..8cab9278d3 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: How to use Group Policy to install ActiveX controls.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 59185370-558c-47e0-930c-8a5ed657e9e3
 title: ActiveX installation using group policy (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
index bc4c3b628e..bee3a36c25 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how to add employees to the Enterprise Mode Site List Portal.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
index 2adca8a912..a399ecaa73 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c
 title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
index 13d1ca4110..1f1d14991d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2).
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
 title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
index 84a37f22a1..decdc115fa 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26
 title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
index 42c566b112..bdfc8633a7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
 title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
index 0425e61381..2fc51f57c7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Administrative templates and Internet Explorer 11
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3
 title: Administrative templates and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
index 41fb47325c..02bda50d22 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
index 39df29adb4..d28ba9a2ab 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: networking
 description: Auto configuration and auto proxy problems with Internet Explorer 11
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 3fbbc2c8-859b-4b2e-abc3-de2c299e0938
 title: Auto configuration and auto proxy problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
index 6c7db497a2..a1ba907f17 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: networking
 description: Auto configuration settings for Internet Explorer 11
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 90308d59-45b9-4639-ab1b-497e5ba19023
 title: Auto configuration settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
index e97e9b71b8..180e1100b9 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: networking
 description: Auto detect settings Internet Explorer 11
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: c6753cf4-3276-43c5-aae9-200e9e82753f
 title: Auto detect settings Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
index c06294693c..99f85f37b8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: networking
 description: Auto proxy configuration settings for Internet Explorer 11
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 5120aaf9-8ead-438a-8472-3cdd924b7d9e
 title: Auto proxy configuration settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
index b1f6fe14b4..dc4bf14619 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: performance
 description: Browser cache changes and roaming profiles
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 85f0cd01-6f82-4bd1-9c0b-285af1ce3436
 title: Browser cache changes and roaming profiles (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
index a77ebbdf07..d53090e7ee 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
@@ -5,7 +5,7 @@ description: This topic lists new and updated topics in the Internet Explorer 11
 ms.mktglfcycl: deploy
 ms.prod: ie11
 ms.sitesec: library
-author: eross-msft
+author: shortpatti
 ms.date: 07/27/2017
 ---
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
index 7420dec7e8..9b2c6b0e6d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
@@ -6,8 +6,8 @@ ms.prod: ie11
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 ms.sitesec: library
-author: eross-msft
-ms.author: lizross
+author: shortpatti
+ms.author: pashort
 ms.date: 08/14/2017
 ms.localizationpriority: medium
 ---
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
index b214bf0799..c92cdac5b8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Choose how to deploy Internet Explorer 11 (IE11)
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 21b6a301-c222-40bc-ad0b-27f66fc54d9d
 title: Choose how to deploy Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
index b8bd0374a3..0ed79bd249 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Choose how to install Internet Explorer 11 (IE11)
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 9572f5f1-5d67-483e-bd63-ffea95053481
 title: Choose how to install Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
index 5168d15d47..201c1903c2 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
 title: Collect data using Enterprise Site Discovery
diff --git a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
index 203da80123..52e126df5a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
index 91384c4e7e..3d85d5801b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how to create a change request within the Enterprise Mode Site List Portal.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
index 662f5d5eee..a644d1d832 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Create packages for multiple operating systems or languages
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 44051f9d-63a7-43bf-a427-d0a0a1c717da
 title: Create packages for multiple operating systems or languages (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
index b016ad6d4d..0bf4925ab6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Customize Internet Explorer 11 installation packages
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 10a14a09-673b-4f8b-8d12-64036135e7fd
 title: Customize Internet Explorer 11 installation packages (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index 7d054817f8..4549be210a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 description: Delete a single site from your global Enterprise Mode site list.
 ms.pagetype: appcompat
 ms.mktglfcycl: deploy
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a
 title: Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
index f93f4b9b75..59bb64352d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: You can deploy Internet Explorer 11 to your users' computers by using your custom browser packages and Automatic Version Synchronization (AVS).
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: f51224bd-3371-4551-821d-1d62310e3384
 title: Deploy Internet Explorer 11 using Automatic Version Synchronization (AVS) (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
index 544b947b20..1441f5564f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Deploy Internet Explorer 11 using software distribution tools
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: fd027775-651a-41e1-8ec3-d32eca876d8a
 title: Deploy Internet Explorer 11 using software distribution tools (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
index 291f5d0770..d6ea666402 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: You can pin websites to the Windows 8.1 taskbar for quick access using the Microsoft Deployment Toolkit (MDT) 2013.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 24f4dcac-9032-4fe8-bf6d-2d712d61cb0c
 title: Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
index 4638023a81..57bc32ac4a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Windows Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 00cb1f39-2b20-4d37-9436-62dc03a6320b
 title: Deprecated document modes and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
index db13fbe5af..504bd09a21 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea
 title: Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
index 623e7f191d..5c5693833e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Enhanced Protected Mode problems with Internet Explorer
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 15890ad1-733d-4f7e-a318-10399b389f45
 title: Enhanced Protected Mode problems with Internet Explorer (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
index eea6d6d117..6a0402921f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Use the topics in this section to learn how to set up and use Enterprise Mode, Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal for your company.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e
 title: Enterprise Mode for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
index 0005fb9ed3..154ad6670a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 7 or Windows 8.1 Update.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 17c61547-82e3-48f2-908d-137a71938823
 title: Enterprise Mode schema v.1 guidance (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
index d478768b80..354fe81545 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
 title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
index f709656577..88fe3e4d99 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d
 title: Export your Enterprise Mode site list from the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
index 817570bbce..99b28d4482 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: The Internet Explorer 11 Enterprise Mode site list lets you specify document modes for specific websites, helping you fix compatibility issues without changing a single line of code on the site.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 4b21bb27-aeac-407f-ae58-ab4c6db2baf6
 title: Fix web compatibility issues using document modes and the Enterprise Mode site list (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
index 70c532beaa..d3209fc547 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: When you add multiple sites to your Enterprise Mode site list entries, they’re validated by the Enterprise Mode Site List Manager before they’re entered into your global list.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 9f80e39f-dcf1-4124-8931-131357f31d67
 title: Fix validation problems using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
index 71ad9d28ae..213c9481d9 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Overview about Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 63a7ef4a-6de2-4d08-aaba-0479131e3406
 title: Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
index 443408e5e0..35697cb576 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Overview about Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: ae3d227d-3da7-46b8-8a61-c71bfeae0c63
 title: Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
index e3c0829a08..df2143a7a8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Use the topics in this section to learn about Group Policy and how to use it to manage Internet Explorer.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 50383d3f-9ac9-4a30-8852-354b6eb9434a
 title: Group Policy and Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
index 29c1c10c2d..b615824d04 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Group Policy, the Local Group Policy Editor, and Internet Explorer 11
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 6fc30e91-efac-4ba5-9ee2-fa77dcd36467
 title: Group Policy, the Local Group Policy Editor, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md
index c46d1da1c5..e8069dbf48 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Group Policy suggestions for compatibility with Internet Explorer 11
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 7482c99f-5d79-4344-9e1c-aea9f0a68e18
 title: Group Policy and compatibility with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
index 0409af2e94..810c6ec4c0 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Overview of the available Group Policy management tools
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: e33bbfeb-6b80-4e71-8bba-1d0369a87312
 title: Group Policy management tools (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
index 26b9affb45..b676409da7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Info about Group Policy preferences versus Group Policy settings
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: f2264c97-7f09-4f28-bb5c-58ab80dcc6ee
 title: Group policy preferences and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
index 6ca08c5771..96f776d73e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Links to troubleshooting topics and log files that can help address Group Policy problems with Internet Explorer 11.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 0da0d9a9-200c-46c4-96be-630e82de017b
 title: Group Policy problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
index 2a6c77541f..42a69458a5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Instructions about how to create and configure shortcut preference extensions to file system objects, URLs, and shell objects.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: c6fbf990-13e4-4be7-9f08-5bdd43179b3b
 title: Group Policy, Shortcut Extensions, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
index fe102784da..355eac531d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Overview about how Group Policy works with Windows Powershell and Internet Explorer 11
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: e3607cde-a498-4e04-9daa-b331412967fc
 title: Group Policy, Windows Powershell, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
index 609f525151..ba9aba7115 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
@@ -1,7 +1,7 @@
 ---
 description: A full-sized view of how document modes are chosen in IE11.
 title: Full-sized flowchart detailing how document modes are chosen in IE11
-author: eross-msft
+author: shortpatti
 ms.date: 04/19/2017
 ---
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
index c98d8b4857..8c224e01b5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: cacd5d68-700b-4a96-b4c9-ca2c40c1ac5f
 title: Import your Enterprise Mode site list to the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/index.md b/browsers/internet-explorer/ie11-deploy-guide/index.md
index 4fbc7650e6..6d5935a29b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/index.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/index.md
@@ -1,7 +1,7 @@
 ---
 ms.mktglfcycl: deploy
 description: Use this guide to learn about the several options and processes you'll need to consider while you're planning for, deploying, and customizing Internet Explorer 11 for your employee's devices.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: bddc2d97-c38d-45c5-9588-1f5bbff2e9c3
 title: Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
index b83b3b9a7b..94788e4dfc 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the topics in this section to learn how to customize your Internet Explorer installation package, how to choose the right method for installation, and how to deploy IE into your environment.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: caca18c1-d5c4-4404-84f8-d02bc562915f
 title: Install and Deploy Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
index 7a39655881..c72e03d477 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to add and deploy the Internet Explorer 11 update using Microsoft Intune.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: b2dfc08c-78af-4c22-8867-7be3b92b1616
 title: Install Internet Explorer 11 (IE11) using Microsoft Intune (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
index 5c3e45cb5f..7d3b1213f8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to install the Internet Explorer 11 update using Microsoft Deployment Toolkit (MDT) and your Windows images.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: e16f9144-170c-4964-a62d-0d1a16f4cd1f
 title: Install Internet Explorer 11 (IE11) using Microsoft Deployment Toolkit (MDT) and your Windows images (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
index 095731f88a..ce93f99c12 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: How to install the Internet Explorer 11 update using System Center 2012 R2 Configuration Manager
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 9ede9722-29b3-4cb7-956d-ffa91e7bedbd
 title: Install Internet Explorer 11 (IE11) using System Center 2012 R2 Configuration Manager (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
index 0d3dd79dc5..8d8382d64f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to install the Internet Explorer 11 update using your network
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 85f6429d-947a-4031-8f93-e26110a35828
 title: Install Internet Explorer 11 (IE11) using your network (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
index 3fa3d99146..bd5133b8b9 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to install the Internet Explorer 11 update using third-party tools and command-line options.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 30190c66-49f7-4ca4-8b57-a47656aa0c7e
 title: Install Internet Explorer 11 (IE11) using third-party tools (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
index 8ce20d4a0b..7a95011950 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to install the Internet Explorer 11 update using Windows Server Update Services (WSUS)'
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 6cbd6797-c670-4236-8423-e0919478f2ce
 title: Install Internet Explorer 11 (IE11) using Windows Server Update Services (WSUS) (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
index 09d56166da..ec70489dce 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to fix potential installation problems with Internet Explorer 11
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 3ae77745-86ac-40a9-a37d-eebbf37661a3
 title: Install problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
index be8a80afb2..5be58eea07 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to fix intranet search problems with Internet Explorer 11
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 3ee71d93-d9d2-48e1-899e-07932c73faa6
 title: Fix intranet search problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
index 2746219d9f..16311a42a8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for Internet Explorer.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: eb3cce62-fc7b-41e3-97b6-2916b85bcf55
 title: Manage Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
index 71e54b296b..563b6dee54 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: IEM-configured settings have been deprecated for Internet Explorer 10 and newer. Use this topic to learn where to go to fix the affected settings through Group Policy Preferences, Administrative Templates (.admx), or the IEAK.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 89084e01-4e3f-46a6-b90e-48ee58d6821c
 title: Missing Internet Explorer Maintenance settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md b/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
index a9570894e6..c5e09b4cfb 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: Internet Explorer 11 uses the latest standards mode, which simplifies web page compatibility for users by removing the **Compatibility View** button and reducing the number of compatibility options in the F12 developer tools for developers.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 501c96c9-9f03-4913-9f4b-f67bd9edbb61
 title: Missing the Compatibility View Button (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
index 3b762d15a3..bed077a506 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: How to turn managed browser hosting controls back on in Internet Explorer 11.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: b0b7f60f-9099-45ab-84f4-4ac64d7bcb43
 title: .NET Framework problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
index 07ec8a9505..d365ac1e78 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: New group policy settings for Internet Explorer 11
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 669cc1a6-e2cb-403f-aa31-c1de52a615d1
 title: New group policy settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
index 605793fa0e..9e8959e2a9 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: Possible solutions to the problems you might encounter after installing IE11, such as crashing or seeming slow, getting into an unusable state, or problems with adaptive streaming and DRM playback.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: c4b75ad3-9c4a-4dd2-9fed-69f776f542e6
 title: Problems after installing Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index 25679cd75a..e63c2475a6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Instructions about how to clear all of the sites from your global Enterprise Mode site list.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 90f38a6c-e0e2-4c93-9a9e-c425eca99e97
 title: Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
index d1a6b377e2..5037f6fe3c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Instructions about how to remove sites from a local compatibility view list.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9
 title: Remove sites from a local compatibility view list (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
index a49fe70f0f..05a2e285bb 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Instructions about how to remove sites from a local Enterprise Mode site list.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2
 title: Remove sites from a local Enterprise Mode site list (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
index dc1692a225..d6bba6d3d8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a
 title: Save your site list to XML in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
index 25511fb5b7..06af735490 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 title: Schedule approved change requests for production using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
diff --git a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index a02a091de9..d4ac172352 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Search to see if a specific site already appears in your global Enterprise Mode site list.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9
 title: Search your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
index 13caae6ad4..e3c64ee2bb 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Use the Group Policy setting, Set a default associations configuration file, to set the default browser for your company devices running Windows 10.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: f486c9db-0dc9-4cd6-8a0b-8cb872b1d361
 title: Set the default browser using Group Policy (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
index ff45cfd903..8653264774 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Set up and turn on Enterprise Mode logging and data collection in your organization.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
 title: Set up Enterprise Mode logging and data collection (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
index 88b432430c..bb8a401b5c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how to set up the Enterprise Mode Site List Portal for your organization.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
diff --git a/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
index e106af4d3e..55f9bcfe0a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: support
 ms.pagetype: appcompat
 description: Reviewing log files to learn more about potential setup problems with Internet Explorer 11.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 2cd79988-17d1-4317-bee9-b3ae2dd110a0
 title: Setup problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
index 7a9dd0375b..212f8f717a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Lists the minimum system requirements and supported languages for Internet Explorer 11.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 27185e3d-c486-4e4a-9c51-5cb317c0006d
 title: System requirements and language support for Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
index a3124d50a6..7e28e38f9f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: Use the topics in this section to learn how to troubleshoot several of the more common problems experienced with Internet Explorer.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 0361c1a6-3faa-42b2-a588-92439eebeeab
 title: Troubleshoot Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
index d0d2e95b50..53ac1a4017 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: How to turn Enteprrise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3
 title: Turn off Enterprise Mode (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
index 02213a01d4..c98c3e7c5b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: Turn off natural metrics for Internet Explorer 11
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: e31a27d7-662e-4106-a3d2-c6b0531961d5
 title: Fix font rendering problems by turning off natural metrics (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
index 162fa3cee4..a46290559e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
@@ -6,8 +6,8 @@ ms.prod: ie11
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 ms.sitesec: library
-author: eross-msft
-ms.author: lizross
+author: shortpatti
+ms.author: pashort
 ms.date: 08/14/2017
 ms.localizationpriority: medium
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
index 984bad1d9c..ea5b7d450b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Turn on local user control and logging for Enterprise Mode.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 6622ecce-24b1-497e-894a-e1fd5a8a66d1
 title: Turn on local control and logging for Enterprise Mode (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
index a94957ed71..2d64e28d56 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: High-level info about some of the new and updated features for Internet Explorer 11.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: f53c6f04-7c60-40e7-9fc5-312220f08156
 title: List of updated features and tools - Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
index cd9580e571..9abbcb8a09 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Manager.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
 title: Use the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
index 649cdab7ec..907b26056e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: Info about where features went in the IEAK11, where the Favorites, Command, and Status bars went, and where the search bar went.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 7324faff-ccb6-4e14-ad91-af12dbca575e
 title: User interface problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
index d393b04b6e..14c7b096ac 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Use this section to learn about how to turn on and use IE7 Enterprise Mode or IE8 Enterprise Mode.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 238ead3d-8920-429a-ac23-02f089c4384a
 title: Using IE7 Enterprise Mode or IE8 Enterprise Mode (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
index d0811f9e13..f4d86e9b12 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use IEAK 11 while planning, customizing, and building the custom installation package.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: af93742f-f955-44ab-bfa2-7bf0c99045d3
 title: Using Internet Explorer Administration Kit 11 (IEAK 11) to create packages (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
index 1f67bf1416..1ccb850f60 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use Setup Information (.inf) files to create installation packages.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 04fa2ba8-8d84-4af6-ab99-77e4f1961b0e
 title: Using Setup Information (.inf) files to create packages (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
index 1d5418ed8a..3f67e92d70 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how to make sure your change request info is accurate within the pre-production environment of the Enterprise Mode Site List Portal.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
diff --git a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md
index 2c3c1e0c87..66e6178858 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how the Requester makes sure that the change request update is accurate within the production environment using the Enterprise Mode Site List Portal.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 title: Verify the change request update in the production environment using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
diff --git a/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md
index f643e1528d..af5ebf2e29 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how to view the active Enterprise Mode Site List from the Enterprise Mode Site List Portal.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 title: View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
diff --git a/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md b/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md
index 6341745034..942409e353 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how an Administrator can view the available Enterprise Mode reports from the Enterprise Mode Site List Portal.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 title: View the available Enterprise Mode reports from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
diff --git a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
index 032e121d14..d62ac7df09 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: virtualization
 description: Virtualization and compatibility with Internet Explorer 11
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: b0388c04-2584-4b6d-a7a8-4e0476773a80
 title: Virtualization and compatibility with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
index 84f9ad23a0..bd859900d1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Info about the features included in Enterprise Mode with Internet Explorer 11.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 3c77e9f3-eb21-46d9-b5aa-f9b2341cfefa
 title: Enterprise Mode and the Enterprise Mode Site List (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md
index 4e0e904754..e63b48ab92 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Use the topics in this section to learn how to perform all of the workflow-related processes in the Enterprise Mode Site List Portal.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 title: Workflow-based processes for employees using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
diff --git a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
index 42f5a42878..4d0aae1968 100644
--- a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
+++ b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: explore
 description: Frequently asked questions about Internet Explorer 11 for IT Pros
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 140e7d33-584a-44da-8c68-6c1d568e1de3
 title: Internet Explorer 11 - FAQ for IT Pros (Internet Explorer 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
index 89e951329d..b56b2dedbf 100644
--- a/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Accelerators page in the IEAK 11 Customization Wizard to add accelerators to employee devices.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 208305ad-1bcd-42f3-aca3-0ad1dda7048b
 title: Use the Accelerators page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md b/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
index 786b891e0d..f2ab6f6f59 100644
--- a/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use IEAK 11 to add and approve ActiveX controls for your organization.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 33040bd1-f0e4-4541-9fbb-16e0c76752ab
 title: Add and approve ActiveX controls using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md
index d34a1cfeef..b0b9219277 100644
--- a/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: We’re sorry. While we continue to recommend that you digitally sign your package, we’ve removed all of the functionality that allowed you to add a root certificate using the Internet Explorer Customization Wizard 11. The wizard page itself will be removed in a future version of the IEAK.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 7ae4e747-49d2-4551-8790-46a61b5fe838
 title: Use the Add a Root Certificate page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md
index 262747bff0..08b62952da 100644
--- a/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Additional Settings page in IEAK 11 Customization Wizard for additional settings that relate to your employee’s desktop, operating system, and security.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: c90054af-7b7f-4b00-b55b-5e5569f65f25
 title: Use the Additional Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
index 336037e339..b31c220601 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Automatic Configuration page in the IEAK 11 Customization Wizard to add URLs to auto-configure IE.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: de5b1dbf-6e4d-4f86-ae08-932f14e606b0
 title: Use the Automatic Configuration page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
index 9f02e38d81..0752aaac38 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to set up automatic detection for DHCP or DNS servers using IEAK 11 in your organization.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: c6bfe7c4-f452-406f-b47e-b7f0d8c44ae1
 title: Set up auto detection for DHCP or DNS servers using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md
index 32aaa7e479..ae8a5441f1 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Automatic Version Synchronization page in the IEAK 11 Customization Wizard to download the IE11 Setup file each time you run the Wizard.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: bfc7685f-843b-49c3-8b9b-07e69705840c
 title: Use the Automatic Version Synchronization page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
index c2beab2672..5a0efa8edf 100644
--- a/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[Branding\] .INS file setting to set up your custom branding and setup info in your browser install package.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: cde600c6-29cf-4bd3-afd1-21563d2642df
 title: Use the Branding .INS file to create custom branding and setup info (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md
index 9dad972389..03b1f4eddb 100644
--- a/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Browser User Interface page in the IEAK 11 Customization Wizard to change the toolbar buttons and the title bar.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: c4a18dcd-2e9c-4b5b-bcc5-9b9361a79f0d
 title: Use the Browser User Interface page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
index df6a9d6764..e317f9ebc8 100644
--- a/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Use the \[BrowserToolbars\] .INS file setting to customize your Internet Explorer toolbar and buttons.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 83af0558-9df3-4c2e-9350-44f7788efa6d
 title: Use the BrowserToolbars .INS file to customize the Internet Explorer toolbar and buttons (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md
index 6e345a0d61..b602a68d7f 100644
--- a/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Browsing Options page in the IEAK 11 Customization Wizard to manage items in the Favorites, Favorites Bar, and Feeds section.
-author: eross-msft
+author: shortpatti
 ms.prod: ie111
 ms.assetid: d6bd71ba-5df3-4b8c-8bb5-dcbc50fd974e
 title: Use the Browsing Options page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md
index f8908404a6..d7a3094423 100644
--- a/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[CabSigning\] .INS file setting to customize the digital signature info for your apps.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 098707e9-d712-4297-ac68-7d910ca8f43b
 title: Use the CabSigning .INS file to customize the digital signature info for your apps (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md
index 24d6a351c7..64b989ddcb 100644
--- a/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: We’re sorry. We’ve removed all of the functionality included on the **Compatibility View** page of the Internet Explorer Customization Wizard 11.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 51d8f80e-93a5-41e4-9478-b8321458bc30
 title: Use the Compatibility View page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md
index 4d8ea71def..2e8573d0f1 100644
--- a/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: We’re sorry. We’ve removed all of the functionality included on the **Connection Manager** page of the Internet Explorer Customization Wizard 11.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 1edaa7db-cf6b-4f94-b65f-0feff3d4081a
 title: Use the Connection Manager page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md
index fddce5cada..a54ca3f9f5 100644
--- a/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Connection Settings page in IEAK 11 Customization Wizard to import and preset connection settings on your employee’s computers.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: dc93ebf7-37dc-47c7-adc3-067d07de8b78
 title: Use the Connection Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
index aa4c945116..0112c0f16f 100644
--- a/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Use the \[ConnectionSettings\] .INS file setting to specify the network connection settings needed to install your custom package.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 41410300-6ddd-43b2-b9e2-0108a2221355
 title: Use the ConnectionSettings .INS file to review the network connections for install (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
index 2c57bf6c16..b8981f575f 100644
--- a/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: How to create your folder structure on the computer that you’ll use to build your custom browser package.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: e0d05a4c-099f-4f79-a069-4aa1c28a1080
 title: Create the build computer folder structure using IEAK 11  (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md
index 3a1868fb73..4827fc1c75 100644
--- a/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Review this list of tasks and references before you create and deploy your Internet Explorer 11 custom install packages.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: fe71c603-bf07-41e1-a477-ade5b28c9fb3
 title: Tasks and references to consider before creating and deploying custom packages using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
index 3db92fe111..cb1a3823fc 100644
--- a/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Steps to create multiple versions of your custom browser if you support more than 1 version of Windows, more than 1 language, or have different features in each package.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 4c5f3503-8c69-4691-ae97-1523091ab333
 title: Create multiple versions of your custom package using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md b/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
index 827bcba1e5..e9cb1ff4ce 100644
--- a/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
+++ b/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use Setup information (.inf) files to uninstall custom components from your custom browser packages.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 8257aa41-58de-4339-81dd-9f2ffcc10a08
 title: Use Setup information (.inf) files to uninstall custom components (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
index 900c072e85..5b7532f69e 100644
--- a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Custom Components page in the IEAK 11 Customization Wizard to add additional components for your employees to install with IE.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 38a2b90f-c324-4dc8-ad30-8cd3e3e901d7
 title: Use the Custom Components page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
index f05693b17c..9d4d9f6b4f 100644
--- a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Use the \[CustomBranding\] .INS file setting to specify the location of your branding cabinet (.cab) file.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 9c74e239-65c5-4aa5-812f-e0ed80c5c2b0
 title: Use the CustomBranding .INS file to create custom branding and setup info (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
index 731f49011a..a4bbac4b2e 100644
--- a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
+++ b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: manage
 description: Customize Automatic Search in Internet Explorer so that your employees can type a single word into the Address box to search for frequently used pages.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 694e2f92-5e08-49dc-b83f-677d61fa918a
 title: Customize Automatic Search using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
index c6b893ae59..4c3726a566 100644
--- a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[ExtRegInf\] .INS file setting to specify your Setup information (.inf) files and the installation mode for your custom components.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 53148422-d784-44dc-811d-ef814b86a4c6
 title: Use the ExtRegInf .INS file to specify your installation files and mode (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
index b7e9e61455..7b876c2cea 100644
--- a/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Favorites, Favorites Bar, and Feeds page in IEAK 11 Customization Wizard to add links, web slices, and feeds to your custom browser package.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 84afa831-5642-4b8f-b7df-212a53ec8fc7
 title: Use the Favorites, Favorites Bar, and Feeds page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
index 17111a3d2e..68953ff98d 100644
--- a/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[FavoritesEx\] .INS file setting to specify your Favorites icon file, whether Favorites is available offline, and your Favorites URLs.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 55de376a-d442-478e-8978-3b064407b631
 title: Use the FavoritesEx .INS file for your Favorites icon and URLs (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
index ce4ea05ef8..4baf035425 100644
--- a/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Feature Selection page in the IEAK 11 Customization Wizard to choose which parts of the setup processes and Internet Explorer 11 to change for your company.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 9cb8324e-d73b-41ba-ade9-3acc796e21d8
 title: Use the Feature Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
index 81db6122a3..70f59f0665 100644
--- a/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the File Locations page in the IEAK 11 Customization Wizard to change the location of your install package and IE11 folders.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: bd0620e1-0e07-4560-95ac-11888c2c389e
 title: Use the File Locations page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md b/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
index ff98f17921..d782c47cf9 100644
--- a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Review the file types that are created and used by tools in the Internet Explorer Administration Kit 11 (IEAK 11).
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: e5735074-3e9b-4a00-b1a7-b8fd8baca327
 title: File types used or created by IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
index 024ae25439..8ee207bf57 100644
--- a/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the First Run Wizard and Welcome Page Options page in the IEAK 11 Customization Wizard to set what your employee’s see the first time they log on to IE, based on their operating system.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 85f856a6-b707-48a9-ba99-3a6e898276a9
 title: Use the First Run Wizard and Welcome Page Options page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md b/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
index 5be00d1e01..f3fbc10a27 100644
--- a/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Customization guidelines for your Internet Explorer toolbar button and Favorites List icons.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: bddc8f23-9ac1-449d-ad71-f77f43ae3b5c
 title: Customize the toolbar button and Favorites List icons using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md b/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
index 8ca4874a43..6e1b19b500 100644
--- a/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: List of supported hardware and software requirements for Internet Explorer 11 and the Internet Explorer Administration Kit 11.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: c50b86dc-7184-43d1-8daf-e750eb88dabb
 title: Hardware and software requirements for Internet Explorer 11 and the IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
index d2c3f68572..a0cec600e1 100644
--- a/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[HideCustom\] .INS file setting to decide whether to hide the GUID for each custom component.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: e673f7b1-c3aa-4072-92b0-20c6dc3d9277
 title: Use the HideCustom .INS file to hide the GUID for each custom component (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md b/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
index ee8f5a506d..3363f80ab6 100644
--- a/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
+++ b/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Reference about the command-line options and return codes for Internet Explorer Setup.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 40c23024-cb5d-4902-ad1b-6e8a189a699f
 title: Internet Explorer Setup command-line options and return codes (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md b/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
index dd8f4f2e46..1e17bda2eb 100644
--- a/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
+++ b/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Review the options available to help you customize your browser install packages for deployment to your employee's devices.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 4b804da3-c3ac-4b60-ab1c-99536ff6e31b
 title: Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
index ffcd221cf9..c2483af8c4 100644
--- a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
+++ b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Reference about the command-line options for the IExpress Wizard.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: aa16d738-1067-403c-88b3-bada12cf9752
 title: IExpress Wizard command-line options (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md b/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md
index 9a5d7d0b05..235580070d 100644
--- a/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md
+++ b/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the IExpress Wizard on Windows Server 2008 R2 with SP1 to create self-extracting files to run your custom Internet Explorer Setup program.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 5100886d-ec88-4c1c-8cd7-be00da874c57
 title: IExpress Wizard for Windows Server 2008 R2 with SP1 (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
index e8f38fa7ce..60b082565b 100644
--- a/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Important URLs - Home Page and Support page in the IEAK 11 Customization Wizard to choose one or more **Home** pages and an online support page for your customized version of IE.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 19e34879-ba9d-41bf-806a-3b9b9b752fc1
 title: Use the Important URLs - Home Page and Support page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/index.md b/browsers/internet-explorer/ie11-ieak/index.md
index e9dbdc8840..74c0cbdb1c 100644
--- a/browsers/internet-explorer/ie11-ieak/index.md
+++ b/browsers/internet-explorer/ie11-ieak/index.md
@@ -1,7 +1,7 @@
 ---
 ms.mktglfcycl: plan
 description: IEAK 11 - Internet Explorer Administration Kit 11 Users Guide
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 847bd7b4-d5dd-4e10-87b5-4d7d3a99bbac
 title: Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
index e9bfd321d4..30e1694ffe 100644
--- a/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Internal Install page in the IEAK 11 Customization Wizard to customize Setup for the default browser and the latest browser updates.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 33d078e3-75b8-455b-9126-f0d272ed676f
 title: Use the Internal Install page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
index 8a0ea02769..ba4e23f6df 100644
--- a/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[ISP_Security\] .INS file setting to add the root certificate for your custom Internet Explorer package.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 4eca2de5-7071-45a2-9c99-75115be00d06
 title: Use the ISP_Security .INS file to add your root certificate (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md
index 4a739c06f1..cd6540d994 100644
--- a/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Language Selection page in the IEAK 11 Customization Wizard to choose the lanaguage for your IEAK 11 custom package.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: f9d4ab57-9b1d-4cbc-9398-63f4938df1f6
 title: Use the Language Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
index bc8385d9c6..ff473d6648 100644
--- a/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[Media\] .INS file setting to specify the types of media on which your custom install package is available.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: c57bae60-d520-49a9-a77d-da43f7ebe5b8
 title: Use the Media .INS file to specify your install media (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
index 5582c13f96..19e75dbdca 100644
--- a/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Package Type Selection page in the IEAK 11 Customization Wizard to pick the media type you’ll use to distribute your custom package.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: dd91f788-d05e-4f45-9fd5-d951abf04f2c
 title: Use the Package Type Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
index 8439514a79..9bac11b82d 100644
--- a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Platform Selection page in the IEAK 11 Customization Wizard to pick the specs for your employee devices that will get the install package.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 9cbf5abd-86f7-42b6-9810-0b606bbe8218
 title: Use the Platform Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md b/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
index 25279d4ae0..d6e16707bd 100644
--- a/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Learn about what you need to do before you deploy your custom browser package using IEAK 11 over your network.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 2c66d22a-4a94-47cc-82ab-7274abe1dfd6
 title: Before you install your package over your network using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
index 553242559b..7509c355d2 100644
--- a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Programs page in the IEAK 11 Customization Wizard to pick the default programs to use for Internet services.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: f715668f-a50d-4db0-b578-e6526fbfa1fc
 title: Use the Programs page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
index 03ae1fe39f..9a57aef1fa 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Learn about how to use a proxy auto-configuration (.pac) file to specify an automatic proxy URL.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 6c94708d-71bd-44bd-a445-7e6763b374ae
 title: Use proxy auto-configuration (.pac) files with IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
index f54ff8c47c..c98971ddef 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[Proxy\] .INS file setting to define whether to use a proxy server.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 30b03c2f-e3e5-48d2-9007-e3fd632f3c18
 title: Use the Proxy .INS file to specify a proxy server (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
index 13ab11fff7..c29f790845 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Proxy Settings page in the IEAK 11 Customization Wizard to pick the proxy servers used to connect to required services.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 1fa1eee3-e97d-41fa-a48c-4a6e0dc8b544
 title: Use the Proxy Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md b/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
index a4d6f308bd..e0838b0473 100644
--- a/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Learn how to register an uninstall app for your custom components, using IEAK 11.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 4da1d408-af4a-4c89-a491-d6f005fd5005
 title: Register an uninstall app for custom components using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
index 7c269a8157..922be0f879 100644
--- a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: manage
 description: Learn how to use the Resultant Set of Policy (RSoP) snap-in to view your policy settings.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 0f21b320-e879-4a06-8589-aae6fc264666
 title: Use the RSoP snap-in to review policy settings (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
index 614f7db2ba..0e48aa99c7 100644
--- a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Search Providers page in the IEAK 11 Customization Wizard to add additional providers and set the default.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 48cfaba5-f4c0-493c-b656-445311b7bc52
 title: Use the Search Providers page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
index 4b81854546..fe275274f8 100644
--- a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: plan
 description: Learn about the security features available in Internet Explorer 11 and IEAK 11.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 5b64c9cb-f8da-411a-88e4-fa69dea473e2
 title: Security features and IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
index a6649bee68..8da6980597 100644
--- a/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Security and Privacy Settings page in the IEAK 11 Customization Wizard to manage your security zones, privacy settings, and content ratings.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: cb7cd1df-6a79-42f6-b3a1-8ae467053f82
 title: Use the Security and Privacy Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
index a0f042d14e..a01457ac6c 100644
--- a/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[Security Imports\] .INS file setting to decide whether to import security info to your custom package.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 19791c44-aaa7-4f37-9faa-85cbdf29f68e
 title: Use the Security Imports .INS file to import security info (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md
index 4d39e29ec6..b5ba778a93 100644
--- a/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the \[URL\] .INS file setting to decide whether to use an auto-configured proxy server.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: 05b09dfa-cf11-408d-92c2-b4ae434a59a7
 title: Use the URL .INS file to use an auto-configured proxy server (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
index bfeba39179..425f3e2e60 100644
--- a/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the User Experience page in the IEAK 11 Customization Wizard to decide user interaction with the Setup process.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: d3378058-e4f0-4a11-a888-b550af994bfa
 title: Use the User Experience page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md b/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
index 17553421f4..b3eaeb6c0f 100644
--- a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
+++ b/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Info about how to use Internet Settings (.ins) files and the IEAK 11 to configure your custom browser package.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: a24a7cdb-681e-4f34-a53c-6d8383c5f977
 title: Using Internet Settings (.INS) files with IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
index 6a6994cb45..aa88edcfee 100644
--- a/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
@@ -2,7 +2,7 @@
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to use the Wizard Complete - Next Steps page in the IEAK 11 Customization Wizard to build your custom Internet Explorer install package.
-author: eross-msft
+author: shortpatti
 ms.prod: ie11
 ms.assetid: aaaac88a-2022-4d0b-893c-b2404b45cabc
 title: Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
diff --git a/browsers/internet-explorer/index.md b/browsers/internet-explorer/index.md
index f845b1a18f..c2dbda0086 100644
--- a/browsers/internet-explorer/index.md
+++ b/browsers/internet-explorer/index.md
@@ -1,7 +1,7 @@
 ---
 ms.mktglfcycl: deploy
 description: The landing page for IE11 that lets you access the documentation.
-author: eross-msft
+author: shortpatti
 ms.prod: IE11
 title: Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
 assetid: be3dc32e-80d9-4d9f-a802-c7db6c50dbe0
diff --git a/devices/hololens/hololens-upgrade-enterprise.md b/devices/hololens/hololens-upgrade-enterprise.md
index b855080450..f7da9a892b 100644
--- a/devices/hololens/hololens-upgrade-enterprise.md
+++ b/devices/hololens/hololens-upgrade-enterprise.md
@@ -7,7 +7,7 @@ author: jdeckerms
 ms.author: jdecker
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 04/30/2018
+ms.date: 07/09/2018
 ---
 
 # Unlock Windows Holographic for Business features
@@ -81,11 +81,10 @@ Provisioning packages are files created by the Windows Configuration Designer to
 
 ### Apply the provisioning package to HoloLens
 
-1. Connect the device via USB to a PC and start the device, but do not continue past the **fit** page of the initial setup experience (the first page with the blue box).
+1. Connect the device via USB to a PC and start the device, but do not continue past the **fit** page of the initial setup experience (the first page with the blue box). HoloLens will show up as a device in File Explorer on the PC.
 
-2. Briefly press and release the **Volume Down** and **Power** buttons simultaneously.
-
-3. HoloLens will show up as a device in File Explorer on the PC.
+    >[!NOTE]
+    >If the HoloLens device is running Windows 10, version 1607 or earlier, briefly press and release the **Volume Down** and **Power** buttons simultaneously to open File Explorer.
 
 4. In File Explorer, drag and drop the provisioning package (.ppkg) onto the device storage.
 
@@ -95,8 +94,7 @@ Provisioning packages are files created by the Windows Configuration Designer to
 
 7. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with device setup.
 
->[!NOTE]
->If the device was purchased before August 2016, you will need to sign into the device with a Microsoft account, get the latest OS update, and then reset the OS in order to apply the provisioning package. 
+
 
 
 
diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md
index 1a7df44a44..10317bd4e4 100644
--- a/devices/surface-hub/change-history-surface-hub.md
+++ b/devices/surface-hub/change-history-surface-hub.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 author: jdeckerms
 ms.author: jdecker
 ms.topic: article
-ms.date: 06/01/2018
+ms.date: 07/12/2018
 ms.localizationpriority: medium
 ---
 
@@ -15,6 +15,12 @@ ms.localizationpriority: medium
 
 This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).
 
+## July 2018
+
+New or changed topic | Description
+--- | ---
+[Set up and use Whiteboard to Whiteboard collaboration](whiteboard-collaboration.md) | Added information and links for new Microsoft Whiteboard app release.
+
 ## June 2018
 
 New or changed topic | Description
diff --git a/devices/surface-hub/connect-and-display-with-surface-hub.md b/devices/surface-hub/connect-and-display-with-surface-hub.md
index 4a5167db40..241cfc77e6 100644
--- a/devices/surface-hub/connect-and-display-with-surface-hub.md
+++ b/devices/surface-hub/connect-and-display-with-surface-hub.md
@@ -33,7 +33,7 @@ When connecting external devices and displays to a Surface Hub, there are severa
 ## Guest Mode
 
 
-Guest Mode uses a wired connection, so people can display content from their devices to the Surface Hub. If the source device is Windows-based, that device can also provide Touchback and Inkback. Surface Hub's internal PC takes video and audio from the connected device and presents them on the Surface Hub. If Surface Hub encounters a High-Bandwidth Digital Content Protection (HDCP) signal, the source will be be displayed as a black image. To display your content without violating HDCP requirements, use the keypad on the right side of the Surface Hub to directly choose the external source.
+Guest Mode uses a wired connection, so people can display content from their devices to the Surface Hub. If the source device is Windows-based, that device can also provide Touchback and Inkback. Surface Hub's internal PC takes video and audio from the connected device and presents them on the Surface Hub. If Surface Hub encounters a High-Bandwidth Digital Content Protection (HDCP) signal, the source will be displayed as a black image. To display your content without violating HDCP requirements, use the keypad on the right side of the Surface Hub to directly choose the external source.
 
 >[!NOTE]
 >When an HDCP source is connected, use the side  keypad to change source inputs.
diff --git a/devices/surface-hub/enable-8021x-wired-authentication.md b/devices/surface-hub/enable-8021x-wired-authentication.md
index 8407392860..810dc3d2ce 100644
--- a/devices/surface-hub/enable-8021x-wired-authentication.md
+++ b/devices/surface-hub/enable-8021x-wired-authentication.md
@@ -56,5 +56,5 @@ This OMA-URI node takes a text string of XML as a parameter. The XML provided as
 
 ## Adding certificates
 
-If your selected authentication method is certificate-based, you will will need to [create a provisioning package](provisioning-packages-for-surface-hub.md), [utilize MDM](https://docs.microsoft.com/windows/client-management/mdm/clientcertificateinstall-csp), or import a certificate from settings (**Settings** > **Update and Security** > **Certificates**) to deploy those certificates to your Surface Hub device in the appropriate Certificate Store. When adding certificates, each PFX must contain only one certificate (a PFX cannot have multiple certificates).
+If your selected authentication method is certificate-based, you will need to [create a provisioning package](provisioning-packages-for-surface-hub.md), [utilize MDM](https://docs.microsoft.com/windows/client-management/mdm/clientcertificateinstall-csp), or import a certificate from settings (**Settings** > **Update and Security** > **Certificates**) to deploy those certificates to your Surface Hub device in the appropriate Certificate Store. When adding certificates, each PFX must contain only one certificate (a PFX cannot have multiple certificates).
 
diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
index e0111f0b35..d72676e762 100644
--- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
@@ -141,7 +141,7 @@ Next, you enable the device account with [Skype for Business Online](#skype-for-
 
 To enable Skype for Business online, your tenant users must have Exchange mailboxes (at least one Exchange mailbox in the tenant is required). The following table explains which plans or additional services you need.
 
-| Skype room system scenario | If you have Office 365 Premium, Office 365 ProPlus, or Skype for Business Standalone Plan 2, you need: | If you have an Enterprise-based plan, you need: | If you have have Skype for Business Server 2015 (on-premises or hybrid), you need: |
+| Skype room system scenario | If you have Office 365 Premium, Office 365 ProPlus, or Skype for Business Standalone Plan 2, you need: | If you have an Enterprise-based plan, you need: | If you have Skype for Business Server 2015 (on-premises or hybrid), you need: |
 | --- | --- | --- | --- |
 | Join a scheduled meeting | Skype for Business Standalone Plan 1 | E1, 3, 4, or 5 | Skype for Business Server Standard CAL |
 | Initiate an ad-hoc meeting | Skype for Business Standalone Plan 2 | E 1, 3, 4, or 5 | Skype for Business Server Standard CAL or Enterprise CAL |
diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
index 13af52d485..d0e895cd1a 100644
--- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
+++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
@@ -46,7 +46,6 @@ Surface Hub now supports the ability to automatically enroll in Intune by joinin
 
 For more information, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment).
 
-
 ## Manage Surface Hub settings with MDM
 
 You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings), and some [Windows 10 settings](#supported-windows-10-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and System Center Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML.
@@ -85,7 +84,7 @@ For more information, see [SurfaceHub configuration service provider](https://ms
 
 ### Supported Windows 10 settings
 
-In addition to Surface Hub-specific settings, there are numerous settings common to all Windows 10 devices. These settings are defined in the [Configuration service provider reference](https://msdn.microsoft.com/library/windows/hardware/dn920025.aspx). 
+In addition to Surface Hub-specific settings, there are numerous settings common to all Windows 10 devices. These settings are defined in the [Configuration service provider reference](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference). 
 
 The following tables include info on Windows 10 settings that have been validated with Surface Hub. There is a table with settings for these areas: security, browser, Windows Updates, Windows Defender, remote reboot, certificates, and logs. Each table identifies if the setting is supported with Microsoft Intune, System Center Configuration Manager, or SyncML.
 
diff --git a/devices/surface-hub/surface-hub-recovery-tool.md b/devices/surface-hub/surface-hub-recovery-tool.md
index 81c91723b7..ef1cd24725 100644
--- a/devices/surface-hub/surface-hub-recovery-tool.md
+++ b/devices/surface-hub/surface-hub-recovery-tool.md
@@ -18,6 +18,9 @@ The [Microsoft Surface Hub Recovery Tool](https://www.microsoft.com/download/det
 
 To re-image the Surface Hub SSD using the Recovery Tool, you'll need to remove the SSD from the Surface Hub, connect the drive to the USB-to-SATA cable, and then connect the cable to the desktop PC on which the Recovery Tool is installed. For more information on how to remove the existing drive from your Surface Hub, please refer to the [Surface Hub SSD Replacement Guide (PDF)](http://download.microsoft.com/download/1/F/2/1F202254-7156-459F-ABD2-39CF903A25DE/surface-hub-ssd-replacement-guide_en-us.pdf).
 
+>[!IMPORTANT]
+>Do not let the device go to sleep or interrupt the download of the image file.
+
 If the tool is unsuccessful in reimaging your drive, please contact [Surface Hub Support](https://support.microsoft.com/help/4037644/surface-contact-surface-warranty-and-software-support).
 
 ## Prerequisites
diff --git a/devices/surface-hub/whiteboard-collaboration.md b/devices/surface-hub/whiteboard-collaboration.md
index 08346d20b4..10f086f358 100644
--- a/devices/surface-hub/whiteboard-collaboration.md
+++ b/devices/surface-hub/whiteboard-collaboration.md
@@ -6,13 +6,16 @@ ms.sitesec: library
 author: jdeckerms
 ms.author: jdecker
 ms.topic: article
-ms.date: 10/20/2017
+ms.date: 07/12/2018
 ms.localizationpriority: medium
 ---
 
 # Set up and use Whiteboard to Whiteboard collaboration (Surface Hub)
 
-Microsoft Whiteboard’s latest update (17.8302.5275X or greater) includes the capability for two Surface Hubs to collaborate in real time on the same board. 
+The Microsoft Whiteboard app includes the capability for two Surface Hubs to collaborate in real time on the same board. 
+
+>[!IMPORTANT]
+>A new Microsoft Whiteboard app was released on July 12, 2018. The existing Whiteboard app that comes installed on Surface Hub and is pinned to the Welcome screen cannot collaborate with the new version that can be installed on the PC. If people in your organization install the new Whiteboard on their PCs, you must install the new Whiteboard on Surface Hub to enable collaboration. To learn more about installing the new Whiteboard on your Surface Hub, see [Whiteboard on Surface Hub opt-in](https://go.microsoft.com/fwlink/p/?LinkId=2004277).
 
 By ensuring that your organization meets the prerequisites, users can then ink, collaborate, and ideate together. 
 
diff --git a/education/windows/TOC.md b/education/windows/TOC.md
index ca73e87080..5cfd544fe5 100644
--- a/education/windows/TOC.md
+++ b/education/windows/TOC.md
@@ -4,6 +4,9 @@
 ## [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)
 ## [Set up Windows devices for education](set-up-windows-10.md)
 ### [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md)
+#### [Azure AD Join for school PCs](set-up-school-pcs-azure-ad-join.md)
+#### [Shared PC mode for school devices](set-up-school-pcs-shared-pc-mode.md)
+#### [Provisioning package settings](set-up-school-pcs-provisioning-package.md)
 ### [Use the Set up School PCs app ](use-set-up-school-pcs-app.md)
 ### [Set up student PCs to join domain](set-up-students-pcs-to-join-domain.md)
 ### [Provision student PCs with apps](set-up-students-pcs-with-apps.md)
diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md
index 906a44a391..8a5441c5cc 100644
--- a/education/windows/autopilot-reset.md
+++ b/education/windows/autopilot-reset.md
@@ -8,9 +8,9 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu
 ms.localizationpriority: medium
-author: CelesteDG
+author: greg-lindsay
 ms.author: celested
-ms.date: 03/08/2018
+ms.date: 06/27/2018
 ---
 
 # Reset devices with Autopilot Reset 
@@ -102,7 +102,7 @@ To make sure WinRE is enabled, use the [REAgentC.exe tool](https://docs.microsof
 reagentc /enable
 ```
 
-If Windows Automatic Reployment fails after enabling WinRE, or if you are unable to enable WinRE, please contact [Microsoft Support](https://support.microsoft.com) for assistance.
+If Autopilot Reset fails after enabling WinRE, or if you are unable to enable WinRE, please contact [Microsoft Support](https://support.microsoft.com) for assistance.
 
 ## Related topics
 
diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md
index b65a448e31..c14ad21e17 100644
--- a/education/windows/change-history-edu.md
+++ b/education/windows/change-history-edu.md
@@ -2,7 +2,7 @@
 title: Change history for Windows 10 for Education (Windows 10)
 description: New and changed topics in Windows 10 for Education
 keywords: Windows 10 education documentation, change history
-ms.prod: w10
+ms.prod: w10
 ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -32,7 +32,7 @@ New or changed topic | Description
 
 | New or changed topic | Description |
 | --- | ---- |
-| [Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md) | Updated the the list of device manufacturers. |
+| [Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md) | Updated the list of device manufacturers. |
 | [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md) | Updated instances of the parameter enablePrint, or enablePrinting, to requirePrinting. |
 | [Set up Take a Test on a single PC](take-a-test-single-pc.md) | Updated instances of the parameter enablePrint, or enablePrinting, to requirePrinting. |
 | [Take a Test app technical reference](take-a-test-app-technical.md) | Added a note that the Alt+F4 key combination for enabling students to exit the test is disabled in Windows 10, version 1703 (Creators Update) and later. Also added additional info about the Ctrl+Alt+Del key combination. |
diff --git a/education/windows/images/suspc-add-recommended-apps-1807.png b/education/windows/images/suspc-add-recommended-apps-1807.png
new file mode 100644
index 0000000000..e579c8f99d
Binary files /dev/null and b/education/windows/images/suspc-add-recommended-apps-1807.png differ
diff --git a/education/windows/images/suspc-admin-token-delete-1807.png b/education/windows/images/suspc-admin-token-delete-1807.png
new file mode 100644
index 0000000000..0656dbb899
Binary files /dev/null and b/education/windows/images/suspc-admin-token-delete-1807.png differ
diff --git a/education/windows/images/suspc-assessment-url-1807.png b/education/windows/images/suspc-assessment-url-1807.png
new file mode 100644
index 0000000000..c799e26271
Binary files /dev/null and b/education/windows/images/suspc-assessment-url-1807.png differ
diff --git a/education/windows/images/suspc-configure-student-settings-1807.png b/education/windows/images/suspc-configure-student-settings-1807.png
new file mode 100644
index 0000000000..92d6ae184a
Binary files /dev/null and b/education/windows/images/suspc-configure-student-settings-1807.png differ
diff --git a/education/windows/images/suspc-device-names-1807.png b/education/windows/images/suspc-device-names-1807.png
new file mode 100644
index 0000000000..886ff13413
Binary files /dev/null and b/education/windows/images/suspc-device-names-1807.png differ
diff --git a/education/windows/images/suspc-enable-shared-pc-1807.png b/education/windows/images/suspc-enable-shared-pc-1807.png
new file mode 100644
index 0000000000..52fb68f830
Binary files /dev/null and b/education/windows/images/suspc-enable-shared-pc-1807.png differ
diff --git a/education/windows/images/suspc-select-wifi-1807.png b/education/windows/images/suspc-select-wifi-1807.png
new file mode 100644
index 0000000000..c8b94d6aad
Binary files /dev/null and b/education/windows/images/suspc-select-wifi-1807.png differ
diff --git a/education/windows/images/suspc-select-wifi-network-1807.png b/education/windows/images/suspc-select-wifi-network-1807.png
new file mode 100644
index 0000000000..6c7240db39
Binary files /dev/null and b/education/windows/images/suspc-select-wifi-network-1807.png differ
diff --git a/education/windows/images/suspc-sign-in-select-1807.png b/education/windows/images/suspc-sign-in-select-1807.png
new file mode 100644
index 0000000000..abffbec690
Binary files /dev/null and b/education/windows/images/suspc-sign-in-select-1807.png differ
diff --git a/education/windows/images/suspc-take-a-test-app-1807.png b/education/windows/images/suspc-take-a-test-app-1807.png
new file mode 100644
index 0000000000..9d6c503f3c
Binary files /dev/null and b/education/windows/images/suspc-take-a-test-app-1807.png differ
diff --git a/education/windows/set-up-school-pcs-azure-ad-join.md b/education/windows/set-up-school-pcs-azure-ad-join.md
new file mode 100644
index 0000000000..16b59b9799
--- /dev/null
+++ b/education/windows/set-up-school-pcs-azure-ad-join.md
@@ -0,0 +1,95 @@
+---  
+title: Azure AD Join with Setup School PCs app  
+description: Describes how Azure AD Join is configured in the Set up School PCs app.  
+keywords: shared cart, shared PC, school, set up school pcs  
+ms.prod: w10  
+ms.technology: Windows  
+ms.mktglfcycl: plan  
+ms.sitesec: library  
+ms.pagetype: edu  
+ms.localizationpriority: medium  
+author: lenewsad  
+ms.author: lanewsad  
+ms.date: 07/13/2018  
+---  
+
+# Azure AD Join for school PCs  
+
+>   [!NOTE]  
+>   Set up School PCs app uses Azure AD Join to configure PCs. The app is helpful if you use the cloud based directory, Azure Active Directory (AD). If your organization uses Active Directory or requires no account to connect, install and use [Windows Configuration
+>   Designer](set-up-students-pcs-to-join-domain.md) to 
+>   join your PCs to your school's domain.
+
+Set up School PCs lets you create a provisioning package that automates Azure AD
+Join on your devices. This feature eliminates the need to manually:
+
+-   Connect to your school’s network.
+
+-   Join your organization's domain.
+
+## Automated connection to school domain  
+
+During initial device setup, Azure AD Join automatically connects your PCs to your school's Azure AD domain. You can skip all of the Windows setup experience that is typically a part of the out-of-the-box-experience (OOBE). Devices that are managed by a mobile device manager, such as Intune, are automatically enrolled with the provider upon initial device startup.
+
+Students who sign in to their PCs with their Azure AD credentials get access to on-premises apps and the following cloud apps:
+* Office 365
+* OneDrive 
+* OneNote.
+
+## Enable Azure AD Join  
+
+Learn how to enable Azure AD Join for your school. After you configure this setting, you'll be able to request an automated Azure AD bulk token, which you need to create a provisioning package.   
+
+1. Sign in to the Azure portal with your organization's credentials. 
+2. Go to **Azure
+Active Directory** \> **Devices** \> **Device settings**.  
+3. Enable the setting
+for Azure AD by selecting **All** or **Selected**. If you choose the latter
+option, select the teachers and IT staff to allow them to connect to Azure AD.  
+
+![Select the users you want to let join devices to Azure AD](images/suspc-enable-shared-pc-1807.png)  
+
+You can also create an account that holds the exclusive rights to join devices. When a student PC needs to be set up, provide the account credentials to the appropriate teachers or staff.
+
+## All Device Settings  
+
+The following table describes each setting within **Device Settings**.
+
+| Setting                                                    | Description                                                                                                                                                                                                                                                                                                            |
+|------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Users may join devices to Azure AD                         | Choose the scope of people in your organization that are allowed to join devices to Azure AD. **All** allows all users and groups within your tenant to join devices. **Selected** prompts you to choose specific users or groups to allow. **None** allows no one in your tenant to join devices to Azure AD. |  
+| Additional local administrators on Azure AD joined devices | Only applicable to Azure AD Premium tenants. Grant additional local administrator rights on devices, to selected users. Global administrators and the device owner are granted local administrator rights by default.                                                                                                  |
+| Users may register their devices with Azure AD             | Allow all or none of your users to register their devices with Azure AD (Workplace Join). If you are enrolled in Microsoft Intune or Mobile Device Management for Office 365, your devices are required to be registered. In this case, **All** is automatically selected for you.                                     |
+| Require Multi-Factor Authentication to join devices                  | Recommended when adding devices to Azure AD. When set to **Yes**, users that are setting up devices must enter a second method of authentication.                                                                                                             |
+| Maximum number of devices per user                         | Set the maximum number of devices a user is allowed to have in Azure AD. If the maximum is exceeded, the user must remove one or more existing devices before additional ones are added.                                                                                                                               |
+| Users may sync settings and enterprise app data            | Allow all or none of your users to sync settings and app data across multiple devices. Tenants with Azure AD Premium are permitted to select specific users to allow.                                                                                                                                                  |
+
+## Clear Azure AD tokens  
+
+Your Intune tenant can only have 500 active Azure AD tokens, or packages, at a time. You'll receive a notification in the Intune portal when you reach 500 active tokens.
+
+To reduce your inventory, clear out all unnecessary and inactive tokens.
+1. Go to **Azure Active Directory** \> **Users** \> **All users**  
+2. In the **User Name** column, select and delete all accounts with a **package\ _**
+prefix. These accounts are created at a 1:1 ratio for every token and are safe
+to delete.   
+3. Select and delete inactive and expired user accounts. 
+
+### How do I know if my package expired?
+Automated Azure AD tokens expire after 30 days. The expiration date for each token is appended to the end of the saved provisioning package, on the USB drive. After this date, you must create a new package. Be careful that you don't delete active accounts.  
+
+![Screenshot of the Azure portal, Azure Active Directory, All Users page. Highlights all accounts that start with the prefix package_ and can be deleted.](images/suspc-admin-token-delete-1807.png)  
+
+## Next steps    
+Learn more about setting up devices with the Set up School PCs app.  
+* [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md)
+* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md)
+* [Set up School PCs technical reference](set-up-school-pcs-technical.md)
+* [Set up Windows 10 devices for education](set-up-windows-10.md) 
+
+When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
+
+
+
+
+
diff --git a/education/windows/set-up-school-pcs-provisioning-package.md b/education/windows/set-up-school-pcs-provisioning-package.md
new file mode 100644
index 0000000000..16b671865d
--- /dev/null
+++ b/education/windows/set-up-school-pcs-provisioning-package.md
@@ -0,0 +1,122 @@
+---  
+title: What's in Set up School PCs provisioning package  
+description: Lists the provisioning package settings that are configured in the Set up School PCs app.  
+keywords: shared cart, shared PC, school, set up school pcs  
+ms.prod: w10  
+ms.technology: Windows  
+ms.mktglfcycl: plan  
+ms.sitesec: library  
+ms.pagetype: edu  
+ms.localizationpriority: medium  
+author: lenewsad  
+ms.author: lanewsad  
+ms.date: 07/13/2018  
+---  
+
+# What's in my provisioning package?
+The Set up School PCs app builds a specialized provisioning package with school-optimized settings. 
+
+A key feature of the provisioning package is Shared PC mode. To view the technical framework of Shared PC mode, including the description of each setting, see the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723294%28v=vs.85%29.aspx) article. 
+
+## Shared PC Mode policies
+This table outlines the policies applied to devices in shared PC mode. If you [selected to optimize a device for use by a single student](set-up-school-pcs-shared-pc-mode.md#optimize-device-for-use-by-a-single-student), the table notes the differences. Specifically, you'll see differences in the following policies:
+* Disk level deletion
+* Inactive threshold
+* Restrict local storage
+
+In the table, *True* means that the setting is enabled, allowed, or applied. Use the **Description** column to help you understand the context for each setting.
+
+For a more detailed look at the policies, see the Windows article [Set up shared or guest PC](https://docs.microsoft.com/en-us/windows/configuration/set-up-shared-or-guest-pc#policies-set-by-shared-pc-mode).
+
+|Policy name|Default value|Description|  
+|---------|---------|---------|  
+|Enable Shared PC mode|True| Configures the PCs so they are in shared PC mode.|  
+|Set education policies    | True      | School-optimized settings are applied to the PCs so that they are appropriate for an educational environment. To see all recommended and enabled policies, see [Windows 10 configuration recommendation for education customers](https://docs.microsoft.com/en-us/education/windows/configure-windows-for-education).       |  
+|Account Model| Only guest, Domain-joined only, or Domain-joined and guest  |Controls how users can sign in on the PC. Configurable from the Set up School PCs app. Choosing domain-joined will enable any user in the domain to sign in. Specifying the guest option will add the Guest option to the sign-in screen and enable anonymous guest access to the PC. |  
+|Deletion policy  |   Delete at disk space threshold and inactive threshold     | Delete at disk space threshold will start deleting accounts when available disk space falls below the threshold you set for disk level deletion. It will stop deleting accounts when the available disk space reaches the threshold you set for disk level caching. Accounts are deleted in order of oldest accessed to most recently accessed. Also deletes accounts if they have not signed in within the number of days specified by inactive threshold policy.        |  
+|Disk level caching  |   50%     | Sets 50% of total disk space to be used as the disk space threshold for account caching.       |  
+|Disk level deletion    |   For shared device setup, 25%; for single device-student setup, 0%.   |  When your devices are optimized for shared use across multiple PCs, this policy sets 25% of total disk space to be used as the disk space threshold for account caching. When your devices are optimized for use by a single student, this policy sets the value to 0% and does not delete accounts.   |  
+|Enable account manager    |  True      |  Enables automatic account management.       |  
+|Inactive threshold| For shared device setup, 30 days; for single device-student setup, 180 days.| After 30 or 180 days, respectively, if an account has not signed in, it will be deleted.
+|Kiosk Mode AMUID   | Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App  | Configures the kiosk account on student devices to only run the Take a Test secure assessment browser.    |  
+|Kiosk Mode User Tile Display Text | Take a Test | Displays "Take a Test" as the name of the kiosk account on student devices.     |  
+|Restrict local storage    |   For shared device setup, True; for single device-student setup, False.     |   When devices are optimized for shared use across multiple PCs, this policy forces students to save to the cloud to prevent data loss. When your devices are optimized for use by a single student, this policy does not prevent students from saving on the PCs local hard drive.  |  
+|Maintenance start time     | 0 - midnight       | The maintenance start time when automatic maintenance tasks, such as Windows Update, run on student devices.  |  
+|Max page file size in MB| 1024| Sets the maximum size of the paging file to 1024 MB. Applies only to systems with less than 32-GB storage and at least 3 GB of RAM.|  
+|Set power policies     |  True      |  Prevents users from changing power settings and turns off hibernate. Also overrides all power state transitions to sleep, such as lid close.       |  
+|Sign in on resume   |  True     | Requires the device user to sign in with a password when the PC wakes from sleep.        |  
+|Sleep timeout    |  3600 seconds      | Specifies the maximum idle time before the PC should sleep. If you don't set sleep timeout, the default time, 3600 seconds (1 hour), is applied.    |  
+
+## MDM and local group policies 
+This section lists only the MDM and local group policies that are configured uniquely for the Set up School PCs app.     
+
+For a more detailed look of each policy listed, see [Policy CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider) in the Windows IT Pro Center documentation.  
+
+
+|Policy name  |Default value |Description |
+|---------|---------|---------|
+|Authority|User-defined  | Authenticates the admin user. Value is set automatically when signed in to Azure AD.
+|BPRT|User-defined| Value is set automatically when signed in to Azure AD. Allows you to create the provisioning package. |
+|WLAN Setting| XML is generated from the Wi-Fi profile in the Set up School PCs app.| Configures settings for wireless connectivity.| 
+|Hide OOBE for desktop| True | Hides the interactive OOBE flow for Windows 10.|
+|Download Mode|1 - HTTP blended with peering behind the same NAT|Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps, and App updates|
+|Select when Preview Builds and Feature Updates are received | 32 - Semi-annual Channel. Device gets feature updates from Semi-annual Channel| Specifies how frequently devices receive preview builds and feature updates.|  
+|Allow auto update   | 4 - Auto-installs and restarts without device-user control    |  When an auto update is available, it auto-installs and restarts the device without any input or action from the device user.|
+|Configure automatic updates  | 3 - Set to install at 3am    |  Scheduled time to install updates.|
+|Update power policy for cart restarts   | 1 - Configured| Skips all restart checks to ensure that the reboot will happen at the scheduled install time. |  
+|Select when Preview Builds and Feature Updates are received   | 365 days | Defers Feature Updates for the specified number of days. When not specified, defaults to 365 days.|  
+|Allow all trusted apps |   Disabled      | Prevents untrusted apps from being installed to device        |
+|Allow developer unlock  |   Disabled     | Students cannot unlock the PC and use it in developer mode          |
+|Allow Cortana | Disabled | Cortana is not allowed on the device.
+|Allow manual MDM unenrollment   | Disabled          |   Students cannot remove the mobile device manager from their device.     |
+|Settings page visibility|Enabled |Specific pages in the System Settings app are not visible or accessible to students.|
+|Allow add provisioning package  |  Disabled         | Students cannot add and upload new provisioning packages to their device.        |
+|Allow remove provisioning package   | Disabled       | Students cannot remove packages that you've uploaded to their device, including the Set up School PCs app        |
+|Start Layout|Enabled |Lets you specify the Start layout for users and prevents them from changing the configuration.|
+|Import Edge Assets| Enabled| Import Microsoft Edge assets, such as PNG and JPG files, for secondary tiles on the Start layout. Tiles will appear as weblinks and will be tied to the relevant image asset files.|  
+|Allow pinned folder downloads|1 - The shortcut is visible and disables the setting in the Settings app |Makes the Downloads shortcut on the Start menu visible to students.|
+|Allow pinned folder File Explorer|1 - The shortcut is visible and disables the setting in the Settings app |Makes the File Explorer shortcut on the Start menu visible to students.|
+|Personalization  |     Deploy lock screen image  | Set to the image you picked when you customized the lock screen during device setup. If you didn't customize the image, the computer will show the default.     | Deploys a jpg, jpeg, or png image to be used as lock screen image on the device.
+|Personalization| Lock screen image URL| Image filename| You can specify a jpg, jpeg, or png image to be used as the device lock screen image. This setting can take an http or https URL to a remote image to be downloaded, or a file URLto an existing local image. 
+|Update|Active hours end    | 5 PM       | There will be no update reboots before this time.        |
+|Update|Active hours start     |  7 AM     |  There will be no update reboots after this time.      |    
+|Updates Windows    |  Nightly       |  Sets Windows to update on a nightly basis.       |  
+
+## Apps uninstalled from Windows 10 devices
+Set up School PCs app uses the Universal app uninstall policy. This policy identifies default apps that are not relevant to the classroom experience, and uninstalls them from each device.  The following table lists all apps uninstalled from Windows 10 devices.  
+
+
+|App name |Application User Model ID |
+|---------|---------|
+|3D Builder | Microsoft.3DBuilder_8wekyb3d8bbwe | 
+|Bing Weather  | Microsoft.BingWeather_8wekyb3d8bbwe  | 
+|Desktop App Installer|Microsoft.DesktopAppInstaller_8wekyb3d8bbwe|
+|Get Started | Microsoft.Getstarted_8wekyb3d8bbw |  
+|Messaging|Microsoft.Messaging_8wekyb3d8bbwe  
+|Microsoft Office Hub| Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe |  
+|Microsoft Solitaire Collection | Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe |   
+|One Connect|Microsoft.OneConnect_8wekyb3d8bbwe|
+|Paid Wi-Fi & Cellular   | Microsoft.OneConnect_8wekyb3d8bbwe | 
+|Feedback Hub   |  Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe  |    
+|Xbox | Microsoft.XboxApp_8wekyb3d8bbwe |  
+|Mail/Calendar | microsoft.windowscommunicationsapps_8wekyb3d8bbwe|  
+
+## Apps installed on Windows 10 devices  
+Set up School PCs uses the Universal app install policy to install school-relevant apps on  all Windows 10 devices. Apps that are installed include:
+* OneDrive
+* OneNote
+* Sway   
+
+## Next steps  
+Learn more about setting up devices with the Set up School PCs app.  
+* [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md)
+* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md)
+* [Set up School PCs technical reference](set-up-school-pcs-technical.md)
+* [Set up Windows 10 devices for education](set-up-windows-10.md) 
+
+When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
+
+
+
+
+
diff --git a/education/windows/set-up-school-pcs-shared-pc-mode.md b/education/windows/set-up-school-pcs-shared-pc-mode.md
new file mode 100644
index 0000000000..acebeccc44
--- /dev/null
+++ b/education/windows/set-up-school-pcs-shared-pc-mode.md
@@ -0,0 +1,80 @@
+---  
+title: Shared PC mode for school devices  
+description: Describes how shared PC mode is set for devices set up with the Set up School PCs app.  
+keywords: shared cart, shared PC, school, set up school pcs  
+ms.prod: w10  
+ms.technology: Windows  
+ms.mktglfcycl: plan  
+ms.sitesec: library  
+ms.pagetype: edu  
+ms.localizationpriority: medium  
+author: lenewsad  
+ms.author: lanewsad  
+ms.date: 07/13/2018  
+---  
+
+# Shared PC mode for school devices
+
+Shared PC mode optimizes Windows 10 for shared use scenarios, such as classrooms and school libraries.  A Windows 10 PC in shared PC mode requires minimal to zero maintenance and management. Update settings are optimized for classroom settings, so that they automatically occur outside of school hours.
+
+Shared PC mode can be applied on devices running:
+* Windows 10 Pro
+* Windows 10 Pro Education
+* Windows 10 Education
+* Windows 10 Enterprise  
+
+To learn more about how to set up a device in shared PC mode, see [Set up a shared or guest PC with Windows 10](https://docs.microsoft.com/en-us/windows/configuration/set-up-shared-or-guest-pc).  
+
+## Windows Updates
+Shared PC mode configures power and Windows Update settings so that computers update regularly. Computers that are set up through the Set up School PCs app are configured to:  
+* Wake nightly.  
+* Check for and install updates.  
+* Forcibly reboot, when necessary, to complete updates.  
+
+These configurations reduce the need to update and reboot computers during daytime work hours. Notifications about needed updates are also blocked from disrupting students.
+
+## Default admin accounts in Azure Active Directory  
+By default, the account that joins your computer to Azure AD will be given admin permissions on the computer. Global administrators in the joined Azure AD domain will also have admin permissions when signed in to the joined computer.  
+
+An Azure AD Premium subscription lets you specify the accounts that get admin accounts on a computer. These accounts are configured in Intune in the Azure portal.  
+
+## Account deletion policies
+This section describes the deletion behavior for the accounts configured in shared PC mode. A delete policy makes sure that outdated or stale accounts are regularly removed to make room for new accounts. 
+
+### Azure AD accounts
+
+The default deletion policy is set to automatically cache accounts. Cached accounts are automatically deleted when disk space gets too low, or when there's an extended period of inactivity. Accounts continue to delete until the computer reclaims sufficient disk space. Deletion policies behave the same for Azure AD and Active Directory domain accounts. 
+
+### Guest and Kiosk accounts
+Guest accounts and accounts created through Kiosk are deleted after they sign out of their account.
+
+### Local accounts
+Local accounts that you created before enabling shared PC mode aren't deleted. Local accounts that you create through the following path, after enabling PC mode, are not deleted: **Settings** app > **Accounts** > **Other people** > **Add someone**     
+
+## Create custom Windows images
+Shared PC mode is compatible with custom Windows images.  
+
+To create a compatible image, first create your custom Windows image with all software, updates, and drivers. Then use the System Preparation (Sysprep) tool with the `/oobe` flag to create the SharedPC-compatible version. For example, `sysrep/oobe`.
+
+Teachers can then run the Set up School PCs package on the computer.  
+
+## Optimize device for use by a single student
+Shared PC mode is enabled by default. This mode optimizes device settings for schools where PCs are shared by students.  The  Set up School PCs app also offers the option to configure settings for devices that aren't shared. 
+  
+If you select this setting, the app modifies shared PC mode so that it's appropriate for a single device. To see how the settings differ, refer to the Shared PC mode policy table in the article [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md)  
+1. In the app, go to the **Create package** > **Settings** step. 
+2. Select **Optimize device for a single student, instead of a shared cart or lab**.  
+
+## Next steps  
+Learn more about setting up devices with the Set up School PCs app.  
+* [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md)
+* [Set up School PCs technical reference](set-up-school-pcs-technical.md)
+* [What's in my provisioning package](set-up-school-pcs-provisioning-package.md)
+* [Set up Windows 10 devices for education](set-up-windows-10.md) 
+
+When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
+
+
+
+
+
diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md
index 3f6907cffb..b23242412b 100644
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@@ -1,6 +1,6 @@
 ---
-title: Set up School PCs app technical reference
-description: Describes the changes that the Set up School PCs app makes to a PC.
+title: Set up School PCs app technical reference overview
+description: Describes the purpose of the Set up School PCs app for Windows 10 devices.
 keywords: shared cart, shared PC, school, set up school pcs
 ms.prod: w10
 ms.technology: Windows
@@ -8,302 +8,74 @@ ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu
 ms.localizationpriority: medium
-author: CelesteDG
-ms.author: celested
-ms.date: 04/04/2018
+author: lenewsad
+ms.author: lanewsad
+ms.date: 07/11/2018
 ---
 
-# Technical reference for the Set up School PCs app 
+What is Set up School PCs?
+=================================================
+
 **Applies to:**
 
--   Windows 10 
+-   Windows 10
+
+The **Set up School PCs** app helps you configure new Windows 10 PCs for school use. The
+app, which is available for Windows 10 version 1703 and later, configures and saves
+school-optimized settings, apps, and policies into a single provisioning package. You can then save the package to a USB drive and distribute it to your school PCs. 
+
+If your school uses Azure Active Directory (Azure AD) or Office 365, the Set up
+School PCs app will create a setup file. This file joins the PC to your Azure Active Directory tenant. The app also helps set up PCs for use with or without Internet connectivity.  
+
+
+## Join PC to Azure Active Directory
+If your school uses Azure Active Directory (Azure AD) or Office 365, the Set up
+School PCs app creates a setup file that joins your PC to your Azure Active
+Directory tenant. 
+
+The app also helps set up PCs for use with or without Internet connectivity.
+
+## List of Set up School PCs features
+The following table describes the Set up School PCs app features and lists each type of Intune subscription. An X indicates that the feature is available with the specific subscription.
+
+| Feature                                                                                                                                                                                                                                                               | No Internet | Azure AD | Office 365 | Azure AD Premium |
+|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|----------|------------|------------------|
+| **Fast sign-in**                                                                                                                                                                                                                                                      | X           | X        | X          | X                |
+| Students sign in and start using the computer in under a minute, even on initial sign-in.                                                                                                                                                             |             |          |            |                  |
+| **Custom Start experience**                                                                                                                                                                                                                                           | X           | X        | X          | X                |
+| Necessary classroom apps are pinned to Start and unnecessary apps are removed.                                                                                                                                                                                         |             |          |            |                  |
+| **Guest account, no sign-in required**                                                                                                                                                                                                                                | X           | X        | X          | X                |
+| Set up computers for use by anyone with or without an account.                                                                                                                                                                         |             |          |            |                  |
+| **School policies**                                                                                                                                                                                                                                                   | X           | X        | X          | X                |
+| Settings create a relevant, useful learning environment and optimal computer performance.                                                                                                                                                                |             |          |            |                  |
+| **Azure AD Join**                                                                                                                                                                                                                                                     |             | X        | X          | X                |
+| Computers join with your existing Azure AD or Office 365 subscription for centralized management.                                                                                                                                                                      |             |          |            |                  |
+| **Single sign-on to Office 365**                                                                                                                                                                                                                                      |             |          | X          | X                |
+| Students sign in with their IDs to access all Office 365 web apps or installed Office apps.                                                                                                                                                            |             |          |            |                  |
+| **Take a Test app**                                                                                                                                                                                                                                                     |             |          |            | X                |
+| Administer quizzes and assessments through test providers such as Smarter Balanced.                                                                                                                                      |             |          |            |                  |
+| [Settings roaming](https://azure.microsoft.com/en-us/documentation/articles/active-directory-windows-enterprise-state-roaming-overview/) **via Azure AD**                                                                                                             |             |          |            | X                |
+| Synchronize student and application data across devices for a personalized experience.                                                                                                                                                          |             |          |            |                  |
+
+>   [!NOTE]  
+>   If your school uses Active Directory, use [Windows Configuration
+>   Designer](set-up-students-pcs-to-join-domain.md) 
+>   to configure your PCs to join the domain. You can only use the Set up School
+>   PCs app to set up PCs that are connected to Azure AD.
 
 
 
-The **Set up School PCs** app helps you set up new Windows 10 PCs that work great in your school by configuring shared PC mode. The latest Set up School PCs app is available for Windows 10, version 1703 (Creators Update). Set up School PCs also configures school-specific settings and policies, described in this topic.
+## Next steps  
+Learn more about setting up devices with the Set up School PCs app.  
+* [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md)
+* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md)
+* [What's in my provisioning package](set-up-school-pcs-provisioning-package.md)
+* [Set up Windows 10 devices for education](set-up-windows-10.md) 
+
+When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
+
+
 
-If your school uses Azure Active Directory (Azure AD) or Office 365, the Set up School PCs app will create a setup file that joins the PC to your Azure Active Directory tenant. You can also use the app to set up school PCs that anyone can use, with or without Internet connectivity. 
-
-Here's a list of what you get when using the Set up School PCs app in your school. 
-
-| Feature | No Internet | Azure AD | Office 365 | Azure AD Premium |
-| --- | :---: | :---: | :---: | :---: |
-| **Fast sign-in**<br/>Each student can sign in and start using the computer in less than a minute, even on their first sign-in. | X | X | X | X |
-| **Custom Start experience**<br/>The apps students need are pinned to Start, and unnecessary apps are removed. | X | X | X | X |
-| **Guest account, no sign-in required**<br/>This option sets up computers for common use. Anyone can use the computer without an account. | X | X | X | X |
-| **School policies**<br/>Settings specific to education create a useful learning environment and the best computer performance. | X | X | X | X |
-| **Azure AD Join**<br/>The computers are  joined to your Azure AD or Office 365 subscription for centralized management. |   | X | X | X |
-| **Single sign-on to Office 365**<br/>By signing on with student IDs, students have fast access to Office 365 web apps or installed Office apps. |   |    | X | X |
-| **Take a Test**<br/>Configure the Take a Test app and use it for taking quizzes and high-stakes assessments by some providers like Smarter Balanced. |   |    |  | X |
-| **[Settings roaming](https://azure.microsoft.com/en-us/documentation/articles/active-directory-windows-enterprise-state-roaming-overview/) via Azure AD**<br/>Student user and application settings data can be synchronized across devices for a personalized experience. |   |    |    | X |
-
-
-> [!NOTE]  
-> If your school uses Active Directory, use [Windows Configuration Designer](set-up-students-pcs-to-join-domain.md) to configure your PCs to join the domain. You can only use the Set up School PCs app to set up PCs that are connected to Azure AD.
-
-## Automated Azure AD join
-One of the most important features in Set up School PCs is the ability to create a provisioning package that performs automated Azure AD join. With this feature, you no longer have to spend minutes going through Windows setup, manually connecting to a network, and manually joining your Azure AD domain. With the automated Azure AD join feature in Set up School School PCs, this process is reduced to zero clicks! You can skip all of the Windows setup experience and the OS automatically joins the PC to your Azure AD domain and enrolls it into MDM if you have a MDM provider activated.
-
-To make this as seamless as possible, in your Azure AD tenant:
-- Allow your teacher and other IT staff to join devices to Azure AD so they can sucessfully request an automated Azure AD join token. 
-
-    In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > Device Settings** and in **Users may join devices to Azure AD**, click **Selected** and choose the members you want to enable to join devices to Azure AD.
-
-    **Figure 1** - Select the users you want to enable to join devices to Azure AD
-
-    ![Select the users you want to enable to join devices to Azure AD](images/azuread_usersandgroups_devicesettings_usersmayjoin.png)
-
-- Consider creating a special account that uses a username and password that you provide, and which has the rights to join devices if you don't want to add all teachers and IT staff.
-    - When teachers or IT staff need to set up PCs, they can use this account in the Set up School PCs app.
-    - If you use a service to set up PCs for you, you can give them this special account so they can deliver PCs to you that are already Azure AD joined and ready to be given to a student.
-
-- Turn off multifactor authentication.
-
-    In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > Device Settings** and set **Require Multi-Factor Auth to join devices** to **No**.
-
-    **Figure 2** - Turn off multi-factor authentication in Azure AD
-
-    ![Turn off multi-factor authentication in Azure AD](images/azuread_usersandgroups_devicesettings_requiremultifactorauth.png)
-
-- Set the maximum number of devices a user can add to unlimited.
-
-    In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > Device Settings** and set **Maximum number of devices per user** to **Unlimited**.
-
-    **Figure 3** - Set maximum number of devices per user to unlimited
-
-    ![Set maximum number of devices per user to unlimited](images/azuread_usersandgroups_devicesettings_maxnumberofdevicesperuser.png)
-
-- Clear your Azure AD tokens from time to time. Your tenant can only have 500 automated Azure AD tokens active at any one time.
-
-    In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > All users** and look at the list of user names. User names that start with **package_** followed by a string of letters and numbers. These are the user accounts that are created automatically for the tokens and you can safely delete these. 
-
-    **Figure 4** - Delete the accounts automatically created for the Azure AD tokens
-
-    ![Delete the accounts automatically created for the Azure AD tokens](images/azuread_usersandgroups_allusers_automaticaccounts.png)
-
-- Note that automated Azure AD tokens have expiration dates. Set up School PCs creates them with an expiration date of one month. You will see the specific expiration date for the package in the **Review package summary** page in Set up School PCs.
-
-    **Figure 5** - Sample summary page showing the expiration date
-
-    ![Sample summary page showing the expiration date](images/suspc_choosesettings_summary.png)
-
-
-<!-- When the MSES Get Started goes live, add a link to it from here -->
-
-
-## Information about Windows Update
-
-Shared PC mode helps ensure that computers are always up-to-date. If a PC is configured using the Set up School PCs app, shared PC mode sets the power states and Windows Update to: 
-* Wake nightly
-* Check and install updates
-* Forcibly reboot if necessary to finish applying updates
-
-The PC is also configured to not interrupt the user during normal daytime hours with updates or reboots. Notfications are also blocked.
-
-## Guidance for accounts on shared PCs
-
-* We recommend no local admin accounts on the PC to improve the reliability and security of the PC.
-* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account management happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** or **Kiosk** will also be deleted automatically at sign out.
-* On a Windows PC joined to Azure Active Directory:
-    * By default, the account that joined the PC to Azure AD will have an admin account on that PC. Global administrators for the Azure AD domain will also have admin accounts on the PC.
-    * With Azure AD Premium, you can specify which accounts have admin accounts on a PC using the **Additional administrators on Azure AD Joined devices** setting on the Azure portal.
-* Local accounts that already exist on a PC won’t be deleted when turning on shared PC mode. New local accounts created through **Settings > Accounts > Other people > Add someone else to this PC** after shared PC mode is turned on won't be deleted. However, any new local accounts created by the **Guest** or **Kiosk** selection on the sign-in screen, if enabled, will automatically be deleted at sign-out.
-* If admin accounts are necessary on the PC
-    * Ensure the PC is joined to a domain that enables accounts to be signed on as admin, or
-    * Create admin accounts before setting up shared PC mode, or 
-    * Create exempt accounts before signing out.
-* The account management service supports accounts that are exempt from deletion.
-    * An account can be marked exempt from deletion by adding the account SID to the `HKEY_LOCAL_MACHINE\SOFTARE\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\` registry key.
-    * To add the account SID to the registry key using PowerShell:
-
-        ```
-        $adminName = "LocalAdmin"
-        $adminPass = 'Pa$$word123'
-        iex "net user /add $adminName $adminPass"
-        $user = New-Object System.Security.Principal.NTAccount($adminName) 
-        $sid = $user.Translate([System.Security.Principal.SecurityIdentifier]) 
-        $sid = $sid.Value;
-        New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force
-        ``` 
-
-## Custom images
-Shared PC mode is fully compatible with custom images that may be created by IT departments. Create a custom image and then use sysprep with the `/oobe` flag to create an image that teachers can then apply the Set up School PCs provisioning package to. [Learn more about sysprep](https://technet.microsoft.com/en-us/library/cc721940(v=ws.10).aspx).
-
-## Provisioning package details
-
-The Set up School PCs app produces a specialized provisioning package that makes use of the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723294%28v=vs.85%29.aspx). 
-
-### Education customizations set by local MDM policy
-
-- By default, saving content locally to the PC is blocked, but you can choose to enable it. This prevents data loss by forcing students to save to the cloud.
-- A custom Start layout, taskbar layout, and lock screen image are set.
-- Prohibits unlocking the PC to developer mode.
-- Prohibits untrusted Microsoft Store apps from being installed.
-- Prohibits students from removing MDM.
-- Prohibits students from adding new provisioning packages.
-- Prohibits student from removing existing provisioning packages (including the one set by Set up School PCs).
-- Sets Windows Update to update nightly.
-
-
-### Uninstalled apps 
-
-- 3D Builder (Microsoft.3DBuilder_8wekyb3d8bbwe)
-- Weather (Microsoft.BingWeather_8wekyb3d8bbwe)
-- Tips (Microsoft.Getstarted_8wekyb3d8bbwe)
-- Get Office (Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe)
-- Microsoft Solitaire Collection (Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe)
-- Paid Wi-Fi & Cellular (Microsoft.OneConnect_8wekyb3d8bbwe)
-- Feedback Hub (Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe)
-- Xbox (Microsoft.XboxApp_8wekyb3d8bbwe)
-- Mail/Calendar (microsoft.windowscommunicationsapps_8wekyb3d8bbwe)
-
-### Local Group Policies
-
-> [!IMPORTANT]  
-> We do not recommend setting additional policies on PCs configured with the Set up School PCs app. The shared PC mode is optimized to be fast and reliable over time with minimal to no manual maintenance required.
-
-<table border="1"> 
-<thead><tr><th colspan="2"><p>Policy path</p></th></tr>
-<tr><th><p>Policy name</p></th><th><p>Value</p></th> 
-</tr> </thead>
-<tbody>
-<tr><td colspan="2"><p><strong>Admin Templates</strong> > <strong>Control Panel</strong> > <strong>Personalization</strong></p></td> 
-</tr> 
-<tr><td><p>Prevent enabling lock screen slide show</p></td><td><p>Enabled</p></td>
-</tr> 
-<tr><td><p>Prevent changing lock screen and logon image</p></td><td><p>Enabled</p></td>
-</tr> 
-<tr><td colspan="2"><p><strong>Admin Templates</strong> > <strong>System</strong> > <strong>Power Management</strong> > <strong>Button Settings</strong></p></td> 
-</tr> 
-<tr><td><p>Select the Power button action (plugged in)</p></td><td><p>Sleep</p></td> 
-</tr> 
-<tr><td><p>Select the Power button action (on battery)</p></td><td><p>Sleep</p></td> 
-</tr> 
-<tr><td><p>Select the Sleep button action (plugged in)</p></td><td><p>Sleep</p></td> 
-</tr> 
-<tr><td><p>Select the lid switch action (plugged in)</p></td><td><p>Sleep</p></td>
-</tr> 
-<tr><td><p>Select the lid switch action (on battery)</p></td><td><p>Sleep</p></td>
-</tr> 
-<tr><td colspan="2"><p><strong>Admin Templates</strong> > <strong>System</strong> > <strong>Power Management</strong> > <strong>Sleep Settings</strong></p></td> 
-</tr> 
-<tr><td><p>Require a password when a computer wakes (plugged in)</p></td><td><p>Enabled</p></td>
-</tr> 
-<tr><td><p>Require a password when a computer wakes (on battery)</p></td><td><p>Enabled</p></td>
-</tr>
-<tr><td><p>Specify the system sleep timeout (plugged in)</p></td><td><p> 5 minutes</p></td>
-</tr> 
-<tr><td><p>Specify the system sleep timeout (on battery)</p></td><td><p> 5 minutes</p></td>
-</tr> 
-<tr> <td> <p> Turn off hybrid sleep (plugged in) </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td> <p> Turn off hybrid sleep (on battery) </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td> <p> Specify the unattended sleep timeout (plugged in) </p> </td> <td> <p> 5 minutes </p> </td>
-</tr> 
-<tr> <td> <p> Specify the unattended sleep timeout (on battery) </p> </td> <td> <p> 5 minutes</p> </td> 
-</tr> 
-<tr> <td> <p> Allow standby states (S1-S3) when sleeping (plugged in) </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td> <p> Allow standby states (S1-S3) when sleeping (on battery) </p> </td> <td> <p> Enabled</p> </td> 
-</tr> 
-<tr> <td> <p> Specify the system hibernate timeout (plugged in) </p> </td> <td> <p> Enabled, 0</p> </td> 
-</tr> 
-<tr> <td> <p> Specify the system hibernate timeout (on battery) </p> </td> <td> <p> Enabled, 0</p> </td> 
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>System</strong>><strong>Power Management</strong>><strong>Video and Display Settings</strong></p> </td> </tr> 
-<tr> <td> <p> Turn off the display (plugged in) </p> </td> <td> <p> 5 minutes</p> </td> 
-</tr>
- <tr> <td> <p> Turn off the display (on battery) </p> </td> <td> <p> 5 minutes</p> </td>
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>System</strong>><strong>Power Management</strong>><strong>Energy Saver Settings</strong></p> </td> </tr> 
-<tr> <td> <p> Energy Saver Battery Threshold (on battery) </p> </td> <td> <p> 70</p> </td> 
-</tr>
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>System</strong>><strong>Logon</strong></p> </td> 
-</tr> 
-<tr> <td> <p> Show first sign-in animation </p> </td> <td> <p> Disabled</p> </td>
-</tr> 
-<tr> <td> <p> Hide entry points for Fast User Switching </p> </td> <td> <p> Enabled</p> </td> 
-</tr> 
-<tr> <td> <p> Turn on convenience PIN sign-in </p> </td> <td> <p> Disabled</p> </td>
-</tr> 
-<tr> <td> <p> Turn off picture password sign-in </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td> <p> Turn off app notification on the lock screen </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td> <p> Allow users to select when a password is required when resuming from connected standby</p> </td> <td> <p> Disabled</p> </td> 
-</tr> 
-<tr> <td> <p> Block user from showing account details on sign-in </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>System</strong>><strong>User Profiles</strong></p> </td> 
-</tr> 
-<tr> <td> <p> Turn off the advertising ID </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>Windows Components</strong>><strong>Biometrics</strong></p> </td> 
-</tr> 
-<tr> <td> <p> Allow the use of biometrics </p> </td> <td> <p> Disabled</p> </td>
-</tr> 
-<tr> <td> <p> Allow users to log on using biometrics </p> </td> <td> <p> Disabled</p> </td> 
-</tr> 
-<tr> <td> <p> Allow domain users to log on using biometrics </p> </td> <td> <p> Disabled</p> </td> 
-</tr> 
-<tr><td colspan="2"><strong>Admin Templates</strong>><strong>Windows Components</strong>><strong>Cloud Content</strong></td></tr>
-<tr> <td> <p> Do not show Windows Tips </p> </td> <td> <p> Enabled</p> </td> 
-</tr> 
-<tr> <td> <p> Turn off Microsoft consumer experiences </p> </td> <td> <p> Enabled</p> </td> 
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>Windows Components</strong>><strong>Data Collection and Preview Builds</strong></p> </td> 
-</tr> 
-<tr> <td> <p> Toggle user control over Insider builds </p> </td> <td> <p> Disabled</p> </td>
-</tr> 
-<tr> <td> <p> Disable pre-release features or settings </p> </td> <td> <p> Disabled</p> </td> 
-</tr> 
-<tr> <td> <p> Do not show feedback notifications </p> </td> <td> <p> Enabled</p> </td> 
-</tr> 
-<tr> <td> <p> Allow Telemetry </p> </td> <td> <p> Basic, 0</p> </td> 
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong> > <strong>Windows Components</strong> > <strong>File Explorer</strong></p> </td> 
-</tr> 
-<tr> <td> <p> Show lock in the user tile menu </p> </td> <td> <p> Disabled</p> </td>
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong> > <strong>Windows Components</strong> > <strong>Maintenance Scheduler</strong></p> </td> 
-</tr> 
-<tr> <td> <p> Automatic Maintenance Activation Boundary </p> </td> <td> <p> *MaintenanceStartTime*</p> </td>
-</tr> 
-<tr> <td> <p> Automatic Maintenance Random Delay </p> </td> <td> <p> Enabled, 2 hours</p> </td> 
-</tr> 
-<tr> <td> <p> Automatic Maintenance WakeUp Policy </p> </td> <td> <p> Enabled</p> </td> 
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong> > <strong>Windows Components</strong> > <strong>OneDrive</strong></p> </td> 
-</tr> 
-<tr> <td> <p> Prevent the usage of OneDrive for file storage </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong> > <strong>Windows Components</strong> > <strong>Windows Hello for Business</strong></p> </td> 
-</tr> 
-<tr> <td> <p> Use phone sign-in </p> </td> <td> <p> Disabled</p> </td>
-</tr> 
-<tr> <td> <p> Use Windows Hello for Business </p> </td> <td> <p> Disabled</p> </td>
-</tr> 
-<tr> <td> <p> Use biometrics </p> </td> <td> <p> Disabled</p> </td>
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Windows Settings</strong> > <strong>Security Settings</strong> > <strong>Local Policies</strong> > <strong>Security Options</strong></p> </td> 
-</tr> 
-<tr><td><p>Accounts: Block Microsoft accounts</p><p>**Note** Microsoft accounts can still be used in apps.</p></td><td><p>Enabled</p></td></tr>
-<tr> <td> <p> Interactive logon: Do not display last user name </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td> <p> Interactive logon: Sign-in last interactive user automatically after a system-initiated restart</p> </td> <td> <p> Disabled</p> </td>
-</tr> 
-<tr> <td> <p> User Account Control: Behavior of the elevation prompt for standard users </p> </td> <td> <p> Auto deny</p> </td>
-</tr> 
-</tbody>
-</table> </br>
-
-## Use the app
-When you're ready to use the app, see [Use Set up School PCs app](use-set-up-school-pcs-app.md). 
-
-## Related topics
-
-[Set up Windows devices for education](set-up-windows-10.md)
 
 
 
diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
index 5c865392c2..bdf6a298c9 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -1,315 +1,238 @@
 ---
 title: Use Set up School PCs app
-description: Learn how the Set up School PCs app works and how to use it.
+description: Learn how to use the Set up School PCs app and apply the provisioning package.
 keywords: shared cart, shared PC, school, Set up School PCs, overview, how to use
 ms.prod: w10
 ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu
-ms.localizationpriority: medium
-author: CelesteDG
-ms.author: celested
-ms.date: 12/11/2017
+ms.localizationpriority: high
+author: lenewsad
+ms.author: lanewsad
+ms.date: 07/11/2018
 ---
 
-# Use the Set up School PCs app 
-**Applies to:**
+# Use the Set up School PCs app  
 
--   Windows 10   
+IT administrators and technical teachers can use the **Set up School PCs** app to quickly set up Windows 10 PCs for students. The app configures PCs with the apps and features students need, and it removes the ones they don't need. During setup, if licensed in your tenant, the app anrolls each student PC into a mobile device management (MDM) provider, such as Intune for Education. You can then manage all the settings Set up School PCs configures through the MDM.   
 
-IT administrators and technical teachers can use the **Set up School PCs** app to quickly set up PCs for students. A student PC set up using the app is tailored to provide students with the tools they need for learning while removing apps and features that they don't need.
+Set up School PCs also:  
+* Joins each student PC to your organization's Office 365 and Azure Active Directory tenant.  
+* Enables the optional Autopilot Reset feature, to return devices to a fully configured or known IT-approved state.  
+* Keeps student PCs up-to-date without interfering with class time using Windows Update and maintenance hours.  
+* Locks down the student PC to prevent activity that isn't beneficial to their education.  
 
-## What does this app do?
+This article describes how to get started and provide information about your school in the Set up School PCs app. To learn more about the app's functionality, start with the [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md).  
 
-Set up School PCs makes it easy to set up Windows 10 PCs with Microsoft's recommended education settings, using a quick USB setup. This app guides you through the creation of a student PC provisioning package and helps you save it to a USB drive. From there, just plug the USB drive into student PCs running Windows 10 Creators Update (version 1703). It automatically:
-- Joins each student PC to your organization's Office 365 and Azure Active Directory tenant
-- Enrolls each student PC into a mobile device management (MDM) provider, like Intune for Education, if licensed in your tenant. You can manage all the settings Set up School PCs sets later through MDM.
-- Removes OEM preinstalled software from each student PC
-- Auto-configures and saves a wireless network profile on each student PC
-- Gives a friendly and unique name to each student device for future management
-- Sets Microsoft-recommended school PC settings, including shared PC mode which provides faster sign-in and automatic account cleanup
-- Enables optional guest account for younger students, lost passwords, or visitors
-- Enables optional secure testing account
-- Enables optional Autopilot Reset feature to return devices to a fully configured or known IT-approved state
-- Locks down the student PC to prevent mischievous activity:
-    * Prevents students from removing the PC from the school's device management system
-    * Prevents students from removing the Set up School PCs settings
-- Keeps student PCs up-to-date without interfering with class time using Windows Update and maintenance hours
-- Customizes the Start layout with Office
-- Installs OneDrive for storing cloud-based documents and Sway for creating interactive reports, presentations, and more
-- Uninstalls apps not specific to education, such as Solitaire
-- Prevents students from adding personal Microsoft accounts to the PC
+## Requirements    
+Before you begin, make sure that you, your computer, and your school's network are configured with the following requirements.
 
-You can watch the video to see how to use the Set up School PCs app, or follow the step-by-step guide. </br>
+* Office 365 and Azure Active Directory
+* [Latest Set up School PCs app](https://www.microsoft.com/store/apps/9nblggh4ls40)  
+* Permission to buy apps in Microsoft Store for Education
+* Set up School PCs app has permission to access the Microsoft Store for Education
+* A NTFS-formatted USB drive that is at least 1 GB, if not installing Office; and at least 8 GB, if installing Office
+* Student PCs must either: 
+    * Be within range of the Wi-Fi network that you configured in the app.
+    * Have a wired Ethernet connection when you set them up.  
 
-> [!VIDEO https://www.youtube.com/embed/2ZLup_-PhkA]
+### Configure USB drive for additional space  
+USB drives are, by default, FAT32-formatted, and are unable to save more than 4 GB of data. If you plan to install several apps, or large apps like Microsoft Office, you'll need more space. To create more space on the USB drive, reformat it to NTFS.  
+1. Insert the USB drive into your computer.
+2. Go to the **Start** > **This PC**.
+3. In the **Devices and drives** section, find your USB drive. Right-click to see its options.
+4. Select **Format** from the list to bring up the **Format drive name** window.
+5. Set **File system** to **NTFS**.
+6. Click **Start** to format the drive.
 
-You can watch the descriptive audio version here: [Microsoft Education: Use the Set up School PCs app (DA)](https://www.youtube.com/watch?v=qqe_T2LkGsI)
+### Prepare existing PC account for new setup
+Apply new packages to factory reset or new PCs. If you apply it to a PC that's already set up, you may lose the accounts and data.
 
-## Tips for success
+If a PC has already been set up, and you want to apply a new package, reset the PC to a clean state.
 
-* **Run the same Windows 10 build on the admin device and the student PCs**
+To begin, go to the **Settings** app on the appropriate PC.
+1. Click **Update & Security** > **Recovery**. 
+2. In the **Reset this PC** section, click **Get started**. 
+3. Click **Remove everything**.
 
-  It's critical that the IT administrator's or technical teacher's device is running the same Windows 10 build as the student PCs that you're provisioning. 
+You can also go to **Start** > **Power** icon. Hold down the Shift key and click **Restart** to load the Windows boot user experience. From there, follow these steps: 
+1. Click **Troubleshoot** and then choose **Reset this PC**.
+2. Select **Remove everything**.
+3. If the option appears, select **Only the drive where Windows is installed**.  
+4. Click **Just remove my files**.
+5. Click **Reset**.
 
-* **Ensure that the student PCs meet the minimum OS requirements for the version of Set up School PCs**
+## Recommendations  
+This section offers recommendations to prepare you for the best possible setup experience.  
+### Run the same Windows 10 build on the admin device and the student PCs  
+We recommend you run the IT administrator or technical teacher's device on the same Windows 10 build as the student PCs.
 
- Check the minimum OS requirements for the Set up School PCs app in the **System Requirements > OS** section of the app's description on the Microsoft Store. For example, the latest version of Set up School PCs requires Windows 10 versions with build 15063.0 or higher. Do not use the app to provision student PCs with Windows 10, version 1607 (build 14393) images. 
- 
- We recommend using the latest Set up School PCs app along with the latest Windows 10 images on the student PCs that you're provisioning. 
+### Student PCs should meet OS requirements for the app
+Check the minimum OS requirements in the Set up School PCs app. We recommend using the latest Set up School PCs app along with the latest Windows 10 images on the student PCs.  
 
-* **Run the app at work**
+To check the app's OS requirements, go to the Microsoft Store and locate the Set up School PCs app. In the app's description, go to **System Requirements > OS**.
 
-  For the best results, run the Set up School PCs app on your work device connected to your school's network. That way the app can gather accurate information about your wireless networks and cloud subscriptions.
+### Use app on a PC that is connected to your school's network
+We recommend that you run the Set up School PCs app on a computer that's connected to your school's network. That way the app can gather accurate information about your school's wireless networks and cloud subscriptions. If it's not connected, you'll need to enter the information manually.
 
-  > [!NOTE]  
-  > Don't use the **Set up Schools PCs** app for PCs that must connect to enterprise networks or to open Wi-Fi networks that require the user to accept Terms of Use.
+ > [!NOTE]  
+  > Don't use the **Set up Schools PCs** app for PCs that must connect to:
+ >* Enterprise networks that require the user to accept Terms of Use.
+ >* Open Wi-Fi networks that require the user to accept Terms of Use.
 
-* **Network tips**
-  * You cannot use Set up School PCs over a certification-based network, or one where you have to enter credentials in a browser. You can only connect to an open network, or one with a basic password. 
-  * If you need to set up a lot of devices over Wi-Fi, make sure that your network configuration can support it.
-    - We recommend configuring your DHCP so at least 200 IP addresses are available for the devices you are setting up. Configure your IP addresses to expire after a short time (about 30 minutes). This ensures that you can set up many devices simultaneously, and IP addresses will free up quickly so you can continue to set up devices without hitting network issues.
+### Run app on an open network or network that requires a basic password  
+Don't use Set up School PCs over a certification-based network, or one where you have to enter credentials in a browser. If you need to set up numerous devices over Wi-Fi, make sure that your network configuration can support it.
 
-* **Apply to new student PCs**
-  * The provisioning package that the Set up School PCs app creates should be used on new PCs that haven't been set up for accounts yet. If you apply the provisioning package to a student PC that has already been set up, existing accounts and data might be lost.
-  
-  > [!WARNING]  
-  > Only use the provisioning package on PCs that you want to configure and lock down for students. After you apply the provisioning package to a student PC, the PC must be reset to remove the settings.
+We recommend that you:  
+* Configure your DHCP so at least 200 IP addresses are available for your devices. Having available IP addresses will allow you to set up many devices simultaneously.  
+* Configure your IP addresses to expire after a short time--about 30 minutes. IP addresses will free up quickly so you can continue to set up devices without network issues.    
 
-  * The student PCs must be in range of the Wi-Fi network that you configured in Set up School PCs or have a wired Ethernet connection when you set them up. Otherwise, setup will fail.
-  * If the PC has already been set up and you want to return to the first-run experience to apply a new package, you can reset the PC to get to a clean state and get it back to the first-run experience and ready to provision again.
+>> [!WARNING]
+> Only use the provisioning package on PCs that you want to configure and lock down for students. After you apply the provisioning package to a student PC, the PC must be reset to remove the settings.  
 
-  To do this:
-  - Go to **Settings > Update & security > Recovery**. In the **Reset this PC** section of the **Recovery** page, click **Get started**.
-  - Or, hit **Shift** + click **Restart** in the **Power** menu to load the Windows boot user experience. From there, follow these steps:
-    1. Click **Troubleshoot** and then choose **Reset this PC**.    
-    2. Select **Remove everything**.
-    3. Select **No - remove provisioning packages**.
-    4. Select **Only the drive where Windows is installed** (this may not always show up).      
-    5. Click **Just remove my files**.
-    6. Click **Reset**.
+### Use an additional USB drive  
+You can set up PCs at the same time. Just save the provisioning package to an additional USB drive. Then plug them in at the same time during deployment.  
 
-* **Use an NTFS-formatted USB key**
+### Limit changes to school-optimized settings
 
-    If you're planning to install several apps, the Set up School PCs package may exceed 4 GB. Check if your USB drive format is FAT32. If it is, you won't be able to save more than 4 GB of data on the drive. To work around this, reformat the USB drive to use the NTFS format. To do this:
+We strongly recommend that you avoid changing preset policies. Changes can slow down setup, performance, and sign-in time.  
+## Create the provisioning package
 
-    1. Insert the USB key into your computer.
-    2. Go to the Start menu and type **This PC** and then select the **This PC (Desktop app)** from the search results. 
-    3. In the **Devices and drivers** section, find the USB drive, select and then right-click to bring up options.
-    4. Select **Format** from the list to bring up the **Format <DRIVE NAME>** window.
-    5. Set **File system** to **NTFS** and then click **Start** to format the drive.
+The **Set up School PCs** app guides you through the configuration choices for the student PCs.  
 
-* **Use more than one USB key**
+### Sign-in
+1. Open the Set up School PCs app on your PC and click **Get started**.  
+    
+      ![Launch the Set up School PCs app](images/suspc_getstarted_050817.png)  
+2. Select how you want to sign in.  
+    a. (Recommended) To enable student PCs to automatically be connect to Office 365, Azure AD, and management services like Intune for Education, click **Sign-in**. Then go to step 3.  
+    b. To complete setup without signing in, click **Skip**. Student PCs won't be connected to your school's cloud services and managing them will be more difficult later. Continue to [Wireless network](use-set-up-school-pcs-app.md#Wireless-network).  
+3. In the new window, select the account you want to use throughout setup. 
 
-    If you are setting up multiple PCs, you can set them up at the same time. Just save the provisioning package to another USB drive. Create two keys and you can run it on two PCs at once, and so on.
+    ![Sign-in screen showing the option to "Use this account" or use a different "Work or school account."](images/suspc-sign-in-select-1807.png) 
 
-* **Keep it clean**
+    To add an account not listed:  
+a. Click **Work or school account** > **Continue**.  
+        b. Type in the account username and click **Next**.  
+        c. You may be asked to verify the user account and password.   
 
-    We strongly recommend that IT avoid changes to policies unless absolutely necessary, as any changes can impair performance and sign-in time. Get more information at [Set up School PCs app technical reference](set-up-school-pcs-technical.md).
-
-* **Get more info**
-
-    Learn more about what Set up School PCs does, including provisioning details, in [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md).
-
-## Prerequisites
-
-- [Download the latest Set up School PCs app from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4ls40).
-
-  The app supports these languages: Chinese (Simplified), Chinese (Traditional), Danish, Dutch, English (United Kingdom), English (United States), French, German, Italian, Japanese, Korean, Norwegian, Polish, Portuguese (Brazil), Russian, Spanish (Spain), Spanish (Mexico), Swedish, and Turkish.
-
-- Install the app on your work PC and make sure you're connected to your school's network. 
-- You must have Office 365 and Azure Active Directory.
-- You must have the Microsoft Store for Education configured.
-- You must be a global admin in the Microsoft Store for Education.
-- It's best if you sign up for and [configure Intune for Education](../get-started/use-intune-for-education.md) before using the Set up School PCs app.
-- Have a USB drive, 1 GB or larger, to save the provisioning package. We recommend an 8 GB or larger USB drive if you're installing Office. 
-- Check the default file system format for your USB drive. You may need to set this to NTFS to save a provisioning package that's 4 GB or larger. 
-
-## Set up School PCs step-by-step
-
-### Create the provisioning package
-
-The **Set up School PCs** app guides you through the configuration choices for the student PCs.
-
-1. Launch the Set up School PCs app.
-
-  **Figure 1** - Launch the Set up School PCs app
-
-  ![Launch the Set up School PCs app](images/suspc_getstarted_050817.png)
-
-2. Click **Get started**.
-3. <a name="suspc_signin"></a>To sign in to your school's Office 365 account, in the **First step: Let's get you signed in** page:
-
-  To get the best option for setup and enable student PCs to automatically be connected to Office 365, Azure AD, and management services like Intune for Education, click **Sign-in**.
-
-  To complete setup without signing in, click **Skip**. Student PCs won't be connected to your school's cloud services and managing them will be more difficult later.
-
-  If you opt to sign in, follow these steps:
-
-    1. Choose the account from the list. If you don't see the account, select **Work or school account**, click **Continue**, and enter the account details.
-    2. Click **Next** once you've specified the account.
-    3. If you added an account, you may be asked to provide the user account and password. You will get a notification to allow the app to access your account. This will give Set up School PCs permission to access Store for Business, read memberships, sign you in and read your profile, and more.
-    4. Click **Accept**.
-
-      The account will show up as the account that Set up School PCs will use to connect the school PCs to the cloud.
-
-      **Figure 2** - Verify that the account you selected shows up
+1. Click **Accept** to allow Set up School PCs to access your account throughout setup.
+2. When your account name appears on the page, as shown in the image below, click **Next.**
 
       ![Verify that the account you selected shows up](images/suspc_createpackage_signin.png)
 
-    5. Click **Next**.
-  
-4. <a name="suspc_wireless"></a>To allow the student PCs to automatically connect to your school's wireless network, in the **Select the school's wireless network** page:
-  1. Select the school's Wi-Fi network from the list of available wireless networks or manually add a wireless network. 
-  2. Click **Next** if you added or selected a wireless network, or **Skip** to skip configuring a wireless network.
+### Wireless network
+Add and save a wireless network profile to provision on each student PC. Only skip Wi-Fi setup if you have an Ethernet connection.  
 
-    If you click **Skip**, you will see the following dialog. 
-    * If you select **Got it**, you will go to the next page without Wi-Fi set up. 
-    * If you select **Add Wi-Fi**, you will go back to the Wi-Fi page to add a wireless network.
+Select your school's Wi-Fi network from the list of available wireless networks, or click **Add a wireless network** to manually configure it. Then click **Next.** 
 
-    **Figure 3** - Only skip Wi-Fi if you have a wired Ethernet connection
+ ![Wireless network page with two Wi-Fi networks listed and one selected.](images/suspc-select-wifi-network-1807.png)  
 
-    ![Only skip Wi-Fi if you have a wired Ethernet connection](images/suspc_createpackage_skipwifi_modaldialog.png)
+### Device names
+Create a short name to add as a prefix to each of the PCs you set up. The name will help you recognize and manage this group of devices in your mobile device manager. The name must be five (5) characters or less.  
 
-5. <a name="suspc_devicename"></a>To assign a name to the student PCs, in the **Name these devices** page:
-  1. Add a short name that Set up School PCs will use as a prefix to identify and easily manage the group of devices, apps, and other settings through your device management client. 
-  
-    > [!NOTE]  
-    > The name must be five (5) characters or less. Set up School PCs automatically appends `_%SERIAL%` to the prefix that you specify. `_%SERIAL%` ensures that all device names are unique.
+To make sure all device names are unique, Set up School PCs automatically appends `_%SERIAL%` to the name.  For example, if you add *Math4* as the prefix, the device names will appear as *Math4* followed by a random string of letters and numbers.   
 
-    For example, if you add *Math4* as the prefix, the device names will be *Math4* followed by a random string of letters and numbers. 
-
-  2. Click **Next**.
-
-6. <a name="suspc_settings"></a>To specify other settings for the student PC, in the **Configure student PC settings** page:
-  - Select **Remove apps pre-installed by the device manufacturer** to install only the base Windows image.
-
-      > [!NOTE]  
-      > If you select this option, the provisioning process will take longer (about 30 minutes).
-
-  - Select **Allow local storage (not recommended for shared devices)** to let students save files to the **Desktop** and **Documents** folder on the student PC. We don't recommend this option if the device will be part of a shared cart or lab.
-  - Select **Optimize device for a single student, instead of a shared cart or lab** to optimize the device for use by a single student (1:1). 
-    - Check this option if the device will not be part of a shared cart or lab.
-    - Set up School PCs will change some account management logic so that it sets the expiration time for an account to 180 days (without requiring sign-in). 
-    - This setting also increases the maximum storage to 100% of the available disk space. This prevents the student's account from being erased if the student stores a lot of files or data, or if the student doesn't use the PC over a prolonged period.
-
-  - Select **Let guests sign-in to these PCs** to allow guests to use student PCs without a school account. For example, if the device will be in a library and you want other users (like visiting students or teachers) to be able to use the device, you can select this option.
-
-    If you select this option, this adds a **Guest** account button in the PC's sign-in screen to allow anyone to use the PC.
- 
-  - Select **Enable Autopilot Reset** to reset student PCs from the lock screen any time and apply original settings and device management enrollment (Azure AD and MDM) so they're ready to use. Make sure you are running Windows 10, version 1709 on the student PCs if you want to use Autopilot Reset through the Set up School PCs app.
-  - To change the default lock screen background or to use your school's custom lock screen background, click **Browse** to select a new lock screen background.
-
-    **Figure 4** - Configure student PC settings
-
-    ![Configure student PC settings](images/suspc_createpackage_configurestudentpcsettings_121117.png)
-
- When you're doing configuring the student PC settings, click **Next**.
-
-7. <a name="suspc_takeatest"></a>If you want to set up the Take a Test app and use it for taking quizzes and high-stakes assessments by some providers like Smarter Balanced, configure the settings in the **Set up the Take a Test app** page. Windows will also lock down the student PC so that students can't access anything else while taking the test.
-  1. Specify if you want to create a Take a Test button on the sign-in screens of students' PCs.
-  2. Check the options whether to allow keyboard text suggestions to appear and to allow teachers to monitor online tests. 
-  3. Enter the assessment URL.
-
-    You can leave the URL blank so that students can enter one later. This enables teachers to use the Take a Test account for daily quizzes or tests by having students manually enter a URL.
-
-    **Figure 5** - Configure the Take a Test app
-
-    ![Configure the Take a Test app](images/suspc_createpackage_takeatestpage_073117.png)
-
-  3. Click **Next** or **Skip** depending on whether you want to set up Take a Test.
-
-8. <a name="suspc_recommendedapps"></a>In the **Add recommended apps** page, you can choose from a set of recommended Microsoft Store apps to provision. The recommended apps include the following:
-  * **Office 365 for Windows 10 S (Education Preview)** 
-    * Office 365 for Windows 10 S will only work on student PCs running Windows 10 S. If you try to install this app on other editions of Windows, setup will fail.
-    * When adding the Office 365 for Windows 10 S to a package, the device you use to run Set up School PCs does not have to be running Windows 10 S.
-  * **Minecraft: Education Edition** - Free trial 
-  * Popular **STEM and Makerspace apps**
-
-  1. Select the apps that you would like to provision and then click **Next** when you're done. Apps that you provision on student PCs will be pinned to the Start menu.
-  2. Click **Skip** if you don't want to provision any apps.
-
-  **Figure 6** - Select from a set of recommended apps
-
-  ![Select from a set of recommended Microsoft Store apps](images/suspc_createpackage_recommendedapps_073117.png)
-    
-  The set of recommended Microsoft Store for Education apps may vary from what we show here.
-
-9. <a name="suspc_packagesummary"></a>In the **Review package summary** page, make sure that all the settings you configured appear correctly.
-  1. If you need to change any of the settings, you can on the sections to go back to that page and make your changes.
-
-      **Figure 7** - Review your settings and change them as needed
-
-      ![Review your settings and change them as needed](images/suspc_createpackage_summary_073117.png)
-
-  2. Click **Accept**.
-
-10. <a name="suspc_savepackage"></a>In the **Insert a USB drive now** page:
-  1. Insert a USB drive to save your settings and create a provisioning package on the USB drive.
-  2. Set up School PCs will automatically detect the USB drive after it's inserted. Choose the USB drive from the list.
-  3. Click **Save** to save the provisioning package to the USB drive.
-
-      **Figure 8** - Select the USB drive and save the provisioning package
-
-      ![Select the USB drive and save the provisioning package](images/suspc_savepackage_insertusb.png)
-
-11. <a name="suspc_pkgready"></a>When the provisioning package is ready, you will see the name of the file and you can remove the USB drive. Click **Next** if you're done, or click **Add a USB** to save the same provisioning package to another USB drive.
-
-  **Figure 9** - Provisioning package is ready
-
-  ![Provisioning package is ready](images/suspc_savepackage_ppkgisready.png)
-
-12. <a name="suspc_getpcsready"></a>Follow the instructions in the **Get the student PCs ready** page to start setting up the student PCs. 
-
-  **Figure 10** - Line up the student PCs and get them ready for setup
-
-  ![Line up the student PCs and get them ready for setup](images/suspc_runpackage_getpcsready.png)
-
-13. Click **Next**.
-14. <a name="suspc_installpkg"></a>In the **Install the package** page, follow the instructions in [Apply the provisioning package to the student PCs](#apply-the-provisioning-package-to-the-student-pcs) to set up the student PCs. 
-
-  Select **Create new package** if you need to create a new provisioning package. Otherwise, you can remove the USB drive if you're completely done creating the package.
-
-  **Figure 11** - Install the provisioning package on the student PCs
-
-  ![Install the provisioning package on the student PCs](images/suspc_runpackage_installpackage.png)
+  !["Name these devices" screen with the device field filled in with example device name, "Grd8."](images/suspc-device-names-1807.png)  
 
 
-### Apply the provisioning package to the student PCs
 
-The provisioning package on your USB drive is named `Set up School PCs.ppkg`. A provisioning package is a method for applying settings to Windows 10 without needing to reimage the device. When Windows 10 refers to *package*, it means your provisioning package, and when it refers to *provisioning*, it means applying the provisioning package to the student PC.
+### Settings
+Select additional settings to include in the provisioning package. To begin, select the operating system on your student PCs.  
 
-> [!NOTE]  
-> The student PC must contain a new or reset image and the PC must not already have been through first-run setup (OOBE).
 
-**To set up the student PC using the Set up School PCs provisioning package**
+![Configure student PC settings page showing 5 settings with checkboxes and 1 setting with browser button](images/suspc-configure-student-settings-1807.png)
 
-1. Start with the student PC turned off or with the PC on the first-run setup screen. In Windows 10 Creators Update (version 1703), this first-run setup screen says **Let's start with region. Is this right?**. 
+Setting selections vary based on the OS version you select. The following table lists all possible settings, descriptions, and important notes to consider.  After you've made your selections, click **Next**.   
 
-    If the PC has gone past the account setup screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
 
-    **Figure 12** - The first screen during first-run setup in Windows 10 Creators Update (version 1703)
+|Setting  |What happens if I select it? |Note|
+|---------|---------|---------|
+|Remove apps pre-installed by the device manufacturer |  Uninstalls apps that came loaded on the computer by the device's manufacturer. |Adds about 30 minutes to the provisioning process.|
+|Allow local storage (not recommended for shared devices)    | Lets students save files to the Desktop and Documents folder on the Student PC.         |Not recommended if the device will be part of a shared cart or lab.|
+|Optimize device for a single student, instead of a shared cart or lab    |Optimizes the device for use by a single student, rather than many students.       |Recommended option only if the device is not shared with other students in the school. Single-optimized accounts are set to expire, and require a signin, 180 days after setup. This setting increases the maximum PC storage to 100% of the available disk space. In this case, student accounts aren't deleted unless the account has been inactive for 180 days. |
+|Let guests sign in to these PCs     |Allows guests to use student PCs without a school account. |Common to use within a public, shared space, such as a library. Also used when a student loses their password. Adds a **Guest** account to the PC sign-in screen that anyone can sign in to.|
+|Enable Windows Autopilot Reset  | Lets you remotely reset a student’s PC from the lock screen, apply the device’s original settings, and enroll it in device management (Azure AD and MDM).  |Requires Windows 10, version 1709 and WinRE must be enabled on the PC. Setup will fail if both requirements aren't met.|
+|Lock screen background|Change the default screen lock background to a custom image.|Click **Browse** to search for an image file on your computer. Accepted image formats are jpg, jpeg, and png.|  
 
-    ![The first screen to set up a new PC in Windows 10 Creators Update](images/win10_1703_oobe_firstscreen.png)
 
-2. Insert the USB drive. Windows will recognize the drive and automatically install the provisioning package. 
+### Take a Test app  
+Set up the Take a Test app to give online quizzes and high-stakes assessments. During assessments, Windows locks down the student PC so that students can't access anything else on the device.  
+1. Select **Yes** to create a Take a Test button on the sign-in screens of your students' PCs.    
 
-    **Figure 13** - Windows automatically detects the provisioning package and installs it
+    ![Set up Take a Test app page with "Yes" selected to create an app button. Page also has two checkboxes for additional settings and one text field for the assessment URL.](images/suspc_createpackage_takeatestpage_073117.png)   
+2. Select from the advanced settings. The following table lists available settings and their descriptions.  
 
-    ![Windows automatically detects the provisioning package and installs it](images/suspc_studentpcsetup_installingsetupfile.png)
+|Setting |Description |
+|---------|---------|
+|Allow keyboard auto-suggestions    | Allows app to suggest words as the student types on the PC's keyboard.       |
+|Allow teachers to monitor online tests     |  Enables screen capture in the Take a Test app.  |  
 
-3. You can remove the USB drive when you see the message that you can remove the removable media. You can then use the USB drive to start provisioning another student PC.
+3. Enter the URL where the test is hosted. When students log in to the Take a Test account, they'll be able to click or enter the link to view the assessment.  
 
-    **Figure 14** - Remove the USB drive when you see the message that the media can be removed
+4. Click **Next**. 
 
-    ![You can remove the USB drive when you see the message that the media can be removed](images/suspc_setup_removemediamessage.png)
+### Add recommended apps  
+Choose from a list of recommended Microsoft Store apps to install on student PCs. Then click **Next**. After they're assigned, apps are pinned to the student's Start menu.  
+
+  ![Add recommended apps screen with 7 icons of recommended apps and selection boxes. Skip button is enabled and Next button is disabled. ](images/suspc-add-recommended-apps-1807.png)  
+
+The following table lists the recommended apps you'll see.  
+
+|App |Note |
+|---------|---------|
+|Office 365 for Windows 10 in S mode (Education Preview) | Setup is only successful on student PCs that run Windows 10 in S mode. The PC you running the Set up School PCs app is not required to have Windows 10 in S mode.        |
+|Minecraft: Education Edition | Free trial|
+|Other apps fit for the classroom |Select from WeDo 2.0 LEGO®, Arduino IDE, Ohbot, Sesavis Visual, and EV3 Programming|   
+
+
+### Summary
+1. Review all of the settings for accuracy and completeness. Check carefully. To make changes to a saved package, you have to start over.  
+2. To make changes now, click any page along the left side of the window.  
+3. When finished, click **Accept**.  
+
+      ![Example image of the Summary screen, showing the user's configurations for Sign-in, Wireless network, Device names, Settings, Take a Test, and Recommended apps. Accept button is active and the page contains three links on the right-hand side to help and support.](images/suspc_createpackage_summary_073117.png)
+
+### Insert USB
+1. Insert a USB drive. The **Save** button will light up when your computer detects the USB.  
+2. Choose your USB drive from the list and click **Save**.
+
+      ![Insert a USB drive now screen with USB drive selection highlighted. Save button is blue and active.](images/suspc_savepackage_insertusb.png)
+
+3. When the package is ready, you'll see the filename and package expiration date. You can also click **Add a USB** to save the same provisioning package to another USB drive. When you're done, remove the USB drive and click **Next**. 
+
+      ![Your provisioning package is ready screen with package details, active Next button, and grayed-out Add a USB button.](images/suspc_savepackage_ppkgisready.png)  
+
+## Run package - Get PCs ready  
+Complete each step on the **Get PCs ready** page to prepare student PCs for set-up. Then click **Next**.  
    
-4. If you set up the package to do Azure AD Join, that's it! You're done, and the PC is now ready for students to use.
+  ![Your provisioning package is ready! screen with 3 steps to get student PCs ready for setup. Save button is active.](images/suspc_runpackage_getpcsready.png)  
 
-  If you did not set up the package to do Azure AD Join, go through the rest of the Windows device setup experience.
+## Run package - Install package on PC
 
-## Related topics
+The provisioning package on your USB drive is named SetupSchoolPCs_<*devicename*>(Expires <*expiration date*>.ppkg. A provisioning package applies settings to Windows 10 without reimaging the device. 
+
+When used in context of the Set up School PCs app, the word *package* refers to your provisioning package. The word *provisioning* refers to the act of installing the package on the student PC. This section describes how to apply the settings to a PC in your school.  
+
+> [!IMPORTANT]
+> The PC must have a new or reset Windows 10 image and must not already have been through first-run setup (also referred to as OOBE). For instructions about how to reset a computer's image, see [Prepare existing PC account for new setup](use-set-up-school-pcs-app.md#prepare-existing-pc-account-for-new-setup).  
+
+1.  Start with the student PC turned off or with the PC on the first-run setup screen. In Windows 10 version 1803, the first-run setup screen reads, **Let's start with region. Is this right?** 
+
+    If the PC has gone past the account setup screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.  
+
+       ![Example screenshot of the first screen the Windows 10 PC setup for OOBE. United States is selected as the region and the Yes button is active.](images/win10_1703_oobe_firstscreen.png)  
+  
+2. Insert the USB drive. Windows automatically recognizes and installs the package.  
+   
+     ![Screen showing that the installation is automatically beginning, with a loading bar showing the status on the installation.](images/suspc_studentpcsetup_installingsetupfile.png)  
+3. When you receive the message that it's okay to remove the USB drive, remove it from the PC. If there are more PCs to set up, insert the USB drive into the next PC.  
+
+     ![Screen with message telling user to remove the USB drive.](images/suspc_setup_removemediamessage.png)  
+
+4. If you did not set up the package to do Azure AD Join, go through the rest of the Windows device setup experience.  If you did configure the package for Azure AD Join, the computer is ready for use and no further configurations are required.  
+
+      If successful, you'll see a setup complete message. The PCs start up on the lock screen with your school's custom background. Upon first use, students and teachers will be able to connect to your school's network and resources.
 
-[Set up Windows devices for education](set-up-windows-10.md)
 
diff --git a/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md b/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md
index 25df0da425..5dec2b8fb8 100644
--- a/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md
+++ b/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md
@@ -28,7 +28,7 @@ The Application Virtualization (App-V) Desktop Client requires no additional pro
 
 ### Hardware Requirements
 
-The hardware requirements requirements are applicable to all versions.
+The hardware requirements are applicable to all versions.
 
 -   Processor—See recommended system requirements for the operating system you are using.
 
@@ -177,7 +177,7 @@ The Application Virtualization (App-V) Client for Remote Desktop Services requir
 
 ### Hardware Requirements
 
-The hardware requirements requirements are applicable to all versions.
+The hardware requirements are applicable to all versions.
 
 -   Processor—See recommended system requirements for the operating system you are using.
 
diff --git a/mdop/mbam-v25/mbam-25-supported-configurations.md b/mdop/mbam-v25/mbam-25-supported-configurations.md
index 7b603f1d3f..195791d851 100644
--- a/mdop/mbam-v25/mbam-25-supported-configurations.md
+++ b/mdop/mbam-v25/mbam-25-supported-configurations.md
@@ -335,6 +335,11 @@ You must install SQL Server with the **SQL\_Latin1\_General\_CP1\_CI\_AS** coll
 </tr>
 </thead>
 <tbody>
+<tr class="odd">
+<td align="left"><p>Microsoft SQL Server 2017</p></td>
+<td align="left"><p>Standard, Enterprise, or Datacenter</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>64-bit</p></td>    
 <tr class="even">
 <td align="left"><p>Microsoft SQL Server 2016</p></td>
 <td align="left"><p>Standard, Enterprise, or Datacenter</p></td>
diff --git a/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md b/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md
index ca1329c6b0..6cb5d4878e 100644
--- a/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md
+++ b/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md
@@ -23,7 +23,7 @@ UE-V 2.1 SP1 adds support for Windows 10, in addition to the same software that
 
 ### Compatibility with Microsoft Azure
 
-Windows 10 lets enterprise users synchronize Windows app settings and Windows operating system settings to Azure instead of to OneDrive. You can use the Windows 10 enterprise sync functionality together with UE-V on on-premises domain-joined computers only. To enable coexistence between Windows 10 and UE-V, you must disable the following UE-V templates using either PowerShell on each client or Group Policy.
+Windows 10 lets enterprise users synchronize Windows app settings and Windows operating system settings to Azure instead of to OneDrive. You can use the Windows 10 enterprise sync functionality together with UE-V for on-premises domain-joined computers only. To enable coexistence between Windows 10 and UE-V, you must disable the following UE-V templates using either PowerShell on each client or Group Policy.
 
 In Group Policy, under the Microsoft User Experience Virtualization node, configure these policy settings:
 
diff --git a/store-for-business/manage-orders-microsoft-store-for-business.md b/store-for-business/manage-orders-microsoft-store-for-business.md
index 742b3c694e..12d927fce2 100644
--- a/store-for-business/manage-orders-microsoft-store-for-business.md
+++ b/store-for-business/manage-orders-microsoft-store-for-business.md
@@ -55,7 +55,7 @@ Reclaim licenses, and then request a refund. If you haven't assigned licenses, s
 1.  Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
 2.	Click **Manage**, and then choose **Apps & software**.
 3.	Find the app you want to refund, click the ellipses under **Actions**, and then choose **View license details**.
-4.  Select the the people who you want to reclaim license from, click the ellipses under **Actions**, and then choose **Reclaim licenses**. 
+4.  Select the people who you want to reclaim license from, click the ellipses under **Actions**, and then choose **Reclaim licenses**. 
 5.	Click **Order history**, click the order you want to refund, and click **Refund order**.
 
 For free apps, the app will be removed from your inventory in **Apps & software**. 
diff --git a/store-for-business/release-history-microsoft-store-business-education.md b/store-for-business/release-history-microsoft-store-business-education.md
index d7484344ae..f9d2591ffe 100644
--- a/store-for-business/release-history-microsoft-store-business-education.md
+++ b/store-for-business/release-history-microsoft-store-business-education.md
@@ -8,7 +8,7 @@ ms.pagetype: store
 author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
-ms.date: 5/31/2018
+ms.date: 6/28/2018
 ---
 
 # Microsoft Store for Business and Education release history
@@ -17,6 +17,9 @@ Microsoft Store for Business and Education regularly releases new and improved f
 
 Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) 
 
+## May 2018
+- **Immersive Reader app available in Microsoft Store for Education** - This app is a free tool that uses proven techniques to improve reading and writing for people regardless of their age or ability. You can add the app to your private store, so students can easily install and use it.  
+
 ## April 2018
 - **Assign apps to larger groups** - We're making it easier for admins to assign apps to groups of people. Admins can assign licenses to groups of any size, and include subgroups within those groups. We’ll figure out who’s in those groups, and assign licenses to people in the groups (skipping people who already have licenses). Along the way, we’ll let you know how many licenses are needed, and provide an estimate on the time required to assign licenses.
 - **Change collection order in private store** - Private store collections make it easy for groups of people to find the apps that they need. Now, you can customize the order of your private store collections. 
diff --git a/store-for-business/whats-new-microsoft-store-business-education.md b/store-for-business/whats-new-microsoft-store-business-education.md
index e2988a84c9..ecb95fbfa9 100644
--- a/store-for-business/whats-new-microsoft-store-business-education.md
+++ b/store-for-business/whats-new-microsoft-store-business-education.md
@@ -8,7 +8,7 @@ ms.pagetype: store
 author: TrudyHa
 ms.author: TrudyHa
 ms.topic: conceptual
-ms.date: 5/31/2018
+ms.date: 6/28/2018
 ---
 
 # What's new in Microsoft Store for Business and Education
@@ -17,19 +17,15 @@ Microsoft Store for Business and Education regularly releases new and improved f
 
 ## Latest updates for Store for Business and Education
 
-**May 2018**
+**June 2018**
 
 |  |  |
 |--------------------------------------|---------------------------------|
-| ![performance icon](images/edu-icon.png) |**Immersive Reader app in Microsoft Store for Education**<br /><br /> Microsoft Immersive Reader is now available for education organizations using Microsoft Store for Education. This app is a free tool that uses proven techniques to improve reading and writing for people regardless of their age or ability. You can add the app to your private store, so students can easily install and use it. Check out and download [Immersive Reader](https://educationstore.microsoft.com/en-us/store/details/immersive-reader/9PJZQZ821DQ2). <br /><br /> **Applies to**:<br /> Microsoft Store for Education |
-
-<!---
-|  |  |
-|--------------------------------------|---------------------------------|
-| ![Private store icon](images/private-store-icon.png) |**Change order within private store collection**<br /><br /> Following last month's update to customize the order of your private store collections, now you can customize the order of products in each collection. <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
+| ![Private store icon](images/private-store-icon.png) |**Change order within private store collection**<br /><br /> Continuing our focus on improvements for private store, now you can customize the order of products in each private store collection. <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
 | ![performance icon](images/perf-improvement-icon.png) |**Performance improvements in private store**<br /><br /> We continue to work on performance improvements in the private store. Now, most products new to your inventory are available in your private store within 15 minutes of adding them. <br /><br /> [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance) <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
--->
- 
+
+
+
 <!---
 We’ve been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features!
 |  |  |
@@ -42,6 +38,9 @@ We’ve been working on bug fixes and performance improvements to provide you a
 
 ## Previous releases and updates
 
+[May 2018](release-history-microsoft-store-business-education.md#may-2018)
+- Immersive Reading app available in Microsoft Store for Education
+
 [April 2018](release-history-microsoft-store-business-education.md#april-2018)
 - Assign apps to larger groups
 - Change collection order in private store
diff --git a/windows/application-management/app-v/appv-auto-batch-sequencing.md b/windows/application-management/app-v/appv-auto-batch-sequencing.md
index 508ae9f351..9cca4f5fb8 100644
--- a/windows/application-management/app-v/appv-auto-batch-sequencing.md
+++ b/windows/application-management/app-v/appv-auto-batch-sequencing.md
@@ -81,60 +81,6 @@ Where ```<name_of_vm>``` is the name of the virtual machine (VM) with the App-V
 
 The cmdlet creates a "clean" checkpoint on the VM. Next, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM, and finally a new session of the VM opens (through VMConnect) and sequencing of the app begins from the command-line. After completing sequencing and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the *OutputPath* parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off.
 
-### Sequence multiple apps by using the App-V Sequencer interface
-
-Sequencing multipe apps at the same time requires that you create a **ConfigFIle** to collect all of the info related to each round of sequencing. This file is then used by the App-V Sequencer interface after creating a "clean" checkpoint on your VM.
-
-#### Create your ConfigFile for use by the App-V Sequencer interface
-
-1. Determine the apps that need to be included in your App-V sequencing package, and then open a text editor, such as Notepad.
-
-2. Add the following required XML info for each app:
-
-    - ```<AppName>```. The name of the app you're adding to the package.
-    - ```<InstallerFolder>```. The file path to the folder with the app installer.
-    - ```<Installer>```. The file name for the app executable. This will typically be an .exe or .msi file.
-    - ```<TimeoutInMinutes>```. The maximum amount of time, in minutes, that the cmdlet should wait for sequencing to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
-    - ```<Cmdlet>```. Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to usea cmdlet-based sequencing, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
-    - ```<Enabled>```. Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
-
-        **Example:**
-
-        ```XML
-        <?xml version="1.0"?>
-            <Applications>
-                <Application>
-                    <AppName>Skype for Windows</AppName>
-                    <InstallerFolder>D:\Install\New\SkypeforWindows</InstallerFolder>
-                    <Installer>SkypeSetup.exe</Installer>
-                    <TimeoutInMinutes>20</TimeoutInMinutes>
-                    <Cmdlet>False</Cmdlet>
-                    <Enabled>True</Enabled>
-                </Application>
-                <Application>
-                    <AppName>Power BI</AppName>
-                    <InstallerFolder>D:\Install\New\MicrosoftPowerBI</InstallerFolder>
-                    <Installer>PBIDesktop.msi</Installer>
-                    <TimeoutInMinutes>20</TimeoutInMinutes>
-                    <Cmdlet>False</Cmdlet>
-                    <Enabled>True</Enabled>
-                </Application>
-            </Applications>
-        </xml>
-        ```
-
-#### How to start the App-V Sequencer interface and app installation process
-
-Open PowerShell as an admin on the Host computer and run the following commands to start the batch sequencing:
-
-```PowerShell
-New-BatchAppVSequencerPackages –ConfigFile <path_to_configfile> –VMName <name_of_vm> -OutputPath <path_to_your_output>
-```
-
-Where ```<name_of_vm>``` is the name of the virtual machine (VM) with the App-V Sequencer installed, where you'll run the batch sequencing, and ```<path_to_your_output>``` is the full path to where the sequenced packages should be copied.
-
-The cmdlet creates a "clean" checkpoint on the VM. Next, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM, and finally a new session of the VM opens (through VMConnect) and sequencing of the app begins from the command-line. After completing sequencing and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the OutputPath parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off.
-
 ### Review the log files
 
 There are 3 types of log files that occur when you sequence multiple apps at the same time:
@@ -155,4 +101,4 @@ There are 3 types of log files that occur when you sequence multiple apps at the
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
diff --git a/windows/application-management/app-v/appv-connection-group-file.md b/windows/application-management/app-v/appv-connection-group-file.md
index a421659a7a..06c74f260d 100644
--- a/windows/application-management/app-v/appv-connection-group-file.md
+++ b/windows/application-management/app-v/appv-connection-group-file.md
@@ -44,7 +44,7 @@ The following table describes the parameters in the XML file that define the con
 
 ### Parameters that define the packages in the connection group
 
-In the &lt;Packages&gt; section of the connection group XML file, you list the member packages in the connection group by specifying each package’s unique package identifier and version identifier, as described in the following table. The first package in the list has the highest precedence.
+In the **&lt;Packages&gt;** section of the connection group XML file, you list the member packages in the connection group by specifying each package’s unique package identifier and version identifier, as described in the following table. The first package in the list has the highest precedence.
 
 |Field|Description|
 |---|---|
diff --git a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
index 83cff76b90..9ee866698b 100644
--- a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
+++ b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
@@ -1,64 +1,92 @@
 ---
-title: How to Convert a Package Created in a Previous Version of App-V (Windows 10)
-description: How to Convert a Package Created in a Previous Version of App-V
+title: How to convert a package created in a previous version of App-V (Windows 10)
+description: How to convert a package created in a previous version of App-V.
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 07/10/2018
 ---
+# How to convert a package created in a previous version of App-V
 
+>Applies to: Windows 10, version 1607
 
-# How to Convert a Package Created in a Previous Version of App-V
+You can use the package converter utility to upgrade virtual application packages created by previous versions of App-V. This section will tell you how to convert existing virtual application packages for upgrade.
 
-**Applies to**
--   Windows 10, version 1607
+>[!NOTE]  
+>If you are running a computer with a 64-bit architecture, you must use the x86 version of Windows PowerShell.
 
-You can use the package converter utility to upgrade virtual application packages that have been created with previous versions of App-V.
+The package converter can only directly convert packages created by an App-V sequencer version 4.5 or later. Packages created with an App-V version earlier than 4.5 must be upgraded to at least App-V 4.5 before conversion.
 
-> [!NOTE]  
-> If you are running a computer with a 64-bit architecture, you must use the x86 version of Windows PowerShell.
-
-The package converter can only directly convert packages that were created by using the App-V 4.5 sequencer or later. Packages that were created using a version prior to App-V 4.5 must be upgraded to at least App-V 4.5 before conversion.
-
-The following information provides direction for converting existing virtual application packages.
-
-> [!IMPORTANT]  
-> You must configure the package converter to always save the package ingredients file to a secure location and directory. A secure location is accessible only by an administrator. Additionally, when you deploy the package, you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion process.
+>[!IMPORTANT]
+>In order to keep your files secure, you must configure the package converter to always save the package ingredients file to a secure location and directory that can only be accessed by an administrator. When you deploy the package, you should either save the package to a secure location or make sure that no other users can sign in during the conversion process.
 
 ## App-V 4.6 installation folder is redirected to virtual file system root
 
-When you convert packages from App-V 4.6 to App-V for Windows 10, the App-V for Windows 10 package can access the hardcoded drive that you were required to use when you created 4.6 packages. The drive letter will be the drive you selected as the installation drive on the 4.6 sequencing machine. (The default drive letter is Q:\\.)
+When you convert packages from App-V 4.6 to App-V for Windows 10, the App-V for Windows 10 package can access the hardcoded drive that you were required to use when you created 4.6 packages. The drive letter will be the drive you selected as the installation drive on the 4.6 sequencing machine. (The default drive is drive Q.)
 
-**Technical Details:** The App-V package converter will save the App-V 4.6 installation root folder and short folder names in the FilesystemMetadata.xml file in the Filesystem element. When the App-V for Windows 10 client creates the virtual process, it will map requests from the App-V 4.6 installation root to the virtual file system root.
+The App-V package converter will save the App-V 4.6 installation root folder and short folder names in the FilesystemMetadata.xml file in the **Filesystem** element. When the App-V for Windows 10 client creates the virtual process, it will map requests from the App-V 4.6 installation root to the virtual file system root.
 
 ## Getting started
 
-1.  Install the App-V Sequencer on a computer in your environment. For information about how to install the Sequencer, see [How to Install the Sequencer](appv-install-the-sequencer.md).
+1. Install the App-V Sequencer on a computer in your environment. For information about how to install the Sequencer, see [How to install the Sequencer](appv-install-the-sequencer.md).
 
-2.  The following cmdlets are available:
+2. You can enter the following cmdlets to check or convert packages:
 
-    -   **Test-AppvLegacyPackage** – This cmdlet is designed to check packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in depth validation. For information about options and basic functionality for this cmdlet, using Windows PowerShell, type `Test-AppvLegacyPackage -?`.
+    - **Test-AppvLegacyPackage**—This cmdlet checks packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in-depth validation. For information about options and basic functionality for this cmdlet, using Windows PowerShell, enter the following cmdlet:
 
-    -   **ConvertFrom-AppvLegacyPackage** – To convert an existing package, type `ConvertFrom-AppvLegacyPackage c:\contentStore c:\convertedPackages`. In this command, `c:\contentStore` represents the location of the existing package and `c:\convertedPackages` is the output directory to which the resulting App-V for Windows 10 virtual application package file will be saved. By default, if you do not specify a new name, the old package name will be used.
+         ```PowerShell
+         Test-AppvLegacyPackage -?
+         ```
 
-        Additionally, the package converter optimizes performance of packages in App-V for Windows 10 by setting the package to stream fault the App-V package.  This is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default.
+    - **ConvertFrom-AppvLegacyPackage**—This cmdlet converts packages from legacy versions to updated versions. To convert an existing package, enter the following cmdlet:
 
-        > [!NOTE]  
-        > Before you specify the output directory, you must create the output directory.
+         ```PowerShell
+         ConvertFrom-AppvLegacyPackage C:\contentStore C:\convertedPackages
+         ```
+
+     In this cmdlet, `C:\contentStore` represents the location of the existing package and `C:\convertedPackages` is the output directory to which the resulting App-V for Windows 10 virtual application package file will be saved. By default, if you do not specify a new name, the old package name will be used.
+
+     Additionally, the package converter optimizes performance of packages in App-V for Windows 10 by setting the package to stream fault the App-V package.  This is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default.
+
+      >[!NOTE]  
+      >Before you specify the output directory, you must create the output directory.
 
 ### Advanced Conversion Tips
 
--   Piping - Windows PowerShell supports piping. Piping allows you to call `dir c:\contentStore\myPackage | Test-AppvLegacyPackage`. In this example, the directory object that represents `myPackage` will be given as input to the `Test-AppvLegacyPackage` command and bound to the `-Source` parameter. Piping like this is especially useful when you want to batch commands together; for example, `dir .\ | Test-AppvLegacyPackage | ConvertFrom-AppvLegacyAppvPackage -Target .\ConvertedPackages`. This piped command would test the packages and then pass those objects on to actually be converted. You can also apply a filter on packages without errors or only specify a directory which contains an **.sprj** file or pipe them to another cmdlet that adds the filtered package to the server or publishes them to the App-V client.
+- Piping—Windows PowerShell supports piping. Piping allows you to enter cmdlets like this example:
 
--   Batching - The Windows PowerShell command enables batching. More specifically, the cmdlets support taking a string\[\] object for the `-Source` parameter which represents a list of directory paths. This allows you to enter `$packages = dir c:\contentStore` and then call `ConvertFrom-AppvLegacyAppvPackage-Source $packages -Target c:\ConvertedPackages` or to use piping and call `dir c:\ContentStore | ConvertFrom-AppvLegacyAppvPackage -Target C:\ConvertedPackages`.
+    ```PowerShell
+    dir C:\contentStore\myPackage | Test-AppvLegacyPackage
+    ```
 
--   Other functionality - Windows PowerShell has other built-in functionality for features such as aliases, piping, lazy-binding, .NET object, and many others. All of these are usable in Windows PowerShell and can help you create advanced scenarios for the Package Converter.
+    In this example, the directory object that represents `myPackage` will be given as input to the **Test-AppvLegacyPackage** cmdlet and bound to the *-Source* parameter. Piping like this is especially useful when you want to batch commands together, such as in the following example cmdlet:
+     
+    ```PowerShell
+    dir .\ | Test-AppvLegacyPackage | ConvertFrom-AppvLegacyAppvPackage -Target .\ConvertedPackages
+    ```
+      
+    This piped example command tests packages, then passes the objects on for conversion. You can also apply a filter on packages without errors or only specify a directory which contains an **.sprj** file or pipe them to another cmdlet that adds the filtered package to the server or publishes them to the App-V client.
+
+- Batching—The Windows PowerShell command enables batching. More specifically, the cmdlets support taking a string\[\] object for the *-Source* parameter that represents a list of directory paths. This allows you to enter the following cmdlets together:
+
+    ```PowerShell
+    $packages = dir C:\contentStore
+    ConvertFrom-AppvLegacyAppvPackage-Source $packages -Target C:\ConvertedPackages
+    ```
+
+    Alternatively, you can use piping like this:
+
+    ```PowerShell
+    dir C:\ContentStore | ConvertFrom-AppvLegacyAppvPackage -Target C:\ConvertedPackages
+    ```
+
+- Other functionality—Windows PowerShell has other built-in functionality for features such as aliases, lazy-binding, .NET Object, and many others. These features can help you create advanced scenarios for the Package Converter.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
diff --git a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
index 5a13170e82..19b27e45f8 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
@@ -1,87 +1,63 @@
 ---
-title: How to Create a Connection Group with User-Published and Globally Published Packages (Windows 10)
-description: How to Create a Connection Group with User-Published and Globally Published Packages
+title: How to create a connection croup with user-published and globally published packages (Windows 10)
+description: How to create a connection croup with user-published and globally published packages.
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 07/10/2018
 ---
+# How to create a connection croup with user-published and globally published packages
 
-
-# How to Create a Connection Group with User-Published and Globally Published Packages
-
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
 You can create user-entitled connection groups that contain both user-published and globally published packages, using either of the following methods:
 
--   [How to use Windows PowerShell cmdlets to create user-entitled connection groups](#how-to-use-windows-powershell-cmdlets-to-create-user-entitled-connection-groups)
+- [How to use Windows PowerShell cmdlets to create user-entitled connection groups](#how-to-use-windows-powershell-cmdlets-to-create-user-entitled-connection-groups)
+- [How to use the App-V Server to create user-entitled connection groups](#how-to-use-the-app-v-server-to-create-user-entitled-connection-groups)
 
--   [How to use the App-V Server to create user-entitled connection groups](#how-to-use-the-app-v-server-to-create-user-entitled-connection-groups)
+## Unsupported scenarios and potential issues
 
-## What to know before you start:
+Here are some important things to know before you get started:
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Unsupported scenarios and potential issues</th>
-<th align="left">Result</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>You cannot include user-published packages in globally entitled connection groups.</p></td>
-<td align="left"><p>The connection group will fail.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>If you publish a package globally and then create a user-published connection group in which you’ve made that package non-optional, you can still run <strong>Unpublish-AppvClientPackage &lt;package&gt; -global</strong> to unpublish the package, even when that package is being used in another connection group.</p></td>
-<td align="left"><p>If any other connection groups are using that package, the package will fail in those connection groups.</p>
-<p>To avoid inadvertently unpublishing a non-optional package that is being used in another connection group, we recommend that you track the connection groups in which you’ve used a non-optional package.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+- If you add user-published packages in globally entitled connection groups, the connection group will fail.
+- Track the connection groups where you've used a non-optional package before removing it with the **Unpublish-AppvClientPackage <</span>package> -global** cmdlet.
+      
+    In situations where you have a gobally published package that's listed as non-optional in a user-published connection group that also appears in other packages, running **Unpublish-AppvClientPackage <</span>package> -global** cmdlet can unpublish the package from every connection group containing that package. Tracking connection groups can help you avoid unintentionally unpublishing non-optional packages.
 
 ## How to use Windows PowerShell cmdlets to create user-entitled connection groups
 
-1.  Add and publish packages by using the following commands:
+1. Add and publish packages by using the following commands:
     
-    ```
+    ```PowerShell
     Add-AppvClientPackage <Package1_AppV_file_Path>
     Add-AppvClientPackage <Package2_AppV_file_Path>
     Publish-AppvClientPackage -PackageId <Package1_ID> -VersionId <Package1_Version_ID> -Global
     Publish-AppvClientPackage -PackageId <Package2_ID> -VersionId <Package2_Version_ID>
     ```
 
-2.  Create the connection group XML file. For more information, see [About the Connection Group File](appv-connection-group-file.md).
+2. Create the connection group XML file. For more information, see [About the connection group file](appv-connection-group-file.md).
 
-3.  Add and publish the connection group by using the following commands:
+3. Add and publish the connection group by using the following commands:
     
-    ```
+    ```PowerShell
     Add-AppvClientConnectionGroup <Connection_Group_XML_file_Path>
     Enable-AppvClientConnectionGroup -GroupId <CG_Group_ID> -VersionId <CG_Version_ID>
     ```
 
 ## How to use the App-V Server to create user-entitled connection groups
 
-1.  Open the App-V Management Console.
+1. Open the App-V Management Console.
 
-2.  Follow the instructions in [How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md) to publish packages globally and to the user.
+2. Follow the instructions in [How to publish a package by using the Management Console](appv-publish-a-packages-with-the-management-console.md) to publish packages globally and to the user.
 
-3.  Follow the instructions in [How to Create a Connection Group](appv-create-a-connection-group.md) to create the connection group, and add the user-published and globally published packages.
+3. Follow the instructions in [How to create a connection group](appv-create-a-connection-group.md) to create the connection group and  add the user-published and globally published packages.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-
-[Managing Connection Groups](appv-managing-connection-groups.md)
+- [Managing Connection Groups](appv-managing-connection-groups.md)
diff --git a/windows/application-management/app-v/appv-create-a-connection-group.md b/windows/application-management/app-v/appv-create-a-connection-group.md
index 144900c14b..661b95326d 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group.md
@@ -1,51 +1,47 @@
 ---
-title: How to Create a Connection Group (Windows 10)
-description: How to Create a Connection Group
+title: How to create a connection group (Windows 10)
+description: How to create a connection group with the App-V Management Console.
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 07/10/2018
 ---
+# How to create a connection group
 
+>Applies to: Windows 10, version 1607
 
-# How to Create a Connection Group
+Use these steps to create a connection group by using the App-V Management Console. To use Windows PowerShell to create connection groups, see [How to manage connection groups on a stand-alone computer by using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md).
 
-**Applies to**
--   Windows 10, version 1607
+When you place packages in a connection group, their package root paths merge. If you remove packages, only the remaining packages maintain the merged root.
 
-Use these steps to create a connection group by using the App-V Management Console. To use Windows PowerShell to create connection groups, see [How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md).
+## Create a connection group
 
-When you place packages in a connection group, their package root paths are merged. If you remove packages, only the remaining packages maintain the merged root.
+1. In the App-V Management Console, select **CONNECTION GROUPS** to display the Connection Groups library.
 
-**To create a connection group**
+2. Select **ADD CONNECTION GROUP** to create a new connection group.
 
-1.  In the App-V Management Console, select **CONNECTION GROUPS** to display the Connection Groups library.
+3. In the **New Connection Group** pane, enter a description for the group.
 
-2.  Select **ADD CONNECTION GROUP** to create a new connection group.
+4. Select **EDIT** in the **CONNECTED PACKAGES** pane to add a new application to the connection group.
 
-3.  In the **New Connection Group** pane, type a description for the group.
+5. In the **PACKAGES Entire Library** pane, select the application to be added, then select the arrow to add the application.
 
-4.  Click **EDIT** in the **CONNECTED PACKAGES** pane to add a new application to the connection group.
-
-5.  In the **PACKAGES Entire Library** pane, select the application to be added, and click the arrow to add the application.
-
-    To remove an application, select the application to be removed in the **PACKAGES IN** pane and click the arrow.
+    To remove an application, select the application to be removed in the **PACKAGES IN** pane and select the arrow.
 
     To reprioritize the applications in your connection group, use the arrows in the **PACKAGES IN** pane.
 
-    **Important**<br>
-    By default, the Active Directory Domain Services access configurations that are associated with a specific application are not added to the connection group. To transfer the Active Directory access configuration, select **ADD PACKAGE ACCESS TO GROUP ACCESS**, which is located in the **PACKAGES IN** pane.
+    >[!IMPORTANT]
+    >By default, the Active Directory Domain Services access configurations that are associated with a specific application are not added to the connection group. To transfer the Active Directory access configuration, select **ADD PACKAGE ACCESS TO GROUP ACCESS**, which is located in the **PACKAGES IN** pane.
 
-6.  After adding all the applications and configuring Active Directory access, click **Apply**.
+6. After adding all the applications and configuring Active Directory access, select **Apply**.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-[Operations for App-V](appv-operations.md)
-
-[Managing Connection Groups](appv-managing-connection-groups.md)
+- [Operations for App-V](appv-operations.md)
+- [Managing connection groups](appv-managing-connection-groups.md)
diff --git a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
index 3aea6099e5..a2d704e613 100644
--- a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
@@ -1,41 +1,38 @@
 ---
-title: How to Create a Custom Configuration File by Using the App-V Management Console (Windows 10)
-description: How to Create a Custom Configuration File by Using the App-V Management Console
+title: How to create a custom configuration file by using the App-V Management Console (Windows 10)
+description: How to create a custom configuration file by using the App-V Management Console.
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 07/10/2018
 ---
+# How to create a custom configuration file by using the App-V Management Console
 
+>Applies to: Windows 10, version 1607
 
-# How to Create a Custom Configuration File by Using the App-V Management Console
+You can use a dynamic configuration to customize an App-V package for a specific user. However, you must first create the dynamic user configuration (.xml) file or the dynamic deployment configuration file before you can use the files. Creation of the file is an advanced manual operation. For general information about dynamic user configuration files, see [About App-V dynamic configuration](appv-dynamic-configuration.md).
 
-**Applies to**
--   Windows 10, version 1607
+You can create a dynamic user configuration file with the App-V Management Console by following the steps in this article.
 
-You can use a dynamic configuration to customize an App-V package for a specific user. However, you must first create the dynamic user configuration (.xml) file or the dynamic deployment configuration file before you can use the files. Creation of the file is an advanced manual operation. For general information about dynamic user configuration files, see, [About App-V Dynamic Configuration](appv-dynamic-configuration.md).
+## Create a dynamic user configuration file
 
-Use the following procedure to create a Dynamic User Configuration file by using the App-V Management console.
+1. Right-click the name of the package that you want to view and select **Edit active directory access** to view the configuration that is assigned to a given user group. Alternatively, select the package, and click **Edit**.
 
-**To create a Dynamic User Configuration file**
+2. Using the list of **AD Entities with Access**, select the AD group that you want to customize. Select **Custom** from the drop-down list. A link named **Edit** will appear.
 
-1.  Right-click the name of the package that you want to view and select **Edit active directory access** to view the configuration that is assigned to a given user group. Alternatively, select the package, and click **Edit**.
+3. Select **Edit**. The Dynamic User Configuration assigned to the AD Group will appear.
 
-2.  Using the list of **AD Entities with Access**, select the AD group that you want to customize. Select **Custom** from the drop-down list, if it is not already selected. A link named **Edit** will be displayed.
+4. Select **Advanced**, and then select **Export Configuration**. Enter a file name and select **Save**. Now you can edit the file to configure a package for a user.
 
-3.  Click **Edit**. The Dynamic User Configuration that is assigned to the AD Group will be displayed.
-
-4.  Click **Advanced**, and then click **Export Configuration**. Type in a filename and click **Save**. Now you can edit the file to configure a package for a user.
-
-    **Note**  
-    To export a configuration while running on Windows Server, you must disable "IE Enhanced Security Configuration". If this is enabled and set to block downloads, you cannot download anything from the App-V Server.
+    >[!NOTE]  
+    >If you want to export a configuration while running on Windows Server, make sure to disable the IE Enhanced Security Configuration setting. If this setting is enabled and set to block downloads, you won't be able to download anything from the App-V Server.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-[Operations for App-V](appv-operations.md)
+- [Operations for App-V](appv-operations.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
index 5d001bf498..7c228e7c4d 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
@@ -1,50 +1,47 @@
 ---
-title: How to Create a Package Accelerator by Using Windows PowerShell (Windows 10)
-description: How to Create a Package Accelerator by Using Windows PowerShell
+title: How to create a package accelerator by using Windows PowerShell (Windows 10)
+description: How to create a package accelerator with Windows PowerShell.
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 07/10/2018
 ---
+# How to create a package accelerator by using Windows PowerShell
 
+>Applies to: Windows 10, version 1607
 
-# How to Create a Package Accelerator by Using Windows PowerShell
+App-V Package Accelerators automatically sequence large, complex applications. Also, when you apply an App-V Package Accelerator, you don't have to manually install an application to create the virtualized package.
 
-**Applies to**
--   Windows 10, version 1607
+## Create a package accelerator
 
-App-V package accelerators automatically sequence large, complex applications. Additionally, when you apply an App-V package accelerator, you are not always required to manually install an application to create the virtualized package.
+1. Install the App-V sequencer. For more information about installing the sequencer, see [How to install the sequencer](appv-install-the-sequencer.md).
+2. To open a Windows PowerShell console, select **Start** and enter **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**.
+3. Make sure that you have the .appv package to create an accelerator from the installation media or installation files. You can also optionally use a readme file for the accelerator's users to reference.
+4. Enter the **New-AppvPackageAccelerator** cmdlet.
 
-**To create a package accelerator**
+    The following parameters are required to use the package accelerator cmdlet:
 
-1.  Install the App-V sequencer. For more information about installing the sequencer see [How to Install the Sequencer](appv-install-the-sequencer.md).
+    - *InstalledFilesPath* specifies the application installation path.
+    - *Installer* specifies the path to the application installer media.
+    - *InputPackagePath* specifies the path to the .appv package.
+    - *Path* specifies the output directory for the package.
 
-2.  To open a Windows PowerShell console, click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. Use the **New-AppvPackageAccelerator** cmdlet.
+    The following example cmdlet shows how you can create a package accelerator with an .appv package and the installation media:
 
-3.  To create a package accelerator, make sure that you have the .appv package to create an accelerator from, the installation media or installation files, and optionally a read me file for consumers of the accelerator to use. The following parameters are required to use the package accelerator cmdlet:
+    ```PowerShell
+    New-AppvPackageAccelerator -InputPackagePath <path to the .appv file> -Installer <path to the installer executable> -Path <directory of the output path>
+    ```
 
-    -   **InstalledFilesPath** - specifies the application installation path.
+    You can also use the following optional parameter with the **New-AppvPackageAccelerator** cmdlet:
 
-    -   **Installer** – specifies the path to the application installer media
-
-    -   **InputPackagePath** – specifies the path to the .appv package
-
-    -   **Path** – specifies the output directory for the package.
-
-    The following example displays how you can create a package accelerator with an .appv package and the installation media:
-
-    **New-AppvPackageAccelerator -InputPackagePath &lt;path to the .appv file&gt; -Installer &lt;path to the installer executable&gt; -Path &lt;directory of the output path&gt;**
-
-    An additional optional parameter that can be used with the **New-AppvPackageAccelerator** cmdlet is as follows:
-
-    -   **AcceleratorDescriptionFile** - specifies the path to user created package accelerator instructions. The package accelerator instructions are **.txt** or **.rtf** description files that will be packaged with the package created using the package accelerator.
+    - *AcceleratorDescriptionFile* specifies the path to user-created package accelerator instructions. The package accelerator instructions are **.txt** or **.rtf** description files that will be included in the package created by the package accelerator.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-[Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
+- [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md)
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator.md b/windows/application-management/app-v/appv-create-a-package-accelerator.md
index b62f27281a..49be3c2a97 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator.md
@@ -1,79 +1,77 @@
 ---
-title: How to Create a Package Accelerator (Windows 10)
-description: How to Create a Package Accelerator
+title: How to create a package accelerator (Windows 10)
+description: How to create a package accelerator.
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 07/10/2018
 ---
+# How to create a package accelerator
 
+>Applies to: Windows 10, version 1607
 
-# How to Create a Package Accelerator
+App-V Package Accelerators automatically generate new virtual application packages.
 
-**Applies to**
--   Windows 10, version 1607
-
-App-V package accelerators automatically generate new virtual application packages.
-
->**Note**&nbsp;&nbsp;You can use Windows PowerShell to create a package accelerator. For more information see [How to Create a Package Accelerator by Using Windows PowerShell](appv-create-a-package-accelerator-with-powershell.md).
+>[!NOTE]
+>You can use Windows PowerShell to create a package accelerator. For more information, see [How to create a package accelerator by using Windows PowerShell](appv-create-a-package-accelerator-with-powershell.md).
 
 Use the following procedure to create a package accelerator.
 
->**Important**
-> - Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V Package Accelerator is applied.
-> - Before you begin the following procedure, perform the following:
-    -   Copy the virtual application package that you will use to create the package accelerator locally to the computer running the sequencer.
-    -   Copy all required installation files associated with the virtual application package to the computer running the sequencer.
-> - The App-V Sequencer does not grant any license rights to the software application you are using to create the Package Accelerator. You must abide by all end user license terms for the application you are using. It is your responsibility to make sure the software application’s license terms allow you to create a Package Accelerator using App-V Sequencer.
+>[!IMPORTANT]
+>
+>- Because package accelerators can contain password and user-specific information, you should save package accelerators and the associated installation media in a secure location, and you should also digitally sign the package accelerator after creating it so that you can verify the publisher when applying the App-V Package Accelerator.
+>- Before you begin creating a package accelerator, do the following:
+>     - Copy the virtual application package that you will use to create the package accelerator locally to the computer running the sequencer.
+>     - Copy all required installation files associated with the virtual application package to the computer running the sequencer.
+>- The App-V Sequencer does not grant any license rights to the software application you are using to create the package accelerator. You must abide by all end user license terms for the application you are using. It is your responsibility to make sure the software application’s license terms allow you to create a package accelerator with the App-V sequencer.
 
-## To create a package accelerator
+## Create a package accelerator
 
-1.  To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
+1. To start the App-V sequencer on the computer running the sequencer, select **Start** > **All Programs** > **Microsoft Application Virtualization** > **Microsoft Application Virtualization Sequencer**.
 
-2.  To start the App-V **Create Package Accelerator** wizard, in the App-V sequencer console, click **Tools** / **Create Accelerator**.
+2. To start the App-V **Create Package Accelerator** wizard, in the App-V sequencer console, select **Tools** > **Create Accelerator**.
 
-3.  On the **Select Package** page, to specify an existing virtual application package to use to create the Package Accelerator, click **Browse**, and locate the existing virtual application package (.appv file).
+3. On the **Select Package** page, select **Browse** to specify an existing virtual application package to use to create the package accelerator, then locate the existing virtual application package (it will appear as an .appv file).
 
-    **Tip**<br>
-    Copy the files associated with the virtual application package you plan to use locally to the computer running the Sequencer.
-    
-    Click **Next**.
+    >[!TIP]
+    >Copy the files associated with the virtual application package you plan to use locally to the computer running the Sequencer.
 
-4.  On the **Installation Files** page, to specify the folder that contains the installation files that you used to create the original virtual application package, click **Browse**, and then select the directory that contains the installation files.
+    Select **Next**.
 
-    **Tip**<br>
-    Copy the folder that contains the required installation files to the computer running the Sequencer.
+4. Go to the **Installation Files** page and select **Browse**, then select the directory that contains the installation files to specify the folder containing the original virtual package's installation files.
 
-5.  If the application is already installed on the computer running the sequencer, to specify the installation file, select **Files installed on local system**. To use this option, the application must already be installed in the default installation location.
+    >[!TIP]
+    >Copy the folder that contains the required installation files to the computer running the Sequencer.
 
-6.  On the **Gathering Information** page, review the files that were not found in the location specified on the **Installation Files** page of this wizard. If the files displayed are not required, select **Remove these files**, and then click **Next**. If the files are required, click **Previous** and copy the required files to the directory specified on the **Installation Files** page.
+5. If the application is already installed on the computer running the sequencer, then select **Files installed on local system** to specify the installation file. To use this option, the application must already be installed in the default installation location.
 
-    **Note**<br>
-    You must either remove the unrequired files, or click **Previous** and locate the required files to advance to the next page of this wizard.
+6. On the **Gathering Information** page, review the files that you couldn't find in the location specified by the **Installation Files** page. If the files displayed are not required, select **Remove these files**, then select **Next**. If the files are required, select **Previous** and copy the required files to the directory specified on the **Installation Files** page.
 
-7.  On the **Select Files** page, carefully review the files that were detected, and clear any file that should be removed from the package accelerator. Select only files that are required for the application to run successfully, and then click **Next**.
+    >[!NOTE]
+    >You must either remove the unrequired files or select **Previous** and locate the required files to advance to the next page of this wizard.
 
-8.  On the **Verify Applications** page, confirm that all installation files that are required to build the package are displayed. When the Package Accelerator is used to create a new package, all installation files displayed in the **Applications** pane are required to create the package.
+7. On the **Select Files** page, carefully review the detected files. Clear any file the package accelerator doesn't need to run successfully and select only the files that the application requires. When you're done, select **Next**.
 
-    If necessary, to add additional Installer files, click **Add**. To remove unnecessary installation files, select the Installer file, and then click **Delete**. To edit the properties associated with an installer, click **Edit**. The installation files specified in this step will be required when the Package Accelerator is used to create a new virtual application package. After you have confirmed the information displayed, click **Next**.
+8. Confirm that the **Verify Applications** page displays all installation files required to build the package. The package accelerator requires all installation files displayed in the **Applications** pane in order to create the package.
 
-9.  On the **Select Guidance** page, to specify a file that contains information about how the Package Accelerator, click **Browse**. For example, this file can contain information about how the computer running the Sequencer should be configured, application prerequisite information for target computers, and general notes. You should provide all required information for the Package Accelerator to be successfully applied. The file you select must be in rich text (.rtf) or text file (.txt) format. Click **Next**.
+    If you need to add additional Installer files, select **Add**. To remove unnecessary installation files, select the **Installer file**, then select **Delete**. To edit the properties associated with an installer, select **Edit**. The package accelerator requires the installation files specified in this step to create a new virtual application package. After you have confirmed the information displayed, select **Next**.
 
-10. On the **Create Package Accelerator** page, to specify where to save the Package Accelerator, click **Browse** and select the directory.
+9. On the **Select Guidance** page, select **Browse** to specify the file that will provide the package accelerator with application instructions. For example, this file can contain information about how the computer running the Sequencer should be configured, application prerequisite information for target computers, and general notes. You should provide all required information for successful package accelerator application. The file you select must be in rich text (.rtf) or text file (.txt) format. After specifying the file, select **Next**.
 
-11. On the **Completion** page, to close the **Create Package Accelerator** wizard, click **Close**.
+10. On the **Create Package Accelerator** page, select **Browse** and select the directory where you want to save the package accelerator.
 
-    **Important**<br>
-    To help ensure that the package accelerator is as secure as possible, and so that the publisher can be verified when the package accelerator is applied, you should always digitally sign the package accelerator.
+11. On the **Completion** page, select **Close**.
+
+    >[!IMPORTANT]
+    >You should always digitally sign the package accelerator to ensure that it is secure and can be verified by a publisher during application.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-[Operations for App-V](appv-operations.md)
-
-[How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md)
+- [Operations for App-V](appv-operations.md)
+- [How to create a virtual application package using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md)
diff --git a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
index d816a91315..2742b4002f 100644
--- a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
@@ -1,79 +1,76 @@
 ---
-title: How to Create a Virtual Application Package Using an App-V Package Accelerator (Windows 10)
-description: How to Create a Virtual Application Package Using an App-V Package Accelerator
+title: How to create a virtual application package using an App-V Package Accelerator (Windows 10)
+description: How to create a virtual application package using an App-V Package Accelerator.
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 07/10/2018
 ---
+# How to create a virtual application package using an App-V Package Accelerator
 
-
-# How to Create a Virtual Application Package Using an App-V Package Accelerator
-
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
 Use the following procedure to create a virtual application package with the App-V Package Accelerator.
 
-> **Important**&nbsp;&nbsp;The App-V Sequencer does not grant any license rights to the software application that you use to create the Package Accelerator. You must abide by all end user license terms for the application that you use. It is your responsibility to make sure that the software application’s license terms allow you to create a Package Accelerator with the App-V Sequencer.
+>[!IMPORTANT]
+>The App-V Sequencer does not grant any license rights to the software application that you use to create the package accelerator. You must abide by all end user license terms for the application that you use. It is your responsibility to make sure that the software application’s license terms allow you to create a package accelerator with the App-V Sequencer.
 
-**To create a virtual application package with an App-V Package Accelerator**
+## Create a virtual application package with an App-V Package Accelerator
 
-1. Be sure that the required Package Accelerator has been copied locally to the computer that runs the App-V Sequencer. Also copy all required installation files for the package to a local folder on the computer that runs the Sequencer. This is the folder that you have to specify in step 6 of this procedure.
+1. Make sure you've copied the required package accelerator locally to the computer running the App-V Sequencer. Also make sure to copy all required installation files for the package to a local folder on the computer running the Sequencer. This is the folder that you have to specify in step 6 of this procedure.
 
-2.  To start the App-V Sequencer, on the computer that runs the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
+2. To start the App-V Sequencer on the computer that runs the Sequencer, go to **Start** > **All Programs** > **Microsoft Application Virtualization** > **Microsoft Application Virtualization Sequencer**.
 
-3.  To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select the **Create Package using a Package Accelerator** check box, and then click **Next**.
+3. Select **Create a New Virtual Application Package**. To create the package, select the **Create Package using a Package Accelerator** check box, then select **Next**.
 
-4.  To specify the package accelerator that will be used to create the new virtual application package, click **Browse** on the **Select Package Accelerator** page. Click **Next**.
+4. To specify the package accelerator that will be used to create the new virtual application package, select **Browse** on the **Select Package Accelerator** page. Select **Next**.
 
-    > **Important**&nbsp;&nbsp;If the publisher of the package accelerator cannot be verified and does not contain a valid digital signature, then before you click **Run**, you must confirm that you trust the source of the package accelerator. Confirm your choice in the **Security Warning** dialog box.
+    >[!IMPORTANT]
+    >If the publisher of the package accelerator cannot be verified and does not contain a valid digital signature, then before you select **Run**, you must confirm that you trust the source of the package accelerator. Confirm your choice in the **Security Warning** dialog box.
 
-5.  On the **Guidance** page, review the publishing guidance information that is displayed in the information pane. This information was added when the Package Accelerator was created and it contains guidance about how to create and publish the package. To export the guidance information to a text (.txt) file, click **Export** and specify the location where the file should be saved, and then click **Next**.
+5. On the **Guidance** page, review the publishing guidance information that is displayed in the information pane. This information was added when the package accelerator was created and it contains guidance about how to create and publish the package. To export the guidance information to a text (.txt) file, select **Export** and specify the location where the file should be saved, and then select **Next**.
 
-6.  On the **Select Installation Files** page, click **Make New Folder** to create a local folder that contains all required installation files for the package, and specify where the folder should be saved. You must also specify a name to be assigned to the folder. You must then copy all required installation files to the location that you specified. If the folder that contains the installation files already exists on the computer that runs the Sequencer, click **Browse** to select the folder.
+6. On the **Select Installation Files** page, select **Make New Folder** to create a local folder that contains all required installation files for the package, and specify where the folder should be saved. You must also specify a name to be assigned to the folder. You must then copy all required installation files to the location that you specified. If the folder that contains the installation files already exists on the computer that runs the Sequencer, select **Browse** to select the folder.
 
-    Alternatively, if you have already copied the installation files to a directory on this computer, click **Make New Folder**, browse to the folder that contains the installation files, and then click **Next**.
+    Alternatively, if you have already copied the installation files to a directory on this computer, select **Make New Folder**, browse to the folder that contains the installation files, then select **Next**.
 
-    > **Note**&nbsp;&nbsp;You can specify the following types of supported installation files:
-    > -   Windows Installer files (**.msi**)
-    > -   Cabinet files (.cab)
-    > -   Compressed files with a .zip file name extension
-    > -   The actual application files
+    >[!NOTE]
+    >You can specify the following types of supported installation files:
+    > - Windows Installer files (**.msi**)
+    > - Cabinet files (.cab)
+    > - Compressed files with a .zip file name extension
+    > - The actual application files
     > The following file types are not supported: **.msp** and **.exe** files. If you specify an **.exe** file, you must extract the installation files manually.
 
-7.  If the package accelerator requires an application to be installed before you apply the Package Accelerator, and if you have already installed the required application, select **I have installed all applications**, and then click **Next** on the **Local Installation** page.
+7. If the package accelerator requires you to install an application before you apply the package accelerator and you have already installed the required application, select **I have installed all applications**, then select **Next** on the **Local Installation** page.
 
-8.  On the **Package Name** page, specify a name that will be associated with the package. The name that you specify identifies the package in the App-V Management Console. Click **Next**.
+8. On the **Package Name** page, specify a name that will be associated with the package. The name you choose will identify the package in the App-V Management Console. Select **Next**.
 
-9.  On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information that is displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB.
+9. On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network or the package size exceeds 4 GB.
 
-10.  To create the package, click **Create**. After the package is created, click **Next**.
+10. To create the package, select **Create**. After the package is created, select **Next**.
 
-11.  On the **Configure Software** page, to enable the Sequencer to configure the applications that are contained in the package, select **Configure Software**. In this step you can configure any associated tasks that must be completed in order to run the application on the target computers. For example, you can configure any associated license agreements.
+11. On the **Configure Software** page, to enable the Sequencer to configure the applications contained within the package, select **Configure Software**. **Configure Software** will let you configure any associated tasks required to run the application on the target computers. For example, you can configure any associated license agreements.
 
-    If you select **Configure Software**, the following items can be configured using the Sequencer as part of this step:
+    The following items can be configured using the Sequencer as part of this step:
 
-    -   **Load Package**. The Sequencer loads the files that are associated with the package. It can take several seconds to an hour to decode the package.
+    - **Load Package** loads files associated with the package. It can take several seconds to an hour to decode the package.
+    - **Run Each Program** optionally runs programs contained within the package. This step can help you complete associated license or configuration tasks that must be completed before deploying and running the package on target computers. To run all the programs at once, select at least one program, and then select **Run All**. To run specific programs, select the program or programs that you want to run, and then select **Run Selected**. Complete the required configuration tasks, then close the applications. It can take several minutes for all programs to run. Select **Next**.
+    - **Save Package** saves the package.
+    - **Primary Feature Block** optimizes the package for streaming by rebuilding the primary feature block.
 
-    -   **Run Each Program**. Optionally run the programs that are contained in the package. This step is helpful to complete any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at once, select at least one program, and then click **Run All**. To run specific programs, select the program or programs that you want to run, and then click **Run Selected**. Complete the required configuration tasks, and then close the applications. It can take several minutes for all programs to run. Click **Next**.
+    If you don't want to configure the applications, select **Skip this step**, then select **Next**.
 
-    -   **Save Package**. The Sequencer saves the package.
+12. On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, select **Close**.
 
-    -   **Primary Feature Block**. The Sequencer optimizes the package for streaming by rebuilding the primary feature block.
-
-    If you do not want to configure the applications, click **Skip this step**, and then click **Next**.
-
-12.  On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, click **Close**.
-
-    The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about how to modify a package, see [How to Modify an Existing Virtual Application Package](appv-modify-an-existing-virtual-application-package.md).
+    The package is now available in the Sequencer. To edit the package properties, select **Edit \[Package Name\]**. For more information about how to modify a package, see [How to modify an existing virtual application package](appv-modify-an-existing-virtual-application-package.md).
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-[Operations for App-V](appv-operations.md)
+- [Operations for App-V](appv-operations.md)
diff --git a/windows/application-management/app-v/appv-create-and-use-a-project-template.md b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
index 383572f210..ee730d4a21 100644
--- a/windows/application-management/app-v/appv-create-and-use-a-project-template.md
+++ b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
@@ -6,60 +6,54 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 07/10/2018
 ---
-
 # Create and apply an App-V project template to a sequenced App-V package
 
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
-You can use an App-V project template (.appvt) file to save commonly applied settings associated with an existing virtual application package. These settings can then be applied when you create new virtual application packages in your environment. Using a project template can streamline the process of creating virtual application packages. App-V project templates differ from App-V Package Accelerators because App-V Package Accelerators are application-specific, while App-V project templates can be applied to multiple applications. For more info about Package Accelerators, see the [How to create a Package Accelerator](appv-create-a-package-accelerator.md) topic.
+You can use an App-V Project Template (.appvt) file to save commonly applied settings associated with an existing virtual application package. You can then apply these settings whenever you create new virtual application packages in your environment, streamlining the package creation process. App-V Project Templates differ from App-V Package Accelerators because App-V Package Accelerators are application-specific, while App-V Project Templates can be applied to multiple applications. To learn more about package accelerators, see [How to create a package accelerator](appv-create-a-package-accelerator.md).
 
 >[!IMPORTANT]
->In Windows 10, version 1703, running the new-appvsequencerpackage or the update-appvsequencepackage cmdlets automatically captures and stores all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file. If you have an auto-saved template and you attempt to load another template through the _TemplateFilePath_ parameter, the customization value from the parameter will override the auto-saved template.
-
+>In Windows 10, version 1703, running the **New-AppvSequencerPackage** or the **Update-AppvSequencerPackage** cmdlets will automatically capture and store your customizations as an App-V Project Template. If you want to make changes to this package later, you can automatically load your customizations from this template file. If you have an auto-saved template and you attempt to load another template through the *TemplateFilePath* parameter, the customization value from the parameter will override the auto-saved template.
 
 ## Create a project template
+
 You must first create and save a project template, including a virtual app package with settings to be used by the template.
 
-**To create a project template**
-
-1. On the device running the App-V Sequencer, click **Start**, click **All Programs**, click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+1. On the device running the App-V Sequencer, select **Start**, select **All Programs**, select **Microsoft Application Virtualization**, and then select **Microsoft Application Virtualization Sequencer**.
 
     >[!NOTE]
     >If the virtual app package is currently open in the App-V Sequencer console, skip to Step 3 of this procedure.
 
-2. On the **File** menu, click **Open**, click **Edit Package**, browse for the virtual app package that includes the settings you want to save with the App-V project template, and then click **Edit** to change any of the settings or info included in the file.
+2. On the **File** menu, select **Open**, select **Edit Package**, browse for the virtual app package that includes the settings you want to save with the App-V Project Template, and then select **Edit** to change any of the settings or info included in the file.
 
-3. On the **File** menu, click **Save As Template**, review the settings associated with the new template, click **OK**, name your new template, and then click **Save**.
+3. On the **File** menu, select **Save As Template**, review the settings associated with the new template, select **OK**, name your new template, and then select **Save**.
 
-    The new App-V project template is saved in the folder you specified.
+    The new App-V Project Template is saved in the folder you specified.
 
 ## Apply a project template
+
 After creating the template, you can apply it to all of your new virtual app packages, automatically including all of the settings.
 
 >[!IMPORTANT]
->Virtual app packages don't support using both a project template and a Package Accelerator together.
+>Virtual app packages don't support using both a project template and a package accelerator at the same time.
 
-1. On the device running the App-V Sequencer, click **Start**, click **All Programs**, click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+1. On the device running the App-V Sequencer, select **Start** > **All Programs** > **Microsoft Application Virtualization** > **Microsoft Application Virtualization Sequencer**.
 
-2. On the **File** menu, click **New From Template**, browse to your newly created project template, and then click **Open**.
+2. On the **File** menu, select **New From Template**, browse to your newly created project template and select **Open**.
 
 3. Create your new virtual app package. The settings saved with your template are automatically applied.
 
 ### Related topics
+
 - [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
-
 - [How to install the App-V Sequencer](appv-install-the-sequencer.md)
-
 - [Learn about Hyper-V on Windows Server 2016](https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server)
-
 - [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md)
-
 - [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md)
-
 - [Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-sequence-a-new-application.md)
 
-**Have a suggestion for App-V?**<p>
-Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
index 92958f3b25..e6c441feb7 100644
--- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
+++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
@@ -1,6 +1,6 @@
 ---
-title: Creating and Managing App-V Virtualized Applications (Windows 10)
-description: Creating and Managing App-V Virtualized Applications
+title: Creating and managing App-V virtualized applications (Windows 10)
+description: Creating and managing App-V virtualized applications
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.prod: w10
 ms.date: 04/18/2018
 ---
-# Creating and Managing App-V Virtualized Applications
+# Creating and managing App-V virtualized applications
 
 >Applies to: Windows 10, version 1607
 
diff --git a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
index 9a7fd827bf..a364b60032 100644
--- a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
@@ -1,40 +1,37 @@
 ---
-title: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console (Windows 10)
-description: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console
+title: How to customize virtual application extensions for a specific AD group by using the Management Console (Windows 10)
+description: How to customize virtual application extensions for a specific AD group by using the Management Console.
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 07/10/2018
 ---
+# How to customize virtual applications extensions for a specific AD group by using the Management Console
 
-
-# How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console
-
-**Applies to**
--   Windows 10, version 1607
+>Applies to: Windows 10, version 1607
 
 Use the following procedure to customize the virtual application extensions for an Active Directory (AD) group.
 
-**To customize virtual applications extensions for an AD group**
+## Customize virtual applications extensions for an AD group
 
-1.  To view the package that you want to configure, open the App-V Management Console. To view the configuration that is assigned to a given user group, select the package, and right-click the package name and select **Edit active directory access**. Alternatively, select the package and click **EDIT** in the **AD ACCESS** pane.
+1. To view the package that you want to configure, open the App-V Management Console. To view the configuration assigned to a given user group, select the package, then right-click the package name and select **Edit active directory access**. Alternatively, select the package and select **EDIT** in the **AD ACCESS** pane.
 
-2.  To customize an AD group, you can find the group from the list of **AD Entities with Access**. Then, using the drop-down box in the **Assigned Configuration** pane, select **Custom**, and then click **EDIT**.
+2. To customize an AD group, you can find the group from the list of **AD Entities with Access**. Then, using the drop-down box in the **Assigned Configuration** pane, select **Custom**, and then select **EDIT**.
 
-3.  To disable all extensions for a given application, clear **ENABLE**.
+3. To disable all extensions for a given application, clear **ENABLE**.
 
-    To add a new shortcut for the selected application, right-click the application in the **SHORTCUTS** pane, and select **Add new shortcut**. To remove a shortcut, right-click the application in the **SHORTCUTS** pane, and select **Remove Shortcut**. To edit an existing shortcut, right-click the application, and select **Edit Shortcut**.
+    To add a new shortcut for the selected application, right-click the application in the **SHORTCUTS** pane, and select **Add new shortcut**. To remove a shortcut, right-click the application in the **SHORTCUTS** pane and select **Remove Shortcut**. To edit an existing shortcut, right-click the application and select **Edit Shortcut**.
 
-4.  To view any other application extensions, click **Advanced**, and click **Export Configuration**. Type in a filename and click **Save**. You can view all application extensions that are associated with the package using the configuration file.
+4. To view any other application extensions, select **Advanced**, and select **Export Configuration**. Enter a filename and select **Save**. You can view all application extensions that are associated with the package using the configuration file.
 
-5.  To edit additional application extensions, modify the configuration file and click **Import and Overwrite this Configuration**. Select the modified file and click **Open**. In the dialog, click **Overwrite** to complete the process.
+5. To edit additional application extensions, modify the configuration file and select **Import and Overwrite this Configuration**. Select the modified file and select **Open**. In the dialog, select **Overwrite** to complete the process.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 
 ## Related topics
 
-[Operations for App-V](appv-operations.md)
+- [Operations for App-V](appv-operations.md)
diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md
index afe9597029..32ae6b094c 100644
--- a/windows/application-management/app-v/appv-reporting.md
+++ b/windows/application-management/app-v/appv-reporting.md
@@ -200,7 +200,7 @@ To retrieve report information and create reports using App-V you must use one o
 
     To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. Make sure the Microsoft SQL Server Agent is set to **AutoStart**. For more information, see [Autostart SQL Server Agent (SQL Server Management Studio)](https://docs.microsoft.com/en-us/sql/ssms/agent/autostart-sql-server-agent-sql-server-management-studio).
 
-    The stored procedure is also created when when you use the App-V database scripts.
+    The stored procedure is also created when you use the App-V database scripts.
 
 You should also ensure that the reporting server web service’s **Maximum Concurrent Connections** is set to a value that the server can manage without affecting availability. The recommended number of **Maximum Concurrent Connections** for the **Reporting Web Service** is **10,000**.
 
diff --git a/windows/application-management/app-v/appv-using-the-client-management-console.md b/windows/application-management/app-v/appv-using-the-client-management-console.md
index 54b1306b2e..e2244bcd6a 100644
--- a/windows/application-management/app-v/appv-using-the-client-management-console.md
+++ b/windows/application-management/app-v/appv-using-the-client-management-console.md
@@ -15,7 +15,7 @@ ms.date: 04/19/2017
 **Applies to**
 -   Windows 10, version 1607
 
-This topic provides information about about using the Application Virtualization (App-V) client management console to manage packages on the computer running the App-V client.
+This topic provides information about using the Application Virtualization (App-V) client management console to manage packages on the computer running the App-V client.
 
 ## Obtain the client management console
 
diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md
index 2a601d2d47..f29b02af29 100644
--- a/windows/application-management/apps-in-windows-10.md
+++ b/windows/application-management/apps-in-windows-10.md
@@ -8,7 +8,7 @@ ms.pagetype: mobile
 ms.author: elizapo
 author: lizap
 ms.localizationpriority: medium
-ms.date: 04/30/2018
+ms.date: 07/10/2018
 ---
 # Understand the different apps included in Windows 10
 
@@ -97,7 +97,7 @@ System apps are integral to the operating system. Here are the typical system ap
 Here are the typical installed Windows apps in Windows 10 versions 1703, 1709, and 1803.
 
 | Name               | Full name                                | 1703 | 1709 | 1803 |Uninstall through UI? |
-|--------------------|------------------------------------------|:------:|:------:|:------:|----------------------|
+|--------------------|------------------------------------------|:----:|:----:|:----:|----------------------|
 | Remote Desktop     | Microsoft.RemoteDesktop                  | x    | x    |      | Yes                  |
 | PowerBI            | Microsoft.Microsoft PowerBIforWindows    | x    |      |      | Yes                  |
 | Code Writer        | ActiproSoftwareLLC.562882FEEB491         | x    | x    | x    | Yes                  |
@@ -106,7 +106,7 @@ Here are the typical installed Windows apps in Windows 10 versions 1703, 1709, a
 | Photoshop Express  | AdobeSystemIncorporated. AdobePhotoshop  | x    | x    | x    | Yes                  |
 | Duolingo           | D5EA27B7.Duolingo- LearnLanguagesforFree | x    | x    | x    | Yes                  |
 | Network Speed Test | Microsoft.NetworkSpeedTest               | x    | x    | x    | Yes                  |
-| News                            | Microsoft.BingNews                     | x    |  x   | x    | Yes                       |
+| News               | Microsoft.BingNews                       | x    |  x   | x    | Yes                  |
 | Flipboard          |                                          |      |      |      | Yes                  |
 |                    | Microsoft.Advertising.Xaml               | x    | x    | x    | Yes                  |
 |                    | Microsoft.NET.Native.Framework.1.2       | x    | x    | x    | Yes                  |
@@ -171,4 +171,7 @@ Here are the typical provisioned Windows apps in Windows 10 versions 1703, 1709,
 |                                 | Microsoft.XboxGameOverlay              | x    |  x   | x    | No                        |
 |                                 | Microsoft.XboxGamingOverlay            |      |      | x    | No                        |
 |                                 | Microsoft.XboxIdentityProvider         | x    |  x   | x    | No                        |
-|                                 | Microsoft.XboxSpeech ToTextOverlay     | x    |  x   | x    | No                        |
\ No newline at end of file
+|                                 | Microsoft.XboxSpeech ToTextOverlay     | x    |  x   | x    | No                        |
+
+>[!NOTE]
+>The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it.
\ No newline at end of file
diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index d25e2670b7..a4a44b1265 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -19,7 +19,7 @@ ms.date: 11/28/2017
 
 -   Windows 10
 
-From its release, Windows 10 has supported remote connections to PCs that are joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/device-management-azuread-joined-devices-setup).
+From its release, Windows 10 has supported remote connections to PCs that are joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup).
 
 ![Remote Desktop Connection client](images/rdp.png)
 
diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md
index 57086835cb..b51971615e 100644
--- a/windows/client-management/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/manage-settings-app-with-group-policy.md
@@ -25,7 +25,7 @@ The Group Policy can be configured in one of two ways: specify a list of pages t
 
 Here are some examples:
 
-- To show only the the Ethernet and Proxy pages, set the **Settings App Visibility** textbox to **ShowOnly:Network-Proxy;Network-Ethernet**.
+- To show only the Ethernet and Proxy pages, set the **Settings App Visibility** textbox to **ShowOnly:Network-Proxy;Network-Ethernet**.
 - To hide the Ethernet and Proxy pages, set the **Settings App Visibility** textbox to **Hide:Network-Proxy;Network-Ethernet**.
 
 
diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 659b090224..21553dfee9 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -179,7 +179,6 @@
 #### [Policy DDF file](policy-ddf-file.md)
 #### [ApplicationRestrictions XSD](applicationrestrictions-xsd.md)
 #### [AboveLock](policy-csp-abovelock.md)
-#### [AccountPoliciesAccountLockoutPolicy](policy-csp-accountpoliciesaccountlockoutpolicy.md)
 #### [Accounts](policy-csp-accounts.md)
 #### [ActiveXControls](policy-csp-activexcontrols.md)
 #### [ApplicationDefaults](policy-csp-applicationdefaults.md)
@@ -190,6 +189,7 @@
 #### [Authentication](policy-csp-authentication.md)
 #### [Autoplay](policy-csp-autoplay.md)
 #### [Bitlocker](policy-csp-bitlocker.md)
+#### [BITS](policy-csp-bits.md)
 #### [Bluetooth](policy-csp-bluetooth.md)
 #### [Browser](policy-csp-browser.md)
 #### [Camera](policy-csp-camera.md)
@@ -209,6 +209,7 @@
 #### [DeviceInstallation](policy-csp-deviceinstallation.md)
 #### [DeviceLock](policy-csp-devicelock.md)
 #### [Display](policy-csp-display.md)
+#### [DmaGuard](policy-csp-dmaguard.md)
 #### [Education](policy-csp-education.md)
 #### [EnterpriseCloudPrint](policy-csp-enterprisecloudprint.md)
 #### [ErrorReporting](policy-csp-errorreporting.md)
@@ -250,6 +251,7 @@
 #### [Storage](policy-csp-storage.md)
 #### [System](policy-csp-system.md)
 #### [SystemServices](policy-csp-systemservices.md)
+#### [TaskManager](policy-csp-taskmanager.md)
 #### [TaskScheduler](policy-csp-taskscheduler.md)
 #### [TextInput](policy-csp-textinput.md)
 #### [TimeLanguageSettings](policy-csp-timelanguagesettings.md)
@@ -313,6 +315,8 @@
 #### [WiFi DDF file](wifi-ddf-file.md)
 ### [Win32AppInventory CSP](win32appinventory-csp.md)
 #### [Win32AppInventory DDF file](win32appinventory-ddf-file.md)
+### [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)
+#### [Win32CompatibilityAppraiser DDF file](win32compatibilityappraiser-ddf.md)
 ### [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)
 #### [WindowsAdvancedThreatProtection DDF file](windowsadvancedthreatprotection-ddf.md)
 ### [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)
@@ -321,4 +325,5 @@
 #### [WindowsLicensing DDF file](windowslicensing-ddf-file.md)
 ### [WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md)
 #### [WindowsSecurityAuditing DDF file](windowssecurityauditing-ddf-file.md)
-
+### [WiredNetwork CSP](wirednetwork-csp.md)
+#### [WiredNetwork DDF file](wirednetwork-ddf-file.md)
diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
index 9078574ee6..e5d61253aa 100644
--- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
@@ -610,7 +610,7 @@ Authorization:Bearer <Azure AD User Token Inserted here>
 Additional claims may be present in the Azure AD token, such as:
 
 -   User - user currently logged in
--   Device compliance - value set the the MDM service into Azure
+-   Device compliance - value set the MDM service into Azure
 -   Device ID - identifies the device that is checking in
 -   Tenant ID
 
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index a1a2dd3a81..622256b740 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -6,11 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 01/04/2018
+ms.date: 07/16/2018
 ---
 
 # BitLocker CSP
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703.
 
@@ -418,7 +420,7 @@ The following diagram shows the BitLocker configuration service provider in tree
         
 <p style="margin-left: 20px">If you set the value to "2" (Use custom recovery message), the message you set in the "RecoveryMessage_Input" data field will be displayed in the pre-boot key recovery screen. If a recovery URL is available, include it in the message.</p>
                         
-<p style="margin-left: 20px">If you set the the value to "3" (Use custom recovery URL), the URL you type in the "RecoveryUrl_Input" data field will replace the default URL in the default recovery message, which will be displayed in the pre-boot key recovery screen.</p>
+<p style="margin-left: 20px">If you set the value to "3" (Use custom recovery URL), the URL you type in the "RecoveryUrl_Input" data field will replace the default URL in the default recovery message, which will be displayed in the pre-boot key recovery screen.</p>
                          
 <p style="margin-left: 20px">Sample value for this node to enable this policy is:</p>
 
@@ -842,6 +844,37 @@ The following diagram shows the BitLocker configuration service provider in tree
 </Replace>
 ```
 
+<a href="" id="allowstandarduserencryption"></a>**AllowStandardUserEncryption**  
+Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user Azure AD account.
+
+> [!Note]  
+> This policy is only supported in Azure AD accounts.
+                         
+"AllowStandardUserEncryption" policy is tied to "AllowWarningForOtherDiskEncryption" policy  being set to "0", i.e, silent encryption is enforced.
+                     
+If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user is the current logged on user in the system.
+
+The expected values for this policy are: 
+
+- 1 = "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user.
+- 0 = This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy will not try to enable encryption on any drive.
+
+If you want to disable this policy use the following SyncML:
+
+``` syntax
+ <Replace>
+ <CmdID>111</CmdID>
+   <Item>
+     <Target>
+         <LocURI>./Device/Vendor/MSFT/BitLocker/AllowStandardUserEncryption</LocURI>
+     </Target>
+     <Meta>
+         <Format xmlns="syncml:metinf">int</Format>
+     </Meta>
+     <Data>0</Data>
+   </Item>
+ </Replace>
+```
 ### SyncML example
 
 The following example is provided to show proper format and should not be taken as a recommendation.
diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md
index b3df788f7c..df0326e929 100644
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@@ -6,16 +6,19 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 12/05/2017
+ms.date: 06/29/2018
 ---
 
 # BitLocker DDF file
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 This topic shows the OMA DM device description framework (DDF) for the **BitLocker** configuration service provider. 
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is the current version for this CSP. 
+The XML below is the current version Windows 10, next major version. 
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -41,7 +44,7 @@ The XML below is the current version for this CSP.
             <Permanent />
           </Scope>
           <DFType>
-            <MIME>com.microsoft/1.0/MDM/BitLocker</MIME>
+            <MIME>com.microsoft/3.0/MDM/BitLocker</MIME>
             <DDFName></DDFName>
           </DFType>
         </DFProperties>
@@ -63,7 +66,7 @@ The XML below is the current version for this CSP.
                          Disabling the policy will not turn off the encryption on the storage card. But will stop prompting the user to turn it on.
                          If you want to disable this policy use the following SyncML:
                          <Replace>
-                         <CmdID>$CmdID$</CmdID>
+                         <CmdID>100</CmdID>
                            <Item>
                              <Target>
                                  <LocURI>./Device/Vendor/MSFT/BitLocker/RequireStorageCardEncryption</LocURI>
@@ -87,6 +90,10 @@ The XML below is the current version for this CSP.
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1">
+              <MSFT:SupportedValue value="0" description="Default when policy is not set."/>
+              <MSFT:SupportedValue value="1" description="Allows the admin to require storage card encryption."/>
+            </MSFT:SupportedValues>
           </DFProperties>
         </Node>
         <Node>
@@ -106,7 +113,7 @@ The XML below is the current version for this CSP.
                          Disabling the policy will not turn off the encryption on the system drive. But will stop prompting the user to turn it on.
                          If you want to disable this policy use the following SyncML:
                          <Replace>
-                         <CmdID>$CmdID$</CmdID>
+                         <CmdID>101</CmdID>
                            <Item>
                              <Target>
                                  <LocURI>./Device/Vendor/MSFT/BitLocker/RequireDeviceEncryption</LocURI>
@@ -130,6 +137,10 @@ The XML below is the current version for this CSP.
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1">
+              <MSFT:SupportedValue value="0" description="Default when policy is not set."/>
+              <MSFT:SupportedValue value="1" description="Allows the admin to require encryption."/>
+            </MSFT:SupportedValues>
           </DFProperties>
         </Node>
         <Node>
@@ -160,7 +171,7 @@ The XML below is the current version for this CSP.
 
                          If you want to disable this policy use the following SyncML:
                          <Replace>
-                         <CmdID>$CmdID$</CmdID>
+                         <CmdID>102</CmdID>
                            <Item>
                              <Target>
                                  <LocURI>./Device/Vendor/MSFT/BitLocker/EncryptionMethodByDriveType</LocURI>
@@ -186,6 +197,9 @@ The XML below is the current version for this CSP.
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXBacked>VolumeEncryption.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>VolumeEncryption~AT~WindowsComponents~FVECategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EncryptionMethodWithXts_Name</MSFT:ADMXPolicyName>
           </DFProperties>
         </Node>
         <Node>
@@ -200,7 +214,7 @@ The XML below is the current version for this CSP.
             <Description>This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker.
                          Note: Only one of the additional authentication options can be required at startup, otherwise a policy error occurs.
                          If you want to use BitLocker on a computer without a TPM, set the "ConfigureNonTPMStartupKeyUsage_Name" data. In this mode either a password or a USB drive is required for start-up. When using a startup key, the key information used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable or if you have forgotten the password then you will need to use one of the BitLocker recovery options to access the drive.
-                         On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.
+                         On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 4-digit to 20-digit personal identification number (PIN), or both.
                          If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.
                          If you disable or do not configure this policy setting, users can configure only basic options on computers with a TPM.
                          Note: If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.
@@ -227,7 +241,7 @@ The XML below is the current version for this CSP.
                          Disabling the policy will let the system choose the default behaviors.
                          If you want to disable this policy use the following SyncML:
                          <Replace>
-                         <CmdID>$CmdID$</CmdID>
+                         <CmdID>103</CmdID>
                            <Item>
                              <Target>
                                  <LocURI>./Device/Vendor/MSFT/BitLocker/SystemDrivesRequireStartupAuthentication</LocURI>
@@ -253,6 +267,9 @@ The XML below is the current version for this CSP.
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXBacked>VolumeEncryption.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>VolumeEncryption~AT~WindowsComponents~FVECategory~FVEOSCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureAdvancedStartup_Name</MSFT:ADMXPolicyName>
           </DFProperties>
         </Node>
         <Node>
@@ -264,9 +281,10 @@ The XML below is the current version for this CSP.
               <Get />
               <Replace />
             </AccessType>
-            <Description>This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits.
+            <Description>This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.
                          If you enable this policy setting, you can require a minimum number of digits to be used when setting the startup PIN.
                          If you disable or do not configure this policy setting, users can configure a startup PIN of any length between 6 and 20 digits.
+                         NOTE: If minimum PIN length is set below 6 digits, Windows will attempt to update the TPM 2.0 lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset.
                          The format is string.
                          Sample value for this node to enable this policy is:
                          &lt;enabled/&gt;&lt;data id=&quot;MinPINLength&quot; value=&quot;xx&quot;/&gt;
@@ -274,7 +292,7 @@ The XML below is the current version for this CSP.
                          Disabling the policy will let the system choose the default behaviors.
                          If you want to disable this policy use the following SyncML:
                          <Replace>
-                         <CmdID>$CmdID$</CmdID>
+                         <CmdID>104</CmdID>
                            <Item>
                              <Target>
                                  <LocURI>./Device/Vendor/MSFT/BitLocker/SystemDrivesMinimumPINLength</LocURI>
@@ -300,6 +318,9 @@ The XML below is the current version for this CSP.
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXBacked>VolumeEncryption.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>VolumeEncryption~AT~WindowsComponents~FVECategory~FVEOSCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>MinimumPINLength_Name</MSFT:ADMXPolicyName>
           </DFProperties>
         </Node>
         <Node>
@@ -331,7 +352,7 @@ The XML below is the current version for this CSP.
                          Disabling the policy will let the system choose the default behaviors.
                          If you want to disable this policy use the following SyncML:
                          <Replace>
-                         <CmdID>$CmdID$</CmdID>
+                         <CmdID>105</CmdID>
                            <Item>
                              <Target>
                                  <LocURI>./Device/Vendor/MSFT/BitLocker/SystemDrivesRecoveryMessage</LocURI>
@@ -357,6 +378,9 @@ The XML below is the current version for this CSP.
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXBacked>VolumeEncryption.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>VolumeEncryption~AT~WindowsComponents~FVECategory~FVEOSCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PrebootRecoveryInfo_Name</MSFT:ADMXPolicyName>
           </DFProperties>
         </Node>
         <Node>
@@ -397,7 +421,7 @@ The XML below is the current version for this CSP.
                          Disabling the policy will let the system choose the default behaviors.
                          If you want to disable this policy use the following SyncML:
                          <Replace>
-                         <CmdID>$CmdID$</CmdID>
+                         <CmdID>106</CmdID>
                            <Item>
                              <Target>
                                  <LocURI>./Device/Vendor/MSFT/BitLocker/SystemDrivesRecoveryOptions</LocURI>
@@ -423,6 +447,9 @@ The XML below is the current version for this CSP.
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXBacked>VolumeEncryption.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>VolumeEncryption~AT~WindowsComponents~FVECategory~FVEOSCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>OSRecoveryUsage_Name</MSFT:ADMXPolicyName>
           </DFProperties>
         </Node>
         <Node>
@@ -463,7 +490,7 @@ The XML below is the current version for this CSP.
                          Disabling the policy will let the system choose the default behaviors.
                          If you want to disable this policy use the following SyncML:
                          <Replace>
-                         <CmdID>$CmdID$</CmdID>
+                         <CmdID>107</CmdID>
                            <Item>
                              <Target>
                                  <LocURI>./Device/Vendor/MSFT/BitLocker/FixedDrivesRecoveryOptions</LocURI>
@@ -489,6 +516,9 @@ The XML below is the current version for this CSP.
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXBacked>VolumeEncryption.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>VolumeEncryption~AT~WindowsComponents~FVECategory~FVEFDVCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>FDVRecoveryUsage_Name</MSFT:ADMXPolicyName>
           </DFProperties>
         </Node>
         <Node>
@@ -510,7 +540,7 @@ The XML below is the current version for this CSP.
                          Disabling the policy will let the system choose the default behaviors.
                          If you want to disable this policy use the following SyncML:
                          <Replace>
-                         <CmdID>$CmdID$</CmdID>
+                         <CmdID>108</CmdID>
                            <Item>
                              <Target>
                                  <LocURI>./Device/Vendor/MSFT/BitLocker/FixedDrivesRequireEncryption</LocURI>
@@ -536,6 +566,9 @@ The XML below is the current version for this CSP.
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXBacked>VolumeEncryption.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>VolumeEncryption~AT~WindowsComponents~FVECategory~FVEFDVCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>FDVDenyWriteAccess_Name</MSFT:ADMXPolicyName>
           </DFProperties>
         </Node>
         <Node>
@@ -563,7 +596,7 @@ The XML below is the current version for this CSP.
                          Disabling the policy will let the system choose the default behaviors.
                          If you want to disable this policy use the following SyncML:
                          <Replace>
-                         <CmdID>$CmdID$</CmdID>
+                         <CmdID>109</CmdID>
                            <Item>
                              <Target>
                                  <LocURI>./Device/Vendor/MSFT/BitLocker/RemovableDrivesRequireEncryption</LocURI>
@@ -589,6 +622,116 @@ The XML below is the current version for this CSP.
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXBacked>VolumeEncryption.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>VolumeEncryption~AT~WindowsComponents~FVECategory~FVERDVCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>RDVDenyWriteAccess_Name</MSFT:ADMXPolicyName>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowWarningForOtherDiskEncryption</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Allows Admin to disable all UI (notification for encryption and warning prompt for other disk encryption)
+                         and turn on encryption on the user machines silently.
+                         Warning: When you enable BitLocker on a device with third party encryption, it may render the device unusable and will
+                         require reinstallation of Windows.
+                         Note: This policy takes effect only if "RequireDeviceEncryption" policy is set to 1.
+                         The format is integer.
+                         The expected values for this policy are: 
+
+                         1 = This is the default, when the policy is not set. Warning prompt and encryption notification is allowed.
+                         0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update, 
+                             the value 0 only takes affect on Azure Active Directory joined devices. 
+                             Windows will attempt to silently enable BitLocker for value 0.
+
+                         If you want to disable this policy use the following SyncML:
+                         <Replace>
+                         <CmdID>110</CmdID>
+                           <Item>
+                             <Target>
+                                 <LocURI>./Device/Vendor/MSFT/BitLocker/AllowWarningForOtherDiskEncryption</LocURI>
+                             </Target>
+                             <Meta>
+                                 <Format xmlns="syncml:metinf">int</Format>
+                             </Meta>
+                             <Data>0</Data>
+                           </Item>
+                         </Replace>
+            </Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues AllowedValues="0,1">
+              <MSFT:SupportedValue value="0" description="Disables the warning prompt. Starting in Windows 10, next major update, the value 0 only takes affect on Azure Active Directory joined devices. Windows will attempt to silently enable BitLocker for value 0."/>
+              <MSFT:SupportedValue value="1" description="Default when policy is not set."/>
+            </MSFT:SupportedValues>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowStandardUserEncryption</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user.
+                         "AllowStandardUserEncryption" policy is tied to "AllowWarningForOtherDiskEncryption" policy  being set to "0", i.e, Silent encryption is enforced.
+                         If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user
+                         is the current logged on user in the system.
+
+                         The expected values for this policy are: 
+
+                         1 = "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user.
+                         0 = This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy
+                             will not try to enable encryption on any drive.
+
+                         If you want to disable this policy use the following SyncML:
+                         <Replace>
+                         <CmdID>111</CmdID>
+                           <Item>
+                             <Target>
+                                 <LocURI>./Device/Vendor/MSFT/BitLocker/AllowStandardUserEncryption</LocURI>
+                             </Target>
+                             <Meta>
+                                 <Format xmlns="syncml:metinf">int</Format>
+                             </Meta>
+                             <Data>0</Data>
+                           </Item>
+                         </Replace>
+            </Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues AllowedValues="0,1">
+              <MSFT:SupportedValue value="0" description="This is the default when the policy is not set. If current logged on user is a standard user, RequireDeviceEncryption policy
+                             will not try to enable encryption on any drive."/>
+              <MSFT:SupportedValue value="1" description="RequireDeviceEncryption policy will try to enable encryption on all fixed drives even if a current logged in user is standard user."/>
+            </MSFT:SupportedValues>
           </DFProperties>
         </Node>
       </Node>
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 5c5d9301ff..441c14e310 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -30,6 +30,7 @@ Footnotes:
 - 2 - Added in Windows 10, version 1703
 - 3 - Added in Windows 10, version 1709
 - 4 - Added in Windows 10, version 1803
+- 5 - Added in Windows 10, next major version
 
 <!--StartCSPs-->
 <hr/>
@@ -2416,6 +2417,34 @@ Footnotes:
 <!--EndSKU-->
 <!--EndCSP-->
 
+<!--StartCSP-->
+[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--EndCSP-->
+
 <!--StartCSP-->
 [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)  
 
@@ -2531,6 +2560,34 @@ Footnotes:
 <!--EndSKU-->
 <!--EndCSP-->
 
+<!--StartCSP-->
+[WiredNetwork CSP](wirednetwork-csp.md)  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--EndCSP-->
+
 <!--StartCSP-->
 [w7 APPLICATION CSP](w7-application-csp.md)  
 
@@ -2568,6 +2625,7 @@ Footnotes:
 - 2 - Added in Windows 10, version 1703  
 - 3 - Added in Windows 10, version 1709
 - 4 - Added in Windows 10, version 1803
+- 5 - Added in Windows 10, next major version
 
 ## CSP DDF files download
 
@@ -2614,6 +2672,7 @@ The following list shows the configuration service providers supported in Window
 - 2 - Added in Windows 10, version 1703  
 - 3 - Added in Windows 10, version 1709
 - 4 - Added in Windows 10, version 1803
+- 5 - Added in Windows 10, next major version
 
 ## <a href="" id="surfacehubcspsupport"></a>CSPs supported in Microsoft Surface Hub
 
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 3e9c038842..1de854c1a4 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 01/29/2018
+ms.date: 07/19/2018
 ---
 
 # Defender CSP
@@ -114,6 +114,9 @@ The following table describes the supported values:
 | 46    | Behavior                    |
 | 47    | Vulnerability               |
 | 48    | Policy                      |
+| 49    | EUS (Enterprise Unwanted Software)|
+| 50    | Ransomware                  |
+| 51    | ASR Rule                    |
 
  
 
@@ -126,19 +129,17 @@ The data type is a integer.
 
 The following list shows the supported values:
 
--   0 = Unknown
--   1 = Detected
--   2 = Cleaned
--   3 = Quarantined
--   4 = Removed
--   5 = Allowed
--   6 = Blocked
--   102 = Clean failed
--   103 = Quarantine failed
--   104 = Remove failed
--   105 = Allow failed
--   106 = Abandoned
--   107 = Block failed
+-   0 = Active
+-   1 = Action failed
+-   2 = Manual steps required
+-   3 = Full scan required
+-   4 = Reboot required
+-   5 = Remediated with non critical failures
+-   6 = Quarantined
+-   7 = Removed
+-   8 = Cleaned
+-   9 = Allowed
+-   10 = No Status ( Cleared)
 
 Supported operation is Get.
 
@@ -185,9 +186,9 @@ The following list shows the supported values:
 -   0 = Clean
 -   1 = Pending full scan
 -   2 = Pending reboot
--   4 = Pending manual steps
+-   4 = Pending manual steps (Windows Defender is waiting for the user to take some action, such as restarting the computer or running a full scan)
 -   8 = Pending offline scan
--   16 = Pending critical failure
+-   16 = Pending critical failure (Windows Defender has failed critically and an Adminsitrator needs to investigate and take some action, such as restarting the computer or reinstalling Windows Defender)
 
 Supported operation is Get.
 
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 4537f2c630..27dd7bead4 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -7,11 +7,14 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 08/25/2017
+ms.date: 07/11/2018
 ---
 
 # DevDetail CSP
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 The DevDetail configuration service provider handles the management object which provides device-specific parameters to the OMA DM server. These device parameters are not sent from the client to the server automatically, but can be queried by servers using OMA DM commands.
 
 > [!NOTE]
@@ -140,7 +143,12 @@ The following diagram shows the DevDetail configuration service provider managem
 <a href="" id="ext-microsoft-totalram"></a>**Ext/Microsoft/TotalRAM**  
 <p style="margin-left: 20px">Added in Windows 10, version 1511. Integer that specifies the total available memory in MB on the device (may be less than total physical memory).
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
+
+<a href="" id="ext-microsoft-smbiosserialnumber"></a>**Ext/Microsoft/SMBIOSSerialNumber**  
+Added in Windows 10, next major version. SMBIOS Serial Number of the device.
+
+Value type is string. Supported operation is Get.
 
 <a href="" id="ext-wlanmacaddress"></a>**Ext/WLANMACAddress**  
 <p style="margin-left: 20px">The MAC address of the active WLAN connection, as a 12-digit hexadecimal number.
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index 7a3c0a14cc..737bb65143 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -7,16 +7,19 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 12/05/2017
+ms.date: 07/11/2018
 ---
 
 # DevDetail DDF file
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 This topic shows the OMA DM device description framework (DDF) for the **DevDetail** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is the current version for this CSP.
+The XML below is for Windows 10, next major version.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -42,7 +45,7 @@ The XML below is the current version for this CSP.
         <Permanent />
       </Scope>
       <DFType>
-        <DDFName>urn:oma:mo:oma-dm-devdetail:1.1</DDFName>
+        <DDFName>urn:oma:mo:oma-dm-devdetail:1.2</DDFName>
       </DFType>
     </DFProperties>
     <Node>
@@ -525,6 +528,27 @@ The XML below is the current version for this CSP.
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>SMBIOSSerialNumber</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>SMBIOS Serial Number of the device.</Description>
+            <DFFormat>
+              <chr />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>WLANMACAddress</NodeName>
@@ -676,19 +700,4 @@ The XML below is the current version for this CSP.
     </Node>
   </Node>
 </MgmtTree>
-```
-
-## Related topics
-
-
-[DevDetail configuration service provider](devdetail-csp.md)
-
- 
-
- 
-
-
-
-
-
-
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md
index bde1f8c70d..a33799474c 100644
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@@ -658,7 +658,7 @@ Required. Added in Windows 10, version 1709. This node contains a list of LocURI
 Supported operations are Add, Delete, Get, and Replace. Value type is string.
 
 <a href="" id="provider-providerid-firstsyncstatus-expectednetworkprofiles "></a>**Provider/*ProviderID*/FirstSyncStatus/ExpectedNetworkProfiles**  
-Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to Wi-Fi profiles and VPN profiles the the management service provider expects to provision, delimited by the character L"\xF000".
+Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to Wi-Fi profiles and VPN profiles the management service provider expects to provision, delimited by the character L"\xF000".
 
 Supported operations are Add, Delete, Get, and Replace. Value type is string.
 
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index 5e60eb85a2..010ca41cad 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -30,7 +30,7 @@ Here is a partial screenshot of the result:
 The auto-enrollment relies of the presence of an MDM service and the Azure Active Directory registration for the PC. Starting in Windows 10, version 1607, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically AAD registered.
 
 > [!Note]  
-> In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/en-us/library/mt221945.aspx). For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation. 
+> In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/en-us/library/mt221945.aspx). For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation. 
 
 When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure  Active Directory information of the user. If multi-factor authentication is required, the user will get a prompt to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page.
 
@@ -106,7 +106,7 @@ Requirements:
 - Enterprise AD must be integrated with Azure AD.
 - Ensure that PCs belong to same computer group.
 
-1.	Create a Group Policy Object (GPO) and enable the Group Policy **Auto MDM enrollment with AAD token**.
+1.	Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**.
 2.	Create a Security Group for the PCs.
 3.	Link the GPO.
 4.	Filter using Security Groups.
diff --git a/windows/client-management/mdm/images/provisioning-csp-bitlocker.png b/windows/client-management/mdm/images/provisioning-csp-bitlocker.png
index e19bae9106..cc7920f7f5 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-bitlocker.png and b/windows/client-management/mdm/images/provisioning-csp-bitlocker.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png b/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png
index 3145a82ea4..f5cf62ff0f 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png and b/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png b/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png
index 58ee388b92..a066d9261e 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png and b/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-wifi.png b/windows/client-management/mdm/images/provisioning-csp-wifi.png
index 463a784f95..f5891084ea 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-wifi.png and b/windows/client-management/mdm/images/provisioning-csp-wifi.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-win32compatibilityappraiser.png b/windows/client-management/mdm/images/provisioning-csp-win32compatibilityappraiser.png
new file mode 100644
index 0000000000..a15961bbcc
Binary files /dev/null and b/windows/client-management/mdm/images/provisioning-csp-win32compatibilityappraiser.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-windowslicensing.png b/windows/client-management/mdm/images/provisioning-csp-windowslicensing.png
index 82d66f6742..3345eb730c 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-windowslicensing.png and b/windows/client-management/mdm/images/provisioning-csp-windowslicensing.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-wirednetwork.png b/windows/client-management/mdm/images/provisioning-csp-wirednetwork.png
new file mode 100644
index 0000000000..2fd93631ff
Binary files /dev/null and b/windows/client-management/mdm/images/provisioning-csp-wirednetwork.png differ
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 15342170ff..b121ea214a 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -10,7 +10,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 06/26/2018
+ms.date: 07/16/2018
 ---
 
 # What's new in MDM enrollment and management
@@ -934,7 +934,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <li>ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.</li>
 <li>DomainName - fully qualified domain name if the device is domain-joined.</li>
 </ul>
-<p>For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation.</p>
+<p>For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.</p>
 </td></tr>
 <tr class="even">
 <td style="vertical-align:top">[Firewall CSP](firewall-csp.md)</td>
@@ -1139,9 +1139,6 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
 <td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1803:</p>
 <ul>
-<li>AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration</li>
-<li>AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold</li>
-<li>AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter</li>
 <li>ApplicationDefaults/EnableAppUriHandlers</li>
 <li>ApplicationManagement/MSIAllowUserControlOverInstall</li>
 <li>ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges</li>
@@ -1626,6 +1623,47 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 
 ## Change history in MDM documentation
 
+### July 2018
+
+<table class="mx-tdBreakAll">
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>New or updated topic</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
+<td style="vertical-align:top"><p>Added a new node AllowStandardUserEncryption.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[DevDetail CSP](devdetail-csp.md)</td>
+<td style="vertical-align:top"><p>Added a new node SMBIOSSerialNumber.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
+<td style="vertical-align:top"><p>Added the following new policies in Windows 10, next major version:</p>
+<ul>
+<li>ApplicationManagement/LaunchAppAfterLogOn</li>
+<li>ApplicationManagement/ScheduleForceRestartForUpdateFailures </li>
+<li>DmaGuard/DeviceEnumerationPolicy</li>
+<li>Experience/AllowClipboardHistory</li>
+<li>TaskManager/AllowEndTask</li>
+<li>WindowsLogon/DontDisplayNetworkSelectionUI</li>
+</ul>
+<p>Recent changes:</p>
+<ul>
+<li>DataUsage/SetCost3G - deprecated in RS5.</li>
+</ul>
+</td></tr>
+</tbody>
+</table>
+
 ### June 2018
 
 <table class="mx-tdBreakAll">
@@ -1641,6 +1679,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </thead>
 <tbody>
 <tr>
+<td style="vertical-align:top">[Wifi CSP](wifi-csp.md)</td>
+<td style="vertical-align:top"><p>Added a new node WifiCost.</p>
+</td></tr>
+<tr>
 <td style="vertical-align:top">[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)</td>
 <td style="vertical-align:top"><p>Recent changes:</p>
 <ul>
@@ -1649,15 +1691,35 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </ul>
 </td></tr>
 <tr>
+<td style="vertical-align:top">[Bitlocker CSP](bitlocker-csp.md)</td>
+<td style="vertical-align:top"><p>Added new node AllowStandardUserEncryption.</p>
+</td></tr>
+<tr>
 <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
 <td style="vertical-align:top"><p>Recent changes:</p>
 <ul>
+<li>AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration - removed from docs. Not supported.</li>
+<li>AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.</li>
+<li>AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported.</li>
+<li>LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported.</li>
 <li>System/AllowFontProviders is not supported in Windows Holographic for Business.</li>
 <li>Security/RequireDeviceEncryption is suported in the Home SKU.</li>
-<li>Removed LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers. This policy is not supported.</li>
 <li>Start/StartLayout - added a table of SKU support information.</li>
 <li>Start/ImportEdgeAssets - added a table of SKU support information.</li>
 </ul>
+<p>Added the following new policies in Windows 10, next major version:</p>
+<ul>
+<li>Update/EngagedRestartDeadlineForFeatureUpdates</li>
+<li>Update/EngagedRestartSnoozeScheduleForFeatureUpdates</li>
+<li>Update/EngagedRestartTransitionScheduleForFeatureUpdates</li>
+<li>Update/SetDisablePauseUXAccess</li>
+<li>Update/SetDisableUXWUAccess</li>
+<li>Update/UpdateNotificationKioskMode</li>
+</ul>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[WiredNetwork CSP](wirednetwork-csp.md)</td>
+<td style="vertical-align:top">New CSP added in Windows 10, next major version.
 </td></tr>
 </tbody>
 </table>
@@ -1910,13 +1972,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
 <td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1803:</p>
 <ul>
-<li>AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration</li>
-<li>AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold</li>
 <li>Browser/AllowConfigurationUpdateForBooksLibrary</li>
 <li>Browser/AlwaysEnableBooksLibrary</li>
 <li>Browser/EnableExtendedBooksTelemetry</li>
 <li>Browser/UseSharedFolderForBooks</li>
-<li>AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter</li>
 <li>DeliveryOptimization/DODelayBackgroundDownloadFromHttp</li>
 <li>DeliveryOptimization/DODelayForegroundDownloadFromHttp</li>
 <li>DeliveryOptimization/DOGroupIdSource</li>
@@ -2191,7 +2250,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.</li>
 <li>DomainName - fully qualified domain name if the device is domain-joined.</li>
 </ul>
-<p>For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation.</p>
+<p>For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.</p>
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[EntepriseAPN CSP](enterpriseapn-csp.md)</td>
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index c3adcaa9ae..3718d94d0e 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -7,11 +7,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 06/26/2018
+ms.date: 07/03/2018
 ---
 
 # Policy CSP
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The Policy configuration service provider enables the enterprise to configure policies on Windows 10. Use this configuration service provider to configure any company policies.
 
@@ -148,20 +150,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
-### AccountPoliciesAccountLockoutPolicy policies
-
-<dl>
-  <dd>
-    <a href="./policy-csp-accountpoliciesaccountlockoutpolicy.md#accountpoliciesaccountlockoutpolicy-accountlockoutduration" id="accountpoliciesaccountlockoutpolicy-accountlockoutduration">AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration</a>
-  </dd>
-  <dd>
-    <a href="./policy-csp-accountpoliciesaccountlockoutpolicy.md#accountpoliciesaccountlockoutpolicy-accountlockoutthreshold" id="accountpoliciesaccountlockoutpolicy-accountlockoutthreshold">AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold</a>
-  </dd>
-  <dd>
-    <a href="./policy-csp-accountpoliciesaccountlockoutpolicy.md#accountpoliciesaccountlockoutpolicy-resetaccountlockoutcounterafter" id="accountpoliciesaccountlockoutpolicy-resetaccountlockoutcounterafter">AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter</a>
-  </dd>
-</dl>
-
 ### Accounts policies
 
 <dl>
@@ -225,6 +213,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-applicationmanagement.md#applicationmanagement-disablestoreoriginatedapps" id="applicationmanagement-disablestoreoriginatedapps">ApplicationManagement/DisableStoreOriginatedApps</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-launchappafterlogon" id="applicationmanagement-launchappafterlogon">ApplicationManagement/LaunchAppAfterLogOn</a>
+  </dd>
   <dd>
     <a href="./policy-csp-applicationmanagement.md#applicationmanagement-msiallowusercontroloverinstall" id="applicationmanagement-msiallowusercontroloverinstall">ApplicationManagement/MSIAllowUserControlOverInstall</a>
   </dd>
@@ -240,6 +231,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-applicationmanagement.md#applicationmanagement-restrictapptosystemvolume" id="applicationmanagement-restrictapptosystemvolume">ApplicationManagement/RestrictAppToSystemVolume</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-scheduleforcerestartforupdatefailures" id="applicationmanagement-scheduleforcerestartforupdatefailures">ApplicationManagement/ScheduleForceRestartForUpdateFailures</a>
+  </dd>
 </dl>
 
 ### AppRuntime policies
@@ -395,6 +389,29 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### BITS policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-bits.md#bits-bandwidththrottlingendtime" id="bits-bandwidththrottlingendtime">BITS/BandwidthThrottlingEndTime</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-bits.md#bits-bandwidththrottlingstarttime" id="bits-bandwidththrottlingstarttime">BITS/BandwidthThrottlingStartTime</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-bits.md#bits-bandwidththrottlingtransferrate" id="bits-bandwidththrottlingtransferrate">BITS/BandwidthThrottlingTransferRate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-bits.md#bits-costednetworkbehaviorbackgroundpriority" id="bits-costednetworkbehaviorbackgroundpriority">BITS/CostedNetworkBehaviorBackgroundPriority</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-bits.md#bits-costednetworkbehaviorforegroundpriority" id="bits-costednetworkbehaviorforegroundpriority">BITS/CostedNetworkBehaviorForegroundPriority</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-bits.md#bits-jobinactivitytimeout" id="bits-jobinactivitytimeout">BITS/JobInactivityTimeout</a>
+  </dd>
+</dl>
+
 ### Bluetooth policies
 
 <dl>
@@ -746,6 +763,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-defender.md#defender-avgcpuloadfactor" id="defender-avgcpuloadfactor">Defender/AvgCPULoadFactor</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-checkforsignaturesbeforerunningscan" id="defender-checkforsignaturesbeforerunningscan">Defender/CheckForSignaturesBeforeRunningScan</a>
+  </dd>
   <dd>
     <a href="./policy-csp-defender.md#defender-cloudblocklevel" id="defender-cloudblocklevel">Defender/CloudBlockLevel</a>
   </dd>
@@ -761,9 +781,18 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-defender.md#defender-daystoretaincleanedmalware" id="defender-daystoretaincleanedmalware">Defender/DaysToRetainCleanedMalware</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-disablecatchupfullscan" id="defender-disablecatchupfullscan">Defender/DisableCatchupFullScan</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-disablecatchupquickscan" id="defender-disablecatchupquickscan">Defender/DisableCatchupQuickScan</a>
+  </dd>
   <dd>
     <a href="./policy-csp-defender.md#defender-enablecontrolledfolderaccess" id="defender-enablecontrolledfolderaccess">Defender/EnableControlledFolderAccess</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-enablelowcpupriority" id="defender-enablelowcpupriority">Defender/EnableLowCPUPriority</a>
+  </dd>
   <dd>
     <a href="./policy-csp-defender.md#defender-enablenetworkprotection" id="defender-enablenetworkprotection">Defender/EnableNetworkProtection</a>
   </dd>
@@ -794,6 +823,12 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-defender.md#defender-schedulescantime" id="defender-schedulescantime">Defender/ScheduleScanTime</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-signatureupdatefallbackorder" id="defender-signatureupdatefallbackorder">Defender/SignatureUpdateFallbackOrder</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-signatureupdatefilesharessources" id="defender-signatureupdatefilesharessources">Defender/SignatureUpdateFileSharesSources</a>
+  </dd>
   <dd>
     <a href="./policy-csp-defender.md#defender-signatureupdateinterval" id="defender-signatureupdateinterval">Defender/SignatureUpdateInterval</a>
   </dd>
@@ -994,6 +1029,14 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### DmaGuard policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-dmaguard.md#dmaguard-deviceenumerationpolicy" id="dmaguard-deviceenumerationpolicy">DmaGuard/DeviceEnumerationPolicy</a>
+  </dd>
+</dl>
+
 ### Education policies
 
 <dl>
@@ -1071,6 +1114,9 @@ The following diagram shows the Policy configuration service provider in tree fo
 ### Experience policies
 
 <dl>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowclipboardhistory" id="experience-allowclipboardhistory">Experience/AllowClipboardHistory</a>
+  </dd>
   <dd>
     <a href="./policy-csp-experience.md#experience-allowcopypaste" id="experience-allowcopypaste">Experience/AllowCopyPaste</a>
   </dd>
@@ -3050,6 +3096,14 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### TaskManager policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-taskmanager.md#taskmanager-allowendtask" id="taskmanager-allowendtask">TaskManager/AllowEndTask</a>
+  </dd>
+</dl>
+
 ### TaskScheduler policies
 
 <dl>
@@ -3173,6 +3227,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-update.md#update-autorestartdeadlineperiodindays" id="update-autorestartdeadlineperiodindays">Update/AutoRestartDeadlinePeriodInDays</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-autorestartdeadlineperiodindaysforfeatureupdates" id="update-autorestartdeadlineperiodindaysforfeatureupdates">Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates</a>
+  </dd>
   <dd>
     <a href="./policy-csp-update.md#update-autorestartnotificationschedule" id="update-autorestartnotificationschedule">Update/AutoRestartNotificationSchedule</a>
   </dd>
@@ -3206,12 +3263,21 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-update.md#update-engagedrestartdeadline" id="update-engagedrestartdeadline">Update/EngagedRestartDeadline</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-engagedrestartdeadlineforfeatureupdates" id="update-engagedrestartdeadlineforfeatureupdates">Update/EngagedRestartDeadlineForFeatureUpdates</a>
+  </dd>
   <dd>
     <a href="./policy-csp-update.md#update-engagedrestartsnoozeschedule" id="update-engagedrestartsnoozeschedule">Update/EngagedRestartSnoozeSchedule</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-engagedrestartsnoozescheduleforfeatureupdates" id="update-engagedrestartsnoozescheduleforfeatureupdates">Update/EngagedRestartSnoozeScheduleForFeatureUpdates</a>
+  </dd>
   <dd>
     <a href="./policy-csp-update.md#update-engagedrestarttransitionschedule" id="update-engagedrestarttransitionschedule">Update/EngagedRestartTransitionSchedule</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-engagedrestarttransitionscheduleforfeatureupdates" id="update-engagedrestarttransitionscheduleforfeatureupdates">Update/EngagedRestartTransitionScheduleForFeatureUpdates</a>
+  </dd>
   <dd>
     <a href="./policy-csp-update.md#update-excludewudriversinqualityupdate" id="update-excludewudriversinqualityupdate">Update/ExcludeWUDriversInQualityUpdate</a>
   </dd>
@@ -3281,9 +3347,18 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-update.md#update-setautorestartnotificationdisable" id="update-setautorestartnotificationdisable">Update/SetAutoRestartNotificationDisable</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-setdisablepauseuxaccess" id="update-setdisablepauseuxaccess">Update/SetDisablePauseUXAccess</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-setdisableuxwuaccess" id="update-setdisableuxwuaccess">Update/SetDisableUXWUAccess</a>
+  </dd>
   <dd>
     <a href="./policy-csp-update.md#update-setedurestart" id="update-setedurestart">Update/SetEDURestart</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-updatenotificationkioskmode" id="update-updatenotificationkioskmode">Update/UpdateNotificationKioskMode</a>
+  </dd>
   <dd>
     <a href="./policy-csp-update.md#update-updateserviceurl" id="update-updateserviceurl">Update/UpdateServiceUrl</a>
   </dd>
@@ -3989,6 +4064,12 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Autoplay/DisallowAutoplayForNonVolumeDevices](./policy-csp-autoplay.md#autoplay-disallowautoplayfornonvolumedevices)
 -   [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior)
 -   [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay)
+-   [BITS/BandwidthThrottlingEndTime](./policy-csp-bits.md#bits-bandwidththrottlingendtime)
+-   [BITS/BandwidthThrottlingStartTime](./policy-csp-bits.md#bits-bandwidththrottlingstarttime)
+-   [BITS/BandwidthThrottlingTransferRate](./policy-csp-bits.md#bits-bandwidththrottlingtransferrate)
+-   [BITS/CostedNetworkBehaviorBackgroundPriority](./policy-csp-bits.md#bits-costednetworkbehaviorbackgroundpriority)
+-   [BITS/CostedNetworkBehaviorForegroundPriority](./policy-csp-bits.md#bits-costednetworkbehaviorforegroundpriority)
+-   [BITS/JobInactivityTimeout](./policy-csp-bits.md#bits-jobinactivitytimeout)
 -   [Browser/AllowAddressBarDropdown](./policy-csp-browser.md#browser-allowaddressbardropdown)
 -   [Browser/AllowAutofill](./policy-csp-browser.md#browser-allowautofill)
 -   [Browser/AllowCookies](./policy-csp-browser.md#browser-allowcookies)
@@ -4061,12 +4142,16 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Defender/AttackSurfaceReductionOnlyExclusions](./policy-csp-defender.md#defender-attacksurfacereductiononlyexclusions)
 -   [Defender/AttackSurfaceReductionRules](./policy-csp-defender.md#defender-attacksurfacereductionrules)
 -   [Defender/AvgCPULoadFactor](./policy-csp-defender.md#defender-avgcpuloadfactor)
+-   [Defender/CheckForSignaturesBeforeRunningScan](./policy-csp-defender.md#defender-checkforsignaturesbeforerunningscan)
 -   [Defender/CloudBlockLevel](./policy-csp-defender.md#defender-cloudblocklevel)
 -   [Defender/CloudExtendedTimeout](./policy-csp-defender.md#defender-cloudextendedtimeout)
 -   [Defender/ControlledFolderAccessAllowedApplications](./policy-csp-defender.md#defender-controlledfolderaccessallowedapplications)
 -   [Defender/ControlledFolderAccessProtectedFolders](./policy-csp-defender.md#defender-controlledfolderaccessprotectedfolders)
 -   [Defender/DaysToRetainCleanedMalware](./policy-csp-defender.md#defender-daystoretaincleanedmalware)
+-   [Defender/DisableCatchupFullScan](./policy-csp-defender.md#defender-disablecatchupfullscan)
+-   [Defender/DisableCatchupQuickScan](./policy-csp-defender.md#defender-disablecatchupquickscan)
 -   [Defender/EnableControlledFolderAccess](./policy-csp-defender.md#defender-enablecontrolledfolderaccess)
+-   [Defender/EnableLowCPUPriority](./policy-csp-defender.md#defender-enablelowcpupriority)
 -   [Defender/EnableNetworkProtection](./policy-csp-defender.md#defender-enablenetworkprotection)
 -   [Defender/ExcludedExtensions](./policy-csp-defender.md#defender-excludedextensions)
 -   [Defender/ExcludedPaths](./policy-csp-defender.md#defender-excludedpaths)
@@ -4076,6 +4161,8 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Defender/ScheduleQuickScanTime](./policy-csp-defender.md#defender-schedulequickscantime)
 -   [Defender/ScheduleScanDay](./policy-csp-defender.md#defender-schedulescanday)
 -   [Defender/ScheduleScanTime](./policy-csp-defender.md#defender-schedulescantime)
+-   [Defender/SignatureUpdateFallbackOrder](./policy-csp-defender.md#defender-signatureupdatefallbackorder)
+-   [Defender/SignatureUpdateFileSharesSources](./policy-csp-defender.md#defender-signatureupdatefilesharessources)
 -   [Defender/SignatureUpdateInterval](./policy-csp-defender.md#defender-signatureupdateinterval)
 -   [Defender/SubmitSamplesConsent](./policy-csp-defender.md#defender-submitsamplesconsent)
 -   [Defender/ThreatSeverityDefaultAction](./policy-csp-defender.md#defender-threatseveritydefaultaction)
@@ -4116,6 +4203,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Display/EnablePerProcessDpiForApps](./policy-csp-display.md#display-enableperprocessdpiforapps)
 -   [Display/TurnOffGdiDPIScalingForApps](./policy-csp-display.md#display-turnoffgdidpiscalingforapps)
 -   [Display/TurnOnGdiDPIScalingForApps](./policy-csp-display.md#display-turnongdidpiscalingforapps)
+-   [DmaGuard/DeviceEnumerationPolicy](./policy-csp-dmaguard.md#dmaguard-deviceenumerationpolicy)
 -   [Education/PreventAddingNewPrinters](./policy-csp-education.md#education-preventaddingnewprinters)
 -   [ErrorReporting/CustomizeConsentSettings](./policy-csp-errorreporting.md#errorreporting-customizeconsentsettings)
 -   [ErrorReporting/DisableWindowsErrorReporting](./policy-csp-errorreporting.md#errorreporting-disablewindowserrorreporting)
@@ -4126,6 +4214,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [EventLogService/SpecifyMaximumFileSizeApplicationLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizeapplicationlog)
 -   [EventLogService/SpecifyMaximumFileSizeSecurityLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesecuritylog)
 -   [EventLogService/SpecifyMaximumFileSizeSystemLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesystemlog)
+-   [Experience/AllowClipboardHistory](./policy-csp-experience.md#experience-allowclipboardhistory)
 -   [Experience/AllowCortana](./policy-csp-experience.md#experience-allowcortana)
 -   [Experience/AllowFindMyDevice](./policy-csp-experience.md#experience-allowfindmydevice)
 -   [Experience/AllowTailoredExperiencesWithDiagnosticData](./policy-csp-experience.md#experience-allowtailoredexperienceswithdiagnosticdata)
@@ -4649,6 +4738,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Update/AllowMUUpdateService](./policy-csp-update.md#update-allowmuupdateservice)
 -   [Update/AllowUpdateService](./policy-csp-update.md#update-allowupdateservice)
 -   [Update/AutoRestartDeadlinePeriodInDays](./policy-csp-update.md#update-autorestartdeadlineperiodindays)
+-   [Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates](./policy-csp-update.md#update-autorestartdeadlineperiodindaysforfeatureupdates)
 -   [Update/AutoRestartNotificationSchedule](./policy-csp-update.md#update-autorestartnotificationschedule)
 -   [Update/AutoRestartRequiredNotificationDismissal](./policy-csp-update.md#update-autorestartrequirednotificationdismissal)
 -   [Update/BranchReadinessLevel](./policy-csp-update.md#update-branchreadinesslevel)
@@ -4659,8 +4749,11 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Update/DetectionFrequency](./policy-csp-update.md#update-detectionfrequency)
 -   [Update/DisableDualScan](./policy-csp-update.md#update-disabledualscan)
 -   [Update/EngagedRestartDeadline](./policy-csp-update.md#update-engagedrestartdeadline)
+-   [Update/EngagedRestartDeadlineForFeatureUpdates](./policy-csp-update.md#update-engagedrestartdeadlineforfeatureupdates)
 -   [Update/EngagedRestartSnoozeSchedule](./policy-csp-update.md#update-engagedrestartsnoozeschedule)
+-   [Update/EngagedRestartSnoozeScheduleForFeatureUpdates](./policy-csp-update.md#update-engagedrestartsnoozescheduleforfeatureupdates)
 -   [Update/EngagedRestartTransitionSchedule](./policy-csp-update.md#update-engagedrestarttransitionschedule)
+-   [Update/EngagedRestartTransitionScheduleForFeatureUpdates](./policy-csp-update.md#update-engagedrestarttransitionscheduleforfeatureupdates)
 -   [Update/ExcludeWUDriversInQualityUpdate](./policy-csp-update.md#update-excludewudriversinqualityupdate)
 -   [Update/FillEmptyContentUrls](./policy-csp-update.md#update-fillemptycontenturls)
 -   [Update/ManagePreviewBuilds](./policy-csp-update.md#update-managepreviewbuilds)
@@ -4680,7 +4773,10 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Update/ScheduledInstallThirdWeek](./policy-csp-update.md#update-scheduledinstallthirdweek)
 -   [Update/ScheduledInstallTime](./policy-csp-update.md#update-scheduledinstalltime)
 -   [Update/SetAutoRestartNotificationDisable](./policy-csp-update.md#update-setautorestartnotificationdisable)
+-   [Update/SetDisablePauseUXAccess](./policy-csp-update.md#update-setdisablepauseuxaccess)
+-   [Update/SetDisableUXWUAccess](./policy-csp-update.md#update-setdisableuxwuaccess)
 -   [Update/SetEDURestart](./policy-csp-update.md#update-setedurestart)
+-   [Update/UpdateNotificationKioskMode](./policy-csp-update.md#update-updatenotificationkioskmode)
 -   [Update/UpdateServiceUrl](./policy-csp-update.md#update-updateserviceurl)
 -   [Update/UpdateServiceUrlAlternate](./policy-csp-update.md#update-updateserviceurlalternate)
 -   [UserRights/AccessCredentialManagerAsTrustedCaller](./policy-csp-userrights.md#userrights-accesscredentialmanagerastrustedcaller)
@@ -4763,15 +4859,15 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)  
 -   [Browser/AllowSmartScreen](#browser-allowsmartscreen)  
 -   [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)  
--   [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)
--   [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword)
--   [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)
--   [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
--   [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)
--   [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)
--   [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)
--   [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters) 
--   [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)   
+-   [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)  
+-   [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword)  
+-   [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)  
+-   [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)  
+-   [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)  
+-   [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)  
+-   [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)  
+-   [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters)  
+-   [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)  
 -   [Experience/AllowCortana](#experience-allowcortana)  
 -   [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment)  
 -   [Privacy/AllowCrossDeviceClipboard](#privacy-allowcrossdeviceclipboard)  
diff --git a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md b/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md
deleted file mode 100644
index 0a646789df..0000000000
--- a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md
+++ /dev/null
@@ -1,183 +0,0 @@
----
-title: Policy CSP - AccountPoliciesAccountLockoutPolicy
-description: Policy CSP - AccountPoliciesAccountLockoutPolicy
-ms.author: maricia
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: MariciaAlforque
-ms.date: 03/12/2018
----
-
-# Policy CSP - AccountPoliciesAccountLockoutPolicy
-
-
-<hr/>
-
-<!--Policies-->
-## AccountPoliciesAccountLockoutPolicy policies  
-
-<dl>
-  <dd>
-    <a href="#accountpoliciesaccountlockoutpolicy-accountlockoutduration">AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration</a>
-  </dd>
-  <dd>
-    <a href="#accountpoliciesaccountlockoutpolicy-accountlockoutthreshold">AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold</a>
-  </dd>
-  <dd>
-    <a href="#accountpoliciesaccountlockoutpolicy-resetaccountlockoutcounterafter">AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter</a>
-  </dd>
-</dl>
-
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="accountpoliciesaccountlockoutpolicy-accountlockoutduration"></a>**AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Added in Windows 10, next major release. This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator explicitly unlocks it.
-
-If an account lockout threshold is defined, the account lockout duration must be greater than or equal to the reset time.
-
-Default: None, because this policy setting only has meaning when an Account lockout threshold is specified.
-
-<!--/Description-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="accountpoliciesaccountlockoutpolicy-accountlockoutthreshold"></a>**AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Added in Windows 10, next major release. This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed logon attempts. If you set the value to 0, the account will never be locked out.
-
-Failed password attempts against workstations or member servers that have been locked using either CTRL+ALT+DELETE or password-protected screen savers count as failed logon attempts.
-
-Default: 0.
-
-<!--/Description-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="accountpoliciesaccountlockoutpolicy-resetaccountlockoutcounterafter"></a>**AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Added in Windows 10, next major release. This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes.
-
-If an account lockout threshold is defined, this reset time must be less than or equal to the Account lockout duration.
-
-Default: None, because this policy setting only has meaning when an Account lockout threshold is specified.
-
-<!--/Description-->
-<!--/Policy-->
-<hr/>
-
-Footnote:
-
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
-
-<!--/Policies-->
-
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index 1698ec45a7..3961d870d8 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -80,7 +80,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--Example-->
-To create create the SyncML, follow these steps:
+To create the SyncML, follow these steps:
 <ol>
 <li>Install a few apps and change your defaults.</li>
 <li>From an elevated prompt, run "dism /online /export-defaultappassociations:appassoc.xml"</li>
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index a89cb1074a..39cb905194 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -6,11 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 05/14/2018
+ms.date: 07/11/2018
 ---
 
 # Policy CSP - ApplicationManagement
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 
 <hr/>
@@ -43,6 +45,9 @@ ms.date: 05/14/2018
   <dd>
     <a href="#applicationmanagement-disablestoreoriginatedapps">ApplicationManagement/DisableStoreOriginatedApps</a>
   </dd>
+  <dd>
+    <a href="#applicationmanagement-launchappafterlogon">ApplicationManagement/LaunchAppAfterLogOn</a>
+  </dd>
   <dd>
     <a href="#applicationmanagement-msiallowusercontroloverinstall">ApplicationManagement/MSIAllowUserControlOverInstall</a>
   </dd>
@@ -58,6 +63,9 @@ ms.date: 05/14/2018
   <dd>
     <a href="#applicationmanagement-restrictapptosystemvolume">ApplicationManagement/RestrictAppToSystemVolume</a>
   </dd>
+  <dd>
+    <a href="#applicationmanagement-scheduleforcerestartforupdatefailures">ApplicationManagement/ScheduleForceRestartForUpdateFailures</a>
+  </dd>
 </dl>
 
 
@@ -544,6 +552,69 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="applicationmanagement-launchappafterlogon"></a>**ApplicationManagement/LaunchAppAfterLogOn**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are launched after logon. This policy allows the IT admin to specify a list of applications that users can run after logging on to the device.
+
+For this policy to work, the Windows apps need to declare in their manifest that they will use the start up task. Example of the declaration here: 
+
+``` syntax
+<desktop:Extension Category="windows.startupTask"> 
+   <desktop:StartupTask TaskId="CoffeeStartupTask" Enabled="true" DisplayName="ms-resource:Description" /> 
+</desktop:Extension>
+```
+
+> [!Note]  
+> This policy only works on modern apps.
+
+<!--/Description-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="applicationmanagement-msiallowusercontroloverinstall"></a>**ApplicationManagement/MSIAllowUserControlOverInstall**  
 
@@ -850,6 +921,123 @@ The following list shows the supported values:
 
 <!--/SupportedValues-->
 <!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="applicationmanagement-scheduleforcerestartforupdatefailures"></a>**ApplicationManagement/ScheduleForceRestartForUpdateFailures**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+To ensure apps are up-to-date, this policy allows the admins to set a recurring or one time date to restart apps whose update failed due to the app being in use allowing the update to be applied. 
+
+Value type is string.
+<!--/Description-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+Sample SyncML:
+
+``` syntax
+<SyncML xmlns="SYNCML:SYNCML1.1"> 
+  <SyncBody> 
+    <Add> 
+      <CmdID>2</CmdID> 
+      <Item> 
+        <Target>  
+          <LocURI> ./Device/Vendor/MSFT/Policy/Config/ApplicationManagement/ScheduleForceRestartForUpdateFailures 
+          </LocURI>  
+        </Target> 
+        <Meta> 
+          <Format xmlns="syncml:metinf">xml</Format> 
+        </Meta> 
+        <Data> 
+          <ForceRestart StartDateTime="2018-03-28T22:21:52Z"  
+                        Recurrence="[none/daily/weekly/monthly]"  
+                        DayOfWeek=”1”  
+                        DayOfMonth=”12”  
+                        RunIfTaskIsMissed=”1”/> 
+        </Data> 
+      </Item> 
+    </Add> 
+  </SyncBody> 
+</SycnML>
+```
+XSD:
+
+``` syntax
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <xs:simpleType name="recurrence" final="restriction">
+    <xs:restriction base="xs:string">
+        <xs:enumeration value="None" />
+        <xs:enumeration value="Daily" />
+        <xs:enumeration value="Weekly" />
+        <xs:enumeration value="Monthly" />
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:simpleType name="daysOfWeek" final="restriction">
+    <xs:restriction base="xs:unsignedByte">
+      <xs:minInclusive value="1" />
+      <xs:maxInclusive value="127" />
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:simpleType name="daysOfMonth" final="restriction">
+    <xs:restriction base="xs:unsignedInt">
+      <xs:minInclusive value="1" />
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:element name="ForceRestart">
+    <xs:complexType>
+      <xs:attribute name="StartDateTime" type="xs:dateTime" use="required"/> 
+      <xs:attribute name="Recurrence" type="recurrence" use="required"/> 
+      <xs:attribute name="RunIfTaskIsMissed" type="xs:boolean" use="required"/> 
+      <xs:attribute name="DaysOfWeek" type="daysOfWeek"/> 
+      <xs:attribute name="DaysOfMonth" type="daysOfMonth"/> 
+    </xs:complexType>
+  </xs:element>
+</xs:schema>
+```
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
 <hr/>
 
 Footnote:
@@ -858,6 +1046,7 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
+-   5 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md
new file mode 100644
index 0000000000..c9fdf5ff82
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-bits.md
@@ -0,0 +1,504 @@
+---
+title: Policy CSP - BITS
+description: Policy CSP - BITS
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MariciaAlforque
+ms.date: 06/29/2018
+---
+
+# Policy CSP - BITS
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+The following bandwidth policies are used together to define the bandwidth-throttling schedule and transfer rate. 
+
+- BITS/BandwidthThrottlingEndTime  
+- BITS/BandwidthThrottlingStartTime  
+- BITS/BandwidthThrottlingTransferRate
+
+If BITS/BandwidthThrottlingStartTime or BITS/BandwidthThrottlingEndTime are NOT defined, but BITS/BandwidthThrottlingTransferRate IS defined, then default values will be used for StartTime and EndTime (8am and 5pm respectively). The time policies are based on the 24-hour clock.
+
+<hr/>
+
+<!--Policies-->
+## BITS policies  
+
+<dl>
+  <dd>
+    <a href="#bits-bandwidththrottlingendtime">BITS/BandwidthThrottlingEndTime</a>
+  </dd>
+  <dd>
+    <a href="#bits-bandwidththrottlingstarttime">BITS/BandwidthThrottlingStartTime</a>
+  </dd>
+  <dd>
+    <a href="#bits-bandwidththrottlingtransferrate">BITS/BandwidthThrottlingTransferRate</a>
+  </dd>
+  <dd>
+    <a href="#bits-costednetworkbehaviorbackgroundpriority">BITS/CostedNetworkBehaviorBackgroundPriority</a>
+  </dd>
+  <dd>
+    <a href="#bits-costednetworkbehaviorforegroundpriority">BITS/CostedNetworkBehaviorForegroundPriority</a>
+  </dd>
+  <dd>
+    <a href="#bits-jobinactivitytimeout">BITS/JobInactivityTimeout</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="bits-bandwidththrottlingendtime"></a>**BITS/BandwidthThrottlingEndTime**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy specifies the bandwidth throttling **end time** that Background Intelligent Transfer Service (BITS) uses for background transfers. This policy setting does not affect foreground transfers. This policy is based on the 24-hour clock.
+
+Value type is integer. Default value is 17 (5 pm).
+
+Supported value range: 0 - 23
+
+You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours.
+
+Using the three policies together (BandwidthThrottlingStartTime, BandwidthThrottlingEndTime, BandwidthThrottlingTransferRate), BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0.
+
+If you disable or do not configure this policy setting, BITS uses all available unused bandwidth.
+
+Note: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
+
+Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Limit the maximum network bandwidth for BITS background transfers*
+-   GP name: *BITS_MaxBandwidth*
+-   GP element: *BITS_BandwidthLimitSchedTo*
+-   GP path: *Network/Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="bits-bandwidththrottlingstarttime"></a>**BITS/BandwidthThrottlingStartTime**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy specifies the bandwidth throttling **start time** that Background Intelligent Transfer Service (BITS) uses for background transfers. This policy setting does not affect foreground transfers. This policy is based on the 24-hour clock.
+
+Value type is integer. Default value is 8 (8 am).
+
+Supported value range: 0 - 23
+
+You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours.
+
+Using the three policies together (BandwidthThrottlingStartTime, BandwidthThrottlingEndTime, BandwidthThrottlingTransferRate), BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0.
+
+If you disable or do not configure this policy setting, BITS uses all available unused bandwidth.
+
+Note: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
+
+Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Limit the maximum network bandwidth for BITS background transfers*
+-   GP name: *BITS_MaxBandwidth*
+-   GP element: *BITS_BandwidthLimitSchedFrom*
+-   GP path: *Network/Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="bits-bandwidththrottlingtransferrate"></a>**BITS/BandwidthThrottlingTransferRate**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy specifies the bandwidth throttling **transfer rate** in kilobits per second (Kbps) that Background Intelligent Transfer Service (BITS) uses for background transfers. This policy setting does not affect foreground transfers.
+
+Value type is integer. Default value is 1000.
+
+Supported value range: 0 - 4294967200
+
+You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours.
+
+Using the three policies together (BandwidthThrottlingStartTime, BandwidthThrottlingEndTime, BandwidthThrottlingTransferRate), BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0.
+
+If you disable or do not configure this policy setting, BITS uses all available unused bandwidth.
+
+Note: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
+
+Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Limit the maximum network bandwidth for BITS background transfers*
+-   GP name: *BITS_MaxBandwidth*
+-   GP element: *BITS_MaxTransferRateText*
+-   GP path: *Network/Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="bits-costednetworkbehaviorbackgroundpriority"></a>**BITS/CostedNetworkBehaviorBackgroundPriority**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting defines the default behavior that the Background Intelligent Transfer Service (BITS) uses for background transfers when the system is connected to a costed network (3G, etc.). Download behavior policies further limit the network usage of background transfers.
+
+If you enable this policy setting, you can define a default download policy for each BITS job priority. This setting does not override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority.
+
+For example, you can specify that background jobs are by default to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that can be assigned are:
+-  1 -    Always transfer
+-  2 -    Transfer unless roaming
+-  3 -    Transfer unless surcharge applies (when not roaming or overcap)
+-  4 -    Transfer unless nearing limit (when not roaming or nearing cap)
+-  5 -    Transfer only if unconstrained
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Set default download behavior for BITS jobs on costed networks*
+-   GP name: *BITS_SetTransferPolicyOnCostedNetwork*
+-   GP element: *BITS_TransferPolicyNormalPriorityValue*
+-   GP path: *Network/Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="bits-costednetworkbehaviorforegroundpriority"></a>**BITS/CostedNetworkBehaviorForegroundPriority**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting defines the default behavior that the foreground Intelligent Transfer Service (BITS) uses for foreground transfers when the system is connected to a costed network (3G, etc.). Download behavior policies further limit the network usage of foreground transfers.
+
+If you enable this policy setting, you can define a default download policy for each BITS job priority. This setting does not override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority.
+
+For example, you can specify that foreground jobs are by default to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that can be assigned are:
+-  1 -    Always transfer
+-  2 -    Transfer unless roaming
+-  3 -    Transfer unless surcharge applies (when not roaming or overcap)
+-  4 -    Transfer unless nearing limit (when not roaming or nearing cap)
+-  5 -    Transfer only if unconstrained
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Set default download behavior for BITS jobs on costed networks*
+-   GP name: *BITS_SetTransferPolicyOnCostedNetwork*
+-   GP element: *BITS_TransferPolicyForegroundPriorityValue*
+-   GP path: *Network/Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="bits-jobinactivitytimeout"></a>**BITS/JobInactivityTimeout**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting specifies the number of days a pending BITS job can remain inactive before the job is considered abandoned. By default BITS will wait 90 days before considering an inactive job abandoned. After a job is determined to be abandoned, the job is deleted from BITS and any downloaded files for the job are deleted from the disk.
+
+> [!Note]  
+> Any property changes to the job or any successful download action will reset this timeout.
+
+Value type is integer. Default is 90 days.
+
+Supported values range: 0 - 999
+
+Consider increasing the timeout value if computers tend to stay offline for a long period of time and still have pending jobs. 
+Consider decreasing this value if you are concerned about orphaned jobs occupying disk space.
+
+If you disable or do not configure this policy setting, the default value of 90 (days) will be used for the inactive job timeout.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Timeout for inactive BITS jobs*
+-   GP name: *BITS_Job_Timeout*
+-   GP element: *BITS_Job_Timeout_Time*
+-   GP path: *Network/Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Value type is integer. Default is 90 days.
+
+Supported values range: 0 - 999
+
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
+-   5 - Added in the next major release of Windows 10.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index e4a66aaaa6..6ba1d564bf 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -6,11 +6,13 @@ ms.prod: w10
 ms.technology: windows
 author: shortpatti
 ms.author: pashort
-ms.date: 06/21/2018
+ms.date: 07/18/2018
 ---
 
 # Policy CSP - Browser
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 
 <hr/>
@@ -49,6 +51,9 @@ ms.date: 06/21/2018
   <dd>
     <a href="#browser-allowflashclicktorun">Browser/AllowFlashClickToRun</a>
   </dd>
+  <dd>
+    <a href="#browser-allowfullscreenmode">Browser/AllowFullScreenMode</a>
+  </dd>
   <dd>
     <a href="#browser-allowinprivate">Browser/AllowInPrivate</a>
   </dd>
@@ -61,15 +66,33 @@ ms.date: 06/21/2018
   <dd>
     <a href="#browser-allowpopups">Browser/AllowPopups</a>
   </dd>
+  <dd>
+    <a href="#browser-allowprelaunch">Browser/AllowPrelaunch</a>
+  </dd>
+  <dd>
+    <a href="#browser-allowprinting">Browser/AllowPrinting</a>
+  </dd>
+  <dd>
+    <a href="#browser-allowsavinghistory">Browser/AllowSavingHistory</a>
+  </dd>
   <dd>
     <a href="#browser-allowsearchenginecustomization">Browser/AllowSearchEngineCustomization</a>
   </dd>
   <dd>
     <a href="#browser-allowsearchsuggestionsinaddressbar">Browser/AllowSearchSuggestionsinAddressBar</a>
   </dd>
+  <dd>
+    <a href="#browser-allowsideloadingofextensions">Browser/AllowSideloadingOfExtensions</a>
+  </dd>
   <dd>
     <a href="#browser-allowsmartscreen">Browser/AllowSmartScreen</a>
   </dd>
+  <dd>
+    <a href="#browser-allowtabpreloading">Browser/AllowTabPreloading</a>
+  </dd>
+  <dd>
+    <a href="#browser-allowwebcontentonnewtabpage">Browser/AllowWebContentOnNewTabPage</a>
+  </dd>
   <dd>
     <a href="#browser-alwaysenablebookslibrary">Browser/AlwaysEnableBooksLibrary</a>
   </dd>
@@ -79,6 +102,24 @@ ms.date: 06/21/2018
   <dd>
     <a href="#browser-configureadditionalsearchengines">Browser/ConfigureAdditionalSearchEngines</a>
   </dd>
+  <dd>
+    <a href="#browser-configurefavoritesbar">Browser/ConfigureFavoritesBar</a>
+  </dd>
+  <dd>
+    <a href="#browser-configurehomebutton">Browser/ConfigureHomeButton</a>
+  </dd>
+  <dd>
+    <a href="#browser-configurekioskmode">Browser/ConfigureKioskMode</a>
+  </dd>
+  <dd>
+    <a href="#browser-configurekioskresetafteridletimeout">Browser/ConfigureKioskResetAfterIdleTimeout</a>
+  </dd>
+  <dd>
+    <a href="#browser-configureopenmicrosoftedgewith">Browser/ConfigureOpenMicrosoftEdgeWith</a>
+  </dd>
+  <dd>
+    <a href="#browser-configuretelemetryformicrosoft365analytics">Browser/ConfigureTelemetryForMicrosoft365Analytics</a>
+  </dd>
   <dd>
     <a href="#browser-disablelockdownofstartpages">Browser/DisableLockdownOfStartPages</a>
   </dd>
@@ -94,6 +135,9 @@ ms.date: 06/21/2018
   <dd>
     <a href="#browser-firstrunurl">Browser/FirstRunURL</a>
   </dd>
+  <dd>
+    <a href="#browser-forceenabledextensions">Browser/ForceEnabledExtensions</a>
+  </dd>
   <dd>
     <a href="#browser-homepages">Browser/HomePages</a>
   </dd>
@@ -103,6 +147,9 @@ ms.date: 06/21/2018
   <dd>
     <a href="#browser-preventaccesstoaboutflagsinmicrosoftedge">Browser/PreventAccessToAboutFlagsInMicrosoftEdge</a>
   </dd>
+  <dd>
+    <a href="#browser-preventcerterroroverrides">Browser/PreventCertErrorOverrides</a>
+  </dd>
   <dd>
     <a href="#browser-preventfirstrunpage">Browser/PreventFirstRunPage</a>
   </dd>
@@ -130,12 +177,21 @@ ms.date: 06/21/2018
   <dd>
     <a href="#browser-setdefaultsearchengine">Browser/SetDefaultSearchEngine</a>
   </dd>
+  <dd>
+    <a href="#browser-sethomebuttonurl">Browser/SetHomeButtonURL</a>
+  </dd>
+  <dd>
+    <a href="#browser-setnewtabpageurl">Browser/SetNewTabPageURL</a>
+  </dd>
   <dd>
     <a href="#browser-showmessagewhenopeningsitesininternetexplorer">Browser/ShowMessageWhenOpeningSitesInInternetExplorer</a>
   </dd>
   <dd>
     <a href="#browser-syncfavoritesbetweenieandmicrosoftedge">Browser/SyncFavoritesBetweenIEAndMicrosoftEdge</a>
   </dd>
+  <dd>
+    <a href="#browser-unlockhomebutton">Browser/UnlockHomeButton</a>
+  </dd>
   <dd>
     <a href="#browser-usesharedfolderforbooks">Browser/UseSharedFolderForBooks</a>
   </dd>
@@ -183,9 +239,8 @@ ms.date: 06/21/2018
 <!--Description-->
 Added in Windows 10, version 1703. 
 
-By default, Microsoft Edge shows the Address bar drop-down list and makes it available.  When enabled (default setting), this policy takes precedence over the [Browser/AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) policy. If you want to minimize network connections from Microsoft Edge to Microsoft service, we recommend disabling this policy, which hides the Address bar drop-down list functionality. When disabled, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings.  
+[!INCLUDE [allow-address-bar-drop-down-shortdesc](../../../browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md)]
 
-Most restricted value is 0.
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -197,11 +252,12 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
--   0 – Not allowed. Address bar drop-down is disabled, which also disables the user-defined setting, "Show search and site suggestions as I type." 
--   1 (default) – Allowed. Address bar drop-down is enabled.
+-   0 – Prevented/not allowed. Hide the Address bar drop-down functionality and disable the _Show search and site suggestions as I type_ toggle in Settings. 
+-   1 (default) – Allowed. Show the Address bar drop-down list and make it available.
 
+Most restricted value: 0
 <!--/SupportedValues-->
 <!--/Policy-->
 
@@ -244,9 +300,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-By default, users can choose to use Autofill for filling in form fields automatically.  With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill. 
-
-Most restricted value is 0.
+[!INCLUDE [configure-autofill-shortdesc](../../../browsers/edge/shortdesc/configure-autofill-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -258,11 +312,13 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
--   0 – Not allowed.
+-  Blank - Users can choose to use AutoFill.
+-   0 – Prevented/not allowed.
 -   1 (default) – Allowed.
 
+Most restricted value: 0 
 <!--/SupportedValues-->
 <!--Validation-->
 To verify AllowAutofill is set to 0 (not allowed):
@@ -317,17 +373,18 @@ To verify AllowAutofill is set to 0 (not allowed):
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead.
 
-By default, the device allows Microsoft Edge on Windows 10 Mobile. Disabling this policy disables the Microsoft Edge tile, and when clicking the tile, a message opens indicating that the administrator disabled Internet browsing.
+The device allows Microsoft Edge on Windows 10 Mobile by default. With this policy, you can disable the Microsoft Edge tile, and when clicking the tile, a message opens indicating that the administrator disabled Internet browsing.
+
 
-Most restricted value is 0.
 
 <!--/Description-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
--   0 – Not allowed.
+-   0 – Prevented/not allowed.
 -   1 (default) – Allowed.
 
+Most restricted value: 0
 <!--/SupportedValues-->
 <!--/Policy-->
 
@@ -370,14 +427,14 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-By default, Microsoft Edge automatically updates the configuration data for the Books Library.  Enabling this policy prevents Microsoft Edge from updating the configuration data. 
+Microsoft Edge automatically updates the configuration data for the Books Library. Disabling this policy prevents Microsoft Edge from updating the configuration data. 
 
 <!--/Description-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
--   0 - Disable. Microsoft Edge cannot retrieve a configuration
--   1 - Enable (default). Microsoft Edge can retrieve a configuration for Books Library
+-   0 - Prevented/not allowed.
+-   1 (default). Allowed. Microsoft Edge updates the configuration data for the Books Library automatically.
 
 <!--/SupportedValues-->
 <!--/Policy-->
@@ -437,7 +494,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 – Block all cookies from all sites.
 -   1 – Block only cookies from third party websites.
@@ -511,7 +568,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 – Not allowed.
 -   1 (default) – Allowed.
@@ -572,13 +629,12 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -	Blank/Null (default) Not configured - Does not send tracking information, but allow users to choose whether to send tracking information to sites they visit.
 -	0 (Disabled) - Never sends tracking information.
 -	1 (Enabled) - Sends tracking information, including to the third parties whose content may be hosted on the sites visited.
 
-
 <!--/SupportedValues-->
 <!--Validation-->
 To verify AllowDoNotTrack is set to 0 (not allowed):
@@ -642,7 +698,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 – Not allowed.
 -   1 (default) – Allowed.
@@ -701,7 +757,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 – Not allowed.
 -   1 (default) – Allowed.
@@ -760,7 +816,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 – Adobe Flash content is automatically loaded and run by Microsoft Edge.
 -   1 (default) – Users must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.
@@ -770,6 +826,72 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="browser-allowfullscreenmode"></a>**Browser/AllowFullScreenMode**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Next Windows 10 major release<p>
+Microsoft Edge allows full-screen mode by default, which shows only the web content and hides the Microsoft Edge UI. When allowing full-screen mode, users and extensions must have the proper permissions. Disabling this policy prevents full-screen mode in Microsoft Edge.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow FullScreen Mode*
+-   GP name: *AllowFullScreenMode*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Allowed values:
+- 0 - Prevented/not allowed
+- 1 (default) - Allowed
+
+Most restricted value: 0
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="browser-allowinprivate"></a>**Browser/AllowInPrivate**  
 
@@ -821,7 +943,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 – Not allowed.
 -   1 (default) – Allowed.
@@ -885,7 +1007,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 – Not enabled.
 -   1 (default) – Enabled.
@@ -946,7 +1068,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 – Not allowed.
 -   1 (default) – Allowed.
@@ -1016,7 +1138,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 (default) – Pop-up blocker is not allowed. It means that pop-up browser windows are allowed.
 -   1 – Pop-up blocker is allowed or enabled. It means that pop-up browser windows are blocked.
@@ -1035,6 +1157,204 @@ To verify AllowPopups is set to 0 (not allowed):
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="browser-allowprelaunch"></a>**Browser/AllowPrelaunch**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Next Windows 10 major release<p>
+Microsoft Edge pre-launches during Windows startup when the system is idle, and each time Microsoft Edge closes by default. When Microsoft Edge pre-launches, it runs as a background process waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent Microsoft Edge from pre-launching.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed*
+-   GP name: *AllowPrelaunch*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Allowed values:
+- 0 - Prevented/not allowed
+- 1 (default) - Allowed
+
+Most restricted value: 0
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="browser-allowprinting"></a>**Browser/AllowPrinting**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Next Windows 10 major release<p>
+Microsoft Edge allows users to print web content by default. With this policy though, you can configure Microsoft Edge to prevent users from printing web content. 
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow printing*
+-   GP name: *AllowPrinting*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Allowed values:
+- 0 - Prevented/not allowed
+- 1 (default) - Allowed
+
+Most restricted value: 0
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="browser-allowsavinghistory"></a>**Browser/AllowSavingHistory**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Next Windows 10 major release<p>
+Microsoft Edge saves the browsing history of visited websites and shows them in the History pane by default. Disabling this policy prevents Microsoft Edge from saving the browsing history. If browsing history existed before disabling this policy, the previous browsing history remains in the History pane. Disabling this policy does not stop roaming of existing browsing history or browsing history from other devices.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Saving History*
+-   GP name: *AllowSavingHistory*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Allowed values:
+- 0 - Prevented/not allowed
+- 1 (default) - Allowed
+
+Most restricted value: 0
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="browser-allowsearchenginecustomization"></a>**Browser/AllowSearchEngineCustomization**  
 
@@ -1088,7 +1408,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 – Not allowed.
 -   1 (default) – Allowed.
@@ -1149,7 +1469,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 – Not allowed.
 -   1 (default) – Allowed.
@@ -1159,6 +1479,73 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="browser-allowsideloadingofextensions"></a>**Browser/AllowSideloadingOfExtensions**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Next Windows 10 major release<p>
+By default, Microsoft Edge allows sideloading, which installs and runs unverified extensions. Disabling this policy prevents sideloading of extensions but does not prevent sideloading using Add-AppxPackage via PowerShell. You can only install extensions through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage).
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Sideloading of extension*
+-   GP name: *AllowSideloadingOfExtensions*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Allowed values:
+
+- 0 - Prevented, but does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, enable ApplicationManagement/AllowDeveloperUnlock.
+- 1 (default) - Allowed.
+
+Most restricted value: 0
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="browser-allowsmartscreen"></a>**Browser/AllowSmartScreen**  
 
@@ -1210,7 +1597,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 – Not allowed.
 -   1 (default) – Allowed.
@@ -1229,6 +1616,142 @@ To verify AllowSmartScreen is set to 0 (not allowed):
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="browser-allowtabpreloading"></a>**Browser/AllowTabPreloading**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Next Windows 10 major release<p>
+Microsoft Edge allows preloading of the Start and New tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs.
+
+
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed*
+-   GP name: *AllowTabPreloading*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Allowed values:
+
+- 0 (default) - Allowed. Preload Start and New tab pages.
+- 1 - Prevented/not allowed.
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="browser-allowwebcontentonnewtabpage"></a>**Browser/AllowWebContentOnNewTabPage**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Next Windows 10 major release<p>
+
+This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page.
+
+If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.
+
+If you disable this setting, Microsoft Edge opens a new tab with a blank page. If you use this setting, employees can't change it.
+
+If you don't configure this setting, employees can choose how new tabs appears.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow web content on New Tab page*
+-   GP name: *AllowWebContentOnNewTabPage*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="browser-alwaysenablebookslibrary"></a>**Browser/AlwaysEnableBooksLibrary**  
 
@@ -1278,7 +1801,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 (default) - Disable. Use default visibility of the Books Library. The Library will be only visible in countries or regions where it’s available.
 -   1 - Enable. Always show the Books Library, regardless of countries or region of activation.
@@ -1339,7 +1862,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 – (default) Browsing data is not cleared on exit. The type of browsing data to clear can be configured by the employee in the Clear browsing data options under Settings.
 -   1 – Browsing data is cleared on exit.
@@ -1418,7 +1941,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 (default) – Additional search engines are not allowed.
 -   1 – Additional search engines are allowed.
@@ -1428,6 +1951,436 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="browser-configurefavoritesbar"></a>**Browser/ConfigureFavoritesBar**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Next Windows 10 major release<p>
+
+Microsoft Edge hides the favorites bar by default but shows the favorites bar on the Start and New tab pages. Also, by default, the favorites bar toggle, in Settings, is set to Off but enabled allowing users to make changes. With this policy, you can configure Microsoft Edge to either show or hide the favorites bar on all pages.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Favorites Bar*
+-   GP name: *ConfigureFavoritesBar*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Allowed values:
+
+- Blank (default) - Hide the favorites bar but show it on the Start and New tab pages. The favorites bar toggle, in Settings, is set to Off but enabled allowing users to make changes.
+- 0 - Hide the favorites bar on all pages. Also, the favorites bar toggle, in Settings, is set to Off and disabled preventing users from making changes. Microsoft Edge also hides the “show bar/hide bar” option in the context menu.
+- 1 - Show the favorites bar on all pages. Also, the favorites bar toggle, in Settings, is set to On and disabled preventing users from making changes. Microsoft Edge also hides the “show bar/hide bar” option in the context menu.
+
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="browser-configurehomebutton"></a>**Browser/ConfigureHomeButton**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Next Windows 10 major release<p>
+
+Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the Home button to load the New tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button. 
+
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Home Button*
+-   GP name: *ConfigureHomeButton*
+-   GP element: *ConfigureHomeButtonDropdown*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Allowed values:
+
+- 0 (default) - Show the home button and load the Start page.
+- 1 - Show the home button and load the New tab page.
+- 2 - Show the home button and load the custom URL defined in the Set Home Button URL policy.
+- 3 - Hide the home button.
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="browser-configurekioskmode"></a>**Browser/ConfigureKioskMode**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Next Windows 10 major release<p>
+Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single-app or as one of many apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with limited functionality, or normal Microsoft Edge.
+
+For this policy to work, you must configure Microsoft Edge in assigned access; otherwise, Microsoft Edge ignores the settings in this policy. To learn more about assigned access and kiosk configuration, see [Configure kiosk and shared devices running Windows desktop editions](https://aka.ms/E489vw).
+
+
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure kiosk mode*
+-   GP name: *ConfigureKioskMode*
+-   GP element: *ConfigureKioskMode_TextBox*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Allowed values:
+
+**0 (Default or not configured)**:
+- If it’s a single app, it runs InPrivate full screen for digital signage or interactive displays.
+- If it’s one of many apps, Microsoft Edge runs as normal.
+
+**1**:
+- If it’s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy.
+- If it’s one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can’t customize Microsoft Edge.
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="browser-configurekioskresetafteridletimeout"></a>**Browser/ConfigureKioskResetAfterIdleTimeout**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Next Windows 10 major release<p>
+You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data.
+
+You must set the Configure kiosk mode policy to enabled (1 - InPrivate public browsing) and configure Microsoft Edge as a single-app in assigned access for this policy to take effect; otherwise, Microsoft Edge ignores this setting. To learn more about assigned access and kiosk configuration, see [Configure kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shared-pc).
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure kiosk reset after idle timeout*
+-   GP name: *ConfigureKioskResetAfterIdleTimeout*
+-   GP element: *ConfigureKioskResetAfterIdleTimeout_TextBox*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Allowed values:
+-   **Any integer from 1-1440 (5 minutes is the default)** – The time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration. A confirmation dialog displays for the user to cancel or continue and automatically continues after 30 seconds.
+
+-   **0** – No idle timer.
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="browser-configureopenmicrosoftedgewith"></a>**Browser/ConfigureOpenMicrosoftEdgeWith**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Next Windows 10 major release<p>
+
+By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allow users to make changes. With this policy, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy.
+
+**Version 1703 or later**:<br>
+If you don't want to send traffic to Microsoft, use the <about:blank> value, which honors both domain and non domain-joined devices when it's the only configured URL.
+
+
+**Version 1810**:<br>
+When you enable this policy and select an option, and also enable the Configure Start Pages policy, Microsoft Edge ignores the Configure Start Page policy.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Open Microsoft Edge With*
+-   GP name: *ConfigureOpenEdgeWith*
+-   GP element: *ConfigureOpenEdgeWithListBox*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Allowed values:
+
+- Blank - If you don't configure this policy and you enable the Disable Lockdown of Start Pages policy, users can change or customize the Start page.
+- 0 - Loads the Start page.
+- 1 - Load the New tab page.
+- 2 - Load the previous pages.
+- 3 (default) - Load a specific page or pages.
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="browser-configuretelemetryformicrosoft365analytics"></a>**Browser/ConfigureTelemetryForMicrosoft365Analytics**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Next Windows 10 major release<p>
+Microsoft Edge does not send browsing history data to Microsoft 365 Analytics by default. With this policy though, you can configure Microsoft Edge to send intranet history only, internet history only, or both to Microsoft 365 Analytics for enterprise devices with a configured Commercial ID.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure collection of browsing data for Microsoft 365 Analytics*
+-   GP name: *ConfigureTelemetryForMicrosoft365Analytics*
+-   GP element: *ZonesListBox*
+-   GP path: *Data Collection and Preview Builds*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Allowed values:
+
+- 0 (default) - Microsoft Edge does not collect or send browsing history data.
+- 1 - Send intranet history only.
+- 2 - Send Internet history only.
+- 3 - Send both intranet and Internet history.
+
+Most restricted value: 0
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="browser-disablelockdownofstartpages"></a>**Browser/DisableLockdownOfStartPages**  
 
@@ -1485,7 +2438,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 (default) – Enable lockdown of the Start pages according to the settings specified in the Browser/HomePages policy. Users cannot change the Start pages. 
 -   1  – Disable lockdown of the Start pages and allow users to modify them.
@@ -1546,7 +2499,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 (default) - Disable. No additional diagnostic data.
 -   1 - Enable. Additional diagnostic data for schools.
@@ -1610,7 +2563,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   Not configured. The device checks for updates from Microsoft Update.
 -   Set to a URL location of the enterprise site list.
@@ -1717,6 +2670,66 @@ The default value is an empty string. Otherwise, the string should contain the U
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="browser-forceenabledextensions"></a>**Browser/ForceEnabledExtensions**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This setting lets you decide which extensions should be always enabled.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *ForceEnabledExtensions*
+-   GP element: *ForceEnabledExtensions_List*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="browser-homepages"></a>**Browser/HomePages**  
 
@@ -1838,7 +2851,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 - Disabled. Do not lockdown Favorites.
 -   1 - Enabled. Lockdown Favorites.
@@ -1897,7 +2910,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 (default) – Users can access the about:flags page in Microsoft Edge.
 -   1 – Users can't access the about:flags page in Microsoft Edge.
@@ -1907,6 +2920,73 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="browser-preventcerterroroverrides"></a>**Browser/PreventCertErrorOverrides**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Next Windows 10 major release<p>
+Web security certificates are used to ensure a site that users go to is legitimate, and in some circumstances, encrypts the data. By default, Microsoft Edge allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent certificate error overrides*
+-   GP name: *PreventCertErrorOverrides*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Allowed values:
+
+- 0 (default) - Allowed/turned on. Override the security warning to sites that have SSL errors.
+- 1 - Prevented/turned on.
+
+Most restricted value: 1
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="browser-preventfirstrunpage"></a>**Browser/PreventFirstRunPage**  
 
@@ -1958,7 +3038,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 (default) – Employees see the First Run webpage. 
 -   1 – Employees don't see the First Run webpage.
@@ -2019,7 +3099,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 (default) – Microsoft servers will be contacted if a site is pinned to Start from Microsoft Edge.
 -   1 – Microsoft servers will not be contacted if a site is pinned to Start from Microsoft Edge.
@@ -2080,7 +3160,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 (default) – Off.
 -   1 – On.
@@ -2139,7 +3219,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 (default) – Off.
 -   1 – On.
@@ -2186,7 +3266,10 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1803. This is only a placeholder. Do not use in production code.
+Added in Windows 10, version 1803. <p>
+
+
+
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -2198,7 +3281,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 (default) – Allow pre-launch and preload.
 -   1 – Prevent pre-launch and preload.
@@ -2261,7 +3344,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 (default) – The localhost IP address is shown.
 -   1 – The localhost IP address is hidden.
@@ -2392,12 +3475,11 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 - 0 (default) - All websites, including intranet sites, open in Microsoft Edge automatically.
 - 1 - Only intranet sites open in Internet Explorer 11 automatically.
 
-
 <!--/SupportedValues-->
 <!--/Policy-->
 
@@ -2463,7 +3545,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 (default) - The default search engine is set to the one specified in App settings.
 -   1 - Allows you to configure the default search engine for your employees.
@@ -2473,6 +3555,141 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="browser-sethomebuttonurl"></a>**Browser/SetHomeButtonURL**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Next Windows 10 major release<p>
+
+By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Set Home Button URL*
+-   GP name: *SetHomeButtonURL*
+-   GP element: *SetHomeButtonURLPrompt*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Allowed values:
+
+- Blank (default) - Show the home button and loads the Start page and locks down the home button to prevent users from changing what page loads.
+- String - A custom URL loads when clicking the home button. You must also enable the Configure Home Button policy and select the _Show home button & set a specific page_ option. Enter a URL in string format, for example, https://www.msn.com.
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="browser-setnewtabpageurl"></a>**Browser/SetNewTabPageURL**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Next Windows 10 major release<p>
+
+Microsoft Edge loads the default New tab page by default. Enabling this policy lets you set a New tab page URL in Microsoft Edge, preventing users from changing it. When you enable this policy, and you disable the Allow web content on New tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank. 
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Set New Tab page URL*
+-   GP name: *SetNewTabPageURL*
+-   GP element: *SetNewTabPageURLPrompt*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Allowed values:
+
+- Blank (default) - Load the default New tab page.
+- String - Prevent users from changing the New tab page. Enter a URL in string format, for example, https://www.msn.com.
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="browser-showmessagewhenopeningsitesininternetexplorer"></a>**Browser/ShowMessageWhenOpeningSitesInInternetExplorer**  
 
@@ -2514,9 +3731,7 @@ The following list shows the supported values:
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
 
 
-Added in Windows 10, version 1607. Specifies whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site List.
-
-Most restricted value is 0.
+Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the “Keep going in Microsoft Edge” link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -2528,11 +3743,13 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
--   0 (default) – Interstitial pages are not shown.
--   1 – Interstitial pages are shown.
+-   0 (default) – No additional message displays.
+-   1 – Show an additional message stating that a site has opened in IE11.
+-   2 - Show an additional message with a "Keep going in Microsoft Edge" link.
 
+Most restricted value: 0
 <!--/SupportedValues-->
 <!--/Policy-->
 
@@ -2592,7 +3809,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 (default) – Synchronization is off.
 -   1 – Synchronization is on.
@@ -2612,6 +3829,73 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="browser-unlockhomebutton"></a>**Browser/UnlockHomeButton**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Next Windows 10 major release<p>
+
+By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies. 
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Unlock Home Button*
+-   GP name: *UnlockHomeButton*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Allowed values:
+
+- 0 (default) - Lock down the home button to prevent users from making changes.
+- 1 - Let users make changes.
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="browser-usesharedfolderforbooks"></a>**Browser/UseSharedFolderForBooks**  
 
@@ -2661,7 +3945,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:
+Allowed values:
 
 -   0 - No shared folder.
 -   1 - Use a shared folder.
@@ -2676,6 +3960,7 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
+-   5 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index 0cef60bd72..1295ab27a3 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -67,7 +67,8 @@ Added in Windows 10, version 1803. This policy allows the IT admin to control wh
 > [!Note]  
 > MDMWinsOverGP only applies to policies in Policy CSP. It does not apply to other MDM settings with equivalent GP settings that are defined on other configuration service providers.
 
-This policy is used to ensure that MDM policy wins over GP when same setting is set by both GP and MDM channel. This policy doesn’t support Delete command. This policy doesn’t support setting the value to be 0 again after it was previously set 1. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
+This policy is used to ensure that MDM policy wins over GP when same setting is set by both GP and MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
+Note: This policy doesn’t support Delete command. This policy doesn’t support setting the value to be 0 again after it was previously set 1. In Windows 10, next major version, Delete command and setting the value to be 0 again if it was previously set to 1 will be supported.
 
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md
index 3fa83ab1c8..285c21097a 100644
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 03/12/2018
+ms.date: 07/13/2018
 ---
 
 # Policy CSP - DataUsage
@@ -33,67 +33,11 @@ ms.date: 03/12/2018
 <!--Policy-->
 <a href="" id="datausage-setcost3g"></a>**DataUsage/SetCost3G**  
 
-<!--SupportedSKUs-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
 <!--Description-->
-This policy setting configures the cost of 3G connections on the local machine.
-
-If this policy setting is enabled, a drop-down list box presenting possible cost values will be active.  Selecting one of the following values from the list will set the cost of all 3G connections on the local machine:
-
-- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. 
-
-- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. 
-
-- Variable: This connection is costed on a per byte basis.
-
-If this policy setting is disabled or is not configured, the cost of 3G connections is Fixed by default.
+This policy is deprecated in Windows 10, next major version.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Set 3G Cost*
--   GP name: *SetCost3G*
--   GP path: *Network/WWAN Service/WWAN Media Cost*
--   GP ADMX file name: *wwansvc.admx*
-
-<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index e9f70080d3..dd2367d211 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -6,11 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 05/14/2018
+ms.date: 07/03/2018
 ---
 
 # Policy CSP - Defender
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 
 <hr/>
@@ -67,6 +69,9 @@ ms.date: 05/14/2018
   <dd>
     <a href="#defender-avgcpuloadfactor">Defender/AvgCPULoadFactor</a>
   </dd>
+  <dd>
+    <a href="#defender-checkforsignaturesbeforerunningscan">Defender/CheckForSignaturesBeforeRunningScan</a>
+  </dd>
   <dd>
     <a href="#defender-cloudblocklevel">Defender/CloudBlockLevel</a>
   </dd>
@@ -82,9 +87,18 @@ ms.date: 05/14/2018
   <dd>
     <a href="#defender-daystoretaincleanedmalware">Defender/DaysToRetainCleanedMalware</a>
   </dd>
+  <dd>
+    <a href="#defender-disablecatchupfullscan">Defender/DisableCatchupFullScan</a>
+  </dd>
+  <dd>
+    <a href="#defender-disablecatchupquickscan">Defender/DisableCatchupQuickScan</a>
+  </dd>
   <dd>
     <a href="#defender-enablecontrolledfolderaccess">Defender/EnableControlledFolderAccess</a>
   </dd>
+  <dd>
+    <a href="#defender-enablelowcpupriority">Defender/EnableLowCPUPriority</a>
+  </dd>
   <dd>
     <a href="#defender-enablenetworkprotection">Defender/EnableNetworkProtection</a>
   </dd>
@@ -115,6 +129,12 @@ ms.date: 05/14/2018
   <dd>
     <a href="#defender-schedulescantime">Defender/ScheduleScanTime</a>
   </dd>
+  <dd>
+    <a href="#defender-signatureupdatefallbackorder">Defender/SignatureUpdateFallbackOrder</a>
+  </dd>
+  <dd>
+    <a href="#defender-signatureupdatefilesharessources">Defender/SignatureUpdateFileSharesSources</a>
+  </dd>
   <dd>
     <a href="#defender-signatureupdateinterval">Defender/SignatureUpdateInterval</a>
   </dd>
@@ -1101,6 +1121,78 @@ Valid values: 0–100
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="defender-checkforsignaturesbeforerunningscan"></a>**Defender/CheckForSignaturesBeforeRunningScan**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. 
+
+This setting applies to scheduled scans as well as the command line "mpcmdrun -SigUpdate", but it has no effect on scans initiated manually from the user interface.
+
+If you enable this setting, a check for new definitions will occur before running a scan.
+
+If you disable this setting or do not configure this setting, the scan will start using the existing definitions.
+
+Supported values:
+
+- 0 (default) - Disabled 
+- 1 - Enabled
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Check for the latest virus and spyware definitions before running a scheduled scan*
+-   GP name: *CheckForSignaturesBeforeRunningScan*
+-   GP element: *CheckForSignaturesBeforeRunningScan*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="defender-cloudblocklevel"></a>**Defender/CloudBlockLevel**  
 
@@ -1408,6 +1500,146 @@ Valid values: 0–90
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="defender-disablecatchupfullscan"></a>**Defender/DisableCatchupFullScan**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed.  Usually these scheduled scans are missed because the computer was turned off at the scheduled time. 
+
+If you enable this setting, catch-up scans for scheduled full scans will be turned on.  If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer.  If there is no scheduled scan configured, there will be no catch-up scan run. 
+
+If you disable or do not configure this setting, catch-up scans for scheduled full scans will be turned off.
+
+Supported values:
+
+- 0 - Disabled 
+- 1 - Enabled (default)
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn on catch-up full scan*
+-   GP name: *Scan_DisableCatchupFullScan*
+-   GP element: *Scan_DisableCatchupFullScan*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="defender-disablecatchupquickscan"></a>**Defender/DisableCatchupQuickScan**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed.  Usually these scheduled scans are missed because the computer was turned off at the scheduled time. 
+
+If you enable this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer.  If there is no scheduled scan configured, there will be no catch-up scan run.
+
+If you disable or do not configure this setting, catch-up scans for scheduled quick scans will be turned off.
+
+Supported values:
+
+- 0 - Disabled 
+- 1 - Enabled (default)
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn on catch-up quick scan*
+-   GP name: *Scan_DisableCatchupQuickScan*
+-   GP element: *Scan_DisableCatchupQuickScan*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="defender-enablecontrolledfolderaccess"></a>**Defender/EnableControlledFolderAccess**  
 
@@ -1471,6 +1703,76 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="defender-enablelowcpupriority"></a>**Defender/EnableLowCPUPriority**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows you to enable or disable low CPU priority for scheduled scans.
+
+If you enable this setting, low CPU priority will be used during scheduled scans.
+
+If you disable or do not configure this setting, not changes will be made to CPU priority for scheduled scans.
+
+Supported values:
+
+- 0 - Disabled (default)
+- 1 - Enabled 
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure low CPU priority for scheduled scans*
+-   GP name: *Scan_LowCpuPriority*
+-   GP element: *Scan_LowCpuPriority*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="defender-enablenetworkprotection"></a>**Defender/EnableNetworkProtection**  
 
@@ -2110,6 +2412,145 @@ Valid values: 0–1380.
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="defender-signatureupdatefallbackorder"></a>**Defender/SignatureUpdateFallbackOrder**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows you to define the order in which different definition update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources in order. 
+
+Possible values are: 
+
+- InternalDefinitionUpdateServer
+- MicrosoftUpdateServer
+- MMPC
+- FileShares
+
+For example: { InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }
+
+If you enable this setting, definition update sources will be contacted in the order specified. Once definition updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted.
+
+If you disable or do not configure this setting, definition update sources will be contacted in a default order.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Define the order of sources for downloading definition updates*
+-   GP name: *SignatureUpdate_FallbackOrder*
+-   GP element: *SignatureUpdate_FallbackOrder*
+-   GP path: *Windows Components/Windows Defender Antivirus/Signature Updates*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="defender-signatureupdatefilesharessources"></a>**Defender/SignatureUpdateFileSharesSources**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows you to configure UNC file share sources for downloading definition updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources. For example: "{\\unc1 | \\unc2 }". The list is empty by default.
+
+If you enable this setting, the specified sources will be contacted for definition updates. Once definition updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted.
+
+If you disable or do not configure this setting, the list will remain empty by default and no sources will be contacted.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Define file shares for downloading definition updates*
+-   GP name: *SignatureUpdate_DefinitionUpdateFileSharesSources*
+-   GP element: *SignatureUpdate_DefinitionUpdateFileSharesSources*
+-   GP path: *Windows Components/Windows Defender Antivirus/Signature Updates*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="defender-signatureupdateinterval"></a>**Defender/SignatureUpdateInterval**  
 
@@ -2319,6 +2760,7 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
+-   5 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md
new file mode 100644
index 0000000000..0d4c0d64c5
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-dmaguard.md
@@ -0,0 +1,111 @@
+---
+title: Policy CSP - DmaGuard
+description: Policy CSP - DmaGuard
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MariciaAlforque
+ms.date: 06/29/2018
+---
+
+# Policy CSP - DmaGuard
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+<hr/>
+
+<!--Policies-->
+## DmaGuard policies  
+
+<dl>
+  <dd>
+    <a href="#dmaguard-deviceenumerationpolicy">DmaGuard/DeviceEnumerationPolicy</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="dmaguard-deviceenumerationpolicy"></a>**DmaGuard/DeviceEnumerationPolicy**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy is intended to provide additional security against external DMA capable devices. It allows for more control over the enumeration of external DMA capable devices incompatible with DMA Remapping/device memory isolation and sandboxing. This policy only takes effect when Kernel DMA Protection is supported and enabled by the system firmware. Kernel DMA Protection is a platform feature that cannot be controlled via policy or by end user. It has to be supported by the system at the time of manufacturing. To check if the system supports Kernel DMA Protection, please check the Kernel DMA Protection field in the Summary page of MSINFO32.exe.
+
+> [!Note]   
+> This policy does not apply to 1394/Firewire, PCMCIA, CardBus, or ExpressCard devices.
+
+Supported values:
+
+0 - Block all (Most restrictive): Devices with DMA remapping compatible drivers will be allowed to enumerate at any time. Devices with DMA remapping incompatible drivers will never be allowed to start and perform DMA at any time.
+
+1 - Only after log in/screen unlock (Default): Devices with DMA remapping compatible drivers will be allowed to enumerate at any time. Devices with DMA remapping incompatible drivers will only be enumerated after the user unlocks the screen
+
+2 -  Allow all (Least restrictive): All external DMA capable PCIe devices will be enumerated at any time
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Enumeration policy for external devices incompatible with Kernel DMA Protection*
+-   GP name: *DmaGuardEnumerationPolicy*
+-   GP path: *System/Kernel DMA Protection*
+-   GP ADMX file name: *dmaguard.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
+-   5 - Added in the next major release of Windows 10.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index aca458292c..f2dec99193 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -6,11 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 05/14/2018
+ms.date: 07/13/2018
 ---
 
 # Policy CSP - Experience
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 
 <hr/>
@@ -19,6 +21,9 @@ ms.date: 05/14/2018
 ## Experience policies  
 
 <dl>
+  <dd>
+    <a href="#experience-allowclipboardhistory">Experience/AllowClipboardHistory</a>
+  </dd>
   <dd>
     <a href="#experience-allowcopypaste">Experience/AllowCopyPaste</a>
   </dd>
@@ -88,6 +93,77 @@ ms.date: 05/14/2018
 </dl>
 
 
+<hr/>
+
+<!--Policy-->
+<a href="" id="experience-allowclipboardhistory"></a>**Experience/AllowClipboardHistory**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Allows history of clipboard items to be stored in memory.
+
+Value type is integer. Supported values:  
+-  0 - Not allowed
+-  1 - Allowed (default)
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Clipboard History*
+-   GP name: *AllowClipboardHistory*
+-   GP path: *System/OS Policies*
+-   GP ADMX file name: *OSPolicy.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+**Validation procedure**  
+
+1. Configure Experiences/AllowClipboardHistory to 0.
+1. Open Notepad (or any editor app), select a text, and copy it to the clipboard.
+1. Press Win+V to open the clipboard history UI.
+1. You should not see any clipboard item including current item you copied.
+1. The setting under Settings App->System->Clipboard should be grayed out with policy warning.
+
+<!--/Validation-->
+<!--/Policy-->
+
 <hr/>
 
 <!--Policy-->
@@ -1313,6 +1389,7 @@ The following list shows the supported values:
 
 <!--/SupportedValues-->
 <!--/Policy-->
+
 <hr/>
 
 Footnote:
@@ -1321,6 +1398,7 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
+-   5 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index 20b484e71e..e7bdc48ee7 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -185,7 +185,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1703. Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files.
+Added in Windows 10, version 1703. Allows IT Admins to control whether users can ignore SmartScreen warnings and run malicious files.
 
 <!--/Description-->
 <!--ADMXMapped-->
diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md
new file mode 100644
index 0000000000..7001fe088f
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-taskmanager.md
@@ -0,0 +1,99 @@
+---
+title: Policy CSP - TaskManager
+description: Policy CSP - TaskManager
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MariciaAlforque
+ms.date: 07/05/2018
+---
+
+# Policy CSP - TaskManager
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+<hr/>
+
+<!--Policies-->
+## TaskManager policies  
+
+<dl>
+  <dd>
+    <a href="#taskmanager-allowendtask">TaskManager/AllowEndTask</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="taskmanager-allowendtask"></a>**TaskManager/AllowEndTask**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This setting determines whether non-administrators can use Task Manager to end tasks.
+
+Value type is integer. Supported values:  
+ -  0 - Disabled. EndTask functionality is blocked in TaskManager.
+ -  1 - Enabled (default).  Users can perform EndTask in TaskManager.
+
+<!--/Description-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+**Validation procedure:**  
+When this policy is set to 1 - users CAN execute 'End task' on processes in TaskManager 
+When the policy is set to 0 - users CANNOT execute 'End task' on processes in TaskManager
+
+<!--/Validation-->
+<!--/Policy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
+-   5 - Added in the next major release of Windows 10.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 85e5983698..ac056f8813 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -6,11 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 05/14/2018
+ms.date: 07/18/2018
 ---
 
 # Policy CSP - Update
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 
 <hr/>
@@ -46,6 +48,9 @@ ms.date: 05/14/2018
   <dd>
     <a href="#update-autorestartdeadlineperiodindays">Update/AutoRestartDeadlinePeriodInDays</a>
   </dd>
+  <dd>
+    <a href="#update-autorestartdeadlineperiodindaysforfeatureupdates">Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates</a>
+  </dd>
   <dd>
     <a href="#update-autorestartnotificationschedule">Update/AutoRestartNotificationSchedule</a>
   </dd>
@@ -79,12 +84,21 @@ ms.date: 05/14/2018
   <dd>
     <a href="#update-engagedrestartdeadline">Update/EngagedRestartDeadline</a>
   </dd>
+  <dd>
+    <a href="#update-engagedrestartdeadlineforfeatureupdates">Update/EngagedRestartDeadlineForFeatureUpdates</a>
+  </dd>
   <dd>
     <a href="#update-engagedrestartsnoozeschedule">Update/EngagedRestartSnoozeSchedule</a>
   </dd>
+  <dd>
+    <a href="#update-engagedrestartsnoozescheduleforfeatureupdates">Update/EngagedRestartSnoozeScheduleForFeatureUpdates</a>
+  </dd>
   <dd>
     <a href="#update-engagedrestarttransitionschedule">Update/EngagedRestartTransitionSchedule</a>
   </dd>
+  <dd>
+    <a href="#update-engagedrestarttransitionscheduleforfeatureupdates">Update/EngagedRestartTransitionScheduleForFeatureUpdates</a>
+  </dd>
   <dd>
     <a href="#update-excludewudriversinqualityupdate">Update/ExcludeWUDriversInQualityUpdate</a>
   </dd>
@@ -154,9 +168,18 @@ ms.date: 05/14/2018
   <dd>
     <a href="#update-setautorestartnotificationdisable">Update/SetAutoRestartNotificationDisable</a>
   </dd>
+  <dd>
+    <a href="#update-setdisablepauseuxaccess">Update/SetDisablePauseUXAccess</a>
+  </dd>
+  <dd>
+    <a href="#update-setdisableuxwuaccess">Update/SetDisableUXWUAccess</a>
+  </dd>
   <dd>
     <a href="#update-setedurestart">Update/SetEDURestart</a>
   </dd>
+  <dd>
+    <a href="#update-updatenotificationkioskmode">Update/UpdateNotificationKioskMode</a>
+  </dd>
   <dd>
     <a href="#update-updateserviceurl">Update/UpdateServiceUrl</a>
   </dd>
@@ -690,11 +713,21 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1703. This policy defines the deadline in days after which a reboot for updates will become mandatory.
+For Quality Updates, this policy specifies the deadline in days before automatically executing a scheduled restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart is scheduled.
 
-Supported values are 2-30 days.
+Value type is integer. Default is 7 days. 
 
-The default value is 7 days.
+Supported values range: 2-30.
+
+Note that the PC must restart for certain updates to take effect.
+
+If you enable this policy, a restart will automatically occur the specified number of days after the restart was scheduled.
+
+If you disable or do not configure this policy, the PC will restart according to the default schedule.
+
+If any of the following two policies are enabled, this policy has no effect:
+1. No auto-restart with logged on users for scheduled automatic updates installations.
+2. Always automatically restart at scheduled time.
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -710,6 +743,81 @@ ADMX Info:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="update-autorestartdeadlineperiodindaysforfeatureupdates"></a>**Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+For Feature Updates, this policy specifies the deadline in days before automatically executing a scheduled restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart is scheduled.
+
+Value type is integer. Default is 7 days. 
+
+Supported values range: 2-30.
+
+Note that the PC must restart for certain updates to take effect.
+
+If you enable this policy, a restart will automatically occur the specified number of days after the restart was scheduled.
+
+If you disable or do not configure this policy, the PC will restart according to the default schedule.
+
+If any of the following two policies are enabled, this policy has no effect:
+1. No auto-restart with logged on users for scheduled automatic updates installations.
+2. Always automatically restart at scheduled time.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify deadline before auto-restart for update installation*
+-   GP name: *AutoRestartDeadline*
+-   GP element: *AutoRestartDeadlineForFeatureUpdates*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="update-autorestartnotificationschedule"></a>**Update/AutoRestartNotificationSchedule**  
 
@@ -1402,11 +1510,20 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period.  If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (pending user scheduling).
+For Quality Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period.
 
-Supported values are 2-30 days.
+Value type is integer. Default is 14.
 
-The default value is 0 days (not specified).
+Supported value range: 2 - 30.
+
+If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (e.g. pending user scheduling).
+
+If you disable or do not configure this policy, the default behaviors will be used.
+
+If any of the following policies are configured, this policy has no effect:
+1. No auto-restart with logged on users for scheduled automatic updates installations
+2. Always automatically restart at scheduled time
+3. Specify deadline before auto-restart for update installation
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -1422,6 +1539,80 @@ ADMX Info:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="update-engagedrestartdeadlineforfeatureupdates"></a>**Update/EngagedRestartDeadlineForFeatureUpdates**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+For Feature Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period.
+
+Value type is integer. Default is 14.
+
+Supported value range: 2 - 30.
+
+If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (e.g. pending user scheduling).
+
+If you disable or do not configure this policy, the default behaviors will be used.
+
+If any of the following policies are configured, this policy has no effect:
+1. No auto-restart with logged on users for scheduled automatic updates installations
+2. Always automatically restart at scheduled time
+3. Specify deadline before auto-restart for update installation
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify Engaged restart transition and notification schedule for updates*
+-   GP name: *EngagedRestartTransitionSchedule*
+-   GP element: *EngagedRestartDeadlineForFeatureUpdates*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="update-engagedrestartsnoozeschedule"></a>**Update/EngagedRestartSnoozeSchedule**  
 
@@ -1458,11 +1649,18 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications.
+For Quality Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.
 
-Supported values are 1-3 days.
+Value type is integer. Default is 3 days.
 
-The default value is 3 days.
+Supported value range: 1 - 3.
+
+If you disable or do not configure this policy, the default behaviors will be used.
+
+If any of the following policies are configured, this policy has no effect:
+1. No auto-restart with logged on users for scheduled automatic updates installations
+2. Always automatically restart at scheduled time
+3. Specify deadline before auto-restart for update installation
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -1478,6 +1676,78 @@ ADMX Info:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="update-engagedrestartsnoozescheduleforfeatureupdates"></a>**Update/EngagedRestartSnoozeScheduleForFeatureUpdates**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+For Feature Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.
+
+Value type is integer. Default is 3 days.
+
+Supported value range: 1 - 3.
+
+If you disable or do not configure this policy, the default behaviors will be used.
+
+If any of the following policies are configured, this policy has no effect:
+1. No auto-restart with logged on users for scheduled automatic updates installations
+2. Always automatically restart at scheduled time
+3. Specify deadline before auto-restart for update installation
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify Engaged restart transition and notification schedule for updates*
+-   GP name: *EngagedRestartTransitionSchedule*
+-   GP element: *EngagedRestartSnoozeScheduleForFeatureUpdates*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="update-engagedrestarttransitionschedule"></a>**Update/EngagedRestartTransitionSchedule**  
 
@@ -1514,11 +1784,18 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
+For Quality Updates, this policy specifies the timing before transitioning from Auto restarts scheduled_outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
 
-Supported values are 2-30 days.
+Value type is integer. 
 
-The default value is 7 days.
+Supported value range: 0 - 30.
+
+If you disable or do not configure this policy, the default behaviors will be used.
+
+If any of the following policies are configured, this policy has no effect:
+1. No auto-restart with logged on users for scheduled automatic updates installations
+2. Always automatically restart at scheduled time
+3. Specify deadline before auto-restart for update installation
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -1534,6 +1811,78 @@ ADMX Info:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="update-engagedrestarttransitionscheduleforfeatureupdates"></a>**Update/EngagedRestartTransitionScheduleForFeatureUpdates**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+For Feature Updates, this policy specifies the timing before transitioning from Auto restarts scheduled_outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
+
+Value type is integer.
+
+Supported value range: 0 - 30.
+
+If you disable or do not configure this policy, the default behaviors will be used.
+
+If any of the following policies are configured, this policy has no effect:
+1. No auto-restart with logged on users for scheduled automatic updates installations
+2. Always automatically restart at scheduled time
+3. Specify deadline before auto-restart for update installation
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify Engaged restart transition and notification schedule for updates*
+-   GP name: *EngagedRestartTransitionSchedule*
+-   GP element: *EngagedRestartTransitionScheduleForFeatureUpdates*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="update-excludewudriversinqualityupdate"></a>**Update/ExcludeWUDriversInQualityUpdate**  
 
@@ -2871,6 +3220,126 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="update-setdisablepauseuxaccess"></a>**Update/SetDisablePauseUXAccess**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy allows the IT admin to disable the "Pause Updates" feature. When this policy is enabled, the user cannot access the "Pause updates" feature.
+
+Value type is integer. Default is 0. Supported values 0, 1.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *SetDisablePauseUXAccess*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="update-setdisableuxwuaccess"></a>**Update/SetDisableUXWUAccess**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy allows the IT admin to remove access to scan Windows Update. When this policy is enabled, the user cannot access the Windows Update scan, download, and install features.
+
+Value type is integer. Default is 0. Supported values 0, 1.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *SetDisableUXWUAccess*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="update-setedurestart"></a>**Update/SetEDURestart**  
 
@@ -2929,6 +3398,74 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="update-updatenotificationkioskmode"></a>**Update/UpdateNotificationKioskMode**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy allows you to define what Windows Update notifications users see. This policy doesn’t control how and when updates are downloaded and installed.
+
+Valid values:  
+-  0 (default) – Use the default Windows Update notifications
+-  1 – Turn off all notifications, excluding restart warnings
+-  2 – Turn off all notifications, including restart warnings
+
+> [!Important]  
+> If you choose not to get update notifications and also define the policy “Configure Automatic Updates” so that devices aren’t automatically getting updates, neither you nor device users will be aware of critical security, quality, or feature updates, and your devices may be at risk.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Display options for update notifications*
+-   GP name: *UpdateNotificationKioskMode*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="update-updateserviceurl"></a>**Update/UpdateServiceUrl**  
 
@@ -3081,6 +3618,7 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
+-   5 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 
@@ -3099,11 +3637,18 @@ Footnote:
 
 -   [Update/AllowNonMicrosoftSignedUpdate](#update-allownonmicrosoftsignedupdate)  
 -   [Update/AllowUpdateService](#update-allowupdateservice)  
+-   [Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates](#update-autorestartdeadlineperiodindaysforfeatureupdates)  
+-   [Update/EngagedRestartDeadlineForFeatureUpdates](#update-engagedrestartdeadlineforfeatureupdates)  
+-   [Update/EngagedRestartSnoozeScheduleForFeatureUpdates](#update-engagedrestartsnoozescheduleforfeatureupdates)  
+-   [Update/EngagedRestartTransitionScheduleForFeatureUpdates](#update-engagedrestarttransitionscheduleforfeatureupdates)  
 -   [Update/PauseDeferrals](#update-pausedeferrals)  
 -   [Update/RequireDeferUpgrade](#update-requiredeferupgrade)  
 -   [Update/RequireUpdateApproval](#update-requireupdateapproval)  
 -   [Update/ScheduledInstallDay](#update-scheduledinstallday)  
 -   [Update/ScheduledInstallTime](#update-scheduledinstalltime)  
+-   [Update/SetDisablePauseUXAccess](#update-setdisablepauseuxaccess)  
+-   [Update/SetDisableUXWUAccess](#update-setdisableuxwuaccess)  
+-   [Update/UpdateNotificationKioskMode](#update-updatenotificationkioskmode)  
 -   [Update/UpdateServiceUrl](#update-updateserviceurl)  
 <!--EndIoTCore-->
 
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index fe63238f62..07a7954820 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 05/14/2018
+ms.date: 07/12/2018
 ---
 
 # Policy CSP - WindowsLogon
@@ -143,6 +143,31 @@ If you enable this policy setting, the PC's network connectivity state cannot be
 
 If you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows.
 
+Here is an example to enable this policy:
+
+``` syntax
+<SyncML xmlns="SYNCML:SYNCML1.2">
+  <SyncBody>
+    <Atomic>
+      <CmdID>300</CmdID>
+      <Replace>
+        <CmdID>301</CmdID>
+        <Item>
+          <Target>
+            <LocURI>./Device/Vendor/MSFT/Policy/Config/WindowsLogon/DontDisplayNetworkSelectionUI</LocURI>
+          </Target>
+          <Meta>
+            <Format xmlns="syncml:metinf">chr</Format>
+          </Meta>
+          <Data><![CDATA[<enabled/>]]></Data>
+        </Item>
+      </Replace>
+    </Atomic>
+    <Final/>
+  </SyncBody>
+</SyncML>
+```
+
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index 7c5fa15587..624c67cddb 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -7,12 +7,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 04/26/2018
+ms.date: 07/03/2018
 ---
 
 # Policy DDF file
 
-
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **Policy** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
@@ -25,7 +26,7 @@ You can download the DDF files from the links below:
 - [Download the Policy DDF file for Windows 10, version 1607 release 8C](http://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml)
 - [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)
 
-The XML below is the DDF for Windows 10, version 1803.
+The XML below is the DDF for Windows 10, next major version.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -51,7 +52,7 @@ The XML below is the DDF for Windows 10, version 1803.
         <Permanent />
       </Scope>
       <DFType>
-        <MIME>com.microsoft/7.0/MDM/Policy</MIME>
+        <MIME>com.microsoft/8.0/MDM/Policy</MIME>
       </DFType>
     </DFProperties>
     <Node>
@@ -640,6 +641,34 @@ The XML below is the DDF for Windows 10, version 1803.
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowFullScreenMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>With this policy, you can specify whether to allow full-screen mode, which shows only the web content and hides the Microsoft Edge UI.
+
+If enabled or not configured, full-screen mode is available for use in Microsoft Edge. Your users and extensions must have the proper permissions.
+
+If disabled, full-screen mode is unavailable for use in Microsoft Edge.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowInPrivate</NodeName>
           <DFProperties>
@@ -673,7 +702,7 @@ The XML below is the DDF for Windows 10, version 1803.
               <Get />
               <Replace />
             </AccessType>
-            <Description>This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat.
+            <Description>This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about&#58;compat.
 
 If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
 
@@ -740,6 +769,86 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowPrelaunch</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowPrinting</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>With this policy, you can restrict whether printing web content in Microsoft Edge is allowed.
+
+If enabled, printing is allowed.
+
+If disabled, printing is not allowed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowSavingHistory</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Microsoft Edge saves your user&apos;s browsing history, which is made up of info about the websites they visit, on their devices.
+
+If enabled or not configured, the browsing history is saved and visible in the History pane.
+
+If disabled, the browsing history stops saving and is not visible in the History pane. If browsing history exists before this policy was disabled, the previous browsing history remains visible in the History pane. This policy, when disabled, does not stop roaming of existing history or history coming from other roamed devices.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowSearchEngineCustomization</NodeName>
           <DFProperties>
@@ -793,6 +902,30 @@ This policy will only apply on domain joined machines or when the device is MDM
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowSideloadingOfExtensions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This setting lets you decide whether employees can sideload extensions in Microsoft Edge.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowSmartScreen</NodeName>
           <DFProperties>
@@ -817,6 +950,60 @@ This policy will only apply on domain joined machines or when the device is MDM
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowTabPreloading</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowWebContentOnNewTabPage</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page.
+
+If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.
+
+If you disable this setting, Microsoft Edge opens a new tab with a blank page. If you use this setting, employees can&apos;t change it.
+
+If you don&apos;t configure this setting, employees can choose how new tabs appears.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AlwaysEnableBooksLibrary</NodeName>
           <DFProperties>
@@ -878,7 +1065,7 @@ This policy will only apply on domain joined machines or when the device is MDM
 
 If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default.
 
-If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee's machine.
+If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee&apos;s machine.
 
 Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
             <DFFormat>
@@ -895,6 +1082,203 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>ConfigureFavoritesBar</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>The favorites bar shows your user&apos;s links to sites they have added to it. With this policy, you can specify whether to set the favorites bar to always be visible or hidden on any page.
+
+If enabled, favorites bar is always visible on any page, and the favorites bar toggle in Settings sets to On, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings. The show bar/hide bar option is hidden from the context menu.
+
+If disabled, the favorites bar is hidden, and the favorites bar toggle resets to Off, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings.
+
+If not configured, the favorites bar is hidden but is visible on the Start and New Tab pages, and the favorites bar toggle in Settings sets to Off but is enabled allowing the user to make changes.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureHomeButton</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>The Home button loads either the default Start page, the New tab page, or a URL defined in the Set Home Button URL policy.
+
+By default, this policy is disabled or not configured and clicking the home button loads the default Start page.
+
+When enabled, the home button is locked down preventing your users from making changes in Microsoft Edge&apos;s UI settings. To let your users change the Microsoft Edge UI settings, enable the Unlock Home Button policy.
+
+If Enabled AND:
+- Show home button &amp; set to Start page is selected, clicking the home button loads the Start page.
+- Show home button &amp; set to New tab page is selected, clicking the home button loads a New tab page.
+- Show home button &amp; set a specific page is selected, clicking the home button loads the URL specified in the Set Home Button URL policy.
+- Hide home button is selected, the home button is hidden in Microsoft Edge.
+
+Default setting: Disabled or not configured
+Related policies:
+- Set Home Button URL
+- Unlock Home Button</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureKioskMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single app or as one of multiple apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with limited functionality, or normal Microsoft Edge.
+
+You need to configure Microsoft Edge in assigned access for this policy to take effect; otherwise, these settings are ignored. To learn more about assigned access and kiosk configuration, see “Configure kiosk and shared devices running Windows desktop editions” (https://aka.ms/E489vw).
+
+If enabled and set to 0 (Default or not configured):
+- If it’s a single app, it runs InPrivate full screen for digital signage or interactive displays.
+- If it’s one of many apps, Microsoft Edge runs as normal.
+If enabled and set to 1:
+- If it’s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy.
+- If it’s one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can’t customize Microsoft Edge.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureKioskResetAfterIdleTimeout</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>You can configure Microsoft Edge to reset to the configured start experience after a specified amount of idle time. The reset timer begins after the last user interaction. Resetting to the configured start experience deletes the current user’s browsing data.
+
+If enabled, you can set the idle time in minutes (0-1440). You must set the Configure kiosk mode policy to 1 and configure Microsoft Edge in assigned access as a single app for this policy to work. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge resets after 30 seconds.
+
+If you set this policy to 0, Microsoft Edge does not use an idle timer.
+
+If disabled or not configured, the default value is 5 minutes.
+
+If you do not configure Microsoft Edge in assigned access, then this policy does not take effect.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureOpenMicrosoftEdgeWith</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>You can configure Microsoft Edge to lock down the Start page, preventing users from changing or customizing it.
+
+If enabled, you can choose one of the following options:
+- Start page: the Start page loads ignoring the Configure Start Pages policy.
+- New tab page: the New tab page loads ignoring the Configure Start Pages policy.
+- Previous pages: all tabs the user had open when Microsoft Edge last closed loads ignoring the Configure Start Pages policy.
+- A specific page or pages: the URL(s) specified with Configure Start Pages policy load(s). If selected, you must specify at least one URL in Configure Start Pages; otherwise, this policy is ignored.
+
+When enabled, and you want to make changes, you must first set the Disable Lockdown of Start Pages to not configured, make the changes to the Configure Open Edge With policy, and then enable the Disable Lockdown of Start Pages policy.
+
+If disabled or not configured, and you enable the Disable Lockdown of Start Pages policy, your users can change or customize the Start page.
+
+Default setting: A specific page or pages (default)
+Related policies:
+-Disable Lockdown of Start Pages
+-Configure Start Pages</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureTelemetryForMicrosoft365Analytics</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Configures what browsing data will be sent to Microsoft 365 Analytics for devices belonging to an organization.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DisableLockdownOfStartPages</NodeName>
           <DFProperties>
@@ -904,12 +1288,14 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
               <Replace />
             </AccessType>
-            <Description>Boolean policy that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when Browser/HomePages policy is in effect.
+            <Description>You can configure Microsoft Edge to disable the lockdown of Start pages allowing users to change or customize their start pages.  To do this, you must also enable the Configure Start Pages or Configure Open Microsoft With policy. When enabled, all configured start pages are editable. Any Start page configured using the Configure Start pages policy is not locked down allowing users to edit their Start pages.
 
-Note: This policy has no effect when Browser/HomePages is not configured.
+If disabled or not configured, the Start pages configured in the Configure Start Pages policy cannot be changed and remain locked down.
 
-Important
-This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).</Description>
+Supported devices: Domain-joined or MDM-enrolled
+Related policy:
+- Configure Start Pages
+- Configure Open Microsoft Edge With</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -1020,6 +1406,30 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>ForceEnabledExtensions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This setting lets you decide which extensions should be always enabled.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>HomePages</NodeName>
           <DFProperties>
@@ -1029,12 +1439,24 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
               <Get />
               <Replace />
             </AccessType>
-            <Description>Configure the Start page URLs for your employees.
-Example:
-If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support.
-Encapsulate each string with greater than and less than characters like any other XML tag.
+            <Description>When you enable the Configure Open Microsoft Edge With policy, you can configure one or more Start pages. When you enable this policy, users are not allowed to make changes to their Start pages.
 
-Version 1703 or later:  If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL.</Description>
+If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format:
+
+      &lt;support.contoso.com&gt;&lt;support.microsoft.com&gt;
+
+If disabled or not configured, the webpages specified in App settings loads as the default Start pages.
+
+Version 1703 or later:
+If you do not want to send traffic to Microsoft, enable this policy and use the &lt;about&#58;blank&gt; value, which honors domain- and non-domain-joined devices, when it is the only configured URL.
+
+Version 1809:
+If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy.
+
+Supported devices: Domain-joined or MDM-enrolled
+Related policy:
+- Configure Open Microsoft Edge With
+- Disable Lockdown of Start Pages</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -1060,12 +1482,12 @@ Version 1703 or later:  If you don't want to send traffic to Microsoft, you ca
             </AccessType>
             <Description>This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.
 
-If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
+If you enable this setting, employees won&apos;t be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
 
 Important
-Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+Don&apos;t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
 
-If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list.</Description>
+If you disable or don&apos;t configure this setting (default), employees can add, import and make changes to the Favorites list.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -1089,7 +1511,35 @@ If you disable or don't configure this setting (default), employees can add, imp
               <Get />
               <Replace />
             </AccessType>
-            <Description>Prevent access to the about:flags page in Microsoft Edge.</Description>
+            <Description>Prevent access to the about&#58;flags page in Microsoft Edge.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>PreventCertErrorOverrides</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Web security certificates are used to ensure a site your users go to is legitimate, and in some circumstances encrypts the data. With this policy, you can specify whether to prevent users from bypassing the security warning to sites that have SSL errors.
+
+If enabled, overriding certificate errors are not allowed.
+
+If disabled or not configured, overriding certificate errors are allowed.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -1165,7 +1615,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
               <Replace />
             </AccessType>
-            <Description>Don't allow Windows Defender SmartScreen warning overrides</Description>
+            <Description>Don&apos;t allow Windows Defender SmartScreen warning overrides</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -1189,31 +1639,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
               <Replace />
             </AccessType>
-            <Description>Don't allow Windows Defender SmartScreen warning overrides for unverified files.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventTabPreloading</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed.</Description>
+            <Description>Don&apos;t allow Windows Defender SmartScreen warning overrides for unverified files.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -1263,12 +1689,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </AccessType>
             <Description>This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites.
 
-If you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
+If you enable this setting, you can set favorite URL&apos;s and favorite folders to appear on top of users&apos; favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
 
 Important
-Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+Don&apos;t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
 
-If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.</Description>
+If you disable or don&apos;t configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -1337,6 +1763,66 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>SetHomeButtonURL</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>The home button can be configured to load a custom URL when your user clicks the home button.
+
+If enabled, or configured, and the Configure Home Button policy is enabled, and the Show home button &amp; set a specific page is selected, a custom URL loads when your user clicks the home button.
+
+Default setting: Blank or not configured
+Related policy: Configure Home Button</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>SetNewTabPageURL</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>You can set the default New Tab page URL in Microsoft Edge.  Enabling this policy prevents your users from changing the New tab page setting. When enabled and the Allow web content on New Tab page policy is disabled, Microsoft Edge ignores the URL specified in this policy and opens about&#58;blank.
+
+If enabled, you can set the default New Tab page URL.
+
+If disabled or not configured, the default Microsoft Edge new tab page is used.
+
+Default setting:  Disabled or not configured
+Related policy: Allow web content on New Tab page</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>ShowMessageWhenOpeningSitesInInternetExplorer</NodeName>
           <DFProperties>
@@ -1346,7 +1832,16 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
               <Replace />
             </AccessType>
-            <Description>Show message when opening sites in Internet Explorer</Description>
+            <Description>You can configure Microsoft Edge to open a site automatically in Internet Explorer 11 and choose to display a notification before the site opens. If you want to display a notification, you must enable Configure the Enterprise Mode Site List or Send all intranets sites to Internet Explorer 11 or both.
+
+If enabled, the notification appears on a new page. If you want users to continue in Microsoft Edge, select the Show Keep going in Microsoft Edge option from the drop-down list under Options.
+
+If disabled or not configured, the default app behavior occurs and no additional page displays.
+
+Default setting: Disabled or not configured
+Related policies:
+-Configure the Enterprise Mode Site List
+-Send all intranet sites to Internet Explorer 11</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -1385,6 +1880,39 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>UnlockHomeButton</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>By default, when enabling Configure Home Button or Set Home Button URL, the home button is locked down to prevent your users from changing what page loads when clicking the home button. Use this policy to let users change the home button even when Configure Home Button or Set Home Button URL are enabled.
+
+If enabled, the UI settings for the home button are enabled allowing your users to make changes, including hiding and showing the home button as well as configuring a custom URL.
+
+If disabled or not configured, the UI settings for the home button are disabled preventing your users from making changes.
+
+Default setting: Disabled or not configured
+Related policy:
+-Configure Home Button
+-Set Home Button URL</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>UseSharedFolderForBooks</NodeName>
           <DFProperties>
@@ -1578,7 +2106,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
               <Replace />
             </AccessType>
-            <Description>This policy sets user's default printer</Description>
+            <Description>This policy sets user&apos;s default printer</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -7882,7 +8410,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
               <Replace />
             </AccessType>
-            <Description>Enable/disable kiosk browser's end session button.</Description>
+            <Description>Enable/disable kiosk browser&apos;s end session button.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -7906,7 +8434,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
               <Replace />
             </AccessType>
-            <Description>Enable/disable kiosk browser's home button.</Description>
+            <Description>Enable/disable kiosk browser&apos;s home button.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -7930,7 +8458,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
               <Replace />
             </AccessType>
-            <Description>Enable/disable kiosk browser's navigation buttons (forward/back).</Description>
+            <Description>Enable/disable kiosk browser&apos;s navigation buttons (forward/back).</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8086,6 +8614,52 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>Security</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>RecoveryEnvironmentAuthentication</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This policy controls the requirement of Admin Authentication in RecoveryEnvironment.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Settings</NodeName>
         <DFProperties>
@@ -8131,6 +8705,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>PageVisibilityList</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>Start</NodeName>
@@ -8177,6 +8775,78 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>ForceStartSize</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>HideAppList</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Setting the value of this policy to 1 or 2 collapses the app list. Setting the value of this policy to 3 removes the app list entirely. Setting the value of this policy to 2 or 3 disables the corresponding toggle in the Settings app.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>HideFrequentlyUsedApps</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>HidePeopleBar</NodeName>
           <DFProperties>
@@ -8201,6 +8871,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>HideRecentJumplists</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Enabling this policy hides recent jumplists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>HideRecentlyAddedApps</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>StartLayout</NodeName>
           <DFProperties>
@@ -8949,6 +9667,37 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowFullScreenMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>With this policy, you can specify whether to allow full-screen mode, which shows only the web content and hides the Microsoft Edge UI.
+
+If enabled or not configured, full-screen mode is available for use in Microsoft Edge. Your users and extensions must have the proper permissions.
+
+If disabled, full-screen mode is unavailable for use in Microsoft Edge.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowFullScreenMode</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowInPrivate</NodeName>
           <DFProperties>
@@ -8983,7 +9732,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
             </AccessType>
             <DefaultValue>1</DefaultValue>
-            <Description>This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat.
+            <Description>This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about&#58;compat.
 
 If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
 
@@ -9062,6 +9811,97 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowPrelaunch</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowPrelaunch</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowPrinting</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>With this policy, you can restrict whether printing web content in Microsoft Edge is allowed.
+
+If enabled, printing is allowed.
+
+If disabled, printing is not allowed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowPrinting</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowSavingHistory</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Microsoft Edge saves your user&apos;s browsing history, which is made up of info about the websites they visit, on their devices.
+
+If enabled or not configured, the browsing history is saved and visible in the History pane.
+
+If disabled, the browsing history stops saving and is not visible in the History pane. If browsing history exists before this policy was disabled, the previous browsing history remains visible in the History pane. This policy, when disabled, does not stop roaming of existing history or history coming from other roamed devices.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowSavingHistory</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowSearchEngineCustomization</NodeName>
           <DFProperties>
@@ -9121,6 +9961,34 @@ This policy will only apply on domain joined machines or when the device is MDM
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowSideloadingOfExtensions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>This setting lets you decide whether employees can sideload extensions in Microsoft Edge.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowSideloadingOfExtensions</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowSmartScreen</NodeName>
           <DFProperties>
@@ -9148,6 +10016,67 @@ This policy will only apply on domain joined machines or when the device is MDM
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowTabPreloading</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowTabPreloading</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowWebContentOnNewTabPage</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page.
+
+If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.
+
+If you disable this setting, Microsoft Edge opens a new tab with a blank page. If you use this setting, employees can&apos;t change it.
+
+If you don&apos;t configure this setting, employees can choose how new tabs appears.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowWebContentOnNewTabPage</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AlwaysEnableBooksLibrary</NodeName>
           <DFProperties>
@@ -9214,7 +10143,7 @@ This policy will only apply on domain joined machines or when the device is MDM
 
 If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default.
 
-If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee's machine.
+If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee&apos;s machine.
 
 Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
             <DFFormat>
@@ -9237,18 +10166,99 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>DisableLockdownOfStartPages</NodeName>
+          <NodeName>ConfigureFavoritesBar</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>The favorites bar shows your user&apos;s links to sites they have added to it. With this policy, you can specify whether to set the favorites bar to always be visible or hidden on any page.
+
+If enabled, favorites bar is always visible on any page, and the favorites bar toggle in Settings sets to On, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings. The show bar/hide bar option is hidden from the context menu.
+
+If disabled, the favorites bar is hidden, and the favorites bar toggle resets to Off, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings.
+
+If not configured, the favorites bar is hidden but is visible on the Start and New Tab pages, and the favorites bar toggle in Settings sets to Off but is enabled allowing the user to make changes.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureFavoritesBar</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureHomeButton</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Boolean policy that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when Browser/HomePages policy is in effect.
+            <Description>The Home button loads either the default Start page, the New tab page, or a URL defined in the Set Home Button URL policy.
 
-Note: This policy has no effect when Browser/HomePages is not configured.
+By default, this policy is disabled or not configured and clicking the home button loads the default Start page.
 
-Important
-This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).</Description>
+When enabled, the home button is locked down preventing your users from making changes in Microsoft Edge&apos;s UI settings. To let your users change the Microsoft Edge UI settings, enable the Unlock Home Button policy.
+
+If Enabled AND:
+- Show home button &amp; set to Start page is selected, clicking the home button loads the Start page.
+- Show home button &amp; set to New tab page is selected, clicking the home button loads a New tab page.
+- Show home button &amp; set a specific page is selected, clicking the home button loads the URL specified in the Set Home Button URL policy.
+- Hide home button is selected, the home button is hidden in Microsoft Edge.
+
+Default setting: Disabled or not configured
+Related policies:
+- Set Home Button URL
+- Unlock Home Button</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ConfigureHomeButtonDropdown</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureHomeButton</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureKioskMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single app or as one of multiple apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with limited functionality, or normal Microsoft Edge.
+
+You need to configure Microsoft Edge in assigned access for this policy to take effect; otherwise, these settings are ignored. To learn more about assigned access and kiosk configuration, see “Configure kiosk and shared devices running Windows desktop editions” (https://aka.ms/E489vw).
+
+If enabled and set to 0 (Default or not configured):
+- If it’s a single app, it runs InPrivate full screen for digital signage or interactive displays.
+- If it’s one of many apps, Microsoft Edge runs as normal.
+If enabled and set to 1:
+- If it’s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy.
+- If it’s one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can’t customize Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -9264,6 +10274,152 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ConfigureKioskMode_TextBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureKioskMode</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureKioskResetAfterIdleTimeout</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>5</DefaultValue>
+            <Description>You can configure Microsoft Edge to reset to the configured start experience after a specified amount of idle time. The reset timer begins after the last user interaction. Resetting to the configured start experience deletes the current user’s browsing data.
+
+If enabled, you can set the idle time in minutes (0-1440). You must set the Configure kiosk mode policy to 1 and configure Microsoft Edge in assigned access as a single app for this policy to work. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge resets after 30 seconds.
+
+If you set this policy to 0, Microsoft Edge does not use an idle timer.
+
+If disabled or not configured, the default value is 5 minutes.
+
+If you do not configure Microsoft Edge in assigned access, then this policy does not take effect.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1440"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ConfigureKioskResetAfterIdleTimeout_TextBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureKioskResetAfterIdleTimeout</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureOpenMicrosoftEdgeWith</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>3</DefaultValue>
+            <Description>You can configure Microsoft Edge to lock down the Start page, preventing users from changing or customizing it.
+
+If enabled, you can choose one of the following options:
+- Start page: the Start page loads ignoring the Configure Start Pages policy.
+- New tab page: the New tab page loads ignoring the Configure Start Pages policy.
+- Previous pages: all tabs the user had open when Microsoft Edge last closed loads ignoring the Configure Start Pages policy.
+- A specific page or pages: the URL(s) specified with Configure Start Pages policy load(s). If selected, you must specify at least one URL in Configure Start Pages; otherwise, this policy is ignored.
+
+When enabled, and you want to make changes, you must first set the Disable Lockdown of Start Pages to not configured, make the changes to the Configure Open Edge With policy, and then enable the Disable Lockdown of Start Pages policy.
+
+If disabled or not configured, and you enable the Disable Lockdown of Start Pages policy, your users can change or customize the Start page.
+
+Default setting: A specific page or pages (default)
+Related policies:
+-Disable Lockdown of Start Pages
+-Configure Start Pages</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ConfigureOpenEdgeWithListBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureOpenEdgeWith</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureTelemetryForMicrosoft365Analytics</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Configures what browsing data will be sent to Microsoft 365 Analytics for devices belonging to an organization.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ZonesListBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureTelemetryForMicrosoft365Analytics</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DisableLockdownOfStartPages</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>You can configure Microsoft Edge to disable the lockdown of Start pages allowing users to change or customize their start pages.  To do this, you must also enable the Configure Start Pages or Configure Open Microsoft With policy. When enabled, all configured start pages are editable. Any Start page configured using the Configure Start pages policy is not locked down allowing users to edit their Start pages.
+
+If disabled or not configured, the Start pages configured in the Configure Start Pages policy cannot be changed and remain locked down.
+
+Supported devices: Domain-joined or MDM-enrolled
+Related policy:
+- Configure Start Pages
+- Configure Open Microsoft Edge With</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DisableLockdownOfStartPagesListBox</MSFT:ADMXMappedElement>
             <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
             <MSFT:ADMXPolicyName>DisableLockdownOfStartPages</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
@@ -9372,6 +10528,34 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>ForceEnabledExtensions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This setting lets you decide which extensions should be always enabled.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ForceEnabledExtensions_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ForceEnabledExtensions</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>HomePages</NodeName>
           <DFProperties>
@@ -9379,12 +10563,24 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
               <Get />
             </AccessType>
             <DefaultValue></DefaultValue>
-            <Description>Configure the Start page URLs for your employees.
-Example:
-If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support.
-Encapsulate each string with greater than and less than characters like any other XML tag.
+            <Description>When you enable the Configure Open Microsoft Edge With policy, you can configure one or more Start pages. When you enable this policy, users are not allowed to make changes to their Start pages.
 
-Version 1703 or later:  If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL.</Description>
+If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format:
+
+      &lt;support.contoso.com&gt;&lt;support.microsoft.com&gt;
+
+If disabled or not configured, the webpages specified in App settings loads as the default Start pages.
+
+Version 1703 or later:
+If you do not want to send traffic to Microsoft, enable this policy and use the &lt;about&#58;blank&gt; value, which honors domain- and non-domain-joined devices, when it is the only configured URL.
+
+Version 1809:
+If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy.
+
+Supported devices: Domain-joined or MDM-enrolled
+Related policy:
+- Configure Open Microsoft Edge With
+- Disable Lockdown of Start Pages</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9414,12 +10610,12 @@ Version 1703 or later:  If you don't want to send traffic to Microsoft, you ca
             <DefaultValue>0</DefaultValue>
             <Description>This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.
 
-If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
+If you enable this setting, employees won&apos;t be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
 
 Important
-Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+Don&apos;t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
 
-If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list.</Description>
+If you disable or don&apos;t configure this setting (default), employees can add, import and make changes to the Favorites list.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -9446,7 +10642,7 @@ If you disable or don't configure this setting (default), employees can add, imp
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Prevent access to the about:flags page in Microsoft Edge.</Description>
+            <Description>Prevent access to the about&#58;flags page in Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -9466,6 +10662,37 @@ If you disable or don't configure this setting (default), employees can add, imp
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>PreventCertErrorOverrides</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Web security certificates are used to ensure a site your users go to is legitimate, and in some circumstances encrypts the data. With this policy, you can specify whether to prevent users from bypassing the security warning to sites that have SSL errors.
+
+If enabled, overriding certificate errors are not allowed.
+
+If disabled or not configured, overriding certificate errors are allowed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PreventCertErrorOverrides</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>PreventFirstRunPage</NodeName>
           <DFProperties>
@@ -9532,7 +10759,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Don't allow Windows Defender SmartScreen warning overrides</Description>
+            <Description>Don&apos;t allow Windows Defender SmartScreen warning overrides</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -9559,7 +10786,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Don't allow Windows Defender SmartScreen warning overrides for unverified files.</Description>
+            <Description>Don&apos;t allow Windows Defender SmartScreen warning overrides for unverified files.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -9579,34 +10806,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
-        <Node>
-          <NodeName>PreventTabPreloading</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventTabPreloading</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
         <Node>
           <NodeName>PreventUsingLocalHostIPAddressForWebRTC</NodeName>
           <DFProperties>
@@ -9643,12 +10842,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DefaultValue></DefaultValue>
             <Description>This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites.
 
-If you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
+If you enable this setting, you can set favorite URL&apos;s and favorite folders to appear on top of users&apos; favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
 
 Important
-Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+Don&apos;t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
 
-If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.</Description>
+If you disable or don&apos;t configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9729,6 +10928,74 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>SetHomeButtonURL</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>The home button can be configured to load a custom URL when your user clicks the home button.
+
+If enabled, or configured, and the Configure Home Button policy is enabled, and the Show home button &amp; set a specific page is selected, a custom URL loads when your user clicks the home button.
+
+Default setting: Blank or not configured
+Related policy: Configure Home Button</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>SetHomeButtonURLPrompt</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SetHomeButtonURL</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>SetNewTabPageURL</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>You can set the default New Tab page URL in Microsoft Edge.  Enabling this policy prevents your users from changing the New tab page setting. When enabled and the Allow web content on New Tab page policy is disabled, Microsoft Edge ignores the URL specified in this policy and opens about&#58;blank.
+
+If enabled, you can set the default New Tab page URL.
+
+If disabled or not configured, the default Microsoft Edge new tab page is used.
+
+Default setting:  Disabled or not configured
+Related policy: Allow web content on New Tab page</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>SetNewTabPageURLPrompt</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SetNewTabPageURL</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>ShowMessageWhenOpeningSitesInInternetExplorer</NodeName>
           <DFProperties>
@@ -9736,7 +11003,16 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Show message when opening sites in Internet Explorer</Description>
+            <Description>You can configure Microsoft Edge to open a site automatically in Internet Explorer 11 and choose to display a notification before the site opens. If you want to display a notification, you must enable Configure the Enterprise Mode Site List or Send all intranets sites to Internet Explorer 11 or both.
+
+If enabled, the notification appears on a new page. If you want users to continue in Microsoft Edge, select the Show Keep going in Microsoft Edge option from the drop-down list under Options.
+
+If disabled or not configured, the default app behavior occurs and no additional page displays.
+
+Default setting: Disabled or not configured
+Related policies:
+-Configure the Enterprise Mode Site List
+-Send all intranet sites to Internet Explorer 11</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -9749,7 +11025,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
             <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
@@ -9785,6 +11061,43 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>UnlockHomeButton</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>By default, when enabling Configure Home Button or Set Home Button URL, the home button is locked down to prevent your users from changing what page loads when clicking the home button. Use this policy to let users change the home button even when Configure Home Button or Set Home Button URL are enabled.
+
+If enabled, the UI settings for the home button are enabled allowing your users to make changes, including hiding and showing the home button as well as configuring a custom URL.
+
+If disabled or not configured, the UI settings for the home button are disabled preventing your users from making changes.
+
+Default setting: Disabled or not configured
+Related policy:
+-Configure Home Button
+-Set Home Button URL</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>UnlockHomeButton</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>UseSharedFolderForBooks</NodeName>
           <DFProperties>
@@ -9982,7 +11295,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
             </AccessType>
             <DefaultValue></DefaultValue>
-            <Description>This policy sets user's default printer</Description>
+            <Description>This policy sets user&apos;s default printer</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -17018,7 +18331,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Enable/disable kiosk browser's end session button.</Description>
+            <Description>Enable/disable kiosk browser&apos;s end session button.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -17043,7 +18356,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Enable/disable kiosk browser's home button.</Description>
+            <Description>Enable/disable kiosk browser&apos;s home button.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -17068,7 +18381,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Enable/disable kiosk browser's navigation buttons (forward/back).</Description>
+            <Description>Enable/disable kiosk browser&apos;s navigation buttons (forward/back).</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -17233,6 +18546,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>Security</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>RecoveryEnvironmentAuthentication</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This policy controls the requirement of Admin Authentication in RecoveryEnvironment.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Settings</NodeName>
         <DFProperties>
@@ -17279,6 +18637,33 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>PageVisibilityList</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:ADMXMapped>ControlPanel.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>SettingsPageVisibilityBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>ControlPanel~AT~ControlPanel</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SettingsPageVisibility</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>Start</NodeName>
@@ -17327,6 +18712,87 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>ForceStartSize</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ForceStartSize</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>HideAppList</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Setting the value of this policy to 1 or 2 collapses the app list. Setting the value of this policy to 3 removes the app list entirely. Setting the value of this policy to 2 or 3 disables the corresponding toggle in the Settings app.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>HideFrequentlyUsedApps</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>NoFrequentUsedPrograms</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>HidePeopleBar</NodeName>
           <DFProperties>
@@ -17355,6 +18821,62 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>HideRecentJumplists</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy hides recent jumplists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>NoRecentDocsHistory</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>HideRecentlyAddedApps</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>HideRecentlyAddedApps</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>StartLayout</NodeName>
           <DFProperties>
@@ -17497,7 +19019,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <Permanent />
       </Scope>
       <DFType>
-        <MIME>com.microsoft/7.0/MDM/Policy</MIME>
+        <MIME>com.microsoft/8.0/MDM/Policy</MIME>
       </DFType>
     </DFProperties>
     <Node>
@@ -18177,6 +19699,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>LaunchAppAfterLogOn</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are to be launched after logon.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>MSIAllowUserControlOverInstall</NodeName>
           <DFProperties>
@@ -18297,6 +19843,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>ScheduleForceRestartForUpdateFailures</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>AppRuntime</NodeName>
@@ -19131,6 +20701,78 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EnableFastFirstSignIn</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Specifies whether new non-admin AAD accounts should auto-connect to pre-created candidate local accounts</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableWebSignIn</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Specifies whether web-based sign in is allowed for logging in to Windows</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>PreferredAadTenantDomainName</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Specifies the preferred domain among available domains in the AAD tenant.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>Autoplay</NodeName>
@@ -19272,6 +20914,172 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>BITS</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>BandwidthThrottlingEndTime</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>BandwidthThrottlingStartTime</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>BandwidthThrottlingTransferRate</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>CostedNetworkBehaviorBackgroundPriority</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>CostedNetworkBehaviorForegroundPriority</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>JobInactivityTimeout</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Bluetooth</NodeName>
         <DFProperties>
@@ -19699,6 +21507,34 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowFullScreenMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>With this policy, you can specify whether to allow full-screen mode, which shows only the web content and hides the Microsoft Edge UI.
+
+If enabled or not configured, full-screen mode is available for use in Microsoft Edge. Your users and extensions must have the proper permissions.
+
+If disabled, full-screen mode is unavailable for use in Microsoft Edge.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowInPrivate</NodeName>
           <DFProperties>
@@ -19732,7 +21568,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
               <Replace />
             </AccessType>
-            <Description>This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat.
+            <Description>This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about&#58;compat.
 
 If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
 
@@ -19799,6 +21635,86 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowPrelaunch</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowPrinting</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>With this policy, you can restrict whether printing web content in Microsoft Edge is allowed.
+
+If enabled, printing is allowed.
+
+If disabled, printing is not allowed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowSavingHistory</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Microsoft Edge saves your user&apos;s browsing history, which is made up of info about the websites they visit, on their devices.
+
+If enabled or not configured, the browsing history is saved and visible in the History pane.
+
+If disabled, the browsing history stops saving and is not visible in the History pane. If browsing history exists before this policy was disabled, the previous browsing history remains visible in the History pane. This policy, when disabled, does not stop roaming of existing history or history coming from other roamed devices.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowSearchEngineCustomization</NodeName>
           <DFProperties>
@@ -19852,6 +21768,30 @@ This policy will only apply on domain joined machines or when the device is MDM
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowSideloadingOfExtensions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This setting lets you decide whether employees can sideload extensions in Microsoft Edge.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowSmartScreen</NodeName>
           <DFProperties>
@@ -19876,6 +21816,60 @@ This policy will only apply on domain joined machines or when the device is MDM
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowTabPreloading</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowWebContentOnNewTabPage</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page.
+
+If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.
+
+If you disable this setting, Microsoft Edge opens a new tab with a blank page. If you use this setting, employees can&apos;t change it.
+
+If you don&apos;t configure this setting, employees can choose how new tabs appears.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AlwaysEnableBooksLibrary</NodeName>
           <DFProperties>
@@ -19937,7 +21931,7 @@ This policy will only apply on domain joined machines or when the device is MDM
 
 If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default.
 
-If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee's machine.
+If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee&apos;s machine.
 
 Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
             <DFFormat>
@@ -19954,6 +21948,203 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>ConfigureFavoritesBar</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>The favorites bar shows your user&apos;s links to sites they have added to it. With this policy, you can specify whether to set the favorites bar to always be visible or hidden on any page.
+
+If enabled, favorites bar is always visible on any page, and the favorites bar toggle in Settings sets to On, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings. The show bar/hide bar option is hidden from the context menu.
+
+If disabled, the favorites bar is hidden, and the favorites bar toggle resets to Off, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings.
+
+If not configured, the favorites bar is hidden but is visible on the Start and New Tab pages, and the favorites bar toggle in Settings sets to Off but is enabled allowing the user to make changes.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureHomeButton</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>The Home button loads either the default Start page, the New tab page, or a URL defined in the Set Home Button URL policy.
+
+By default, this policy is disabled or not configured and clicking the home button loads the default Start page.
+
+When enabled, the home button is locked down preventing your users from making changes in Microsoft Edge&apos;s UI settings. To let your users change the Microsoft Edge UI settings, enable the Unlock Home Button policy.
+
+If Enabled AND:
+- Show home button &amp; set to Start page is selected, clicking the home button loads the Start page.
+- Show home button &amp; set to New tab page is selected, clicking the home button loads a New tab page.
+- Show home button &amp; set a specific page is selected, clicking the home button loads the URL specified in the Set Home Button URL policy.
+- Hide home button is selected, the home button is hidden in Microsoft Edge.
+
+Default setting: Disabled or not configured
+Related policies:
+- Set Home Button URL
+- Unlock Home Button</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureKioskMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single app or as one of multiple apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with limited functionality, or normal Microsoft Edge.
+
+You need to configure Microsoft Edge in assigned access for this policy to take effect; otherwise, these settings are ignored. To learn more about assigned access and kiosk configuration, see “Configure kiosk and shared devices running Windows desktop editions” (https://aka.ms/E489vw).
+
+If enabled and set to 0 (Default or not configured):
+- If it’s a single app, it runs InPrivate full screen for digital signage or interactive displays.
+- If it’s one of many apps, Microsoft Edge runs as normal.
+If enabled and set to 1:
+- If it’s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy.
+- If it’s one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can’t customize Microsoft Edge.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureKioskResetAfterIdleTimeout</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>You can configure Microsoft Edge to reset to the configured start experience after a specified amount of idle time. The reset timer begins after the last user interaction. Resetting to the configured start experience deletes the current user’s browsing data.
+
+If enabled, you can set the idle time in minutes (0-1440). You must set the Configure kiosk mode policy to 1 and configure Microsoft Edge in assigned access as a single app for this policy to work. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge resets after 30 seconds.
+
+If you set this policy to 0, Microsoft Edge does not use an idle timer.
+
+If disabled or not configured, the default value is 5 minutes.
+
+If you do not configure Microsoft Edge in assigned access, then this policy does not take effect.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureOpenMicrosoftEdgeWith</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>You can configure Microsoft Edge to lock down the Start page, preventing users from changing or customizing it.
+
+If enabled, you can choose one of the following options:
+- Start page: the Start page loads ignoring the Configure Start Pages policy.
+- New tab page: the New tab page loads ignoring the Configure Start Pages policy.
+- Previous pages: all tabs the user had open when Microsoft Edge last closed loads ignoring the Configure Start Pages policy.
+- A specific page or pages: the URL(s) specified with Configure Start Pages policy load(s). If selected, you must specify at least one URL in Configure Start Pages; otherwise, this policy is ignored.
+
+When enabled, and you want to make changes, you must first set the Disable Lockdown of Start Pages to not configured, make the changes to the Configure Open Edge With policy, and then enable the Disable Lockdown of Start Pages policy.
+
+If disabled or not configured, and you enable the Disable Lockdown of Start Pages policy, your users can change or customize the Start page.
+
+Default setting: A specific page or pages (default)
+Related policies:
+-Disable Lockdown of Start Pages
+-Configure Start Pages</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureTelemetryForMicrosoft365Analytics</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Configures what browsing data will be sent to Microsoft 365 Analytics for devices belonging to an organization.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DisableLockdownOfStartPages</NodeName>
           <DFProperties>
@@ -19963,12 +22154,14 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
               <Replace />
             </AccessType>
-            <Description>Boolean policy that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when Browser/HomePages policy is in effect.
+            <Description>You can configure Microsoft Edge to disable the lockdown of Start pages allowing users to change or customize their start pages.  To do this, you must also enable the Configure Start Pages or Configure Open Microsoft With policy. When enabled, all configured start pages are editable. Any Start page configured using the Configure Start pages policy is not locked down allowing users to edit their Start pages.
 
-Note: This policy has no effect when Browser/HomePages is not configured.
+If disabled or not configured, the Start pages configured in the Configure Start Pages policy cannot be changed and remain locked down.
 
-Important
-This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).</Description>
+Supported devices: Domain-joined or MDM-enrolled
+Related policy:
+- Configure Start Pages
+- Configure Open Microsoft Edge With</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -20079,6 +22272,30 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>ForceEnabledExtensions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This setting lets you decide which extensions should be always enabled.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>HomePages</NodeName>
           <DFProperties>
@@ -20088,12 +22305,24 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
               <Get />
               <Replace />
             </AccessType>
-            <Description>Configure the Start page URLs for your employees.
-Example:
-If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support.
-Encapsulate each string with greater than and less than characters like any other XML tag.
+            <Description>When you enable the Configure Open Microsoft Edge With policy, you can configure one or more Start pages. When you enable this policy, users are not allowed to make changes to their Start pages.
 
-Version 1703 or later:  If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL.</Description>
+If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format:
+
+      &lt;support.contoso.com&gt;&lt;support.microsoft.com&gt;
+
+If disabled or not configured, the webpages specified in App settings loads as the default Start pages.
+
+Version 1703 or later:
+If you do not want to send traffic to Microsoft, enable this policy and use the &lt;about&#58;blank&gt; value, which honors domain- and non-domain-joined devices, when it is the only configured URL.
+
+Version 1809:
+If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy.
+
+Supported devices: Domain-joined or MDM-enrolled
+Related policy:
+- Configure Open Microsoft Edge With
+- Disable Lockdown of Start Pages</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -20119,12 +22348,12 @@ Version 1703 or later:  If you don't want to send traffic to Microsoft, you ca
             </AccessType>
             <Description>This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.
 
-If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
+If you enable this setting, employees won&apos;t be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
 
 Important
-Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+Don&apos;t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
 
-If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list.</Description>
+If you disable or don&apos;t configure this setting (default), employees can add, import and make changes to the Favorites list.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -20148,7 +22377,35 @@ If you disable or don't configure this setting (default), employees can add, imp
               <Get />
               <Replace />
             </AccessType>
-            <Description>Prevent access to the about:flags page in Microsoft Edge.</Description>
+            <Description>Prevent access to the about&#58;flags page in Microsoft Edge.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>PreventCertErrorOverrides</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Web security certificates are used to ensure a site your users go to is legitimate, and in some circumstances encrypts the data. With this policy, you can specify whether to prevent users from bypassing the security warning to sites that have SSL errors.
+
+If enabled, overriding certificate errors are not allowed.
+
+If disabled or not configured, overriding certificate errors are allowed.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -20224,7 +22481,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
               <Replace />
             </AccessType>
-            <Description>Don't allow Windows Defender SmartScreen warning overrides</Description>
+            <Description>Don&apos;t allow Windows Defender SmartScreen warning overrides</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -20248,31 +22505,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
               <Replace />
             </AccessType>
-            <Description>Don't allow Windows Defender SmartScreen warning overrides for unverified files.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>PreventTabPreloading</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed.</Description>
+            <Description>Don&apos;t allow Windows Defender SmartScreen warning overrides for unverified files.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -20322,12 +22555,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </AccessType>
             <Description>This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites.
 
-If you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
+If you enable this setting, you can set favorite URL&apos;s and favorite folders to appear on top of users&apos; favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
 
 Important
-Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+Don&apos;t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
 
-If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.</Description>
+If you disable or don&apos;t configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -20396,6 +22629,66 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>SetHomeButtonURL</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>The home button can be configured to load a custom URL when your user clicks the home button.
+
+If enabled, or configured, and the Configure Home Button policy is enabled, and the Show home button &amp; set a specific page is selected, a custom URL loads when your user clicks the home button.
+
+Default setting: Blank or not configured
+Related policy: Configure Home Button</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>SetNewTabPageURL</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>You can set the default New Tab page URL in Microsoft Edge.  Enabling this policy prevents your users from changing the New tab page setting. When enabled and the Allow web content on New Tab page policy is disabled, Microsoft Edge ignores the URL specified in this policy and opens about&#58;blank.
+
+If enabled, you can set the default New Tab page URL.
+
+If disabled or not configured, the default Microsoft Edge new tab page is used.
+
+Default setting:  Disabled or not configured
+Related policy: Allow web content on New Tab page</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>ShowMessageWhenOpeningSitesInInternetExplorer</NodeName>
           <DFProperties>
@@ -20405,7 +22698,16 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
               <Replace />
             </AccessType>
-            <Description>Show message when opening sites in Internet Explorer</Description>
+            <Description>You can configure Microsoft Edge to open a site automatically in Internet Explorer 11 and choose to display a notification before the site opens. If you want to display a notification, you must enable Configure the Enterprise Mode Site List or Send all intranets sites to Internet Explorer 11 or both.
+
+If enabled, the notification appears on a new page. If you want users to continue in Microsoft Edge, select the Show Keep going in Microsoft Edge option from the drop-down list under Options.
+
+If disabled or not configured, the default app behavior occurs and no additional page displays.
+
+Default setting: Disabled or not configured
+Related policies:
+-Configure the Enterprise Mode Site List
+-Send all intranet sites to Internet Explorer 11</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -20444,6 +22746,39 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>UnlockHomeButton</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>By default, when enabling Configure Home Button or Set Home Button URL, the home button is locked down to prevent your users from changing what page loads when clicking the home button. Use this policy to let users change the home button even when Configure Home Button or Set Home Button URL are enabled.
+
+If enabled, the UI settings for the home button are enabled allowing your users to make changes, including hiding and showing the home button as well as configuring a custom URL.
+
+If disabled or not configured, the UI settings for the home button are disabled preventing your users from making changes.
+
+Default setting: Disabled or not configured
+Related policy:
+-Configure Home Button
+-Set Home Button URL</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>UseSharedFolderForBooks</NodeName>
           <DFProperties>
@@ -21064,10 +23399,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           <DFProperties>
             <AccessType>
               <Add />
+              <Delete />
               <Get />
               <Replace />
             </AccessType>
-            <Description>If set to 1 then any MDM policy that is set that has an equivalent GP policy will result in GP service blocking the setting of the policy by GP MMC</Description>
+            <Description>If set to 1 then any MDM policy that is set that has an equivalent GP policy will result in GP service blocking the setting of the policy by GP MMC. Setting the value to 0 (zero) or deleting the policy will remove the GP policy blocks restore the saved GP policies.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -21908,6 +24244,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>CheckForSignaturesBeforeRunningScan</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>CloudBlockLevel</NodeName>
           <DFProperties>
@@ -22028,6 +24388,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisableCatchupFullScan</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DisableCatchupQuickScan</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EnableControlledFolderAccess</NodeName>
           <DFProperties>
@@ -22052,6 +24460,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EnableLowCPUPriority</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EnableNetworkProtection</NodeName>
           <DFProperties>
@@ -22292,6 +24724,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>SignatureUpdateFallbackOrder</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>SignatureUpdateFileSharesSources</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>SignatureUpdateInterval</NodeName>
           <DFProperties>
@@ -22434,6 +24914,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DOCacheHost</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DODelayBackgroundDownloadFromHttp</NodeName>
           <DFProperties>
@@ -22984,6 +25488,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DDFName></DDFName>
           </DFType>
         </DFProperties>
+        <Node>
+          <NodeName>EnableSystemGuard</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Secure Launch configuration: 0 - Unmanaged, configurable by Administrative user, 1 - Enables Secure Launch if supported by hardware, 2 - Disables Secure Launch.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EnableVirtualizationBasedSecurity</NodeName>
           <DFProperties>
@@ -23078,6 +25606,102 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DDFName></DDFName>
           </DFType>
         </DFProperties>
+        <Node>
+          <NodeName>AllowInstallationOfMatchingDeviceIDs</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowInstallationOfMatchingDeviceSetupClasses</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>PreventDeviceMetadataFromNetwork</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>PreventInstallationOfDevicesNotDescribedByOtherPolicySettings</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>PreventInstallationOfMatchingDeviceIDs</NodeName>
           <DFProperties>
@@ -23727,6 +26351,52 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>DmaGuard</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>DeviceEnumerationPolicy</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>ErrorReporting</NodeName>
         <DFProperties>
@@ -24008,6 +26678,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <DDFName></DDFName>
           </DFType>
         </DFProperties>
+        <Node>
+          <NodeName>AllowClipboardHistory</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Allows history of clipboard items to be stored in memory.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowCopyPaste</NodeName>
           <DFProperties>
@@ -24368,6 +27062,58 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DoNotSyncBrowserSetting</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>You can configure Microsoft Edge, when enabled, to prevent the &quot;browser&quot; group from using the Sync your Settings option to sync information, such as history and favorites, between user&apos;s devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable the Allow users to turn browser syncing on policy. If disabled or not configured, the Sync your Settings options are turned on in Microsoft Edge by default, and configurable by the user. 
+                        Related policy: PreventUsersFromTurningOnBrowserSyncing
+                        0 (default) = allow syncing, 2 = disable syncing</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>PreventUsersFromTurningOnBrowserSyncing</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>You can configure Microsoft Edge to allow users to turn on the Sync your Settings option to sync information, such as history and favorites, between user&apos;s devices.  When enabled and you enable the Do not sync browser setting policy, browser settings sync automatically. If disabled, users have the option to sync the browser settings.
+                        Related policy: DoNotSyncBrowserSetting
+                        1 (default) = Do not allow users to turn on syncing, 0 = Allows users to turn on syncing</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>ExploitGuard</NodeName>
@@ -30572,6 +33318,32 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>UPNNameHints</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Devices joined to Azure Active Directory in a hybrid environment need to interact with Active Directory Domain Controllers, but they lack the built-in ability to find a Domain Controller that a domain-joined device has. This can cause failures when such a device needs to resolve an AAD UPN into an Active Directory Principal.
+                
+                This parameter adds a list of domains that an Azure Active Directory joined device should attempt to contact if it is otherwise unable to resolve a UPN to a principal.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>KioskBrowser</NodeName>
@@ -30675,7 +33447,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
               <Get />
               <Replace />
             </AccessType>
-            <Description>Enable/disable kiosk browser's end session button.</Description>
+            <Description>Enable/disable kiosk browser&apos;s end session button.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -30699,7 +33471,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
               <Get />
               <Replace />
             </AccessType>
-            <Description>Enable/disable kiosk browser's home button.</Description>
+            <Description>Enable/disable kiosk browser&apos;s home button.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -30723,7 +33495,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
               <Get />
               <Replace />
             </AccessType>
-            <Description>Enable/disable kiosk browser's navigation buttons (forward/back).</Description>
+            <Description>Enable/disable kiosk browser&apos;s navigation buttons (forward/back).</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -30911,9 +33683,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             </AccessType>
             <Description>This policy setting prevents users from adding new Microsoft accounts on this computer.
 
-If you select the "Users can’t add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
+If you select the &quot;Users can’t add Microsoft accounts&quot; option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
 
-If you select the "Users can’t add or log on with Microsoft accounts" option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system.
+If you select the &quot;Users can’t add or log on with Microsoft accounts&quot; option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system.
 
 If you disable or do not configure this policy (recommended), users will be able to use Microsoft accounts with Windows.</Description>
             <DFFormat>
@@ -31002,7 +33774,7 @@ Note: If the Guest account is disabled and the security option Network Access: S
             </AccessType>
             <Description>Accounts: Limit local account use of blank passwords to console logon only
 
-This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard.
+This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer&apos;s keyboard.
 
 Default: Enabled.
 
@@ -31069,7 +33841,7 @@ Default: Administrator.</Description>
             </AccessType>
             <Description>Accounts: Rename guest account
 
-This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination.
+This security setting determines whether a different account name is associated with the security identifier (SID) for the account &quot;Guest.&quot; Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination.
 
 Default: Guest.</Description>
             <DFFormat>
@@ -31210,118 +33982,6 @@ Default: This policy is not defined and CD-ROM access is not restricted to the l
             </DFType>
           </DFProperties>
         </Node>
-        <Node>
-          <NodeName>DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Domain member: Digitally encrypt or sign secure channel data (always)
-
-This security setting determines whether all secure channel traffic initiated by the domain member must be signed or encrypted.
-
-When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass through authentication, LSA SID/name Lookup etc.
-
-This setting determines whether or not all secure channel traffic initiated by the domain member meets minimum security requirements. Specifically it determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. If this policy is enabled, then the secure channel will not be established unless either signing or encryption of all secure channel traffic is negotiated. If this policy is disabled, then encryption and signing of all secure channel traffic is negotiated with the Domain Controller in which case the level of signing and encryption depends on the version of the Domain Controller and the settings of the following two policies:
-
-Domain member: Digitally encrypt secure channel data (when possible)
-Domain member: Digitally sign secure channel data (when possible)
-
-Default: Enabled.
-
-Notes:
-
-If this policy is enabled, the policy Domain member: Digitally sign secure channel data (when possible) is assumed to be enabled regardless of its current setting. This ensures that the domain member attempts to negotiate at least signing of the secure channel traffic.
-If this policy is enabled, the policy Domain member: Digitally sign secure channel data (when possible) is assumed to be enabled regardless of its current setting. This ensures that the domain member attempts to negotiate at least signing of the secure channel traffic.
-Logon information transmitted over the secure channel is always encrypted regardless of whether encryption of ALL other secure channel traffic is negotiated or not.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Domain member: Digitally encrypt secure channel data (when possible)
-
-This security setting determines whether a domain member attempts to negotiate encryption for all secure channel traffic that it initiates.
-
-When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass-through authentication, LSA SID/name Lookup etc.
-
-This setting determines whether or not the domain member attempts to negotiate encryption for all secure channel traffic that it initiates. If enabled, the domain member will request encryption of all secure channel traffic. If the domain controller supports encryption of all secure channel traffic, then all secure channel traffic will be encrypted. Otherwise only logon information transmitted over the secure channel will be encrypted. If this setting is disabled, then the domain member will not attempt to negotiate secure channel encryption.
-
-Default: Enabled.
-
-Important
-
-There is no known reason for disabling this setting. Besides unnecessarily reducing the potential confidentiality level of the secure channel, disabling this setting may unnecessarily reduce secure channel throughput, because concurrent API calls that use the secure channel are only possible when the secure channel is signed or encrypted.
-
-Note: Domain controllers are also domain members and establish secure channels with other domain controllers in the same domain as well as domain controllers in trusted domains.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DomainMember_DisableMachineAccountPasswordChanges</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Domain member: Disable machine account password changes
-
-Determines whether a domain member periodically changes its computer account password. If this setting is enabled, the domain member does not attempt to change its computer account password. If this setting is disabled, the domain member attempts to change its computer account password as specified by the setting for Domain Member: Maximum age for machine account password, which by default is every 30 days.
-
-Default: Disabled.
-
-Notes
-
-This security setting should not be enabled. Computer account passwords are used to establish secure channel communications between members and domain controllers and, within the domain, between the domain controllers themselves. Once it is established, the secure channel is used to transmit sensitive information that is necessary for making authentication and authorization decisions.
-This setting should not be used in an attempt to support dual-boot scenarios that use the same computer account. If you want to dual-boot two installations that are joined to the same domain, give the two installations different computer names.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
         <Node>
           <NodeName>InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</NodeName>
           <DFProperties>
@@ -31358,7 +34018,7 @@ Do not display user information (3)</Description>
               <Get />
               <Replace />
             </AccessType>
-            <Description>Interactive logon: Don't display last signed-in
+            <Description>Interactive logon: Don&apos;t display last signed-in
 This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC.
 If this policy is enabled, the username will not be shown.
 
@@ -31388,7 +34048,7 @@ Default: Disabled.</Description>
               <Get />
               <Replace />
             </AccessType>
-            <Description>Interactive logon: Don't display username at sign-in
+            <Description>Interactive logon: Don&apos;t display username at sign-in
 This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown.
 If this policy is enabled, the username will not be shown.
 
@@ -31422,7 +34082,7 @@ Default: Disabled.</Description>
 
 This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on.
 
-If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords.
+If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users&apos; passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords.
 
 If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows.
 
@@ -31573,6 +34233,52 @@ On Windows Vista and above: For this setting to work, the Smart Card Removal Pol
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>MicrosoftNetworkClient_DigitallySignCommunicationsAlways</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Microsoft network client: Digitally sign communications (always)
+
+This security setting determines whether packet signing is required by the SMB client component.
+
+The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted.
+
+If this setting is enabled, the Microsoft network client will not communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server.
+
+Default: Disabled.
+
+Important
+
+For this policy to take effect on computers running Windows 2000, client-side packet signing must also be enabled. To enable client-side SMB packet signing, set Microsoft network client: Digitally sign communications (if server agrees).
+
+Notes
+
+All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later operating systems, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors.
+For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</NodeName>
           <DFProperties>
@@ -31910,6 +34616,44 @@ This policy is supported on at least Windows Server 2016.</Description>
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Network security: Allow Local System to use computer identity for NTLM
+
+This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication.
+
+If you enable this policy setting, services running as Local System that use Negotiate will use the computer identity. This might cause some authentication requests between Windows operating systems to fail and log an error.
+
+If you disable this policy setting, services running as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonymously.
+
+By default, this policy is enabled on Windows 7 and above.
+
+By default, this policy is disabled on Windows Vista.
+
+This policy is supported on at least Windows Vista or Windows Server 2008.
+
+Note: Windows Vista or Windows Server 2008 do not expose this setting in Group Policy.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>NetworkSecurity_AllowPKU2UAuthenticationRequests</NodeName>
           <DFProperties>
@@ -32021,6 +34765,41 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
+
+This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
+
+Require NTLMv2 session security: The connection will fail if NTLMv2 protocol is not negotiated.
+Require 128-bit encryption: The connection will fail if strong encryption (128-bit) is not negotiated.
+
+Default:
+
+Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
+
+Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</NodeName>
           <DFProperties>
@@ -32067,7 +34846,7 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
             </AccessType>
             <Description>Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
 
-This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the  "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting is configured.
+This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the  &quot;Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers&quot; policy setting is configured.
 
 If you configure this policy setting, you can define a list of remote servers to which clients are allowed to use NTLM authentication.
 
@@ -32101,15 +34880,15 @@ The naming format for servers on this exception list is the fully qualified doma
 
 This policy setting allows you to audit incoming NTLM traffic.
 
-If you select "Disable", or do not configure this policy setting, the server will not log events for incoming NTLM traffic.
+If you select &quot;Disable&quot;, or do not configure this policy setting, the server will not log events for incoming NTLM traffic.
 
-If you select "Enable auditing for domain accounts", the server will log events for NTLM pass-through authentication requests that would be blocked when the "Network Security: Restrict NTLM: Incoming NTLM traffic" policy setting is set to the "Deny all domain accounts" option.
+If you select &quot;Enable auditing for domain accounts&quot;, the server will log events for NTLM pass-through authentication requests that would be blocked when the &quot;Network Security: Restrict NTLM: Incoming NTLM traffic&quot; policy setting is set to the &quot;Deny all domain accounts&quot; option.
 
-If you select "Enable auditing for all accounts", the server will log events for all NTLM authentication requests that would be blocked when the "Network Security: Restrict NTLM: Incoming NTLM traffic" policy setting is set to the "Deny all accounts" option.
+If you select &quot;Enable auditing for all accounts&quot;, the server will log events for all NTLM authentication requests that would be blocked when the &quot;Network Security: Restrict NTLM: Incoming NTLM traffic&quot; policy setting is set to the &quot;Deny all accounts&quot; option.
 
 This policy is supported on at least Windows 7 or Windows Server 2008 R2.
 
-Note: Audit events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
+Note: Audit events are recorded on this computer in the &quot;Operational&quot; Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -32137,15 +34916,15 @@ Note: Audit events are recorded on this computer in the "Operational" Log locate
 
 This policy setting allows you to deny or allow incoming NTLM traffic.
 
-If you select "Allow all" or do not configure this policy setting, the server will allow all NTLM authentication requests.
+If you select &quot;Allow all&quot; or do not configure this policy setting, the server will allow all NTLM authentication requests.
 
-If you select "Deny all domain accounts," the server will deny NTLM authentication requests for domain logon and display an NTLM blocked error, but allow local account logon.
+If you select &quot;Deny all domain accounts,&quot; the server will deny NTLM authentication requests for domain logon and display an NTLM blocked error, but allow local account logon.
 
-If you select "Deny all accounts," the server will deny NTLM authentication requests from incoming traffic and display an NTLM blocked error.
+If you select &quot;Deny all accounts,&quot; the server will deny NTLM authentication requests from incoming traffic and display an NTLM blocked error.
 
 This policy is supported on at least Windows 7 or Windows Server 2008 R2.
 
-Note: Block events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
+Note: Block events are recorded on this computer in the &quot;Operational&quot; Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -32173,15 +34952,15 @@ Note: Block events are recorded on this computer in the "Operational" Log locate
 
 This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server.
 
-If you select "Allow all" or do not configure this policy setting, the client computer can authenticate identities to a remote server by using NTLM authentication.
+If you select &quot;Allow all&quot; or do not configure this policy setting, the client computer can authenticate identities to a remote server by using NTLM authentication.
 
-If you select "Audit all," the client computer logs an event for each NTLM authentication request to a remote server. This allows you to identify those servers receiving NTLM authentication requests from the client computer.
+If you select &quot;Audit all,&quot; the client computer logs an event for each NTLM authentication request to a remote server. This allows you to identify those servers receiving NTLM authentication requests from the client computer.
 
-If you select "Deny all," the client computer cannot authenticate identities to a remote server by using NTLM authentication. You can use the "Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication" policy setting to define a list of remote servers to which clients are allowed to use NTLM authentication.
+If you select &quot;Deny all,&quot; the client computer cannot authenticate identities to a remote server by using NTLM authentication. You can use the &quot;Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication&quot; policy setting to define a list of remote servers to which clients are allowed to use NTLM authentication.
 
 This policy is supported on at least Windows 7 or Windows Server 2008 R2.
 
-Note: Audit and block events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
+Note: Audit and block events are recorded on this computer in the &quot;Operational&quot; Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -32274,9 +35053,9 @@ Default: Disabled.</Description>
 
 This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.
 
-• Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop.
+• Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the &quot;User Account Control: Switch to the secure desktop when prompting for elevation&quot; policy setting, the prompts appear on the interactive user&apos;s desktop instead of the secure desktop.
 
-• Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting.</Description>
+• Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the &quot;User Account Control: Switch to the secure desktop when prompting for elevation&quot; policy setting.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -32308,15 +35087,15 @@ The options are:
 
 • Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constrained environments.
 
-• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.
+• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user&apos;s highest available privilege.
 
-• Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+• Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user&apos;s highest available privilege.
 
 • Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
 
-• Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+• Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user&apos;s highest available privilege.
 
-• Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.</Description>
+• Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user&apos;s highest available privilege.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -32509,13 +35288,13 @@ The options are:
             </AccessType>
             <Description>User Account Control: Switch to the secure desktop when prompting for elevation
 
-This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop.
+This policy setting controls whether the elevation request prompt is displayed on the interactive user&apos;s desktop or the secure desktop.
 
 The options are:
 
 • Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
 
-• Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.</Description>
+• Disabled: All elevation requests go to the interactive user&apos;s desktop. Prompt behavior policy settings for administrators and standard users are used.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -32787,7 +35566,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>This policy setting allows backup and restore of cellular text messages to Microsoft's cloud services.</Description>
+            <Description>This policy setting allows backup and restore of cellular text messages to Microsoft&apos;s cloud services.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -33772,6 +36551,30 @@ The options are:
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowCrossDeviceClipboard</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Allows syncing of Clipboard across devices under the same Microsoft account.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowInputPersonalization</NodeName>
           <DFProperties>
@@ -35365,7 +38168,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the &apos;trusted devices&apos; privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -35653,7 +38456,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'Communicate with unpaired wireless devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the &apos;Communicate with unpaired wireless devices&apos; privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -35677,7 +38480,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>Allows apps/system to publish 'User Activities' into ActivityFeed.</Description>
+            <Description>Allows apps/system to publish &apos;User Activities&apos; into ActivityFeed.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -35701,7 +38504,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>Allows ActivityFeed to upload published 'User Activities'.</Description>
+            <Description>Allows ActivityFeed to upload published &apos;User Activities&apos;.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -37237,6 +40040,30 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>RecoveryEnvironmentAuthentication</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This policy controls the requirement of Admin Authentication in RecoveryEnvironment.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>RequireDeviceEncryption</NodeName>
           <DFProperties>
@@ -38126,7 +40953,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>Enabling this policy hides "Change account settings" from appearing in the user tile in the start menu.</Description>
+            <Description>Enabling this policy hides &quot;Change account settings&quot; from appearing in the user tile in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -38174,7 +41001,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>Enabling this policy hides "Hibernate" from appearing in the power button in the start menu.</Description>
+            <Description>Enabling this policy hides &quot;Hibernate&quot; from appearing in the power button in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -38198,7 +41025,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>Enabling this policy hides "Lock" from appearing in the user tile in the start menu.</Description>
+            <Description>Enabling this policy hides &quot;Lock&quot; from appearing in the user tile in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -38294,7 +41121,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>Enabling this policy hides "Restart/Update and restart" from appearing in the power button in the start menu.</Description>
+            <Description>Enabling this policy hides &quot;Restart/Update and restart&quot; from appearing in the power button in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -38318,7 +41145,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>Enabling this policy hides "Shut down/Update and shut down" from appearing in the power button in the start menu.</Description>
+            <Description>Enabling this policy hides &quot;Shut down/Update and shut down&quot; from appearing in the power button in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -38342,7 +41169,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>Enabling this policy hides "Sign out" from appearing in the user tile in the start menu.</Description>
+            <Description>Enabling this policy hides &quot;Sign out&quot; from appearing in the user tile in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -38366,7 +41193,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>Enabling this policy hides "Sleep" from appearing in the power button in the start menu.</Description>
+            <Description>Enabling this policy hides &quot;Sleep&quot; from appearing in the power button in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -38390,7 +41217,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>Enabling this policy hides "Switch account" from appearing in the user tile in the start menu.</Description>
+            <Description>Enabling this policy hides &quot;Switch account&quot; from appearing in the user tile in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -38571,6 +41398,30 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>RemovableDiskDenyWriteAccess</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>If you enable this policy setting, write access is denied to this removable storage class. If you disable or do not configure this policy setting, write access is allowed to this removable storage class. Note: To require that users write data to BitLocker-protected storage, enable the policy setting &quot;Deny write access to drives not protected by BitLocker,&quot; which is located in &quot;Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives.&quot;</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>System</NodeName>
@@ -38809,6 +41660,30 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>ConfigureMicrosoft365UploadEndpoint</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>ConfigureTelemetryOptInChangeNotification</NodeName>
           <DFProperties>
@@ -38857,6 +41732,54 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisableDeviceDelete</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DisableDiagnosticDataViewer</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DisableEnterpriseAuthProxy</NodeName>
           <DFProperties>
@@ -38962,7 +41885,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. By configuring this setting, you're not stopping people from changing their Telemetry Settings; however, you are stopping them from choosing a higher level than you've set for the organization. To enable this behavior, you must complete two steps: 1. Enable this policy setting 2. Set Allow Telemetry to level 2 (Enhanced).If you configure these policy settings together, you'll send the Basic level of diagnostic data plus any additional events that are required for Windows Analytics, to Microsoft. The additional events are documented here: https://go.Microsoft.com/fwlink/?linked=847594. If you enable Enhanced diagnostic data in the Allow Telemetry policy setting, but you don't configure this policy setting, you'll send the required events for Windows Analytics, plus any additional Enhanced level telemetry data to Microsoft. This setting has no effect on computers configured to send Full, Basic, or Security level diagnostic data to Microsoft. If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the Allow Telemetry policy setting.</Description>
+            <Description>This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. By configuring this setting, you&apos;re not stopping people from changing their Telemetry Settings; however, you are stopping them from choosing a higher level than you&apos;ve set for the organization. To enable this behavior, you must complete two steps: 1. Enable this policy setting 2. Set Allow Telemetry to level 2 (Enhanced).If you configure these policy settings together, you&apos;ll send the Basic level of diagnostic data plus any additional events that are required for Windows Analytics, to Microsoft. The additional events are documented here: https://go.Microsoft.com/fwlink/?linked=847594. If you enable Enhanced diagnostic data in the Allow Telemetry policy setting, but you don&apos;t configure this policy setting, you&apos;ll send the required events for Windows Analytics, plus any additional Enhanced level telemetry data to Microsoft. This setting has no effect on computers configured to send Full, Basic, or Security level diagnostic data to Microsoft. If you disable or don&apos;t configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the Allow Telemetry policy setting.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39032,7 +41955,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39056,7 +41979,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39080,7 +42003,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39104,7 +42027,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39128,7 +42051,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39152,7 +42075,53 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
+      <Node>
+        <NodeName>TaskManager</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>AllowEndTask</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This setting determines whether non-administrators can use Task Manager to end tasks - enabled (1) or disabled (0). Default: enabled</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40071,6 +43040,30 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AutoRestartDeadlinePeriodInDaysForFeatureUpdates</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AutoRestartNotificationSchedule</NodeName>
           <DFProperties>
@@ -40335,6 +43328,30 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EngagedRestartDeadlineForFeatureUpdates</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EngagedRestartSnoozeSchedule</NodeName>
           <DFProperties>
@@ -40359,6 +43376,30 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EngagedRestartSnoozeScheduleForFeatureUpdates</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EngagedRestartTransitionSchedule</NodeName>
           <DFProperties>
@@ -40383,6 +43424,30 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EngagedRestartTransitionScheduleForFeatureUpdates</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>ExcludeWUDriversInQualityUpdate</NodeName>
           <DFProperties>
@@ -40935,6 +44000,54 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>SetDisablePauseUXAccess</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>SetDisableUXWUAccess</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>SetEDURestart</NodeName>
           <DFProperties>
@@ -40959,6 +44072,30 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>UpdateNotificationKioskMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>UpdateServiceUrl</NodeName>
           <DFProperties>
@@ -41038,7 +44175,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities.</Description>
+            <Description>This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users&apos; saved credentials might be compromised if this privilege is given to other entities.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -41182,7 +44319,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. Caution: Assigning this user right can be a security risk. Assign this user right only to trusted users.</Description>
+            <Description>This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users&apos; sessions, which could lead to application failure or data corruption. Caution: Assigning this user right can be a security risk. Assign this user right only to trusted users.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -41254,7 +44391,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>This user right determines if the user can create a symbolic link from the computer he is logged on to. Caution: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. Note: This setting can be used in conjunction a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type 'fsutil behavior set symlinkevaluation /?' at the command line to get more information about fsutil and symbolic links.</Description>
+            <Description>This user right determines if the user can create a symbolic link from the computer he is logged on to. Caution: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren&apos;t designed to handle them. Note: This setting can be used in conjunction a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type &apos;fsutil behavior set symlinkevaluation /?&apos; at the command line to get more information about fsutil and symbolic links.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -41446,7 +44583,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
               <Replace />
             </AccessType>
-            <Description>Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user's permissions to administrative or system levels. Caution: Assigning this user right can be a security risk. Only assign this user right to trusted users. Note: By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist. 
+            <Description>Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user&apos;s permissions to administrative or system levels. Caution: Assigning this user right can be a security risk. Only assign this user right to trusted users. Note: By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist. 
 1) The access token that is being impersonated is for this user.
 2) The user, in this logon session, created the access token by logging on to the network with explicit credentials.
 3) The requested level is less than Impersonate, such as Anonymous or Identify.
@@ -42035,6 +45172,30 @@ Because of these factors, users do not usually need this user right. Warning: If
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisableClearTpmButton</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DisableDeviceSecurityUI</NodeName>
           <DFProperties>
@@ -42179,6 +45340,30 @@ Because of these factors, users do not usually need this user right. Warning: If
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisableTpmFirmwareUpdateWarning</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DisableVirusUI</NodeName>
           <DFProperties>
@@ -42371,6 +45556,30 @@ Because of these factors, users do not usually need this user right. Warning: If
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>HideWindowsSecurityNotificationAreaControl</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>Phone</NodeName>
           <DFProperties>
@@ -42809,7 +46018,7 @@ Because of these factors, users do not usually need this user right. Warning: If
               <Replace />
             </AccessType>
             <Description>This policy setting allows you to turn off projection to a PC
-                            If you set it to 0, your PC isn't discoverable and can't be projected to
+                            If you set it to 0, your PC isn&apos;t discoverable and can&apos;t be projected to
                             If you set it to 1, your PC is discoverable and can be projected to above the lock screen only. The user has an option to turn it always on or off except for manual launch, too.</Description>
             <DFFormat>
               <int/>
@@ -42835,7 +46044,7 @@ Because of these factors, users do not usually need this user right. Warning: If
               <Replace />
             </AccessType>
             <Description>This policy setting allows you to turn off projection to a PC over infrastructure.
-                            If you set it to 0, your PC cannot be discoverable and can't be projected to over infrastructure, though it may still be possible to project over WiFi Direct.
+                            If you set it to 0, your PC cannot be discoverable and can&apos;t be projected to over infrastructure, though it may still be possible to project over WiFi Direct.
                             If you set it to 1, your PC can be discoverable and can be projected to over infrastructure.</Description>
             <DFFormat>
               <int/>
@@ -42885,8 +46094,9 @@ Because of these factors, users do not usually need this user right. Warning: If
               <Replace />
             </AccessType>
             <Description>This policy setting allows you to require a pin for pairing.
-                            If you turn this on, the pairing ceremony for new devices will always require a PIN
-                            If you turn it off or don't configure it, a pin isn't required for pairing.</Description>
+                            If you set this to 0, a pin isn&apos;t required for pairing.
+                            If you set this to 1, the pairing ceremony for new devices will always require a PIN.
+                            If you set this to 2, all pairings will require PIN.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43486,6 +46696,29 @@ Because of these factors, users do not usually need this user right. Warning: If
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>LaunchAppAfterLogOn</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are to be launched after logon.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>MSIAllowUserControlOverInstall</NodeName>
           <DFProperties>
@@ -43623,6 +46856,62 @@ Because of these factors, users do not usually need this user right. Warning: If
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>ScheduleForceRestartForUpdateFailures</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:XMLSchema><![CDATA[<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <xs:simpleType name="recurrence" final="restriction">
+    <xs:restriction base="xs:string">
+        <xs:enumeration value="None" />
+        <xs:enumeration value="Daily" />
+        <xs:enumeration value="Weekly" />
+        <xs:enumeration value="Monthly" />
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:simpleType name="daysOfWeek" final="restriction">
+    <xs:restriction base="xs:unsignedByte">
+      <xs:minInclusive value="1" />
+      <xs:maxInclusive value="127" />
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:simpleType name="daysOfMonth" final="restriction">
+    <xs:restriction base="xs:unsignedInt">
+      <xs:minInclusive value="1" />
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:element name="ForceRestart">
+    <xs:complexType>
+      <xs:attribute name="StartDateTime" type="xs:dateTime" use="required"/> 
+      <xs:attribute name="Recurrence" type="recurrence" use="required"/> 
+      <xs:attribute name="RunIfTaskIsMissed" type="xs:boolean" use="required"/> 
+      <xs:attribute name="DaysOfWeek" type="daysOfWeek"/> 
+      <xs:attribute name="DaysOfMonth" type="daysOfMonth"/> 
+    </xs:complexType>
+  </xs:element>
+</xs:schema>]]></MSFT:XMLSchema>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>AppRuntime</NodeName>
@@ -44542,6 +47831,79 @@ Because of these factors, users do not usually need this user right. Warning: If
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EnableFastFirstSignIn</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Specifies whether new non-admin AAD accounts should auto-connect to pre-created candidate local accounts</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableWebSignIn</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Specifies whether web-based sign in is allowed for logging in to Windows</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>PreferredAadTenantDomainName</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>Specifies the preferred domain among available domains in the AAD tenant.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>Autoplay</NodeName>
@@ -44688,6 +48050,194 @@ Because of these factors, users do not usually need this user right. Warning: If
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>BITS</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>BandwidthThrottlingEndTime</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>17</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="23"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Bits.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>BITS_BandwidthLimitSchedTo</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>Bits~AT~Network~BITS</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>BITS_MaxBandwidth</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>BandwidthThrottlingStartTime</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>8</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="23"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Bits.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>BITS_BandwidthLimitSchedFrom</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>Bits~AT~Network~BITS</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>BITS_MaxBandwidth</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>BandwidthThrottlingTransferRate</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1000</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="4294967200"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Bits.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>BITS_MaxTransferRateText</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>Bits~AT~Network~BITS</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>BITS_MaxBandwidth</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>CostedNetworkBehaviorBackgroundPriority</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="1" high="5"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Bits.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>BITS_TransferPolicyNormalPriorityValue</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>Bits~AT~Network~BITS</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>BITS_SetTransferPolicyOnCostedNetwork</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>CostedNetworkBehaviorForegroundPriority</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="1" high="5"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Bits.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>BITS_TransferPolicyForegroundPriorityValue</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>Bits~AT~Network~BITS</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>BITS_SetTransferPolicyOnCostedNetwork</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>JobInactivityTimeout</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>90</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="1" high="999"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Bits.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>BITS_Job_Timeout_Time</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>Bits~AT~Network~BITS</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>BITS_Job_Timeout</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Bluetooth</NodeName>
         <DFProperties>
@@ -45140,6 +48690,37 @@ Because of these factors, users do not usually need this user right. Warning: If
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowFullScreenMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>With this policy, you can specify whether to allow full-screen mode, which shows only the web content and hides the Microsoft Edge UI.
+
+If enabled or not configured, full-screen mode is available for use in Microsoft Edge. Your users and extensions must have the proper permissions.
+
+If disabled, full-screen mode is unavailable for use in Microsoft Edge.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowFullScreenMode</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowInPrivate</NodeName>
           <DFProperties>
@@ -45174,7 +48755,7 @@ Because of these factors, users do not usually need this user right. Warning: If
               <Get />
             </AccessType>
             <DefaultValue>1</DefaultValue>
-            <Description>This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat.
+            <Description>This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about&#58;compat.
 
 If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
 
@@ -45253,6 +48834,97 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowPrelaunch</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowPrelaunch</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowPrinting</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>With this policy, you can restrict whether printing web content in Microsoft Edge is allowed.
+
+If enabled, printing is allowed.
+
+If disabled, printing is not allowed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowPrinting</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowSavingHistory</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Microsoft Edge saves your user&apos;s browsing history, which is made up of info about the websites they visit, on their devices.
+
+If enabled or not configured, the browsing history is saved and visible in the History pane.
+
+If disabled, the browsing history stops saving and is not visible in the History pane. If browsing history exists before this policy was disabled, the previous browsing history remains visible in the History pane. This policy, when disabled, does not stop roaming of existing history or history coming from other roamed devices.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowSavingHistory</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowSearchEngineCustomization</NodeName>
           <DFProperties>
@@ -45312,6 +48984,34 @@ This policy will only apply on domain joined machines or when the device is MDM
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowSideloadingOfExtensions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>This setting lets you decide whether employees can sideload extensions in Microsoft Edge.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowSideloadingOfExtensions</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowSmartScreen</NodeName>
           <DFProperties>
@@ -45339,6 +49039,67 @@ This policy will only apply on domain joined machines or when the device is MDM
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowTabPreloading</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowTabPreloading</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowWebContentOnNewTabPage</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page.
+
+If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.
+
+If you disable this setting, Microsoft Edge opens a new tab with a blank page. If you use this setting, employees can&apos;t change it.
+
+If you don&apos;t configure this setting, employees can choose how new tabs appears.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowWebContentOnNewTabPage</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AlwaysEnableBooksLibrary</NodeName>
           <DFProperties>
@@ -45405,7 +49166,7 @@ This policy will only apply on domain joined machines or when the device is MDM
 
 If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default.
 
-If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee's machine.
+If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee&apos;s machine.
 
 Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
             <DFFormat>
@@ -45428,18 +49189,99 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>DisableLockdownOfStartPages</NodeName>
+          <NodeName>ConfigureFavoritesBar</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>The favorites bar shows your user&apos;s links to sites they have added to it. With this policy, you can specify whether to set the favorites bar to always be visible or hidden on any page.
+
+If enabled, favorites bar is always visible on any page, and the favorites bar toggle in Settings sets to On, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings. The show bar/hide bar option is hidden from the context menu.
+
+If disabled, the favorites bar is hidden, and the favorites bar toggle resets to Off, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings.
+
+If not configured, the favorites bar is hidden but is visible on the Start and New Tab pages, and the favorites bar toggle in Settings sets to Off but is enabled allowing the user to make changes.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureFavoritesBar</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureHomeButton</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Boolean policy that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when Browser/HomePages policy is in effect.
+            <Description>The Home button loads either the default Start page, the New tab page, or a URL defined in the Set Home Button URL policy.
 
-Note: This policy has no effect when Browser/HomePages is not configured.
+By default, this policy is disabled or not configured and clicking the home button loads the default Start page.
 
-Important
-This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).</Description>
+When enabled, the home button is locked down preventing your users from making changes in Microsoft Edge&apos;s UI settings. To let your users change the Microsoft Edge UI settings, enable the Unlock Home Button policy.
+
+If Enabled AND:
+- Show home button &amp; set to Start page is selected, clicking the home button loads the Start page.
+- Show home button &amp; set to New tab page is selected, clicking the home button loads a New tab page.
+- Show home button &amp; set a specific page is selected, clicking the home button loads the URL specified in the Set Home Button URL policy.
+- Hide home button is selected, the home button is hidden in Microsoft Edge.
+
+Default setting: Disabled or not configured
+Related policies:
+- Set Home Button URL
+- Unlock Home Button</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ConfigureHomeButtonDropdown</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureHomeButton</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureKioskMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single app or as one of multiple apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with limited functionality, or normal Microsoft Edge.
+
+You need to configure Microsoft Edge in assigned access for this policy to take effect; otherwise, these settings are ignored. To learn more about assigned access and kiosk configuration, see “Configure kiosk and shared devices running Windows desktop editions” (https://aka.ms/E489vw).
+
+If enabled and set to 0 (Default or not configured):
+- If it’s a single app, it runs InPrivate full screen for digital signage or interactive displays.
+- If it’s one of many apps, Microsoft Edge runs as normal.
+If enabled and set to 1:
+- If it’s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy.
+- If it’s one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can’t customize Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -45455,6 +49297,152 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ConfigureKioskMode_TextBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureKioskMode</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureKioskResetAfterIdleTimeout</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>5</DefaultValue>
+            <Description>You can configure Microsoft Edge to reset to the configured start experience after a specified amount of idle time. The reset timer begins after the last user interaction. Resetting to the configured start experience deletes the current user’s browsing data.
+
+If enabled, you can set the idle time in minutes (0-1440). You must set the Configure kiosk mode policy to 1 and configure Microsoft Edge in assigned access as a single app for this policy to work. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge resets after 30 seconds.
+
+If you set this policy to 0, Microsoft Edge does not use an idle timer.
+
+If disabled or not configured, the default value is 5 minutes.
+
+If you do not configure Microsoft Edge in assigned access, then this policy does not take effect.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1440"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ConfigureKioskResetAfterIdleTimeout_TextBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureKioskResetAfterIdleTimeout</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureOpenMicrosoftEdgeWith</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>3</DefaultValue>
+            <Description>You can configure Microsoft Edge to lock down the Start page, preventing users from changing or customizing it.
+
+If enabled, you can choose one of the following options:
+- Start page: the Start page loads ignoring the Configure Start Pages policy.
+- New tab page: the New tab page loads ignoring the Configure Start Pages policy.
+- Previous pages: all tabs the user had open when Microsoft Edge last closed loads ignoring the Configure Start Pages policy.
+- A specific page or pages: the URL(s) specified with Configure Start Pages policy load(s). If selected, you must specify at least one URL in Configure Start Pages; otherwise, this policy is ignored.
+
+When enabled, and you want to make changes, you must first set the Disable Lockdown of Start Pages to not configured, make the changes to the Configure Open Edge With policy, and then enable the Disable Lockdown of Start Pages policy.
+
+If disabled or not configured, and you enable the Disable Lockdown of Start Pages policy, your users can change or customize the Start page.
+
+Default setting: A specific page or pages (default)
+Related policies:
+-Disable Lockdown of Start Pages
+-Configure Start Pages</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ConfigureOpenEdgeWithListBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureOpenEdgeWith</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureTelemetryForMicrosoft365Analytics</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Configures what browsing data will be sent to Microsoft 365 Analytics for devices belonging to an organization.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ZonesListBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureTelemetryForMicrosoft365Analytics</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DisableLockdownOfStartPages</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>You can configure Microsoft Edge to disable the lockdown of Start pages allowing users to change or customize their start pages.  To do this, you must also enable the Configure Start Pages or Configure Open Microsoft With policy. When enabled, all configured start pages are editable. Any Start page configured using the Configure Start pages policy is not locked down allowing users to edit their Start pages.
+
+If disabled or not configured, the Start pages configured in the Configure Start Pages policy cannot be changed and remain locked down.
+
+Supported devices: Domain-joined or MDM-enrolled
+Related policy:
+- Configure Start Pages
+- Configure Open Microsoft Edge With</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DisableLockdownOfStartPagesListBox</MSFT:ADMXMappedElement>
             <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
             <MSFT:ADMXPolicyName>DisableLockdownOfStartPages</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
@@ -45563,6 +49551,34 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>ForceEnabledExtensions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This setting lets you decide which extensions should be always enabled.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ForceEnabledExtensions_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ForceEnabledExtensions</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>HomePages</NodeName>
           <DFProperties>
@@ -45570,12 +49586,24 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
               <Get />
             </AccessType>
             <DefaultValue></DefaultValue>
-            <Description>Configure the Start page URLs for your employees.
-Example:
-If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support.
-Encapsulate each string with greater than and less than characters like any other XML tag.
+            <Description>When you enable the Configure Open Microsoft Edge With policy, you can configure one or more Start pages. When you enable this policy, users are not allowed to make changes to their Start pages.
 
-Version 1703 or later:  If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL.</Description>
+If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format:
+
+      &lt;support.contoso.com&gt;&lt;support.microsoft.com&gt;
+
+If disabled or not configured, the webpages specified in App settings loads as the default Start pages.
+
+Version 1703 or later:
+If you do not want to send traffic to Microsoft, enable this policy and use the &lt;about&#58;blank&gt; value, which honors domain- and non-domain-joined devices, when it is the only configured URL.
+
+Version 1809:
+If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy.
+
+Supported devices: Domain-joined or MDM-enrolled
+Related policy:
+- Configure Open Microsoft Edge With
+- Disable Lockdown of Start Pages</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45605,12 +49633,12 @@ Version 1703 or later:  If you don't want to send traffic to Microsoft, you ca
             <DefaultValue>0</DefaultValue>
             <Description>This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.
 
-If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
+If you enable this setting, employees won&apos;t be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
 
 Important
-Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+Don&apos;t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
 
-If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list.</Description>
+If you disable or don&apos;t configure this setting (default), employees can add, import and make changes to the Favorites list.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -45637,7 +49665,7 @@ If you disable or don't configure this setting (default), employees can add, imp
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Prevent access to the about:flags page in Microsoft Edge.</Description>
+            <Description>Prevent access to the about&#58;flags page in Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -45657,6 +49685,37 @@ If you disable or don't configure this setting (default), employees can add, imp
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>PreventCertErrorOverrides</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Web security certificates are used to ensure a site your users go to is legitimate, and in some circumstances encrypts the data. With this policy, you can specify whether to prevent users from bypassing the security warning to sites that have SSL errors.
+
+If enabled, overriding certificate errors are not allowed.
+
+If disabled or not configured, overriding certificate errors are allowed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PreventCertErrorOverrides</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>PreventFirstRunPage</NodeName>
           <DFProperties>
@@ -45723,7 +49782,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Don't allow Windows Defender SmartScreen warning overrides</Description>
+            <Description>Don&apos;t allow Windows Defender SmartScreen warning overrides</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -45750,7 +49809,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Don't allow Windows Defender SmartScreen warning overrides for unverified files.</Description>
+            <Description>Don&apos;t allow Windows Defender SmartScreen warning overrides for unverified files.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -45770,34 +49829,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
-        <Node>
-          <NodeName>PreventTabPreloading</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
-            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>PreventTabPreloading</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
         <Node>
           <NodeName>PreventUsingLocalHostIPAddressForWebRTC</NodeName>
           <DFProperties>
@@ -45834,12 +49865,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DefaultValue></DefaultValue>
             <Description>This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites.
 
-If you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
+If you enable this setting, you can set favorite URL&apos;s and favorite folders to appear on top of users&apos; favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
 
 Important
-Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
+Don&apos;t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
 
-If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.</Description>
+If you disable or don&apos;t configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45920,6 +49951,74 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>SetHomeButtonURL</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>The home button can be configured to load a custom URL when your user clicks the home button.
+
+If enabled, or configured, and the Configure Home Button policy is enabled, and the Show home button &amp; set a specific page is selected, a custom URL loads when your user clicks the home button.
+
+Default setting: Blank or not configured
+Related policy: Configure Home Button</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>SetHomeButtonURLPrompt</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SetHomeButtonURL</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>SetNewTabPageURL</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>You can set the default New Tab page URL in Microsoft Edge.  Enabling this policy prevents your users from changing the New tab page setting. When enabled and the Allow web content on New Tab page policy is disabled, Microsoft Edge ignores the URL specified in this policy and opens about&#58;blank.
+
+If enabled, you can set the default New Tab page URL.
+
+If disabled or not configured, the default Microsoft Edge new tab page is used.
+
+Default setting:  Disabled or not configured
+Related policy: Allow web content on New Tab page</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>SetNewTabPageURLPrompt</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SetNewTabPageURL</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>ShowMessageWhenOpeningSitesInInternetExplorer</NodeName>
           <DFProperties>
@@ -45927,7 +50026,16 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Show message when opening sites in Internet Explorer</Description>
+            <Description>You can configure Microsoft Edge to open a site automatically in Internet Explorer 11 and choose to display a notification before the site opens. If you want to display a notification, you must enable Configure the Enterprise Mode Site List or Send all intranets sites to Internet Explorer 11 or both.
+
+If enabled, the notification appears on a new page. If you want users to continue in Microsoft Edge, select the Show Keep going in Microsoft Edge option from the drop-down list under Options.
+
+If disabled or not configured, the default app behavior occurs and no additional page displays.
+
+Default setting: Disabled or not configured
+Related policies:
+-Configure the Enterprise Mode Site List
+-Send all intranet sites to Internet Explorer 11</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -45940,7 +50048,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
             <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
@@ -45976,6 +50084,43 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>UnlockHomeButton</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>By default, when enabling Configure Home Button or Set Home Button URL, the home button is locked down to prevent your users from changing what page loads when clicking the home button. Use this policy to let users change the home button even when Configure Home Button or Set Home Button URL are enabled.
+
+If enabled, the UI settings for the home button are enabled allowing your users to make changes, including hiding and showing the home button as well as configuring a custom URL.
+
+If disabled or not configured, the UI settings for the home button are disabled preventing your users from making changes.
+
+Default setting: Disabled or not configured
+Related policy:
+-Configure Home Button
+-Set Home Button URL</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>UnlockHomeButton</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>UseSharedFolderForBooks</NodeName>
           <DFProperties>
@@ -46641,7 +50786,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>If set to 1 then any MDM policy that is set that has an equivalent GP policy will result in GP service blocking the setting of the policy by GP MMC</Description>
+            <Description>If set to 1 then any MDM policy that is set that has an equivalent GP policy will result in GP service blocking the setting of the policy by GP MMC. Setting the value to 0 (zero) or deleting the policy will remove the GP policy blocks restore the saved GP policies.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -46654,7 +50799,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:SupportedValues low="1" high="1"></MSFT:SupportedValues>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -47549,6 +51694,35 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>CheckForSignaturesBeforeRunningScan</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>CheckForSignaturesBeforeRunningScan</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>CheckForSignaturesBeforeRunningScan</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>CloudBlockLevel</NodeName>
           <DFProperties>
@@ -47692,6 +51866,64 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisableCatchupFullScan</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Scan_DisableCatchupFullScan</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Scan_DisableCatchupFullScan</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DisableCatchupQuickScan</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Scan_DisableCatchupQuickScan</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Scan_DisableCatchupQuickScan</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EnableControlledFolderAccess</NodeName>
           <DFProperties>
@@ -47721,6 +51953,35 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EnableLowCPUPriority</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Scan_LowCpuPriority</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Scan_LowCpuPriority</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EnableNetworkProtection</NodeName>
           <DFProperties>
@@ -47856,6 +52117,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Root_PUAProtection</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Root_PUAProtection</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -48004,6 +52269,62 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>SignatureUpdateFallbackOrder</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>SignatureUpdate_FallbackOrder</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~SignatureUpdate</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SignatureUpdate_FallbackOrder</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>SignatureUpdateFileSharesSources</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>SignatureUpdate_DefinitionUpdateFileSharesSources</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~SignatureUpdate</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SignatureUpdate_DefinitionUpdateFileSharesSources</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>SignatureUpdateInterval</NodeName>
           <DFProperties>
@@ -48166,6 +52487,33 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DOCacheHost</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>CacheHost</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>CacheHost</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DODelayBackgroundDownloadFromHttp</NodeName>
           <DFProperties>
@@ -48662,6 +53010,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues low="0" high="100"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>PercentageMaxDownloadBandwidth</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PercentageMaxDownloadBandwidth</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -48865,6 +53217,35 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DDFName></DDFName>
           </DFType>
         </DFProperties>
+        <Node>
+          <NodeName>EnableSystemGuard</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Secure Launch configuration: 0 - Unmanaged, configurable by Administrative user, 1 - Enables Secure Launch if supported by hardware, 2 - Disables Secure Launch.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues AllowedValues="0,1,2"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>DeviceGuard.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>SystemGuardDrop</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeviceGuard~AT~System~DeviceGuardCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>VirtualizationBasedSecurity</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EnableVirtualizationBasedSecurity</NodeName>
           <DFProperties>
@@ -48971,6 +53352,114 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DDFName></DDFName>
           </DFType>
         </DFProperties>
+        <Node>
+          <NodeName>AllowInstallationOfMatchingDeviceIDs</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>deviceinstallation.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeviceInstall_IDs_Allow</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowInstallationOfMatchingDeviceSetupClasses</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>deviceinstallation.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeviceInstall_Classes_Allow</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>PreventDeviceMetadataFromNetwork</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>DeviceSetup.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeviceMetadata_PreventDeviceMetadataFromNetwork</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>PreventInstallationOfDevicesNotDescribedByOtherPolicySettings</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>deviceinstallation.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeviceInstall_Unspecified_Deny</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>PreventInstallationOfMatchingDeviceIDs</NodeName>
           <DFProperties>
@@ -49653,6 +54142,53 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>DmaGuard</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>DeviceEnumerationPolicy</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>dmaguard.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>dmaguard~AT~System~DmaGuard</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DmaGuardEnumerationPolicy</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>ErrorReporting</NodeName>
         <DFProperties>
@@ -49955,6 +54491,33 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <DDFName></DDFName>
           </DFType>
         </DFProperties>
+        <Node>
+          <NodeName>AllowClipboardHistory</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Allows history of clipboard items to be stored in memory.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>OSPolicy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>OSPolicy~AT~System~PolicyPolicies</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowClipboardHistory</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowCopyPaste</NodeName>
           <DFProperties>
@@ -50258,7 +54821,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <DefaultValue>0</DefaultValue>
+            <DefaultValue>1</DefaultValue>
             <Description></Description>
             <DFFormat>
               <int/>
@@ -50335,6 +54898,65 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DoNotSyncBrowserSetting</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>You can configure Microsoft Edge, when enabled, to prevent the &quot;browser&quot; group from using the Sync your Settings option to sync information, such as history and favorites, between user&apos;s devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable the Allow users to turn browser syncing on policy. If disabled or not configured, the Sync your Settings options are turned on in Microsoft Edge by default, and configurable by the user. 
+                        Related policy: PreventUsersFromTurningOnBrowserSyncing
+                        0 (default) = allow syncing, 2 = disable syncing</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues AllowedValues="0,2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>SettingSync.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>SettingSync~AT~WindowsComponents~SettingSync</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableWebBrowserSettingSync</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>PreventUsersFromTurningOnBrowserSyncing</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>You can configure Microsoft Edge to allow users to turn on the Sync your Settings option to sync information, such as history and favorites, between user&apos;s devices.  When enabled and you enable the Do not sync browser setting policy, browser settings sync automatically. If disabled, users have the option to sync the browser settings.
+                        Related policy: DoNotSyncBrowserSetting
+                        1 (default) = Do not allow users to turn on syncing, 0 = Allows users to turn on syncing</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>SettingSync.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>CheckBox_UserOverride</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>SettingSync~AT~WindowsComponents~SettingSync</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableWebBrowserSettingSync</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>ExploitGuard</NodeName>
@@ -57284,6 +61906,32 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>UPNNameHints</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>Devices joined to Azure Active Directory in a hybrid environment need to interact with Active Directory Domain Controllers, but they lack the built-in ability to find a Domain Controller that a domain-joined device has. This can cause failures when such a device needs to resolve an AAD UPN into an Active Directory Principal.
+                
+                This parameter adds a list of domains that an Azure Active Directory joined device should attempt to contact if it is otherwise unable to resolve a UPN to a principal.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>KioskBrowser</NodeName>
@@ -57383,7 +62031,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Enable/disable kiosk browser's end session button.</Description>
+            <Description>Enable/disable kiosk browser&apos;s end session button.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57408,7 +62056,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Enable/disable kiosk browser's home button.</Description>
+            <Description>Enable/disable kiosk browser&apos;s home button.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57433,7 +62081,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Enable/disable kiosk browser's navigation buttons (forward/back).</Description>
+            <Description>Enable/disable kiosk browser&apos;s navigation buttons (forward/back).</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57628,9 +62276,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <DefaultValue>0</DefaultValue>
             <Description>This policy setting prevents users from adding new Microsoft accounts on this computer.
 
-If you select the "Users can’t add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
+If you select the &quot;Users can’t add Microsoft accounts&quot; option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
 
-If you select the "Users can’t add or log on with Microsoft accounts" option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system.
+If you select the &quot;Users can’t add or log on with Microsoft accounts&quot; option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system.
 
 If you disable or do not configure this policy (recommended), users will be able to use Microsoft accounts with Windows.</Description>
             <DFFormat>
@@ -57728,7 +62376,7 @@ Note: If the Guest account is disabled and the security option Network Access: S
             <DefaultValue>1</DefaultValue>
             <Description>Accounts: Limit local account use of blank passwords to console logon only
 
-This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard.
+This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer&apos;s keyboard.
 
 Default: Enabled.
 
@@ -57800,7 +62448,7 @@ Default: Administrator.</Description>
             <DefaultValue>Guest</DefaultValue>
             <Description>Accounts: Rename guest account
 
-This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination.
+This security setting determines whether a different account name is associated with the security identifier (SID) for the account &quot;Guest.&quot; Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination.
 
 Default: Guest.</Description>
             <DFFormat>
@@ -57955,127 +62603,6 @@ Default: This policy is not defined and CD-ROM access is not restricted to the l
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
-        <Node>
-          <NodeName>DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Domain member: Digitally encrypt or sign secure channel data (always)
-
-This security setting determines whether all secure channel traffic initiated by the domain member must be signed or encrypted.
-
-When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass through authentication, LSA SID/name Lookup etc.
-
-This setting determines whether or not all secure channel traffic initiated by the domain member meets minimum security requirements. Specifically it determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. If this policy is enabled, then the secure channel will not be established unless either signing or encryption of all secure channel traffic is negotiated. If this policy is disabled, then encryption and signing of all secure channel traffic is negotiated with the Domain Controller in which case the level of signing and encryption depends on the version of the Domain Controller and the settings of the following two policies:
-
-Domain member: Digitally encrypt secure channel data (when possible)
-Domain member: Digitally sign secure channel data (when possible)
-
-Default: Enabled.
-
-Notes:
-
-If this policy is enabled, the policy Domain member: Digitally sign secure channel data (when possible) is assumed to be enabled regardless of its current setting. This ensures that the domain member attempts to negotiate at least signing of the secure channel traffic.
-If this policy is enabled, the policy Domain member: Digitally sign secure channel data (when possible) is assumed to be enabled regardless of its current setting. This ensures that the domain member attempts to negotiate at least signing of the secure channel traffic.
-Logon information transmitted over the secure channel is always encrypted regardless of whether encryption of ALL other secure channel traffic is negotiated or not.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Domain member: Digitally encrypt or sign secure channel data (always)</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Domain member: Digitally encrypt secure channel data (when possible)
-
-This security setting determines whether a domain member attempts to negotiate encryption for all secure channel traffic that it initiates.
-
-When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass-through authentication, LSA SID/name Lookup etc.
-
-This setting determines whether or not the domain member attempts to negotiate encryption for all secure channel traffic that it initiates. If enabled, the domain member will request encryption of all secure channel traffic. If the domain controller supports encryption of all secure channel traffic, then all secure channel traffic will be encrypted. Otherwise only logon information transmitted over the secure channel will be encrypted. If this setting is disabled, then the domain member will not attempt to negotiate secure channel encryption.
-
-Default: Enabled.
-
-Important
-
-There is no known reason for disabling this setting. Besides unnecessarily reducing the potential confidentiality level of the secure channel, disabling this setting may unnecessarily reduce secure channel throughput, because concurrent API calls that use the secure channel are only possible when the secure channel is signed or encrypted.
-
-Note: Domain controllers are also domain members and establish secure channels with other domain controllers in the same domain as well as domain controllers in trusted domains.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Domain member: Digitally encrypt secure channel data (when possible)</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DomainMember_DisableMachineAccountPasswordChanges</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Domain member: Disable machine account password changes
-
-Determines whether a domain member periodically changes its computer account password. If this setting is enabled, the domain member does not attempt to change its computer account password. If this setting is disabled, the domain member attempts to change its computer account password as specified by the setting for Domain Member: Maximum age for machine account password, which by default is every 30 days.
-
-Default: Disabled.
-
-Notes
-
-This security setting should not be enabled. Computer account passwords are used to establish secure channel communications between members and domain controllers and, within the domain, between the domain controllers themselves. Once it is established, the secure channel is used to transmit sensitive information that is necessary for making authentication and authorization decisions.
-This setting should not be used in an attempt to support dual-boot scenarios that use the same computer account. If you want to dual-boot two installations that are joined to the same domain, give the two installations different computer names.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Domain member: Disable machine account password changes</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
         <Node>
           <NodeName>InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</NodeName>
           <DFProperties>
@@ -58113,7 +62640,7 @@ Do not display user information (3)</Description>
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Interactive logon: Don't display last signed-in
+            <Description>Interactive logon: Don&apos;t display last signed-in
 This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC.
 If this policy is enabled, the username will not be shown.
 
@@ -58146,7 +62673,7 @@ Default: Disabled.</Description>
               <Get />
             </AccessType>
             <DefaultValue>1</DefaultValue>
-            <Description>Interactive logon: Don't display username at sign-in
+            <Description>Interactive logon: Don&apos;t display username at sign-in
 This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown.
 If this policy is enabled, the username will not be shown.
 
@@ -58183,7 +62710,7 @@ Default: Disabled.</Description>
 
 This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on.
 
-If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords.
+If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users&apos; passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords.
 
 If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows.
 
@@ -58349,6 +62876,55 @@ On Windows Vista and above: For this setting to work, the Smart Card Removal Pol
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>MicrosoftNetworkClient_DigitallySignCommunicationsAlways</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Microsoft network client: Digitally sign communications (always)
+
+This security setting determines whether packet signing is required by the SMB client component.
+
+The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted.
+
+If this setting is enabled, the Microsoft network client will not communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server.
+
+Default: Disabled.
+
+Important
+
+For this policy to take effect on computers running Windows 2000, client-side packet signing must also be enabled. To enable client-side SMB packet signing, set Microsoft network client: Digitally sign communications (if server agrees).
+
+Notes
+
+All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later operating systems, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors.
+For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Microsoft network client: Digitally sign communications (always)</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</NodeName>
           <DFProperties>
@@ -58712,6 +63288,47 @@ This policy is supported on at least Windows Server 2016.</Description>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Network security: Allow Local System to use computer identity for NTLM
+
+This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication.
+
+If you enable this policy setting, services running as Local System that use Negotiate will use the computer identity. This might cause some authentication requests between Windows operating systems to fail and log an error.
+
+If you disable this policy setting, services running as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonymously.
+
+By default, this policy is enabled on Windows 7 and above.
+
+By default, this policy is disabled on Windows Vista.
+
+This policy is supported on at least Windows Vista or Windows Server 2008.
+
+Note: Windows Vista or Windows Server 2008 do not expose this setting in Group Policy.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Network security: Allow Local System to use computer identity for NTLM</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>NetworkSecurity_AllowPKU2UAuthenticationRequests</NodeName>
           <DFProperties>
@@ -58832,6 +63449,44 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
+
+This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
+
+Require NTLMv2 session security: The connection will fail if NTLMv2 protocol is not negotiated.
+Require 128-bit encryption: The connection will fail if strong encryption (128-bit) is not negotiated.
+
+Default:
+
+Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
+
+Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues AllowedValues="0,524288,536870912,537395200"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</NodeName>
           <DFProperties>
@@ -58879,7 +63534,7 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
             <DefaultValue></DefaultValue>
             <Description>Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
 
-This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the  "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting is configured.
+This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the  &quot;Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers&quot; policy setting is configured.
 
 If you configure this policy setting, you can define a list of remote servers to which clients are allowed to use NTLM authentication.
 
@@ -58915,15 +63570,15 @@ The naming format for servers on this exception list is the fully qualified doma
 
 This policy setting allows you to audit incoming NTLM traffic.
 
-If you select "Disable", or do not configure this policy setting, the server will not log events for incoming NTLM traffic.
+If you select &quot;Disable&quot;, or do not configure this policy setting, the server will not log events for incoming NTLM traffic.
 
-If you select "Enable auditing for domain accounts", the server will log events for NTLM pass-through authentication requests that would be blocked when the "Network Security: Restrict NTLM: Incoming NTLM traffic" policy setting is set to the "Deny all domain accounts" option.
+If you select &quot;Enable auditing for domain accounts&quot;, the server will log events for NTLM pass-through authentication requests that would be blocked when the &quot;Network Security: Restrict NTLM: Incoming NTLM traffic&quot; policy setting is set to the &quot;Deny all domain accounts&quot; option.
 
-If you select "Enable auditing for all accounts", the server will log events for all NTLM authentication requests that would be blocked when the "Network Security: Restrict NTLM: Incoming NTLM traffic" policy setting is set to the "Deny all accounts" option.
+If you select &quot;Enable auditing for all accounts&quot;, the server will log events for all NTLM authentication requests that would be blocked when the &quot;Network Security: Restrict NTLM: Incoming NTLM traffic&quot; policy setting is set to the &quot;Deny all accounts&quot; option.
 
 This policy is supported on at least Windows 7 or Windows Server 2008 R2.
 
-Note: Audit events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
+Note: Audit events are recorded on this computer in the &quot;Operational&quot; Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58954,15 +63609,15 @@ Note: Audit events are recorded on this computer in the "Operational" Log locate
 
 This policy setting allows you to deny or allow incoming NTLM traffic.
 
-If you select "Allow all" or do not configure this policy setting, the server will allow all NTLM authentication requests.
+If you select &quot;Allow all&quot; or do not configure this policy setting, the server will allow all NTLM authentication requests.
 
-If you select "Deny all domain accounts," the server will deny NTLM authentication requests for domain logon and display an NTLM blocked error, but allow local account logon.
+If you select &quot;Deny all domain accounts,&quot; the server will deny NTLM authentication requests for domain logon and display an NTLM blocked error, but allow local account logon.
 
-If you select "Deny all accounts," the server will deny NTLM authentication requests from incoming traffic and display an NTLM blocked error.
+If you select &quot;Deny all accounts,&quot; the server will deny NTLM authentication requests from incoming traffic and display an NTLM blocked error.
 
 This policy is supported on at least Windows 7 or Windows Server 2008 R2.
 
-Note: Block events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
+Note: Block events are recorded on this computer in the &quot;Operational&quot; Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58993,15 +63648,15 @@ Note: Block events are recorded on this computer in the "Operational" Log locate
 
 This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server.
 
-If you select "Allow all" or do not configure this policy setting, the client computer can authenticate identities to a remote server by using NTLM authentication.
+If you select &quot;Allow all&quot; or do not configure this policy setting, the client computer can authenticate identities to a remote server by using NTLM authentication.
 
-If you select "Audit all," the client computer logs an event for each NTLM authentication request to a remote server. This allows you to identify those servers receiving NTLM authentication requests from the client computer.
+If you select &quot;Audit all,&quot; the client computer logs an event for each NTLM authentication request to a remote server. This allows you to identify those servers receiving NTLM authentication requests from the client computer.
 
-If you select "Deny all," the client computer cannot authenticate identities to a remote server by using NTLM authentication. You can use the "Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication" policy setting to define a list of remote servers to which clients are allowed to use NTLM authentication.
+If you select &quot;Deny all,&quot; the client computer cannot authenticate identities to a remote server by using NTLM authentication. You can use the &quot;Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication&quot; policy setting to define a list of remote servers to which clients are allowed to use NTLM authentication.
 
 This policy is supported on at least Windows 7 or Windows Server 2008 R2.
 
-Note: Audit and block events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
+Note: Audit and block events are recorded on this computer in the &quot;Operational&quot; Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59103,9 +63758,9 @@ Default: Disabled.</Description>
 
 This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.
 
-• Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop.
+• Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the &quot;User Account Control: Switch to the secure desktop when prompting for elevation&quot; policy setting, the prompts appear on the interactive user&apos;s desktop instead of the secure desktop.
 
-• Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting.</Description>
+• Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the &quot;User Account Control: Switch to the secure desktop when prompting for elevation&quot; policy setting.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59140,15 +63795,15 @@ The options are:
 
 • Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constrained environments.
 
-• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.
+• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user&apos;s highest available privilege.
 
-• Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+• Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user&apos;s highest available privilege.
 
 • Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
 
-• Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+• Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user&apos;s highest available privilege.
 
-• Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.</Description>
+• Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user&apos;s highest available privilege.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59359,13 +64014,13 @@ The options are:
             <DefaultValue>1</DefaultValue>
             <Description>User Account Control: Switch to the secure desktop when prompting for elevation
 
-This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop.
+This policy setting controls whether the elevation request prompt is displayed on the interactive user&apos;s desktop or the secure desktop.
 
 The options are:
 
 • Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
 
-• Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.</Description>
+• Disabled: All elevation requests go to the interactive user&apos;s desktop. Prompt behavior policy settings for administrators and standard users are used.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59648,7 +64303,7 @@ The options are:
               <Get />
             </AccessType>
             <DefaultValue>1</DefaultValue>
-            <Description>This policy setting allows backup and restore of cellular text messages to Microsoft's cloud services.</Description>
+            <Description>This policy setting allows backup and restore of cellular text messages to Microsoft&apos;s cloud services.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -60715,6 +65370,33 @@ The options are:
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowCrossDeviceClipboard</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Allows syncing of Clipboard across devices under the same Microsoft account.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>OSPolicy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>OSPolicy~AT~System~PolicyPolicies</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowCrossDeviceClipboard</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowInputPersonalization</NodeName>
           <DFProperties>
@@ -62552,7 +67234,7 @@ The options are:
               <Get />
             </AccessType>
             <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the &apos;trusted devices&apos; privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -62888,7 +67570,7 @@ The options are:
               <Get />
             </AccessType>
             <DefaultValue></DefaultValue>
-            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'Communicate with unpaired wireless devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the &apos;Communicate with unpaired wireless devices&apos; privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -62916,7 +67598,7 @@ The options are:
               <Get />
             </AccessType>
             <DefaultValue>1</DefaultValue>
-            <Description>Allows apps/system to publish 'User Activities' into ActivityFeed.</Description>
+            <Description>Allows apps/system to publish &apos;User Activities&apos; into ActivityFeed.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -62943,7 +67625,7 @@ The options are:
               <Get />
             </AccessType>
             <DefaultValue>1</DefaultValue>
-            <Description>Allows ActivityFeed to upload published 'User Activities'.</Description>
+            <Description>Allows ActivityFeed to upload published &apos;User Activities&apos;.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -64024,6 +68706,39 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:XMLSchema><![CDATA[<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" version="1.0">
+                        <xs:simpleType name="member_name">
+                          <xs:restriction base="xs:string">
+                            <xs:maxLength value="255" />
+                          </xs:restriction>
+                        </xs:simpleType>
+                        <xs:element name="accessgroup">
+                          <xs:complexType>
+                            <xs:sequence>
+                              <xs:element name="member" minOccurs="0" maxOccurs="unbounded">
+                                <xs:annotation>
+                                  <xs:documentation>Restricted Group Member</xs:documentation>
+                                </xs:annotation>
+                                <xs:complexType>
+                                  <xs:attribute name="name" type="member_name" use="required"/>
+                                </xs:complexType>
+                              </xs:element>
+                            </xs:sequence>
+                            <xs:attribute name="desc" type="member_name" use="required"/>
+                          </xs:complexType>
+                        </xs:element>
+                        <xs:element name="groupmembership">
+                          <xs:complexType>
+                            <xs:sequence>
+                              <xs:element name="accessgroup" minOccurs="0" maxOccurs="unbounded">
+                                <xs:annotation>
+                                  <xs:documentation>Restricted Group</xs:documentation>
+                                </xs:annotation>
+                              </xs:element>
+                            </xs:sequence>
+                          </xs:complexType>
+                        </xs:element>
+                      </xs:schema>]]></MSFT:XMLSchema>
           </DFProperties>
         </Node>
       </Node>
@@ -64613,6 +69328,31 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>RecoveryEnvironmentAuthentication</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This policy controls the requirement of Admin Authentication in RecoveryEnvironment.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>RequireDeviceEncryption</NodeName>
           <DFProperties>
@@ -65502,6 +70242,9 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             </DFType>
             <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ForceStartSize</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -65537,7 +70280,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides "Change account settings" from appearing in the user tile in the start menu.</Description>
+            <Description>Enabling this policy hides &quot;Change account settings&quot; from appearing in the user tile in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -65576,6 +70319,9 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>NoFrequentUsedPrograms</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -65586,7 +70332,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides "Hibernate" from appearing in the power button in the start menu.</Description>
+            <Description>Enabling this policy hides &quot;Hibernate&quot; from appearing in the power button in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -65610,7 +70356,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides "Lock" from appearing in the user tile in the start menu.</Description>
+            <Description>Enabling this policy hides &quot;Lock&quot; from appearing in the user tile in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -65673,6 +70419,9 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>NoRecentDocsHistory</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -65711,7 +70460,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides "Restart/Update and restart" from appearing in the power button in the start menu.</Description>
+            <Description>Enabling this policy hides &quot;Restart/Update and restart&quot; from appearing in the power button in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -65735,7 +70484,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides "Shut down/Update and shut down" from appearing in the power button in the start menu.</Description>
+            <Description>Enabling this policy hides &quot;Shut down/Update and shut down&quot; from appearing in the power button in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -65759,7 +70508,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides "Sign out" from appearing in the user tile in the start menu.</Description>
+            <Description>Enabling this policy hides &quot;Sign out&quot; from appearing in the user tile in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -65783,7 +70532,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides "Sleep" from appearing in the power button in the start menu.</Description>
+            <Description>Enabling this policy hides &quot;Sleep&quot; from appearing in the power button in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -65807,7 +70556,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>Enabling this policy hides "Switch account" from appearing in the user tile in the start menu.</Description>
+            <Description>Enabling this policy hides &quot;Switch account&quot; from appearing in the user tile in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -65999,6 +70748,34 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>RemovableDiskDenyWriteAccess</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>If you enable this policy setting, write access is denied to this removable storage class. If you disable or do not configure this policy setting, write access is allowed to this removable storage class. Note: To require that users write data to BitLocker-protected storage, enable the policy setting &quot;Deny write access to drives not protected by BitLocker,&quot; which is located in &quot;Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives.&quot;</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>RemovableStorage.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>RemovableDisks_DenyWrite_Access_2</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>RemovableStorage~AT~System~DeviceAccess</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>RemovableDisks_DenyWrite_Access_2</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>System</NodeName>
@@ -66251,6 +71028,33 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>ConfigureMicrosoft365UploadEndpoint</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ConfigureMicrosoft365UploadEndpoint</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureMicrosoft365UploadEndpoint</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>ConfigureTelemetryOptInChangeNotification</NodeName>
           <DFProperties>
@@ -66307,6 +71111,62 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisableDeviceDelete</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DisableDeviceDelete</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableDeviceDelete</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DisableDiagnosticDataViewer</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DisableDiagnosticDataViewer</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableDiagnosticDataViewer</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DisableEnterpriseAuthProxy</NodeName>
           <DFProperties>
@@ -66420,7 +71280,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
             </AccessType>
             <DefaultValue>0</DefaultValue>
-            <Description>This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. By configuring this setting, you're not stopping people from changing their Telemetry Settings; however, you are stopping them from choosing a higher level than you've set for the organization. To enable this behavior, you must complete two steps: 1. Enable this policy setting 2. Set Allow Telemetry to level 2 (Enhanced).If you configure these policy settings together, you'll send the Basic level of diagnostic data plus any additional events that are required for Windows Analytics, to Microsoft. The additional events are documented here: https://go.Microsoft.com/fwlink/?linked=847594. If you enable Enhanced diagnostic data in the Allow Telemetry policy setting, but you don't configure this policy setting, you'll send the required events for Windows Analytics, plus any additional Enhanced level telemetry data to Microsoft. This setting has no effect on computers configured to send Full, Basic, or Security level diagnostic data to Microsoft. If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the Allow Telemetry policy setting.</Description>
+            <Description>This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. By configuring this setting, you&apos;re not stopping people from changing their Telemetry Settings; however, you are stopping them from choosing a higher level than you&apos;ve set for the organization. To enable this behavior, you must complete two steps: 1. Enable this policy setting 2. Set Allow Telemetry to level 2 (Enhanced).If you configure these policy settings together, you&apos;ll send the Basic level of diagnostic data plus any additional events that are required for Windows Analytics, to Microsoft. The additional events are documented here: https://go.Microsoft.com/fwlink/?linked=847594. If you enable Enhanced diagnostic data in the Allow Telemetry policy setting, but you don&apos;t configure this policy setting, you&apos;ll send the required events for Windows Analytics, plus any additional Enhanced level telemetry data to Microsoft. This setting has no effect on computers configured to send Full, Basic, or Security level diagnostic data to Microsoft. If you disable or don&apos;t configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the Allow Telemetry policy setting.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -66494,8 +71354,8 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <AccessType>
               <Get />
             </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DefaultValue>3</DefaultValue>
+            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -66521,8 +71381,8 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <AccessType>
               <Get />
             </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DefaultValue>3</DefaultValue>
+            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -66548,8 +71408,8 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <AccessType>
               <Get />
             </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DefaultValue>3</DefaultValue>
+            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -66575,8 +71435,8 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <AccessType>
               <Get />
             </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DefaultValue>3</DefaultValue>
+            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -66602,8 +71462,8 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <AccessType>
               <Get />
             </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DefaultValue>3</DefaultValue>
+            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -66629,8 +71489,8 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <AccessType>
               <Get />
             </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DefaultValue>3</DefaultValue>
+            <Description>This setting determines whether the service&apos;s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -66651,6 +71511,50 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>TaskManager</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>AllowEndTask</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>This setting determines whether non-administrators can use Task Manager to end tasks - enabled (1) or disabled (0). Default: enabled</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>TaskScheduler</NodeName>
         <DFProperties>
@@ -67438,7 +72342,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <AccessType>
               <Get />
             </AccessType>
-            <DefaultValue>2</DefaultValue>
+            <DefaultValue>6</DefaultValue>
             <Description></Description>
             <DFFormat>
               <int/>
@@ -67452,7 +72356,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:SupportedValues low="0" high="5"></MSFT:SupportedValues>
+            <MSFT:SupportedValues low="0" high="6"></MSFT:SupportedValues>
             <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
             <MSFT:ADMXMappedElement>AutoUpdateMode</MSFT:ADMXMappedElement>
             <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
@@ -67595,6 +72499,34 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AutoRestartDeadlinePeriodInDaysForFeatureUpdates</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>7</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="2" high="30"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AutoRestartDeadlineForFeatureUpdates</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AutoRestartDeadline</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AutoRestartNotificationSchedule</NodeName>
           <DFProperties>
@@ -67898,6 +72830,34 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EngagedRestartDeadlineForFeatureUpdates</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>14</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="2" high="30"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>EngagedRestartDeadlineForFeatureUpdates</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EngagedRestartTransitionSchedule</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EngagedRestartSnoozeSchedule</NodeName>
           <DFProperties>
@@ -67926,6 +72886,34 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EngagedRestartSnoozeScheduleForFeatureUpdates</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>3</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="1" high="3"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>EngagedRestartSnoozeScheduleForFeatureUpdates</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EngagedRestartTransitionSchedule</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EngagedRestartTransitionSchedule</NodeName>
           <DFProperties>
@@ -67954,6 +72942,34 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EngagedRestartTransitionScheduleForFeatureUpdates</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>7</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="2" high="30"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>EngagedRestartTransitionScheduleForFeatureUpdates</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EngagedRestartTransitionSchedule</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>ExcludeWUDriversInQualityUpdate</NodeName>
           <DFProperties>
@@ -68579,6 +73595,60 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>SetDisablePauseUXAccess</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SetDisablePauseUXAccess</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>SetDisableUXWUAccess</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SetDisableUXWUAccess</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>SetEDURestart</NodeName>
           <DFProperties>
@@ -68606,6 +73676,33 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>UpdateNotificationKioskMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>UpdateNotificationKioskMode</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>UpdateServiceUrl</NodeName>
           <DFProperties>
@@ -68688,7 +73785,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
             </AccessType>
             <DefaultValue></DefaultValue>
-            <Description>This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities.</Description>
+            <Description>This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users&apos; saved credentials might be compromised if this privilege is given to other entities.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -68850,7 +73947,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
             </AccessType>
             <DefaultValue></DefaultValue>
-            <Description>This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. Caution: Assigning this user right can be a security risk. Assign this user right only to trusted users.</Description>
+            <Description>This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users&apos; sessions, which could lead to application failure or data corruption. Caution: Assigning this user right can be a security risk. Assign this user right only to trusted users.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -68931,7 +74028,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
             </AccessType>
             <DefaultValue></DefaultValue>
-            <Description>This user right determines if the user can create a symbolic link from the computer he is logged on to. Caution: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. Note: This setting can be used in conjunction a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type 'fsutil behavior set symlinkevaluation /?' at the command line to get more information about fsutil and symbolic links.</Description>
+            <Description>This user right determines if the user can create a symbolic link from the computer he is logged on to. Caution: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren&apos;t designed to handle them. Note: This setting can be used in conjunction a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type &apos;fsutil behavior set symlinkevaluation /?&apos; at the command line to get more information about fsutil and symbolic links.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -69147,7 +74244,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
               <Get />
             </AccessType>
             <DefaultValue></DefaultValue>
-            <Description>Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user's permissions to administrative or system levels. Caution: Assigning this user right can be a security risk. Only assign this user right to trusted users. Note: By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist. 
+            <Description>Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user&apos;s permissions to administrative or system levels. Caution: Assigning this user right can be a security risk. Only assign this user right to trusted users. Note: By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist. 
 1) The access token that is being impersonated is for this user.
 2) The user, in this logon session, created the access token by logging on to the network with explicit credentials.
 3) The requested level is less than Impersonate, such as Anonymous or Identify.
@@ -69789,6 +74886,34 @@ Because of these factors, users do not usually need this user right. Warning: If
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisableClearTpmButton</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~DeviceSecurity</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeviceSecurity_DisableClearTpmButton</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DisableDeviceSecurityUI</NodeName>
           <DFProperties>
@@ -69957,6 +75082,34 @@ Because of these factors, users do not usually need this user right. Warning: If
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisableTpmFirmwareUpdateWarning</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~DeviceSecurity</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeviceSecurity_DisableTpmFirmwareUpdateWarning</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DisableVirusUI</NodeName>
           <DFProperties>
@@ -70181,6 +75334,34 @@ Because of these factors, users do not usually need this user right. Warning: If
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>HideWindowsSecurityNotificationAreaControl</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~Systray</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Systray_HideSystray</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>Phone</NodeName>
           <DFProperties>
@@ -70644,7 +75825,7 @@ Because of these factors, users do not usually need this user right. Warning: If
             </AccessType>
             <DefaultValue>1</DefaultValue>
             <Description>This policy setting allows you to turn off projection to a PC
-                            If you set it to 0, your PC isn't discoverable and can't be projected to
+                            If you set it to 0, your PC isn&apos;t discoverable and can&apos;t be projected to
                             If you set it to 1, your PC is discoverable and can be projected to above the lock screen only. The user has an option to turn it always on or off except for manual launch, too.</Description>
             <DFFormat>
               <int/>
@@ -70674,7 +75855,7 @@ Because of these factors, users do not usually need this user right. Warning: If
             </AccessType>
             <DefaultValue>1</DefaultValue>
             <Description>This policy setting allows you to turn off projection to a PC over infrastructure.
-                            If you set it to 0, your PC cannot be discoverable and can't be projected to over infrastructure, though it may still be possible to project over WiFi Direct.
+                            If you set it to 0, your PC cannot be discoverable and can&apos;t be projected to over infrastructure, though it may still be possible to project over WiFi Direct.
                             If you set it to 1, your PC can be discoverable and can be projected to over infrastructure.</Description>
             <DFFormat>
               <int/>
@@ -70724,8 +75905,9 @@ Because of these factors, users do not usually need this user right. Warning: If
             </AccessType>
             <DefaultValue>0</DefaultValue>
             <Description>This policy setting allows you to require a pin for pairing.
-                            If you turn this on, the pairing ceremony for new devices will always require a PIN
-                            If you turn it off or don't configure it, a pin isn't required for pairing.</Description>
+                            If you set this to 0, a pin isn&apos;t required for pairing.
+                            If you set this to 1, the pairing ceremony for new devices will always require a PIN.
+                            If you set this to 2, all pairings will require PIN.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -70738,15 +75920,15 @@ Because of these factors, users do not usually need this user right. Warning: If
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
             <MSFT:ADMXMapped>WirelessDisplay.admx</MSFT:ADMXMapped>
             <MSFT:ADMXCategory>WirelessDisplay~AT~WindowsComponents~Connect</MSFT:ADMXCategory>
             <MSFT:ADMXPolicyName>RequirePinForPairing</MSFT:ADMXPolicyName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
       </Node>
     </Node>
   </Node>
 </MgmtTree>
-```
\ No newline at end of file
+```
diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md
index d4fff403d1..3733920512 100644
--- a/windows/client-management/mdm/supl-csp.md
+++ b/windows/client-management/mdm/supl-csp.md
@@ -7,11 +7,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 06/26/2017
+ms.date: 07/20/2018
 ---
 
 # SUPL CSP
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The SUPL configuration service provider is used to configure the location client, as shown in the following table.
 
@@ -220,18 +222,51 @@ Specifies the name of the H-SLP root certificate as a string, in the format *nam
 <a href="" id="rootcertificate-data"></a>**RootCertificate/Data**  
 The base 64 encoded blob of the H-SLP root certificate.
 
+<a href="" id="rootcertificate"></a>**RootCertificate2**  
+Specifies the root certificate for the H-SLP server.
+
 <a href="" id="rootcertificate2-name"></a>**RootCertificate2/Name**  
 Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
 
 <a href="" id="rootcertificate2-data"></a>**RootCertificate2/Data**  
 The base 64 encoded blob of the H-SLP root certificate.
 
+<a href="" id="rootcertificate"></a>**RootCertificate3**  
+Specifies the root certificate for the H-SLP server.
+
 <a href="" id="rootcertificate3-name"></a>**RootCertificate3/Name**  
 Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
 
 <a href="" id="rootcertificate3-data"></a>**RootCertificate3/Data**  
 The base 64 encoded blob of the H-SLP root certificate.
 
+<a href="" id="rootcertificate"></a>**RootCertificate4**  
+Added in Windows 10, next major version. Specifies the root certificate for the H-SLP server.
+
+<a href="" id="rootcertificate-name"></a>**RootCertificate4/Name**  
+Added in Windows 10, next major version. Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
+
+<a href="" id="rootcertificate-data"></a>**RootCertificate4/Data**  
+Added in Windows 10, next major version. The base 64 encoded blob of the H-SLP root certificate.
+
+<a href="" id="rootcertificate"></a>**RootCertificate5**  
+Added in Windows 10, next major version. Specifies the root certificate for the H-SLP server.
+
+<a href="" id="rootcertificate2-name"></a>**RootCertificate5/Name**  
+Added in Windows 10, next major version. Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
+
+<a href="" id="rootcertificate2-data"></a>**RootCertificate5/Data**  
+Added in Windows 10, next major version. The base 64 encoded blob of the H-SLP root certificate.
+
+<a href="" id="rootcertificate"></a>**RootCertificate6**  
+Added in Windows 10, next major version. Specifies the root certificate for the H-SLP server.
+
+<a href="" id="rootcertificate3-name"></a>**RootCertificate6/Name**  
+Added in Windows 10, next major version. Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
+
+<a href="" id="rootcertificate3-data"></a>**RootCertificate6/Data**  
+Added in Windows 10, next major version. The base 64 encoded blob of the H-SLP root certificate.
+
 <a href="" id="v2upl1"></a>**V2UPL1**  
 Required for V2 UPL for CDMA. Specifies the account settings for user plane location and IS-801 for CDMA. Only one account is supported at a given time.
 
diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md
index 0fe52da790..ec126158b6 100644
--- a/windows/client-management/mdm/supl-ddf-file.md
+++ b/windows/client-management/mdm/supl-ddf-file.md
@@ -7,17 +7,19 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 12/05/2017
+ms.date: 07/20/2018
 ---
 
 # SUPL DDF file
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **SUPL** configuration service provider.
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is the current version for this CSP.
+The XML below is for Windows 10, next major version.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -43,7 +45,7 @@ The XML below is the current version for this CSP.
             <Permanent />
           </Scope>
           <DFType>
-            <DDFName></DDFName>
+            <MIME>com.microsoft/1.1/MDM/SUPL</MIME>
           </DFType>
         </DFProperties>
         <Node>
@@ -200,7 +202,7 @@ The XML below is the current version for this CSP.
                     <Replace />
                   </AccessType>
                   <DefaultValue>0</DefaultValue>
-                  <Description>Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The default is 0. The default method in Windows Phones provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator’s network or location services. For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.</Description>
+                  <Description>Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The default is 0. The default method in Windows Phones provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator's network or location services. For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.</Description>
                   <DFFormat>
                     <int />
                   </DFFormat>
@@ -477,7 +479,7 @@ The XML below is the current version for this CSP.
                       <DDFName></DDFName>
                     </DFType>
                   </DFProperties>
-                </Node>                
+                </Node>
               </Node>
               <Node>
                 <NodeName>RootCertificate4</NodeName>
@@ -542,7 +544,7 @@ The XML below is the current version for this CSP.
                       <DDFName></DDFName>
                     </DFType>
                   </DFProperties>
-                </Node>                
+                </Node>
               </Node>
               <Node>
                 <NodeName>RootCertificate5</NodeName>
@@ -607,7 +609,7 @@ The XML below is the current version for this CSP.
                       <DDFName></DDFName>
                     </DFType>
                   </DFProperties>
-                </Node>                
+                </Node>
               </Node>
               <Node>
                 <NodeName>RootCertificate6</NodeName>
@@ -672,7 +674,7 @@ The XML below is the current version for this CSP.
                       <DDFName></DDFName>
                     </DFType>
                   </DFProperties>
-                </Node>                
+                </Node>
               </Node>
             </Node>
           </Node>
@@ -749,7 +751,7 @@ The XML below is the current version for this CSP.
                 <Replace />
               </AccessType>
               <DefaultValue>0</DefaultValue>
-              <Description>Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The default is 0. The default method in Windows Phones provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator’s network or location services. The Mobile Station Assisted and AFLT positioning methods must only be configured for test purposes. For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.</Description>
+              <Description>Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The default is 0. The default method in Windows Phones provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator's network or location services. The Mobile Station Assisted and AFLT positioning methods must only be configured for test purposes. For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.</Description>
               <DFFormat>
                 <int />
               </DFFormat>
@@ -858,13 +860,3 @@ The XML below is the current version for this CSP.
       </Node>
 </MgmtTree>
 ```
-
- 
-
- 
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md
index 6e43514e39..708ac76bd8 100644
--- a/windows/client-management/mdm/wifi-csp.md
+++ b/windows/client-management/mdm/wifi-csp.md
@@ -7,11 +7,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 04/16/2018
+ms.date: 06/28/2018
 ---
 
 # WiFi CSP
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The WiFi configuration service provider provides the functionality to add or delete Wi-Fi networks on a Windows device. The configuration service provider accepts SyncML input and converts it to a network profile that is installed on the device. This profile enables the device to connect to the Wi-Fi network when it is in range.
 
@@ -59,8 +61,6 @@ If it exists in the blob, the **keyType** and **protected** elements must come b
 
 > **Note**  If you need to specify other advanced conditions, such as specifying criteria for certificates that can be used by the Wi-Fi profile, you can do so by specifying this through the EapHostConfig portion of the WlanXML. For more information, see [EAP configuration](http://go.microsoft.com/fwlink/p/?LinkId=618963).
 
- 
-
 The supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="proxy"></a>**Proxy**  
@@ -96,6 +96,17 @@ Added in Windows 10, version 1607. Optional. When set to true it enables Web Pr
 
 Value type is bool.
 
+<a href="" id="wificost"></a>**WiFiCost**  
+Added in Windows 10, next major version. Optional. This policy sets the cost of WLAN connection for the Wi-Fi profile. Default behaviour: Unrestricted.
+
+Supported values:  
+
+- 1 - Unrestricted - unlimited connection
+- 2 - Fixed - capacity constraints  up to a certain data limit  
+- 3 - Variable - paid on per byte basic
+
+Supported operations are Add, Get, Replace and Delete. Value type is integer.
+
 ## Examples
 
 
diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md
index b5bcd3d75e..a4ec65ad3c 100644
--- a/windows/client-management/mdm/wifi-ddf-file.md
+++ b/windows/client-management/mdm/wifi-ddf-file.md
@@ -7,15 +7,200 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 06/26/2017
+ms.date: 06/28/2018
 ---
 
 # WiFi DDF file
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **WiFi** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
-Content under development and will be published soon.
+The XML below is for Windows 10, next major version.
+
+``` syntax
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
+  "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
+  [
+  <?oma-dm-ddf-ver supported-versions="1.2"?>
+]>
+<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
+  <VerDTD>1.2</VerDTD>
+  <Node>
+    <NodeName>WiFi</NodeName>
+    <Path>./Vendor/MSFT</Path>
+    <DFProperties>
+      <AccessType>
+        <Get />
+      </AccessType>
+      <DFFormat>
+        <node />
+      </DFFormat>
+      <Occurrence>
+        <One />
+      </Occurrence>
+      <Scope>
+        <Permanent />
+      </Scope>
+      <DFType>
+        <MIME>com.microsoft/1.1/MDM/WiFi</MIME>
+      </DFType>
+    </DFProperties>
+    <Node>
+      <NodeName>Profile</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Get />
+        </AccessType>
+        <DFFormat>
+          <node />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <DFType>
+          <DDFName></DDFName>
+        </DFType>
+      </DFProperties>
+      <Node>
+        <NodeName></NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <Description>The Profile name of the Wi-Fi network. This is added when WlanXML node is added and deleted when Wlanxml is deleted.</Description>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrMore />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFTitle>SSID</DFTitle>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>WlanXml</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>
+              XML describing the network configuration and follows Windows WLAN_profile schema.
+              Link to schema: http://msdn.microsoft.com/en-us/library/windows/desktop/ms707341(v=vs.85).aspx
+            </Description>
+            <DFFormat>
+              <chr />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>Proxy</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Optional node. The format is url:port. Configuration of the network proxy (if any).</Description>
+            <DFFormat>
+              <chr />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <CaseSense>
+              <CIS />
+            </CaseSense>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ProxyPacUrl</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+              <Add />
+              <Delete />
+              <Replace />
+            </AccessType>
+            <Description>Optional node. URL to the PAC file location.</Description>
+            <DFFormat>
+              <chr />
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <CaseSense>
+              <CIS />
+            </CaseSense>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ProxyWPAD</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+              <Add />
+              <Delete />
+              <Replace />
+            </AccessType>
+            <Description>Optional node: The presence of the field enables WPAD for proxy lookup.</Description>
+            <DFFormat>
+              <bool />
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
+    </Node>
+  </Node>
+</MgmtTree>
+```
 
 ## Related topics
 
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
new file mode 100644
index 0000000000..5efc199b30
--- /dev/null
+++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
@@ -0,0 +1,615 @@
+---
+title: Win32CompatibilityAppraiser  CSP
+description: 
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MariciaAlforque
+ms.date: 07/19/2018
+---
+
+#  Win32CompatibilityAppraiser CSP 
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+The Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telementry health. This CSP was added in Windows 10, next major version.
+
+The following diagram shows the Storage configuration service provider in tree format.
+
+![Win32CompatibilityAppraiser CSP diagram](images/provisioning-csp-win32compatibilityappraiser.png)
+
+<a href="" id="accountmanagement"></a>**./Vendor/MSFT/Win32CompatibilityAppraiser**  
+The root node for the Win32CompatibilityAppraiser configuration service provider.
+
+<a href="" id="compatibilityappraiser"></a>**CompatibilityAppraiser**  
+This represents the state of the Compatibility Appraiser.
+
+
+<a href="" id="compatibilityappraiser-appraiserconfigurationdiagnosis"></a>**CompatibilityAppraiser/AppraiserConfigurationDiagnosis**  
+This represents various settings that affect whether the Compatibility Appraiser can collect and upload compatibility data. 
+
+
+<a href="" id="compatibilityappraiser-appraiserconfigurationdiagnosis-commercialid"></a>**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/CommercialId**  
+The unique identifier specifying what organization owns this device.  This helps correlate telemetry after it has been uploaded.
+
+Value type is string. Supported operation is Get.
+
+<a href="" id="compatibilityappraiser-appraiserconfigurationdiagnosiscommercialidsetandvalid"></a>**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/CommercialIdSetAndValid**  
+A boolean value representing whether the CommercialId is set to a valid value.  Valid values are strings in the form of GUIDs, with no surrounding braces.
+
+Value type is bool. Supported operation is Get.
+
+<a href="" id="compatibilityappraiser-appraiserconfigurationdiagnosis-alltargetosversionsrequested"></a>**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/AllTargetOsVersionsRequested**  
+A boolean value representing whether the flag to request that the Compatibility Appraiser check compatibility with all possible Windows 10 versions has been set.  By default, versions 1507 and 1511, and any version equal to or less than the current version, are not checked.
+
+Value type is bool. Supported operation is Get.
+
+<a href="" id="compatibilityappraiser-appraiserconfigurationdiagnosis-osskuisvalidforappraiser"></a>**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/OsSkuIsValidForAppraiser**  
+A boolean value indicating whether the current Windows SKU is able to run the Compatibility Appraiser.
+
+Value type is bool. Supported operation is Get.
+
+<a href="" id="compatibilityappraiser-appraiserconfigurationdiagnosis-appraisercodeanddataversionsaboveminimum"></a>**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/AppraiserCodeAndDataVersionsAboveMinimum**  
+An integer value representing whether the installed versions of the Compatibility Appraiser code and data meet the minimum requirement to provide useful data.  
+
+The values are:  
+-  0 == Neither the code nor data is of a sufficient version  
+-  1 == The code version is insufficient but the data version is sufficient 
+-  2 == The code version is sufficient but the data version is insufficient
+-  3 == Both the code and data are of a sufficient version
+
+Value type is integer. Supported operation is Get.
+
+<a href="" id="compatibilityappraiser-appraiserconfigurationdiagnosis-rebootpending"></a>**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/RebootPending**  
+A boolean value representing whether a reboot is pending on this computer.  A newly-installed version of the Compatibility Appraiser may require a reboot before useful data is able to be sent.
+
+Value type is bool. Supported operation is Get.
+
+<a href="" id="compatibilityappraiser-appraiserrunresultreport"></a>**CompatibilityAppraiser/AppraiserRunResultReport**  
+This provides an XML representation of the last run of Appraiser and the last runs of Appraiser of certain types or configurations.
+
+For the report XML schema see [Appraiser run result report](#appraiser-run-result-report).
+
+<a href="" id="universaltelemetryclient"></a>**UniversalTelemetryClient**  
+This represents the state of the Universal Telemetry Client, or DiagTrack service.
+
+<a href="" id="universaltelemetryclient-utcconfigurationdiagnosis"></a>**UniversalTelemetryClient/UtcConfigurationDiagnosis**  
+This represents various settings that affect whether the Universal Telemetry Client can upload data and how much data it can upload.
+
+<a href="" id="universaltelemetryclient-utcconfigurationdiagnosis-telemetryoptin"></a>**UniversalTelemetryClient/UtcConfigurationDiagnosis/TelemetryOptIn**  
+An integer value representing what level of telemetry will be uploaded.  
+
+Value type is integer. Supported operation is Get.
+
+The values are:  
+-  0 == Security data will be sent 
+-  1 == Basic telemetry will be sent 
+-  2 == Enhanced telemetry will be sent 
+-  3 == Full telemetry will be sent
+
+<a href="" id="universaltelemetryclient-utcconfigurationdiagnosis-commercialdataoptin"></a>**UniversalTelemetryClient/UtcConfigurationDiagnosis/CommercialDataOptIn**  
+An integer value representing whether the CommercialDataOptIn setting is allowing any data to upload.  
+
+Value type is integer. Supported operation is Get.
+
+The values are:  
+-  0 == Setting is disabled
+-  1 == Setting is enabled
+-  2 == Setting is not applicable to this version of Windows
+
+<a href="" id="universaltelemetryclient-utcconfigurationdiagnosis-diagtrackservicerunning"></a>**UniversalTelemetryClient/UtcConfigurationDiagnosis/DiagTrackServiceRunning**  
+A boolean value representing whether the DiagTrack service is running.  This service must be running in order to upload UTC data.
+
+Value type is bool. Supported operation is Get.
+
+<a href="" id="universaltelemetryclient-utcconfigurationdiagnosis-msaserviceenabled"></a>**UniversalTelemetryClient/UtcConfigurationDiagnosis/MsaServiceEnabled**  
+A boolean value representing whether the MSA service is enabled.  This service must be enabled for UTC data to be indexed with Global Device IDs.
+
+Value type is bool. Supported operation is Get.
+
+<a href="" id="universaltelemetryclient-utcconfigurationdiagnosis-internetexplorertelemetryoptin"></a>**UniversalTelemetryClient/UtcConfigurationDiagnosis/InternetExplorerTelemetryOptIn**  
+An integer value representing what websites Internet Explorer will collect telemetry data for.    
+
+Value type is integer. Supported operation is Get.
+
+The values are:  
+-  0 == Telemetry collection is disabled 
+-  1 == Telemetry collection is enabled for websites in the local intranet, trusted websites, and machine local zones 
+-  2 == Telemetry collection is enabled for internet websites and restricted website zones
+-  3 == Telemetry collection is enabled for all websites
+-  0x7FFFFFFF == Telemetry collection is not configured
+
+<a href="" id="universaltelemetryclient-utcconnectionreport"></a>**UniversalTelemetryClient/UtcConnectionReport**  
+This provides an XML representation of the UTC connections during the most recent summary period.
+
+For the report XML schema, see [UTC connection report](#utc-connection-report).
+
+<a href="" id="windowserrorreporting"></a>**WindowsErrorReporting**  
+This represents the state of the Windows Error Reporting service.
+
+<a href="" id="windowserrorreporting-werconfigurationdiagnosis"></a>**WindowsErrorReporting/WerConfigurationDiagnosis**  
+This represents various settings that affect whether the Windows Error Reporting service can upload data and how much data it can upload.
+
+<a href="" id="windowserrorreporting-werconfigurationdiagnosis-wertelemetryoptin"></a>**WindowsErrorReporting/WerConfigurationDiagnosis/WerTelemetryOptIn**  
+An integer value indicating the amount of WER data that will be uploaded.  
+
+Value type integer. Supported operation is Get.
+
+The values are:  
+-  0 == Data will not send due to UTC opt-in 
+-  1 == Data will not send due to WER opt-in 
+-  2 == Basic WER data will send but not the complete set of data 
+-  3 == The complete set of WER data will send
+
+
+<a href="" id="windowserrorreporting-werconfigurationdiagnosis-mostrestrictivesetting"></a>**WindowsErrorReporting/WerConfigurationDiagnosis/MostRestrictiveSetting**  
+An integer value representing which setting category (system telemetry, WER basic policies, WER advanced policies, and WER consent policies) is causing the overall WerTelemetryOptIn value to be restricted.  
+
+Value type integer. Supported operation is Get.
+
+The values are:  
+-  0 == System telemetry settings are restricting uploads 
+-  1 == WER basic policies are restricting uploads 
+-  2 == WER advanced policies are restricting uploads 
+-  3 == WER consent policies are restricting uploads 
+-  4 == There are no restrictive settings
+
+<a href="" id="windowserrorreporting-werconnectionreport"></a>**WindowsErrorReporting/WerConnectionReport**  
+This provides an XML representation of the most recent WER connections of various types.
+
+For the report XML schema, see [Windows Error Reporting connection report](#windows-error-reporting-connection-report).
+
+## XML schema for the reports
+
+### Appraiser run result report
+
+```
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" >
+    <xs:annotation>
+        <xs:documentation>CSP schema for the Compatibility Appraiser Diagnostic CSP.</xs:documentation>
+        <xs:documentation>Schema defining the Win32CompatibilityAppraiser\CompatibilityAppraiser\AppraiserRunResultReport CSP node.</xs:documentation>
+        <xs:documentation>Copyright (c) Microsoft Corporation, all rights reserved.</xs:documentation>
+    </xs:annotation>
+    <xs:simpleType name="RunCategoryType">
+        <xs:annotation>
+            <xs:documentation>Defines a category of Appraiser run.</xs:documentation>
+        </xs:annotation>
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="LastSecurityModeRunAttempt">
+                <xs:annotation>
+                    <xs:documentation>LastSecurityModeRunAttempt - The most recent run that was skipped because the "Allow Telemetry" setting was set to "Security".</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="LastEnterpriseRun">
+                <xs:annotation>
+                    <xs:documentation>LastEnterpriseRun - The most recent run that was invoked with the "ent" command line.</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="LastFatallyErroredRun">
+                <xs:annotation>
+                    <xs:documentation>LastFatallyErroredRun - The most recent run that returned a failed "ErrorCode".</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="LastSuccessfulRun">
+                <xs:annotation>
+                    <xs:documentation>LastSuccessfulRun - The most recent run that returned a successful "ErrorCode".</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="LastFullSyncRun">
+                <xs:annotation>
+                    <xs:documentation>LastFullSyncRun - The most recent run that attempted to upload a complete set of compatibility data (instead of only new data that was found since the previous run).</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="LastSuccessfulFullSyncRun">
+                <xs:annotation>
+                    <xs:documentation>LastSuccessfulFullSyncRun - The most recent run that attempted to upload a complete set of compatibility data (instead of only new data that was found since the previous run) and also returned a successful "ErrorCode".</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="LastSuccessfulFromEnterprisePerspectiveRun">
+                <xs:annotation>
+                    <xs:documentation>LastSuccessfulFromEnterprisePerspectiveRun - The most recent run that returned a successful "EnterpriseErrorCode".</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="LastSuccessfulFromEnterprisePerspectiveFullSyncRun">
+                <xs:annotation>
+                    <xs:documentation>LastSuccessfulFromEnterprisePerspectiveEnterpriseRun - The most recent run that attempted to upload a complete set of compatibility data (instead of only new data that was found since the previous run) and also returned a successful "EnterpriseErrorCode".</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="LastSuccessfulFromEnterprisePerspectiveEnterpriseRun">
+                <xs:annotation>
+                    <xs:documentation>LastSuccessfulFromEnterprisePerspectiveEnterpriseRun - The most recent run that was invoked with the "ent" command line and also returned a successful "EnterpriseErrorCode".</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+        </xs:restriction>
+    </xs:simpleType>
+    <xs:complexType name="LastRunResultOfAnyCategoryType">
+        <xs:annotation>
+            <xs:documentation>Represents the most recent run of the Compatibility Appraiser.</xs:documentation>
+        </xs:annotation>
+        <xs:sequence>
+            <xs:element name="CurrentlyRunning" type="xs:boolean" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>CurrentlyRunning - A boolean representing whether the specified Compatibility Appraiser run is still in progress.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="CrashedOrInterrupted" type="xs:boolean" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>CrashedOrInterrupted - A boolean representing whether the specified Compatibility Appraiser run ended before it finished scanning for compatibility data.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="ErrorCode" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>ErrorCode - An integer which is the HRESULT error code, of a type that is relevant to any computer, from the specified Compatibility Appraiser run.  This may be a successful HRESULT code or a failure HRESULT code.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="EnterpriseErrorCode" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>EnterpriseErrorCode - An integer which is the HRESULT error code, of a type that is relevant mainly to enterprise computers, from the specified Compatibility Appraiser run.  This may be a successful HRESULT code or a failure HRESULT code.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="RunStartTimestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>RunStartTimestamp - The time when the specified Compatibility Appraiser run started.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="RunEndTimestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>RunEndTimestamp - The time when the specified Compatibility Appraiser run ended.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="ComponentWhichCausedErrorCode" type="xs:string" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>ComponentWhichCausedErrorCode - The name of the internal component, if any, which caused the ErrorCode node to be a failure value during the specified Compatibility Appraiser run.  Note that the ErrorCode node might be a failure value for a reason other than an internal component failure.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="ErroredComponent" type="xs:string" minOccurs="0" maxOccurs="unbounded">
+                <xs:annotation>
+                    <xs:documentation>ErroredComponent - The name of one of the internal components, if any, which encountered failure HRESULT codes during the specified Compatibility Appraiser run.  A failure of an internal component may not necessarily cause the ErrorCode node to contain a failed HRESULT code.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+        </xs:sequence>
+    </xs:complexType>
+    <xs:complexType name="RunResultOfSpecificCategoryType">
+        <xs:annotation>
+            <xs:documentation>Represents the most recent run of the Compatibility Appraiser that satisfied a particular condition.</xs:documentation>
+        </xs:annotation>
+        <xs:sequence>
+            <xs:element name="ErrorCode" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>ErrorCode - An integer which is the HRESULT error code, of a type that is relevant to any computer, from the specified Compatibility Appraiser run.  This may be a successful HRESULT code or a failure HRESULT code.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="EnterpriseErrorCode" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>EnterpriseErrorCode - An integer which is the HRESULT error code, of a type that is relevant mainly to enterprise computers, from the specified Compatibility Appraiser run.  This may be a successful HRESULT code or a failure HRESULT code.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="RunStartTimestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>RunStartTimestamp - The time when the specified Compatibility Appraiser run started.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="RunEndTimestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>RunEndTimestamp - The time when the specified Compatibility Appraiser run ended.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="ComponentWhichCausedErrorCode" type="xs:string" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>ComponentWhichCausedErrorCode - The name of the internal component, if any, which caused the ErrorCode node to be a failure value during the specified Compatibility Appraiser run.  Note that the ErrorCode node might be a failure value for a reason other than an internal component failure.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="ErroredComponent" type="xs:string" minOccurs="0" maxOccurs="unbounded">
+                <xs:annotation>
+                    <xs:documentation>ErroredComponent - The name of one of the internal components, if any, which encountered failure HRESULT codes during the specified Compatibility Appraiser run.  A failure of an internal component may not necessarily cause the ErrorCode node to contain a failed HRESULT code.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+        </xs:sequence>
+        <xs:attribute name="RunCategory" type="RunCategoryType" use="required">
+            <xs:annotation>
+                <xs:documentation>RunCategory - A string which details the category of Appraiser run.</xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+    </xs:complexType>
+    <xs:complexType name="RunResultReportType">
+        <xs:annotation>
+            <xs:documentation>Defines the latest run results for all known categories.</xs:documentation>
+        </xs:annotation>
+        <xs:sequence>
+            <xs:element name="LastRunResult" type="LastRunResultOfAnyCategoryType" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>LastRunResult - Represents the most recent run of the Compatibility Appraiser.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="LastRunResultForCategory" type="RunResultOfSpecificCategoryType" minOccurs="0" maxOccurs="unbounded">
+                <xs:annotation>
+                    <xs:documentation>LastRunResultForCategory - Represents the most recent run of the Compatibility Appraiser that satisfied a particular condition.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+        </xs:sequence>
+    </xs:complexType>
+    <xs:element name="RunResultReport" type="RunResultReportType"/>
+</xs:schema>
+```
+
+### UTC connection report
+
+```
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:fusion="urn:schemas-microsoft-com:asm.v1" elementFormDefault="qualified" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
+    <xs:annotation>
+        <xs:documentation>CSP schema for the Compatibility Appraiser Diagnostic CSP.</xs:documentation>
+        <xs:documentation>Schema defining the Win32CompatibilityAppraiser\UniversalTelemetryClient\UtcConnectionReport CSP node.</xs:documentation>
+        <xs:documentation>Copyright (c) Microsoft Corporation, all rights reserved.</xs:documentation>
+    </xs:annotation>
+    <xs:complexType name="ConnectionSummaryType">
+        <xs:annotation>
+            <xs:documentation>Defines the latest UTC connection results, if any.</xs:documentation>
+        </xs:annotation>
+        <xs:sequence>
+            <xs:element name="ConnectionSummaryStartingTimestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>ConnectionSummaryStartingTimestamp - The starting time of the most recent UTC summary window.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="ConnectionSummaryEndingTimestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>ConnectionSummaryEndingTimestamp - The ending time of the most recent UTC summary window.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="TimestampOfLastSuccessfulUpload" type="xs:unsignedLong" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>TimestampOfLastSuccessfulUpload - The ending time of the most recent UTC summary window that included a successful data upload.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="LastHttpErrorCode" type="xs:unsignedInt" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>LastHttpErrorCode - The HTTP error code from the last failed internet connection.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="ProxyDetected" type="xs:boolean" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>ProxyDetected - A boolean value representing whether an internet connection during the summary window was directed through a proxy.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="ConnectionsSuccessful" type="xs:unsignedInt" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>ConnectionsSuccessful - An integer value summarizing the success of internet connections during the summary window.  The values are: 0 == "All connections failed", 1 == "Some connections succeeded and some failed", and 2 == "All connections succeeded".</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="DataUploaded" type="xs:unsignedInt" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>DataUploaded - An integer value summarizing the success of data uploads during the summary window.  The values are: 0 == "All data was dropped", 1 == "Some data was dropped and some was sent successfully", 2 == "All data was sent successfully", and 3 == "No data was present to upload".</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="AnyCertificateValidationFailures" type="xs:boolean" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>AnyCertificateValidationFailures - A boolean value representing whether there were any failed attempts to validate certificates in the summary window.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="LastCertificateValidationFailureCode" type="xs:unsignedInt" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>LastCertificateValidationFailureCode - The most recent error code from a failed attempt at validating a certificate.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+        </xs:sequence>
+    </xs:complexType>
+    <xs:complexType name="ConnectionReportType">
+        <xs:annotation>
+            <xs:documentation>Lists results of UTC connections.</xs:documentation>
+        </xs:annotation>
+        <xs:sequence>
+            <xs:element name="ConnectionSummary" type="ConnectionSummaryType" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>Defines the latest UTC connection results, if any.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+        </xs:sequence>
+    </xs:complexType>
+    <xs:element name="ConnectionReport" type="ConnectionReportType"/>
+</xs:schema>
+```
+
+### Windows Error Reporting connection report
+
+```
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:fusion="urn:schemas-microsoft-com:asm.v1" elementFormDefault="qualified" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
+    <xs:annotation>
+        <xs:documentation>CSP schema for the Compatibility Appraiser Diagnostic CSP.</xs:documentation>
+        <xs:documentation>Schema defining the Win32CompatibilityAppraiser\WindowsErrorReporting\WerConnectionReport CSP node.</xs:documentation>
+        <xs:documentation>Copyright (c) Microsoft Corporation, all rights reserved.</xs:documentation>
+    </xs:annotation>
+    <xs:complexType name="LastNormalUploadSuccessType">
+        <xs:annotation>
+            <xs:documentation>LastNormalUploadSuccess - A summary of the last time WER successfully performed a normal data upload, if any.</xs:documentation>
+        </xs:annotation>
+        <xs:sequence>
+            <xs:element name="Timestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>Timestamp - The time when WER attempted the upload.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="UploadDuration" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>UploadDuration - The time taken while attempting the upload.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="PayloadSize" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>PayloadSize - The size of the payload that WER attempted to upload.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="Protocol" type="xs:string" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>Protocol - The communication protocol that WER used during the upload.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="Stage" type="xs:string" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>Stage - The processing stage that WER was in when the upload ended.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="BytesUploaded" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>BytesUploaded - The number of bytes that WER successfully uploaded.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="ServerName" type="xs:string" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>ServerName - The name of the server that WER attempted to upload data to.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+        </xs:sequence>
+    </xs:complexType>
+    <xs:complexType name="LastNormalUploadFailureType">
+        <xs:annotation>
+            <xs:documentation>LastNormalUploadFailure - A summary of the last time WER failed to perform a normal data upload, if any.</xs:documentation>
+        </xs:annotation>
+        <xs:sequence>
+            <xs:element name="Timestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>Timestamp - The time when WER attempted the upload.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="HttpExchangeResult" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>HttpExchangeResult - The result of the HTTP connection between WER and the server that it tried to upload to.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="UploadDuration" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>UploadDuration - The time taken while attempting the upload.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="PayloadSize" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>PayloadSize - The size of the payload that WER attempted to upload.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="Protocol" type="xs:string" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>Protocol - The communication protocol that WER used during the upload.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="Stage" type="xs:string" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>Stage - The processing stage that WER was in when the upload ended.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="RequestStatusCode" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>RequestStatusCode - The status code returned by the server in response to the upload request.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="BytesUploaded" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>BytesUploaded - The number of bytes that WER successfully uploaded.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="ServerName" type="xs:string" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>ServerName - The name of the server that WER attempted to upload data to.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="TransportHr" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>TransportHr - The HRESULT code encountered when transferring data to the server.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+        </xs:sequence>
+    </xs:complexType>
+    <xs:complexType name="LastResumableUploadSuccessType">
+        <xs:annotation>
+            <xs:documentation>LastResumableUploadSuccess - A summary of the last time WER successfully performed a resumable data upload, if any.</xs:documentation>
+        </xs:annotation>
+        <xs:sequence>
+            <xs:element name="Timestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>Timestamp - The time when WER attempted the upload.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="LastBlockId" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>LastBlockId - The identifier of the most recent block of the payload that WER attempted to upload.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="TotalBytesUploaded" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>TotalBytesUploaded - The number of bytes that WER successfully uploaded so far, possibly over multiple resumable upload attempts.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+        </xs:sequence>
+    </xs:complexType>
+    <xs:complexType name="LastResumableUploadFailureType">
+        <xs:annotation>
+            <xs:documentation>LastResumableUploadFailure - A summary of the last time WER failed to perform a resumable data upload, if any.</xs:documentation>
+        </xs:annotation>
+        <xs:sequence>
+            <xs:element name="Timestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>Timestamp - The time when WER attempted the upload.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="HttpExchangeResult" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>HttpExchangeResult - The result of the HTTP connection between WER and the server that it tried to upload to.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="LastBlockId" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>LastBlockId - The identifier of the most recent block of the payload that WER attempted to upload.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="TotalBytesUploaded" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>TotalBytesUploaded - The number of bytes that WER successfully uploaded so far, possibly over multiple resumable upload attempts.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+        </xs:sequence>
+    </xs:complexType>
+    <xs:complexType name="ConnectionSummaryType">
+        <xs:annotation>
+            <xs:documentation>Defines the latest WER connection results, if any.</xs:documentation>
+        </xs:annotation>
+        <xs:sequence>
+            <xs:element name="LastNormalUploadSuccess" type="LastNormalUploadSuccessType" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>LastNormalUploadSuccess - A summary of the last time WER successfully performed a normal data upload, if any.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="LastNormalUploadFailure" type="LastNormalUploadFailureType" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>LastNormalUploadFailure - A summary of the last time WER failed to perform a normal data upload, if any.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="LastResumableUploadSuccess" type="LastResumableUploadSuccessType" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>LastResumableUploadSuccess - A summary of the last time WER successfully performed a resumable data upload, if any.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="LastResumableUploadFailure" type="LastResumableUploadFailureType" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>LastResumableUploadFailure - A summary of the last time WER failed to perform a resumable data upload, if any.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+        </xs:sequence>
+    </xs:complexType>
+    <xs:complexType name="ConnectionReportType">
+        <xs:annotation>
+            <xs:documentation>Lists results of WER connections.</xs:documentation>
+        </xs:annotation>
+        <xs:sequence>
+            <xs:element name="ConnectionSummary" type="ConnectionSummaryType" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>Defines the latest WER connection results, if any.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
+        </xs:sequence>
+    </xs:complexType>
+    <xs:element name="ConnectionReport" type="ConnectionReportType"/>
+</xs:schema>
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
new file mode 100644
index 0000000000..9b8a7d81c5
--- /dev/null
+++ b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
@@ -0,0 +1,537 @@
+---
+title: Win32CompatibilityAppraiser DDF file
+description: XML file containing the device description framework
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MariciaAlforque
+ms.date: 07/19/2018
+---
+
+# Win32CompatibilityAppraiser DDF file 
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+This topic shows the OMA DM device description framework (DDF) for the **Win32CompatibilityAppraiser** configuration service provider.
+
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+
+The XML below is for Windows 10, next major version.
+
+``` syntax
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
+  "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
+  [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
+<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
+  <VerDTD>1.2</VerDTD>
+      <Node>
+        <NodeName>Win32CompatibilityAppraiser</NodeName>
+        <Path>./Device/Vendor/MSFT</Path>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>The root node for the Win32CompatibilityAppraiser configuration service provider.</Description>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <MIME>com.microsoft/1.0/MDM/Win32CompatibilityAppraiser</MIME>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>CompatibilityAppraiser</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>This represents the state of the Compatibility Appraiser.</Description>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFTitle>CompatibilityAppraiser</DFTitle>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName>AppraiserConfigurationDiagnosis</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <Description>This represents various settings that affect whether the Compatibility Appraiser can collect and upload compatibility data. </Description>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFTitle>AppraiserConfigurationDiagnosis</DFTitle>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
+            </DFProperties>
+            <Node>
+              <NodeName>CommercialId</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>The unique identifier specifying what organization owns this device.  This helps correlate telemetry after it has been uploaded.</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Permanent />
+                </Scope>
+                <DFTitle>CommercialId</DFTitle>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>CommercialIdSetAndValid</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>A boolean value representing whether the CommercialId is set to a valid value.  Valid values are strings in the form of GUIDs, with no surrounding braces.</Description>
+                <DFFormat>
+                  <bool />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Permanent />
+                </Scope>
+                <DFTitle>CommercialIdSetAndValid</DFTitle>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>AllTargetOsVersionsRequested</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>A boolean value representing whether the flag to request that the Compatibility Appraiser check compatibility with all possible Windows 10 versions has been set.  By default, versions 1507 and 1511, and any version equal to or less than the current version, are not checked.</Description>
+                <DFFormat>
+                  <bool />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Permanent />
+                </Scope>
+                <DFTitle>AllTargetOsVersionsRequested</DFTitle>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>OsSkuIsValidForAppraiser</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>A boolean value indicating whether the current Windows SKU is able to run the Compatibility Appraiser.</Description>
+                <DFFormat>
+                  <bool />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Permanent />
+                </Scope>
+                <DFTitle>OsSkuIsValidForAppraiser</DFTitle>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>AppraiserCodeAndDataVersionsAboveMinimum</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>An integer value representing whether the installed versions of the Compatibility Appraiser code and data meet the minimum requirement to provide useful data.  The values are: 0 == "Neither the code nor data is of a sufficient version", 1 == "The code version is insufficient but the data version is sufficient", 2 == "The code version is sufficient but the data version is insufficient", and 3 == "Both the code and data are of a sufficient version".</Description>
+                <DFFormat>
+                  <int />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Permanent />
+                </Scope>
+                <DFTitle>AppraiserCodeVersionAboveMinimum</DFTitle>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>RebootPending</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>A boolean value representing whether a reboot is pending on this computer.  A newly-installed version of the Compatibility Appraiser may require a reboot before useful data is able to be sent.</Description>
+                <DFFormat>
+                  <bool />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Permanent />
+                </Scope>
+                <DFTitle>RebootPending</DFTitle>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+          </Node>
+          <Node>
+            <NodeName>AppraiserRunResultReport</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <Description>This provides an XML representation of the last run of Appraiser and the last runs of Appraiser of certain types or configurations.</Description>
+              <DFFormat>
+                <xml />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFTitle>AppraiserRunResultReport</DFTitle>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+        </Node>
+        <Node>
+          <NodeName>UniversalTelemetryClient</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>This represents the state of the Universal Telemetry Client, or DiagTrack service.</Description>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFTitle>UniversalTelemetryClient</DFTitle>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName>UtcConfigurationDiagnosis</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <Description>This represents various settings that affect whether the Universal Telemetry Client can upload data and how much data it can upload.</Description>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFTitle>UtcConfigurationDiagnosis</DFTitle>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
+            </DFProperties>
+            <Node>
+              <NodeName>TelemetryOptIn</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>An integer value representing what level of telemetry will be uploaded.  The values are: 0 == "Security data will be sent", 1 == "Basic telemetry will be sent", 2 == "Enhanced telemetry will be sent", and 3 == "Full telemetry will be sent".</Description>
+                <DFFormat>
+                  <int />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Permanent />
+                </Scope>
+                <DFTitle>TelemetryOptIn</DFTitle>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>CommercialDataOptIn</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>An integer value representing whether the CommercialDataOptIn setting is allowing any data to upload.  The values are: 0 == "Setting is disabled", 1 == "Setting is enabled", and 2 == "Setting is not applicable to this version of Windows".</Description>
+                <DFFormat>
+                  <int />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Permanent />
+                </Scope>
+                <DFTitle>CommercialDataOptIn</DFTitle>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>DiagTrackServiceRunning</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>A boolean value representing whether the DiagTrack service is running.  This service must be running in order to upload UTC data.</Description>
+                <DFFormat>
+                  <bool />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Permanent />
+                </Scope>
+                <DFTitle>DiagTrackServiceRunning</DFTitle>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>MsaServiceEnabled</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>A boolean value representing whether the MSA service is enabled.  This service must be enabled for UTC data to be indexed with Global Device IDs.</Description>
+                <DFFormat>
+                  <bool />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Permanent />
+                </Scope>
+                <DFTitle>MsaServiceEnabled</DFTitle>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>InternetExplorerTelemetryOptIn</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>An integer value representing what websites Internet Explorer will collect telemetry data for.    The values are: 0 == "Telemetry collection is disabled", 1 == "Telemetry collection is enabled for websites in the local intranet, trusted websites, and machine local zones", 2 == "Telemetry collection is enabled for internet websites and restricted website zones", 3 == "Telemetry collection is enabled for all websites", and 0x7FFFFFFF == "Telemetry collection is not configured".</Description>
+                <DFFormat>
+                  <int />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Permanent />
+                </Scope>
+                <DFTitle>InternetExplorerTelemetryOptIn</DFTitle>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+          </Node>
+          <Node>
+            <NodeName>UtcConnectionReport</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <Description>This provides an XML representation of the UTC connections during the most recent summary period.</Description>
+              <DFFormat>
+                <xml />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFTitle>UtcConnectionReport</DFTitle>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+        </Node>
+        <Node>
+          <NodeName>WindowsErrorReporting</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>This represents the state of the Windows Error Reporting service.</Description>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFTitle>WindowsErrorReporting</DFTitle>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName>WerConfigurationDiagnosis</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <Description>This represents various settings that affect whether the Windows Error Reporting service can upload data and how much data it can upload.</Description>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFTitle>WerConfigurationDiagnosis</DFTitle>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
+            </DFProperties>
+            <Node>
+              <NodeName>WerTelemetryOptIn</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>An integer value indicating the amount of WER data that will be uploaded.  The values are: 0 == "Data will not send due to UTC opt-in", 1 == "Data will not send due to WER opt-in", 2 == "Basic WER data will send but not the complete set of data", and 3 == "The complete set of WER data will send".</Description>
+                <DFFormat>
+                  <int />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Permanent />
+                </Scope>
+                <DFTitle>WerTelemetryOptIn</DFTitle>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>MostRestrictiveSetting</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>An integer value representing which setting category (system telemetry, WER basic policies, WER advanced policies, and WER consent policies) is causing the overall WerTelemetryOptIn value to be restricted.  The values are: 0 == "System telemetry settings are restricting uploads", 1 == "WER basic policies are restricting uploads", 2 == "WER advanced policies are restricting uploads", 3 == "WER consent policies are restricting uploads", and 4 == "There are no restrictive settings".</Description>
+                <DFFormat>
+                  <int />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Permanent />
+                </Scope>
+                <DFTitle>MostRestrictiveSetting</DFTitle>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+          </Node>
+          <Node>
+            <NodeName>WerConnectionReport</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <Description>This provides an XML representation of the most recent WER connections of various types.</Description>
+              <DFFormat>
+                <xml />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFTitle>WerConnectionReport</DFTitle>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+        </Node>
+      </Node>
+</MgmtTree>
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index 24786700eb..82c46fc738 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -7,11 +7,14 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 10/09/2017
+ms.date: 07/16/2018
 ---
 
 # WindowsLicensing CSP
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 The WindowsLicensing configuration service provider is designed for licensing related management scenarios. Currently the scope is limited to edition upgrades of Windows 10 desktop and mobile devices, such as Windows 10 Pro to Windows 10 Enterprise. In addition, this CSP provides the capability to activate or change the product key of Windows 10 desktop devices.
 
 The following diagram shows the WindowsLicensing configuration service provider in tree format.
@@ -157,8 +160,27 @@ The data type is a chr.
 
 The supported operation is Get.
 
+<a href="" id="smode"></a>**SMode**  
+Interior node for managing S mode.
 
+<a href="" id="smode-switchingpolicy"></a>**SMode/SwitchingPolicy**  
+Added in Windows 10, next major version. Determines whether a consumer can switch the device out of S mode. This setting is only applicable to devices available in S mode.
 
+Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+Supported values:  
+-  0 - No Restriction: The user is allowed to switch the device out of S mode.
+-  1 - User Blocked: The admin has blocked the user from switching their device out of S mode. Only the admin can switch the device out of S mode through the SMode/SwitchFromSMode node.
+
+<a href="" id="smode-switchfromsmode"></a>**SMode/SwitchFromSMode**  
+Added in Windows 10, next major version. Switches a device out of S mode if possible. Does not reboot.
+
+Supported operation is Execute.
+
+<a href="" id="smode-status"></a>**SMode/Status**   
+Added in Windows 10, next major version. Returns the status of the latest SwitchFromSMode set request.
+
+Value type is integer. Supported operation is Get.
 
 ## SyncML examples
 
diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md
index df272ec6f1..8da5c10b5c 100644
--- a/windows/client-management/mdm/windowslicensing-ddf-file.md
+++ b/windows/client-management/mdm/windowslicensing-ddf-file.md
@@ -7,16 +7,19 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 12/05/2017
+ms.date: 07/16/2017
 ---
 
 # WindowsLicensing DDF file
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 This topic shows the OMA DM device description framework (DDF) for the **WindowsLicensing** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is the current version for this CSP.
+The XML below is for Windows 10, next major version.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -42,7 +45,7 @@ The XML below is the current version for this CSP.
             <Permanent />
           </Scope>
           <DFType>
-            <MIME>com.microsoft/1.2/MDM/WindowsLicensing</MIME>
+            <MIME>com.microsoft/1.3/MDM/WindowsLicensing</MIME>
           </DFType>
         </DFProperties>
         <Node>
@@ -294,21 +297,101 @@ The XML below is the current version for this CSP.
             </Node>
           </Node>
         </Node>
+        <Node>
+          <NodeName>SMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName>SwitchingPolicy</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Delete />
+                <Replace />
+                <Add />
+              </AccessType>
+              <Description>Policy that determines whether a consumer can switch the device out of S mode</Description>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <CaseSense>
+                <CIS />
+              </CaseSense>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>SwitchFromSMode</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Exec />
+              </AccessType>
+              <Description>Switches a device out of S mode if possible. Does not reboot.</Description>
+              <DFFormat>
+                <null />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <CaseSense>
+                <CIS />
+              </CaseSense>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>Status</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <Description>Returns the status of the latest SwitchFromSMode or SwitchingPolicy set request.</Description>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <CaseSense>
+                <CIS />
+              </CaseSense>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+        </Node>
       </Node>
 </MgmtTree>
-```
-
-## Related topics
-
-
-[WindowsLicensing configuration service provider](windowslicensing-csp.md)
-
- 
-
- 
-
-
-
-
-
-
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md
new file mode 100644
index 0000000000..6a06c59879
--- /dev/null
+++ b/windows/client-management/mdm/wirednetwork-csp.md
@@ -0,0 +1,34 @@
+---
+title: WiredNetwork CSP
+description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP to enable them to access corporate Internet over ethernet.
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MariciaAlforque
+ms.date: 06/27/2018
+---
+
+# WiredNetwork CSP 
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP to enable them to access corporate Internet over ethernet. This CSP was added in Windows 10, next major version.
+
+The following diagram shows the WiredNetwork configuration service provider in tree format.
+
+![WiredNetwork CSP diagram](images/provisioning-csp-wirednetwork.png) 
+
+<a href="" id="wirednetwork"></a>**./Device/Vendor/MSFT/WiredNetwork**  
+Root node.
+
+<a href="" id="lanxml"></a>**LanXML**  
+Optional. XML describing the wired network configuration and follows the LAN_profile schemas https://msdn.microsoft.com/en-us/library/windows/desktop/aa816366(v=vs.85).aspx.
+
+Supported operations are Add, Get, Replace, and Delete. Value type is string.
+
+<a href="" id="enableblockperiod"></a>**EnableBlockPeriod**  
+ Optional. Enable block period (minutes), used to specify the duration for which automatic authentication attempts will be blocked from occurring after a failed authentication attempt.
+
+Supported operations are Add, Get, Replace, and Delete. Value type is integer.
\ No newline at end of file
diff --git a/windows/client-management/mdm/wirednetwork-ddf-file.md b/windows/client-management/mdm/wirednetwork-ddf-file.md
new file mode 100644
index 0000000000..0a156256a0
--- /dev/null
+++ b/windows/client-management/mdm/wirednetwork-ddf-file.md
@@ -0,0 +1,167 @@
+---
+title: WiredNetwork DDF file
+description: This topic shows the OMA DM device description framework (DDF) for the WiredNetwork configuration service provider. 
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MariciaAlforque
+ms.date: 06/28/2018
+---
+
+# WiredNetwork DDF file
+
+
+This topic shows the OMA DM device description framework (DDF) for the WiredNetwork configuration service provider. This CSP was added in Windows 10, version 1511.  
+
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+
+The XML below is the current version for this CSP.
+
+``` syntax
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
+  "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
+  [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
+<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
+  <VerDTD>1.2</VerDTD>
+      <Node>
+        <NodeName>WiredNetwork</NodeName>
+        <Path>./User/Vendor/MSFT</Path>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>LanXML</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+              <Add />
+              <Delete />
+              <Replace />
+            </AccessType>
+            <Description>XML describing the wired network configuration and follows the LAN_profile schemas https://msdn.microsoft.com/en-us/library/windows/desktop/aa816366(v=vs.85).aspx</Description>
+            <DFFormat>
+              <chr />
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableBlockPeriod</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+              <Add />
+              <Delete />
+              <Replace />
+            </AccessType>
+            <Description> Enable block period (minutes), used to specify the duration for which automatic authentication attempts will be blocked from occurring after a failed authentication attempt.</Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
+      <Node>
+        <NodeName>WiredNetwork</NodeName>
+        <Path>./Device/Vendor/MSFT</Path>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>LanXML</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+              <Add />
+              <Delete />
+              <Replace />
+            </AccessType>
+            <Description>XML describing the wired network configuration and follows the LAN_profile schemas https://msdn.microsoft.com/en-us/library/windows/desktop/aa816366(v=vs.85).aspx</Description>
+            <DFFormat>
+              <chr />
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableBlockPeriod</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+              <Add />
+              <Delete />
+              <Replace />
+            </AccessType>
+            <Description> Enable block period (minutes), used to specify the duration for which automatic authentication attempts will be blocked from occurring after a failed authentication attempt.</Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
+</MgmtTree>
+```
\ No newline at end of file
diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md
index 8c39396225..6480fcac26 100644
--- a/windows/configuration/TOC.md
+++ b/windows/configuration/TOC.md
@@ -122,6 +122,7 @@
 #### [UniversalAppUninstall](wcd/wcd-universalappuninstall.md) 
 #### [UsbErrorsOEMOverride](wcd/wcd-usberrorsoemoverride.md)
 #### [WeakCharger](wcd/wcd-weakcharger.md)  
+#### [WindowsHelloForBusiness](wcd/wcd-windowshelloforbusiness.md)
 #### [WindowsTeamSettings](wcd/wcd-windowsteamsettings.md)     
 #### [WLAN](wcd/wcd-wlan.md)     
 #### [Workplace](wcd/wcd-workplace.md)  
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index 333294779e..8fac2d4142 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -17,6 +17,8 @@ ms.date: 06/27/2018
 
 This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
 
+
+
 ## June 2018
 
 New or changed topic | Description
diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md
index 6831294b38..b75768d432 100644
--- a/windows/configuration/start-layout-xml-desktop.md
+++ b/windows/configuration/start-layout-xml-desktop.md
@@ -31,7 +31,7 @@ On Windows 10 for desktop editions, the customized Start works by:
     - No limit to the number of apps that can be pinned. There is a theoretical limit of 24 tiles per group (4 small tiles per medium square x 3 columns x 2 rows). 
     
 >[!NOTE]
->Using the layout modification XML to configure Start is not supported with roaming user profiles. For more information, see [Deploy Roaming User Profiles](https://technet.microsoft.com/en-US/library/jj649079.aspx).
+>To use the layout modification XML to configure Start with roaming user profiles, see [Deploying Roaming User Profiles](https://docs.microsoft.com/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#step-7-optionally-specify-a-start-layout-for-windows-10-pcs).
 
 
 
diff --git a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
index 2270745715..81e41752be 100644
--- a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
+++ b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
@@ -54,7 +54,7 @@ Administrators can still define which user-customized application settings can s
 
 ## Compatibility with Microsoft Enterprise State Roaming
 
-With Windows 10, version 1607, users can synchronize Windows application settings and Windows operating system settings to Azure instead of to OneDrive. You can use the Windows 10 enterprise sync functionality together with UE-V on on-premises domain-joined devices only.
+With Windows 10, version 1607, users can synchronize Windows application settings and Windows operating system settings to Azure instead of to OneDrive. You can use the Windows 10 enterprise sync functionality together with UE-V for on-premises domain-joined devices only.
 
 In hybrid cloud environments, UE-V can roam Win32 applications on-premises while [Enterprise State Roaming](https://azure.microsoft.com/documentation/articles/active-directory-windows-enterprise-state-roaming-overview/) (ESR) can roam the rest, e.g., Windows and desktop settings, themes, colors, etc., to an Azure cloud installation.
 
diff --git a/windows/configuration/wcd/wcd-calling.md b/windows/configuration/wcd/wcd-calling.md
index 5e1b0c5274..dd7a6057aa 100644
--- a/windows/configuration/wcd/wcd-calling.md
+++ b/windows/configuration/wcd/wcd-calling.md
@@ -131,7 +131,7 @@ VideoCallingDescription | Enter text to describe the video calling feature.
 VideoCallingLabel | Enter text to describe the video calling toggle.
 VideoCapabilityDescription | Enter text to describe the video capability feature.
 VideoCapabilityLabel | Enter text to describe the video capability toggle.
-VideoTransitionTimeout | Enter the the time in milliseconds to check how long the video transition state will remain until the remote party responds. The minimum value is 10000 and the maximum value is 30000. 
+VideoTransitionTimeout | Enter the time in milliseconds to check how long the video transition state will remain until the remote party responds. The minimum value is 10000 and the maximum value is 30000. 
 VoLTEAudioQualityString | Partners can add a string to the call progress screen to indicate if the active call is a high quality voice over LTE (VoLTE). Set the value of VoLTEAudioQualityString to the string that you want to display in the call progress screen to indicate that the call is a VoLTE call. This string is combined with the PLMN so if the string is "VoLTE", the resulting string is "PLMN_String VoLTE". For example, the string displayed in the call progress screen can be "Litware VoLTE" if the PLMN_String is "Litware". The value you specify for VoLTEAudioQualityString must exceed 10 characters.
 
 
diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md
index b79f7c9f6a..b797544274 100644
--- a/windows/configuration/wcd/wcd-connectivityprofiles.md
+++ b/windows/configuration/wcd/wcd-connectivityprofiles.md
@@ -167,7 +167,7 @@ The **Config** settings are initial settings that can be overwritten when settin
 
 ### SystemCapabilities 
 
-You can use these settings to configure system capabilities for Wi-Fi adapters, which is a new functionality in Windows 10. These system capabilities are added at image time to ensure that the information is at its most accurate. The capabilities allow the OS to have a better understanding of the underlying hardware that it's running on. Diagnostic data data is generated by the system to provide data that can be used to diagnose both software and hardware issues. 
+You can use these settings to configure system capabilities for Wi-Fi adapters, which is a new functionality in Windows 10. These system capabilities are added at image time to ensure that the information is at its most accurate. The capabilities allow the OS to have a better understanding of the underlying hardware that it's running on. Diagnostic data is generated by the system to provide data that can be used to diagnose both software and hardware issues. 
 
 | Setting | Description | 
 | --- | --- |
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index 786afaaed1..a8b96f80b9 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -302,7 +302,7 @@ These settings apply to the **Kiosk Browser** app available in Microsoft Store.
 
 | Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
 | --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [EnableLocation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#location-enablelocation) | Configure whether the the Location Service's Device Switch is enabled or disabled for the device. | X | X |  |  |  |
+| [EnableLocation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#location-enablelocation) | Configure whether the Location Service's Device Switch is enabled or disabled for the device. | X | X |  |  |  |
 
 
 ## Privacy
diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md
index 186c30961e..904711ae31 100644
--- a/windows/configuration/wcd/wcd-start.md
+++ b/windows/configuration/wcd/wcd-start.md
@@ -27,7 +27,10 @@ Use Start settings to apply a customized Start screen to devices.
 
 ## StartLayout
 
-Use StartLayout to select the LayoutModification.xml file that applies a customized Start screen to a device.
+Use StartLayout to select the `LayoutModification.xml` file that applies a customized Start screen to a mobile device.
+
+>[!NOTE]
+>The XML file that defines the Start layout for Windows 10 Mobile must be named `LayoutModification.xml`.
 
 For more information, see [Start layout XML for mobile editions of Windows 10 ](../mobile-devices/lockdown-xml.md)).
 
diff --git a/windows/configuration/wcd/wcd-windowshelloforbusiness.md b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
new file mode 100644
index 0000000000..0a2c9c16eb
--- /dev/null
+++ b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
@@ -0,0 +1,33 @@
+---
+title: WindowsHelloForBusiness (Windows 10)
+description: This section describes the Windows Hello for Business settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+ms.localizationpriority: medium
+ms.author: jdecker
+ms.topic: article
+ms.date: 07/19/2018
+---
+
+# WindowsHelloForBusiness (Windows Configuration Designer reference)
+
+>[!WARNING]
+>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+Use WindowsHelloForBusiness settings to specify whether [FIDO2 security keys for Windows Hello](https://blogs.windows.com/business/2018/04/17/windows-hello-fido2-security-keys/) can be used to sign in to Windows on a device configured for [Shared PC mode](wcd-sharedpc.md).
+
+## Applies to
+
+| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | :---: |
+| [SecurityKeys](#securitykeys) | X |    |  |  |  |
+
+## SecurityKeys
+
+Select the desired value:
+
+- `0`: security keys for Windows Hello are disabled.
+- `1`: security keys for Windows Hello are enabled on [Shared PCs](wcd-sharedpc.md).
diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md
index 53eeaa689f..57c84d177d 100644
--- a/windows/configuration/wcd/wcd.md
+++ b/windows/configuration/wcd/wcd.md
@@ -8,7 +8,7 @@ author: jdeckerMS
 ms.localizationpriority: medium
 ms.author: jdecker
 ms.topic: article
-ms.date: 04/30/2018
+ms.date: 07/19/2018
 ---
 
 # Windows Configuration Designer provisioning settings (reference)
@@ -74,10 +74,11 @@ This section describes the settings that you can configure in [provisioning pack
 | [TakeATest](wcd-takeatest.md) | X |  |  |  |  |
 | [TextInput](wcd-textinput.md) |  | X |  |  |  |
 | [Theme](wcd-theme.md) |  | X |  |  |  |
-| [UnifiedWriteFilter](wcd-unifiedwritefilter.md) | X |  |  |  |  |
+| [UnifiedWriteFilter](wcd-unifiedwritefilter.md) | X |  |  |  | X |
 | [UniversalAppInstall](wcd-universalappinstall.md) | X | X | X | X | X |
 | [UniversalAppUninstall](wcd-universalappuninstall.md) | X | X | X | X | X |
 | [WeakCharger](wcd-weakcharger.md) |X | X | X | X |  |
+| [WindowsHelloForBusiness](wcd-windowshelloforbusiness.md) | X |  |  |  |  |
 | [WindowsTeamSettings](wcd-windowsteamsettings.md) |  |  | X |  |  |
 | [WLAN](wcd-wlan.md) |  |  |  | X |  |
 | [Workplace](wcd-workplace.md) |X | X | X | X | X |
diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index 2c3572608c..a149748012 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -19,10 +19,9 @@
 
 ## [Deploy Windows 10](deploy.md)
 
-### [Overview of Windows Autopilot](windows-autopilot/windows-10-autopilot.md)
+### [Overview of Windows Autopilot](windows-autopilot/windows-autopilot.md)
 ### [Windows 10 in S mode](windows-10-pro-in-s-mode.md)
 ### [Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
-#### [Windows 10 downgrade paths](upgrade/windows-10-downgrade-paths.md)
 ### [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md)
 ### [Windows 10 volume license media](windows-10-media.md)
 
@@ -221,14 +220,12 @@
 ### [Optimize Windows 10 update delivery](update/waas-optimize-windows-10-updates.md)
 #### [Configure Delivery Optimization for Windows 10 updates](update/waas-delivery-optimization.md)
 #### [Configure BranchCache for Windows 10 updates](update/waas-branchcache.md)
+### [Best practices for feature updates on mission-critical devices](update/feature-update-mission-critical.md)
+#### [Deploy feature updates during maintenance windows](update/feature-update-maintenance-window.md)
+#### [Deploy feature updates for user-initiated installations](update/feature-update-user-install.md)
+#### [Conclusion](update/feature-update-conclusion.md)
 ### [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](update/waas-mobile-updates.md)
 ### [Deploy updates using Windows Update for Business](update/waas-manage-updates-wufb.md)
-#### [Onboard to Windows Update for Business](update/wufb-onboard.md)
-##### [Windows Update for Business basics](update/wufb-basics.md)
-##### [Setting up automatic update](update/wufb-autoupdate.md)
-##### [Managing feature and quality updates](update/wufb-manageupdate.md)
-##### [Enforcing compliance deadlines](update/wufb-compliancedeadlines.md)
-##### [Managing drivers, environments with both Windows Update for Business and WSUS, and Download Optmization](update/wufb-managedrivers.md)
 #### [Configure Windows Update for Business](update/waas-configure-wufb.md)
 #### [Integrate Windows Update for Business with management solutions](update/waas-integrate-wufb.md)
 #### [Walkthrough: use Group Policy to configure Windows Update for Business](update/waas-wufb-group-policy.md)
diff --git a/windows/deployment/change-history-for-deploy-windows-10.md b/windows/deployment/change-history-for-deploy-windows-10.md
index afe911bf76..08d10e29c7 100644
--- a/windows/deployment/change-history-for-deploy-windows-10.md
+++ b/windows/deployment/change-history-for-deploy-windows-10.md
@@ -38,7 +38,7 @@ New or changed topic | Description
 ## June 2017
 | New or changed topic | Description |
 |----------------------|-------------|
-| [Overview of Windows Autopilot](windows-autopilot/windows-10-autopilot.md) | New |
+| [Overview of Windows Autopilot](windows-autopilot/windows-autopilot.md) | New |
 
 ## April 2017
 | New or changed topic | Description |
diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md
index ee81d5f04f..8cde17231e 100644
--- a/windows/deployment/deploy-whats-new.md
+++ b/windows/deployment/deploy-whats-new.md
@@ -40,7 +40,7 @@ For more information, see [Windows 10 Enterprise E3 in CSP](windows-10-enterpris
 
 Windows Autopilot streamlines and automates the process of setting up and configuring new devices, with minimal interaction required from the end user. You can also use Windows Autopilot to reset, repurpose and recover devices.
 
-Windows Autopilot joins devices to Azure Active Directory (Azure AD), optionally enrolls into MDM services, configures security policies, and sets a custom out-of-box-experience (OOBE) for the end user. For more information, see [Overview of Windows Autopilot](windows-autopilot/windows-10-autopilot.md).
+Windows Autopilot joins devices to Azure Active Directory (Azure AD), optionally enrolls into MDM services, configures security policies, and sets a custom out-of-box-experience (OOBE) for the end user. For more information, see [Overview of Windows Autopilot](windows-autopilot/windows-autopilot.md).
 
 ### Upgrade Readiness
 
diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md
index 49d4048f3e..a38657a7be 100644
--- a/windows/deployment/deploy.md
+++ b/windows/deployment/deploy.md
@@ -17,7 +17,7 @@ Windows 10 upgrade options are discussed and information is provided about plann
 
 |Topic |Description |
 |------|------------|
-|[Overview of Windows Autopilot](windows-autopilot/windows-10-autopilot.md) |This topic provides an overview of Windows Autopilot deployment, a new zero-touch method for deploying Windows 10 in the enterprise. |
+|[Overview of Windows Autopilot](windows-autopilot/windows-autopilot.md) |This topic provides an overview of Windows Autopilot deployment, a new zero-touch method for deploying Windows 10 in the enterprise. |
 |[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This topic provides information about support for upgrading directly to Windows 10 from a previous operating system. |
 |[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This topic provides information about support for upgrading from one edition of Windows 10 to another. |
 |[Windows 10 volume license media](windows-10-media.md) |This topic provides information about updates to volume licensing media in the current version of Windows 10. |
diff --git a/windows/deployment/images/download.png b/windows/deployment/images/download.png
new file mode 100644
index 0000000000..266a2a196b
Binary files /dev/null and b/windows/deployment/images/download.png differ
diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.md b/windows/deployment/planning/windows-to-go-frequently-asked-questions.md
index 71ff1f9db8..bfadedc7cd 100644
--- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.md
+++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.md
@@ -126,7 +126,7 @@ Windows To Go can be deployed using standard Windows deployment tools like Diskp
 
 -   A Windows 10 Enterprise or Windows 10 Education image
 
--   A Windows 10 Enterprise or Windows 10 Education host PC that can be used to provision new USB keys
+-   A Windows 10 Enterprise, Windows 10 Education or Windows 10 Professional host PC that can be used to provision new USB keys
 
 You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you are creating a large number of drives. See the [Windows To Go Step by Step](https://go.microsoft.com/fwlink/p/?LinkId=618950) article on the TechNet wiki for a walkthrough of the drive creation process.
 
@@ -153,7 +153,7 @@ Yes. Because USB 3.0 offers significantly faster speeds than USB 2.0, a Windows
 ## <a href="" id="wtg-faq-selfpro"></a>Can the user self-provision Windows To Go?
 
 
-Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise and Windows 10 Education. Additionally, System Center 2012 Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746).
+Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise, Windows 10 Education and Windows 10 Professional. Additionally, System Center 2012 Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746).
 
 ## <a href="" id="wtg-faq-mng"></a>How can Windows To Go be managed in an organization?
 
diff --git a/windows/deployment/update/feature-update-conclusion.md b/windows/deployment/update/feature-update-conclusion.md
new file mode 100644
index 0000000000..7ad33b4c1c
--- /dev/null
+++ b/windows/deployment/update/feature-update-conclusion.md
@@ -0,0 +1,20 @@
+---
+title: Best practices for feature updates - conclusion
+description: Final thoughts about how to deploy feature updates
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: lizap
+ms.localizationpriority: medium
+ms.author: elizapo
+ms.date: 07/09/2018
+---
+
+# Conclusion
+
+**Applies to**: Windows 10
+
+Mission critical devices that need to be online 24x7 pose unique challenges for the IT Pro looking to stay current with the latest Windows 10 feature update. Because these devices are online continually, providing mission critical services, with only a small window of time available to apply feature updates, specific procedures are required to effectively keep these devices current, with as little downtime as possible. 
+
+Whether you have defined servicing windows at your disposal where feature updates can be installed automatically, or you require user initiated installs by a technician, this whitepaper provides guidelines for either approach. Improvements are continually being made to Windows 10 setup to reduce device offline time for feature updates. This whitepaper will be updated as enhancements become available to improve the overall servicing approach and experience.   
+
diff --git a/windows/deployment/update/feature-update-maintenance-window.md b/windows/deployment/update/feature-update-maintenance-window.md
new file mode 100644
index 0000000000..d49f678bcf
--- /dev/null
+++ b/windows/deployment/update/feature-update-maintenance-window.md
@@ -0,0 +1,257 @@
+---
+title: Best practices - deploy feature updates during maintenance windows
+description: Learn how to deploy feature updates during a maintenance window
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: mcureton
+ms.localizationpriority: medium
+ms.author: mikecure
+ms.date: 07/09/2018
+---
+
+# Deploy feature updates during maintenance windows
+
+**Applies to**: Windows 10
+
+Use the following information to deploy feature updates during a maintenance window.
+
+## Get ready to deploy feature updates
+
+### Step 1: Configure maintenance windows
+
+1.	In the Configuration Manager console, choose **Assets and Compliance> Device Collections**. 
+2.	In the **Device Collections** list, select the collection for which you intended to deploy the feature update(s). 
+3.	On the **Home** tab, in the **Properties** group, choose **Properties**. 
+4.	In the **Maintenance Windows** tab of the <collection name> Properties dialog box, choose the New icon. 
+5.	Complete the <new> Schedule dialog. 
+6.	Select from the Apply this schedule to drop-down list. 
+7.	Choose **OK** and then close the **\<collection name\> Properties** dialog box.
+
+### Step 2: Review computer restart device settings
+
+If you’re not suppressing computer restarts and the feature update will be installed when no users are present, consider deploying a custom client settings policy to your feature update target collection to shorten the settings below or consider the total duration of these settings when defining your maintenance window duration. 
+
+For example, by default, 90 minutes will be honored before the system is rebooted after the feature update install. If users will not be impacted by the user logoff or restart, there is no need to wait a full 90 minutes before rebooting the computer. If a delay and notification is needed, ensure that the maintenance window takes this into account along with the total time needed to install the feature update.
+
+>[!NOTE]
+> The following settings must be shorter in duration than the shortest maintenance window applied to the computer. 
+>- **Display a temporary notification to the user that indicates the interval before the user is logged off or the computer restarts (minutes).**
+>- **Display a dialog box that the user cannot close, which displays the countdown interval before the user is logged off or the computer restarts (minutes).**
+
+### Step 3: Enable Peer Cache
+
+Use **Peer Cache** to help manage deployment of content to clients in remote locations. Peer Cache is a built-in Configuration Manager solution that enables clients to share content with other clients directly from their local cache.
+
+[Enable Configuration Manager client in full OS to share content](https://docs.microsoft.com/sccm/core/clients/deploy/about-client-settings#enable-configuration-manager-client-in-full-os-to-share-content) if you have clients in remote locations that would benefit from downloading feature update content from a peer instead of downloading it from a distribution point (or Microsoft Update). 
+
+### Step 4: Override the default Windows setup priority (Windows 10, version 1709 and later)
+
+If you’re deploying **Feature update to Windows 10, version 1709** or later, by default, portions of setup are configured to run at a lower priority. This can result in a longer total install time for the feature update. When deploying within a maintenance window, we recommend that you override this default behavior to benefit from faster total install times. To override the default priority, create a file called SetupConfig.ini on each machine to be upgraded in the below location containing the single section noted. 
+
+%systemdrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini
+
+```
+[SetupConfig]
+Priority=Normal
+```
+
+You can use the new [Run Scripts](https://docs.microsoft.com/sccm/apps/deploy-use/create-deploy-scripts) feature to run a PowerShell script like the sample below to create the SetupConfig.ini on target devices. 
+
+```
+#Parameters
+Param(
+  [string] $PriorityValue = "Normal"
+  )
+
+#Variable for ini file path
+$iniFilePath = "$env:SystemDrive\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini"
+
+#Variables for SetupConfig
+$iniSetupConfigSlogan = "[SetupConfig]"
+$iniSetupConfigKeyValuePair =@{"Priority"=$PriorityValue;}
+
+#Init SetupConfig content
+$iniSetupConfigContent = @"
+$iniSetupConfigSlogan
+"@
+
+#Build SetupConfig content with settings
+foreach ($k in $iniSetupConfigKeyValuePair.Keys) 
+{
+    $val = $iniSetupConfigKeyValuePair[$k]
+    
+    $iniSetupConfigContent = $iniSetupConfigContent.Insert($iniSetupConfigContent.Length, "`r`n$k=$val")
+}
+
+#Write content to file 
+New-Item $iniFilePath -ItemType File -Value $iniSetupConfigContent -Force
+
+Disclaimer 
+Sample scripts are not supported under any Microsoft standard support program or service. The sample scripts is 
+provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without 
+limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk 
+arising out of the use or performance of the sample script and documentation remains with you. In no event shall 
+Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable 
+for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, 
+loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample script 
+or documentation, even if Microsoft has been advised of the possibility of such damages.
+```
+
+>[!NOTE] 
+>If you elect not to override the default setup priority, you will need to increase the [maximum run time](https://docs.microsoft.com/sccm/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for Feature Update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value. 
+
+## Manually deploy feature updates
+
+The following sections provide the steps to manually deploy a feature update.
+
+### Step 1: Specify search criteria for feature updates
+There are potentially a thousand or more feature updates displayed in the Configuration Manager console. The first step in the workflow for manually deploying feature updates is to identify the feature updates that you want to deploy. 
+
+1.	In the Configuration Manager console, click **Software Library**. 
+2.	In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. The synchronized feature updates are displayed. 
+3.	In the search pane, filter to identify the feature updates that you need by using one or both of the following steps:
+   - In the search text box, type a search string that will filter the feature updates. For example, type the version number for a specific feature update, or enter a string that would appear in the title of the feature update. 
+   - Click **Add Criteria**, select the criteria that you want to use to filter software updates, click **Add**, and then provide the values for the criteria. For example, Title contains 1803, Required is greater than or equal to 1, and Language equals English.
+
+4.	Save the search for future use. 
+
+### Step 2: Download the content for the feature update(s)
+Before you deploy the feature updates, you can download the content as a separate step. Do this so you can verify that the content is available on the distribution points before you deploy the feature updates. This will help you to avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment. 
+
+1.	In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**. 
+2.	Choose the feature update(s) to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select Download.
+
+   The **Download Software Updates Wizard** opens. 
+3.	On the **Deployment Package** page, configure the following settings: 
+   **Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings: 
+      - **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It is limited to 50 characters. 
+      - **Description**: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters. 
+      - **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\server\sharename\path, or click **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page. 
+
+   >[!NOTE] 
+   >The deployment package source location that you specify cannot be used by another software deployment package. 
+
+   >[!IMPORTANT] 
+   >The SMS Provider computer account and the user that is running the wizard to download the feature updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location to reduce the risk of attackers tampering with the feature update source files. 
+
+   >[!IMPORTANT] 
+   >You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location. 
+
+   Click **Next**. 
+4.	On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then click **Next**. For more information about distribution points, see [Distribution point configurations](https://docs.microsoft.com/sccm/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs). 
+
+   >[!NOTE]
+   >The Distribution Points page is available only when you create a new software update deployment package. 
+5.	On the **Distribution Settings** page, specify the following settings: 
+
+   - **Distribution priority**: Use this setting to specify the distribution priority for the deployment package. The distribution priority applies when the deployment package is sent to distribution points at child sites. Deployment packages are sent in priority order: High, Medium, or Low. Packages with identical priorities are sent in the order in which they were created. If there is no backlog, the package will process immediately regardless of its priority. By default, packages are sent using Medium priority. 
+   - **Enable for on-demand distribution**: Use this setting to enable on-demand content distribution to preferred distribution points. When this setting is enabled, the management point creates a trigger for the distribution manager to distribute the content to all preferred distribution points when a client requests the content for the package and the content is not available on any preferred distribution points. For more information about preferred distribution points and on-demand content, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios). 
+   - **Prestaged distribution point settings**: Use this setting to specify how you want to distribute content to prestaged distribution points. Choose one of the following options: 
+      - **Automatically download content when packages are assigned to distribution points**: Use this setting to ignore the prestage settings and distribute content to the distribution point. 
+      - **Download only content changes to the distribution point**: Use this setting to prestage the initial content to the distribution point, and then distribute content changes to the distribution point.
+      - **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This is the default setting. 
+      
+      For more information about prestaging content to distribution points, see [Use Prestaged content](https://docs.microsoft.com/sccm/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage). 
+   Click **Next**. 
+6.	On the **Download Location** page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options: 
+
+   - **Download software updates from the Internet**: Select this setting to download the software updates from the location on the Internet. This is the default setting.
+   - **Download software updates from a location on the local network**: Select this setting to download software updates from a local folder or shared network folder. Use this setting when the computer running the wizard does not have Internet access. 
+   
+      >[!NOTE] 
+      >When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard.
+
+   Click **Next**. 
+7.	On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then click **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page. 
+8.	On the **Summary** page, verify the settings that you selected in the wizard, and then click Next to download the software updates. 
+9.	On the **Completion** page, verify that the software updates were successfully downloaded, and then click Close. 
+
+#### To monitor content status
+1.	To monitor the content status for the feature updates, click **Monitoring** in the Configuration Manager console. 
+2.	In the Monitoring workspace, expand **Distribution Status**, and then click **Content Status**. 
+3.	Select the feature update package that you previously identified to download the feature updates. 
+4.	On the **Home** tab, in the Content group, click **View Status**.
+
+### Step 3: Deploy the feature update(s) 
+After you determine which feature updates you intend to deploy, you can manually deploy the feature update(s). Use the following procedure to manually deploy the feature update(s). 
+
+1.	In the Configuration Manager console, click **Software Library**. 
+2.	In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. 
+3.	 Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**.
+
+   The **Deploy Software Updates Wizard** opens. 
+4.	On the General page, configure the following settings: 
+   - **Name**: Specify the name for the deployment. The deployment must have a unique name that describes the purpose of the deployment and differentiates it from other deployments in the Configuration Manager site. By default, Configuration Manager automatically provides a name for the deployment in the following format: **Microsoft Software Updates - \<date\>\<time\>** 
+   - **Description**: Specify a description for the deployment. The description provides an overview of the deployment and any other relevant information that helps to identify and differentiate the deployment among others in Configuration Manager site. The description field is optional, has a limit of 256 characters, and has a blank value by default. 
+   - **Software Update/Software Update Group**: Verify that the displayed software update group, or software update, is correct. 
+   - **Select Deployment Template**: Specify whether to apply a previously saved deployment template. You can configure a deployment template to contain multiple common software update deployment properties and then apply the template when you deploy subsequent software updates to ensure consistency across similar deployments and to save time. 
+   - **Collection**: Specify the collection for the deployment, as applicable. Members of the collection receive the feature updates that are defined in the deployment. 
+5.	On the Deployment Settings page, configure the following settings: 
+
+   - **Type of deployment**: Specify the deployment type for the software update deployment. Select **Required** to create a mandatory software update deployment in which the feature updates are automatically installed on clients before a configured installation deadline. 
+   
+      >[!IMPORTANT] 
+      > After you create the software update deployment, you cannot later change the type of deployment. 
+   
+      >[!NOTE] 
+      >A software update group deployed as Required will be downloaded in background and honor BITS settings, if configured.
+
+   - **Use Wake-on-LAN to wake up clients for required deployments**: Specify whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that do not require any software updates in the deployment are not started. By default, this setting is not enabled and is available only when Type of deployment is set to Required. 
+
+      >[!WARNING] 
+      >Before you can use this option, computers and networks must be configured for Wake On LAN. 
+
+   - **Detail level**: Specify the level of detail for the state messages that are reported by client computers. 
+6.	On the Scheduling page, configure the following settings:
+
+   - **Schedule evaluation**: Specify whether the available time and installation deadline times are evaluated according to UTC or the local time of the computer running the Configuration Manager console. 
+   
+      >[!NOTE] 
+      >When you select local time, and then select **As soon as possible** for the **Software available time** or **Installation deadline**, the current time on the computer running the Configuration Manager console is used to evaluate when updates are available or when they are installed on a client. If the client is in a different time zone, these actions will occur when the client's time reaches the evaluation time. 
+
+   - **Software available time**: Select **As soon as possible** to specify when the software updates will be available to clients: 
+      - **As soon as possible**: Select this setting to make the software updates in the deployment available to clients as soon as possible. When the deployment is created, the client policy is updated, the clients are made aware of the deployment at their next client policy polling cycle, and then the software updates are available for installation. 
+   - **Installation deadline**: Select **Specific time** to specify the installation deadline for the software updates in the deployment. 
+   
+      >[!NOTE] 
+      >You can configure the installation deadline setting only when **Type of deployment** is set to **Required** on the Deployment Settings page. 
+
+   - **Specific time**: Select this setting to automatically install the software updates in the deployment at a specific date and time. Set the date and time value to correspond with your defined maintenance window for the target collection. Allow sufficient time for clients to download the content in advance of the deadline. Adjust accordingly if clients in your environment will need additional download time. E.g., slow or unreliable network links. 
+
+   >[!NOTE] 
+   >The actual installation deadline time is the specific time that you configure plus a random amount of time up to 2 hours. This reduces the potential impact of all client computers in the destination collection installing the software updates in the deployment at the same time. Configure the Computer Agent client setting, Disable deadline randomization to disable the installation randomization delay for the required software updates to allow a greater chance for the installation to start and complete within your defined maintenance window. For more information, see [Computer Agent](https://docs.microsoft.com/sccm/core/clients/deploy/about-client-settings#computer-agent). 
+7.	On the User Experience page, configure the following settings: 
+   - **User notifications**: Specify whether to display notification of the software updates in Software Center on the client computer at the configured **Software available time** and whether to display user notifications on the client computers. When **Type of deployment** is set to **Available** on the Deployment Settings page, you cannot select **Hide in Software Center and all notifications**. 
+   - **Deadline behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify the behavior that is to occur when the deadline is reached for the software update deployment. Specify whether to install the software updates in the deployment. Also specify whether to perform a system restart after software update installation regardless of a configured maintenance window. For more information about maintenance windows, see [How to use maintenance windows](https://docs.microsoft.com/sccm/core/clients/manage/collections/use-maintenance-windows). 
+   - **Device restart behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify whether to suppress a system restart on servers and workstations after software updates are installed and a system restart is required to complete the installation. 
+
+      >[!IMPORTANT]
+      >Suppressing system restarts can be useful in server environments or for cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation.
+   - **Write filter handling for Windows Embedded devices**: When you deploy software updates to Windows Embedded devices that are write filter enabled, you can specify to install the software update on the temporary overlay and either commit changes later or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device. 
+
+      >[!NOTE] 
+      >When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window. 
+   - **Software updates deployment re-evaluation behavior upon restart**: Starting in Configuration Manager version 1606, select this setting to configure software updates deployments to have clients run a software updates compliance scan immediately after a client installs software updates and restarts. This enables the client to check for additional software updates that become applicable after the client restarts, and to then install them (and become compliant) during the same maintenance window. 
+8.	On the Alerts page, configure how Configuration Manager and System Center Operations Manager will generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page. 
+
+   >[!NOTE]
+   >You can review recent software updates alerts from the Software Updates node in the Software Library workspace. 
+9.	On the Download Settings page, configure the following settings: 
+   - Specify whether the client will download and install the software updates when a client is connected to a slow network or is using a fallback content location. 
+   - Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates is not available on a preferred distribution point. 
+   - **Allow clients to share content with other clients on the same subnet**: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see [Fundamental concepts for content management](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/fundamental-concepts-for-content-management#branchcache). 
+   - **If software updates are not available on distribution point in current, neighbor or site groups, download content from Microsoft Updates**: Select this setting to have clients that are connected to the intranet download software updates from Microsoft Update if software updates are not available on distribution points. Internet-based clients can always go to Microsoft Update for software updates content.
+   - Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection. 
+
+      >[!NOTE]
+      >Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios). 
+10.	On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting. 
+11.	Click **Next** to deploy the feature update(s). 
+
+### Step 4: Monitor the deployment status
+After you deploy the feature update(s), you can monitor the deployment status. Use the following procedure to monitor the deployment status:
+
+1.	In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**. 
+2.	Click the software update group or software update for which you want to monitor the deployment status. 
+3.	On the **Home** tab, in the **Deployment** group, click **View Status**. 
diff --git a/windows/deployment/update/feature-update-mission-critical.md b/windows/deployment/update/feature-update-mission-critical.md
new file mode 100644
index 0000000000..5c1cc4673a
--- /dev/null
+++ b/windows/deployment/update/feature-update-mission-critical.md
@@ -0,0 +1,39 @@
+---
+title: Best practices and recommendations for deploying Windows 10 Feature updates to mission critical devices
+description: Learn how to deploy feature updates to your mission critical devices
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: mcureton
+ms.localizationpriority: medium
+ms.author: mikecure
+ms.date: 07/10/2018
+---
+
+# Best practices and recommendations for deploying Windows 10 Feature updates to mission critical devices
+
+**Applies to**: Windows 10
+
+Managing an environment with devices that provide mission critical services 24 hours a day, 7 days a week, can present challenges in keeping these devices current with Windows 10 feature updates. The processes that you use to keep regular devices current with Windows 10 feature updates, often aren’t the most effective to service mission critical devices. This whitepaper will focus on the recommended approach of using the System Center Configuration Manager (current branch) software updates feature to deploy Windows 10 semi-annual feature updates. 
+
+For simplicity, we will outline the steps to deploy a feature update manually. If you prefer an automated approach, please see [Using Windows 10 servicing plans to deploy Windows 10 feature updates](waas-manage-updates-configuration-manager.md#use-windows-10-servicing-plans-to-deploy-windows-10-feature-updates). 
+
+Devices and shared workstations that are online and available 24 hours a day, 7 days a week, can be serviced via one of two primary methods:
+
+- **Service during maintenance windows** – Devices that have established maintenance windows will need to have feature updates scheduled to fit within these windows.
+- **Service only when manually initiated** – Devices that need physical verification of the availability to update will need to have updates manually initiated by a technician.
+
+You can use Configuration Manager to deploy feature updates to Windows 10 devices in two ways. The first option is to use the software updates feature. The second option is to use a task sequence to deploy feature updates. There are times when deploying a Windows 10 feature update requires the use of a task sequence—for example:
+
+- **LTSC feature updates.** With the LTSC servicing branch, feature updates are never provided to the Windows clients themselves. Instead, feature updates must be installed like a traditional in-place upgrade.
+- **Additional required tasks.** When deploying a feature update requires additional steps (e.g., suspending disk encryption, updating applications), you can use task sequences to orchestrate the additional steps. Software updates do not have the ability to add steps to their deployments.
+- **Language pack installs.** When deploying a feature update requires the installation of additional language packs, you can use task sequences to orchestrate the installation. Software updates do not have the ability to natively install language packs.
+
+If you need to leverage a task sequence to deploy feature updates, please see [Using a task sequence to deploy Windows 10 updates](waas-manage-updates-configuration-manager.md#use-a-task-sequence-to-deploy-windows-10-updates) for more information. If you find that your requirement for a task sequence is based solely on the need to run additional tasks preformed pre-install or pre-commit, please see the new [run custom actions](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions) functionality first introduced with Windows 10, version 1803. You may be able to leverage this functionality with the software updates deployment method. 
+
+Use the following information:
+
+
+- [Deploy feature updates during maintenance windows](feature-update-maintenance-window.md)
+- [Deploy feature updates for user-initiated installations](feature-update-user-install.md)
+- [Conclusion](feature-update-conclusion.md)
\ No newline at end of file
diff --git a/windows/deployment/update/feature-update-user-install.md b/windows/deployment/update/feature-update-user-install.md
new file mode 100644
index 0000000000..bcf74135cf
--- /dev/null
+++ b/windows/deployment/update/feature-update-user-install.md
@@ -0,0 +1,235 @@
+---
+title: Best practices - deploy feature updates for user-initiated installations 
+description: Learn how to manually deploy feature updates
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: mcureton
+ms.localizationpriority: medium
+ms.author: mikecure
+ms.date: 07/10/2018
+---
+
+# Deploy feature updates for user-initiated installations (during a fixed service window)
+
+**Applies to**: Windows 10
+
+Use the following steps to deploy a feature update for a user-initiated installation.
+
+## Get ready to deploy feature updates
+
+### Step 1: Enable Peer Cache
+Use **Peer Cache** to help manage deployment of content to clients in remote locations. Peer Cache is a built-in Configuration Manager solution that enables clients to share content with other clients directly from their local cache.
+
+[Enable Configuration Manager client in full OS to share content](https://docs.microsoft.com/sccm/core/clients/deploy/about-client-settings#enable-configuration-manager-client-in-full-os-to-share-content) if you have clients in remote locations that would benefit from downloading feature update content from a peer instead of downloading it from a distribution point (or Microsoft Update). 
+
+### Step 2: Override the default Windows setup priority (Windows 10, version 1709 and later)
+
+If you’re deploying **Feature update to Windows 10, version 1709** or later, by default, portions of setup are configured to run at a lower priority. This can result in a longer total install time for the feature update. When deploying within a maintenance window, we recommend that you override this default behavior to benefit from faster total install times. To override the default priority, create a file called SetupConfig.ini on each machine to be upgraded in the below location containing the single section noted. 
+
+%systemdrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini
+
+```
+[SetupConfig]
+Priority=Normal
+```
+
+You can use the new [Run Scripts](https://docs.microsoft.com/sccm/apps/deploy-use/create-deploy-scripts) feature to run a PowerShell script like the sample below to create the SetupConfig.ini on target devices. 
+
+```
+#Parameters
+Param(
+  [string] $PriorityValue = "Normal"
+  )
+
+#Variable for ini file path
+$iniFilePath = "$env:SystemDrive\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini"
+
+#Variables for SetupConfig
+$iniSetupConfigSlogan = "[SetupConfig]"
+$iniSetupConfigKeyValuePair =@{"Priority"=$PriorityValue;}
+
+#Init SetupConfig content
+$iniSetupConfigContent = @"
+$iniSetupConfigSlogan
+"@
+
+#Build SetupConfig content with settings
+foreach ($k in $iniSetupConfigKeyValuePair.Keys) 
+{
+    $val = $iniSetupConfigKeyValuePair[$k]
+    
+    $iniSetupConfigContent = $iniSetupConfigContent.Insert($iniSetupConfigContent.Length, "`r`n$k=$val")
+}
+
+#Write content to file 
+New-Item $iniFilePath -ItemType File -Value $iniSetupConfigContent -Force
+
+Disclaimer 
+Sample scripts are not supported under any Microsoft standard support program or service. The sample scripts is 
+provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without 
+limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk 
+arising out of the use or performance of the sample script and documentation remains with you. In no event shall 
+Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable 
+for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, 
+loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample script 
+or documentation, even if Microsoft has been advised of the possibility of such damages.
+```
+
+>[!NOTE] 
+>If you elect not to override the default setup priority, you will need to increase the [maximum run time](https://docs.microsoft.com/sccm/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for Feature Update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value. 
+
+## Manually deploy feature updates in a user-initiated installation
+
+The following sections provide the steps to manually deploy a feature update.
+
+### Step 1: Specify search criteria for feature updates
+There are potentially a thousand or more feature updates displayed in the Configuration Manager console. The first step in the workflow for manually deploying a feature update is to identify the feature updates that you want to deploy. 
+
+1.	In the Configuration Manager console, click **Software Library**. 
+2.	In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. The synchronized feature updates are displayed. 
+3.	In the search pane, filter to identify the feature updates that you need by using one or both of the following steps:
+   - In the **search** text box, type a search string that will filter the feature updates. For example, type the version number for a specific feature update, or enter a string that would appear in the title of the feature update. 
+   - Click **Add Criteria**, select the criteria that you want to use to filter software updates, click **Add**, and then provide the values for the criteria. For example, Title contains 1803, **Required** is greater than or equal to 1, and **Language** equals English.
+
+4.	Save the search for future use. 
+
+### Step 2: Download the content for the feature update(s)
+Before you deploy the feature updates, you can download the content as a separate step. Do this so you can verify that the content is available on the distribution points before you deploy the feature updates. This will help you to avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment. 
+
+1.	In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**. 
+2.	Choose the feature update(s) to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Download**.
+
+   The **Download Software Updates Wizard** opens. 
+3.	On the **Deployment Package** page, configure the following settings: 
+   **Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings: 
+      - **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It is limited to 50 characters. 
+      - **Description**: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters. 
+      - **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\\server\sharename\path, or click **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page. 
+
+      >[!NOTE] 
+      >The deployment package source location that you specify cannot be used by another software deployment package. 
+
+      >[!IMPORTANT] 
+      >The SMS Provider computer account and the user that is running the wizard to download the feature updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location to reduce the risk of attackers tampering with the feature update source files. 
+
+      >[!IMPORTANT] 
+      >You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location. 
+
+   Click **Next**. 
+4.	On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then click **Next**. For more information about distribution points, see [Distribution point configurations](https://docs.microsoft.com/sccm/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs). 
+
+   >[!NOTE]
+   >The Distribution Points page is available only when you create a new software update deployment package. 
+5.	On the **Distribution Settings** page, specify the following settings: 
+
+   - **Distribution priority**: Use this setting to specify the distribution priority for the deployment package. The distribution priority applies when the deployment package is sent to distribution points at child sites. Deployment packages are sent in priority order: **High**, **Medium**, or **Low**. Packages with identical priorities are sent in the order in which they were created. If there is no backlog, the package will process immediately regardless of its priority. By default, packages are sent using Medium priority. 
+   - **Enable for on-demand distribution**: Use this setting to enable on-demand content distribution to preferred distribution points. When this setting is enabled, the management point creates a trigger for the distribution manager to distribute the content to all preferred distribution points when a client requests the content for the package and the content is not available on any preferred distribution points. For more information about preferred distribution points and on-demand content, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios). 
+   - **Prestaged distribution point settings**: Use this setting to specify how you want to distribute content to prestaged distribution points. Choose one of the following options: 
+      - **Automatically download content when packages are assigned to distribution points**: Use this setting to ignore the prestage settings and distribute content to the distribution point. 
+      - **Download only content changes to the distribution point**: Use this setting to prestage the initial content to the distribution point, and then distribute content changes to the distribution point.
+      - **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This is the default setting. 
+      
+      For more information about prestaging content to distribution points, see [Use Prestaged content](https://docs.microsoft.com/sccm/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage). 
+   Click **Next**. 
+6.	On the **Download Location** page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options: 
+
+   - **Download software updates from the Internet**: Select this setting to download the software updates from the location on the Internet. This is the default setting.
+   - **Download software updates from a location on the local network**: Select this setting to download software updates from a local folder or shared network folder. Use this setting when the computer running the wizard does not have Internet access. 
+   
+      >[!NOTE] 
+      >When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard.
+
+   Click **Next**. 
+7.	On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then click **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page. 
+8.	On the **Summary** page, verify the settings that you selected in the wizard, and then click Next to download the software updates. 
+9.	On the **Completion** page, verify that the software updates were successfully downloaded, and then click **Close**. 
+
+#### To monitor content status
+1.	To monitor the content status for the feature updates, click **Monitoring** in the Configuration Manager console. 
+2.	In the Monitoring workspace, expand **Distribution Status**, and then click **Content Status**. 
+3.	Select the feature update package that you previously identified to download the feature updates. 
+4.	On the **Home** tab, in the Content group, click **View Status**.
+
+### Step 3: Deploy the feature update(s) 
+After you determine which feature updates you intend to deploy, you can manually deploy the feature update(s). Use the following procedure to manually deploy the feature update(s). 
+
+1.	In the Configuration Manager console, click **Software Library**. 
+2.	In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. 
+3.	 Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**.
+
+   The **Deploy Software Updates Wizard** opens. 
+4.	On the General page, configure the following settings: 
+   - **Name**: Specify the name for the deployment. The deployment must have a unique name that describes the purpose of the deployment and differentiates it from other deployments in the Configuration Manager site. By default, Configuration Manager automatically provides a name for the deployment in the following format: **Microsoft Software Updates - \<date\>\<time\>** 
+   - **Description**: Specify a description for the deployment. The description provides an overview of the deployment and any other relevant information that helps to identify and differentiate the deployment among others in Configuration Manager site. The description field is optional, has a limit of 256 characters, and has a blank value by default. 
+   - **Software Update/Software Update Group**: Verify that the displayed software update group, or software update, is correct. 
+   - **Select Deployment Template**: Specify whether to apply a previously saved deployment template. You can configure a deployment template to contain multiple common software update deployment properties and then apply the template when you deploy subsequent software updates to ensure consistency across similar deployments and to save time. 
+   - **Collection**: Specify the collection for the deployment, as applicable. Members of the collection receive the feature updates that are defined in the deployment. 
+5.	On the Deployment Settings page, configure the following settings: 
+
+   - **Type of deployment**: Specify the deployment type for the software update deployment. Select **Required** to create a mandatory software update deployment in which the feature updates are automatically installed on clients before a configured installation deadline. 
+   
+      >[!IMPORTANT] 
+      > After you create the software update deployment, you cannot later change the type of deployment. 
+   
+      >[!NOTE] 
+      >A software update group deployed as **Required** will be downloaded in background and honor BITS settings, if configured.
+
+   - **Use Wake-on-LAN to wake up clients for required deployments**: Specify whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that do not require any software updates in the deployment are not started. By default, this setting is not enabled and is available only when **Type of deployment** is set to **Required**. 
+
+      >[!WARNING] 
+      >Before you can use this option, computers and networks must be configured for Wake On LAN. 
+
+   - **Detail level**: Specify the level of detail for the state messages that are reported by client computers. 
+6.	On the Scheduling page, configure the following settings:
+
+   - **Schedule evaluation**: Specify whether the available time and installation deadline times are evaluated according to UTC or the local time of the computer running the Configuration Manager console. 
+   
+   - **Software available time**: Select **Specific time** to specify when the software updates will be available to clients:
+      - **Specific time**: Select this setting to make the feature update in the deployment available to clients at a specific date and time. Specify a date and time that corresponds with the start of your fixed servicing window. When the deployment is created, the client policy is updated and clients are made aware of the deployment at their next client policy polling cycle. However, the feature update in the deployment is not available for installation until after the specified date and time are reached and the required content has been downloaded.
+ 
+   - **Installation deadline**: Select **Specific time** to specify the installation deadline for the software updates in the deployment. 
+   
+      >[!NOTE] 
+      >You can configure the installation deadline setting only when **Type of deployment** is set to **Required** on the Deployment Settings page. 
+
+      - **Specific time**: Select this setting to automatically install the software updates in the deployment at a specific date and time. However, for the purposes of the fixed servicing window, set the installation deadline date and time to a future value, well beyond the fixed servicing window. 
+
+      Required deployments for software updates can benefit from functionality called advanced download. When the software available time is reached, clients will start downloading the content based on a randomized time. The feature update will not be displayed in Software Center for installation until the content is fully downloaded. This ensures that the feature update installation will start immediately when initiated.
+
+7.	On the User Experience page, configure the following settings: 
+   - **User notifications**: Specify **Display in Software Center and show all notifications**. 
+   - **Deadline behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify the behavior that is to occur when the deadline is reached for the software update deployment. Specify whether to install the software updates in the deployment. Also specify whether to perform a system restart after software update installation regardless of a configured maintenance window. 
+      >[!NOTE] 
+      >Remember that the installation deadline date and time will be well into the future to allow plenty of time for the user-initiated install during a fixed servicing window.
+   - **Device restart behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify whether to suppress a system restart on servers and workstations after software updates are installed and a system restart is required to complete the installation. 
+
+      >[!IMPORTANT]
+      >Suppressing system restarts can be useful in server environments or for cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation.
+   - **Write filter handling for Windows Embedded devices**: When you deploy software updates to Windows Embedded devices that are write filter enabled, you can specify to install the software update on the temporary overlay and either commit changes later or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device. 
+
+      >[!NOTE] 
+      >When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window. 
+   - **Software updates deployment re-evaluation behavior upon restart**: Starting in Configuration Manager version 1606, select this setting to configure software updates deployments to have clients run a software updates compliance scan immediately after a client installs software updates and restarts. This enables the client to check for additional software updates that become applicable after the client restarts, and to then install them (and become compliant) during the same maintenance window. 
+8.	On the Alerts page, configure how Configuration Manager and System Center Operations Manager will generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page. 
+
+   >[!NOTE]
+   >You can review recent software updates alerts from the **Software Updates** node in the **Software Library** workspace. 
+9.	On the Download Settings page, configure the following settings: 
+   - Specify whether the client will download and install the software updates when a client is connected to a slow network or is using a fallback content location. 
+   - Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates is not available on a preferred distribution point. 
+   - **Allow clients to share content with other clients on the same subnet**: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see [Fundamental concepts for content management](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/fundamental-concepts-for-content-management#branchcache). 
+   - **If software updates are not available on distribution point in current, neighbor or site groups, download content from Microsoft Updates**: Select this setting to have clients that are connected to the intranet download software updates from Microsoft Update if software updates are not available on distribution points. Internet-based clients can always go to Microsoft Update for software updates content.
+   - Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection. 
+
+      >[!NOTE]
+      >Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios). 
+10.	On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting. 
+11.	Click **Next** to deploy the feature update(s). 
+
+### Step 4: Monitor the deployment status
+After you deploy the feature update(s), you can monitor the deployment status. Use the following procedure to monitor the deployment status:
+
+1.	In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**. 
+2.	Click the software update group or software update for which you want to monitor the deployment status. 
+3.	On the **Home** tab, in the **Deployment** group, click **View Status**. 
\ No newline at end of file
diff --git a/windows/deployment/update/images/app-reliability.png b/windows/deployment/update/images/app-reliability.png
new file mode 100644
index 0000000000..47ecf49431
Binary files /dev/null and b/windows/deployment/update/images/app-reliability.png differ
diff --git a/windows/deployment/update/images/device-reliability-crash-count.png b/windows/deployment/update/images/device-reliability-crash-count.png
new file mode 100644
index 0000000000..7dd0a2d660
Binary files /dev/null and b/windows/deployment/update/images/device-reliability-crash-count.png differ
diff --git a/windows/deployment/update/images/device-reliability-device-count.png b/windows/deployment/update/images/device-reliability-device-count.png
new file mode 100644
index 0000000000..ba937d49e9
Binary files /dev/null and b/windows/deployment/update/images/device-reliability-device-count.png differ
diff --git a/windows/deployment/update/images/device-reliability-event1001-PSoutput.png b/windows/deployment/update/images/device-reliability-event1001-PSoutput.png
new file mode 100644
index 0000000000..323e0e3878
Binary files /dev/null and b/windows/deployment/update/images/device-reliability-event1001-PSoutput.png differ
diff --git a/windows/deployment/update/images/event_1001.png b/windows/deployment/update/images/event_1001.png
new file mode 100644
index 0000000000..e4f4604c2b
Binary files /dev/null and b/windows/deployment/update/images/event_1001.png differ
diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md
index b2b3ba0084..78aa48d1cf 100644
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@@ -77,4 +77,4 @@ Once you've added Update Compliance to Microsoft Operations Management Suite, yo
 
 ## Use Update Compliance to monitor Windows Updates
 
-Once your devices are enrolled, you can starte to [Use Update Compliance to monitor Windows Updates](update-compliance-using.md).
+Once your devices are enrolled, you can start to [Use Update Compliance to monitor Windows Updates](update-compliance-using.md).
diff --git a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
index bca4cfe0a9..10b578947d 100644
--- a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
+++ b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
@@ -4,10 +4,10 @@ description: Deployment rings in Windows 10 are similar to the deployment groups
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: DaniHalfin
+author: jaimeo
 ms.localizationpriority: medium
-ms.author: daniha
-ms.date: 07/27/2017
+ms.author: jaimeo
+ms.date: 07/11/2018
 ---
 
 # Build deployment rings for Windows 10 updates
@@ -38,9 +38,7 @@ Table 1 provides an example of the deployment rings you might use.
 | Critical | Semi-annual channel | 180 days | 30 days | Devices that are critical and will only receive updates once they've been vetted for a period of time by the majority of the organization |
 
 >[!NOTE]
->In this example, there are no rings made up of the long-term servicing channel (LTSC). The LTSC servicing channel does not receive feature updates. 
->
->Windows Insider PCs must be enrolled manually on each device and serviced based on the Windows Insider level chosen in the **Settings** app on that particular PC. Feature update servicing for Windows Insider devices is done completely through Windows Update; no servicing tools can manage Windows Insider feature updates.
+>In this example, there are no rings made up of the long-term servicing channel (LTSC). The LTSC does not receive feature updates. 
 
 
 As Table 1 shows, each combination of servicing channel and deployment group is tied to a specific deployment ring. As you can see, the associated groups of devices are combined with a servicing channel to specify which deployment ring those devices and their users fall into. The naming convention used to identify the rings is completely customizable as long as the name clearly identifies the sequence. Deployment rings represent a sequential deployment timeline, regardless of the servicing channel they contain. Deployment rings will likely rarely change for an organization, but they should be periodically assessed to ensure that the deployment cadence still makes sense. 
@@ -66,6 +64,7 @@ As Table 1 shows, each combination of servicing channel and deployment group is
 - [Configure Windows Update for Business](waas-configure-wufb.md)
 - [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
+- [Manage software updates in Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure)
 - [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md)
 - [Manage device restarts after updates](waas-restart.md)
 
diff --git a/windows/deployment/update/waas-windows-insider-for-business-faq.md b/windows/deployment/update/waas-windows-insider-for-business-faq.md
index e5527e20fe..0d5282bf9f 100644
--- a/windows/deployment/update/waas-windows-insider-for-business-faq.md
+++ b/windows/deployment/update/waas-windows-insider-for-business-faq.md
@@ -48,7 +48,7 @@ Yes. Starting with Windows 10, version 1709, the Windows Insider Program for Bus
 **Manage preview builds:** Administrators can enable or prevent builds from installing on a device. You also have an option to disable preview builds once the release is public.    
 **Branch Readiness Level:** Administrators can set the Windows readiness level, including Fast, Slow, Release Preview Rings of Windows Insider Preview) and allows administrators to defer or pause delivery of updates.  
 
-See more information on the [Getting started with Windows Insider Program for Business](waas-windows-insider-for-business.md#getting-started-with-windows-insider-program-for-business) section.
+See more information on the [Getting started with Windows Insider Program for Business](/windows-insider/at-work-pro/wip-4-biz-get-started) section.
 
 ### <a id="connected-to-aad"> </a>How can I find out if my corporate account is on Azure Active Directory? 
 On your PC, go to **Settings > Accounts > Access work or school**. If your organization has set up your corporate account in Azure Active Directory and it is connected to your PC, you will see the account listed as highlighted in the image below.
@@ -59,7 +59,7 @@ On your PC, go to **Settings > Accounts > Access work or school**. If your organ
 Register for Windows Insider Program for Business with the same active account that you use to access your corporate email in Office 365 and other Microsoft services. To ensure you get the most benefit out of the Windows Insider Program for Business and that your company is fully represented, do not set up a separate tenant for testing activities. There will be no modifications to the AAD tenant to support Windows Insider Program for Business, and it will only be used as an authentication method. 
 
 ### Can I register multiple users from my organization at the same time for the Windows Insider Program for Business? 
-Yes. The Windows Insider Program for Business now allows organizations to register their domain and control settings centrally rather than require each user to register individually for Insider Preview builds. In order to register, follow instructions on the [Getting started with Windows Insider Program for Business](waas-windows-insider-for-business.md#getting-started-with-windows-insider-program-for-business) section.
+Yes. The Windows Insider Program for Business now allows organizations to register their domain and control settings centrally rather than require each user to register individually for Insider Preview builds. In order to register, follow instructions on the [Getting started with Windows Insider Program for Business](/windows-insider/at-work-pro/wip-4-biz-get-started) section.
 
 ### My account is listed in Active Directory but not Azure Active Directory. Can I still register using my Active Directory credentials?
 No. At this point, we are only supporting Azure Active Directory as a corporate authentication method. If you’d like to suggest or upvote another authentication method, please visit this [forum](https://answers.microsoft.com/en-us/insider/forum/insider_wintp).
diff --git a/windows/deployment/update/waas-windows-insider-for-business.md b/windows/deployment/update/waas-windows-insider-for-business.md
deleted file mode 100644
index 8826021936..0000000000
--- a/windows/deployment/update/waas-windows-insider-for-business.md
+++ /dev/null
@@ -1,314 +0,0 @@
----
-title: Windows Insider Program for Business
-description: Overview of the Windows Insider Program for Business
-keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, WiP4Biz, enterprise, rings, flight
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: jaimeo
-ms.localizationpriority: medium
-ms.author: jaimeo
-ms.date: 02/27/2018
----
-
-# Windows Insider Program for Business
-
-
-**Applies to**
-
-- Windows 10
-
-> **Looking for information about Windows 10 for personal or home use?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
-
-
-
-## Getting started with Windows Insider Program for Business
-
-To get started with the Windows Insider Program for Business, follow these steps:
-
-1. [Register your organization's Azure AD account](#individual-registration) to the Windows Insider Program for Business.
-2. [Register your organization's Azure AD domain](#organizational-registration) to the Windows Insider Program for Business.</br>**Note:** Registering user has to be a Global Administrator in the Azure AD domain.
-3. [Set policies](#manage-windows-insider-preview-builds) to enable Windows Insider Preview builds and select flight rings.
-
->[!IMPORTANT]
->To receive Windows Insider Preview builds, set the **Allow Telemetry** setting in Group Policy to 2 or higher.
->
->In **Group Policy**, this setting is in **Computer Configuration/Administrative Templates/Windows Components/Data Collection and Preview Builds - Allow Telemetry**. In **MDM**, the setting is in [**System/AllowTelemetry**](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry). 
-
-
-## Register in the Windows Insider Program for Business
-
-The first step to installing a Windows 10 Insider Preview build is to register as a Windows Insider. You and your users have two registration options. 
-
-### Register using your work account (recommended) 
-Registering with your work account in Azure Active Directory (AAD) is required to submit feedback on behalf of your organization and manage Insider Preview builds on other devices in your domain.   
-
->[!NOTE]
->Requires Windows 10 Version 1703 or later. Confirm by going to Settings>System>About. If you do not have an AAD account, [find out how to get an Azure Active Directory tenant](https://docs.microsoft.com/azure/active-directory/develop/active-directory-howto-tenant).
-
-### Register your personal account
-Use the same account that you use for other Microsoft services. If you don’t have a Microsoft account, it is easy to get one. [Get a Microsoft account](https://account.microsoft.com/account).
-
-## Install Windows Insider Preview Builds
-You can install Windows 10 Insider Preview builds directly on individual devices, manage installation across multiple devices in an organization, or install on a virtual machine. 
-
-### Install on an individual device
-
-1.	Open  [Windows Insider Program settings](ms-settings:windowsinsider) (On your Windows 10 device, go to Start > Settings > Update & security > Windows Insider Program). To see this setting, you must have administrator rights to your device.
-2.	Click **Get started** and follow the prompts to link your Microsoft or work account that you used to register as a Windows Insider. 
-
-
-[![Settings UI showing Windows Insider Program item selected in lower left](images/WIP4Biz_Prompts.png)](images/WIP4Biz_Prompts.png)
-
-### Install across multiple devices
-
-Administrators can install and manage Insider Preview builds centrally across multiple devices within their domain. To register a domain, you must be registered in the Windows Insider Program with your work account in Azure Active Directory and you must be assigned a **Global Administrator** role on that Azure AD domain. Also requires Windows 10 Version 1703 or later. 
-
-To register a domain, follow these steps: 
-
-1.	**Register your domain with the Windows Insider Program**
-Rather than have each user register individually for Insider Preview builds, administrators can simply [register their domain](https://insider.windows.com/for-business-organization-admin/) and control settings centrally.
-
-
-2. **Apply Policies**
-Once you have registered your enterprise domain, you can control how and when devices receive Windows Insider Preview builds on their devices. See: [How to manage Windows 10 Insider Preview builds across your organization](https://docs.microsoft.com/windows/deployment/update/waas-windows-insider-for-business).
-
->[!Note]
->- The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
->- Currently, the Windows Insider Program for Business supports [Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/active-directory-whatis)--but not on-premises Active Directory--as a corporate authentication method. 
->- If your company has a paid subscription to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services--you have a free subscription to Microsoft Azure Active Directory. This subscription can be used to create users for enrollment in the Windows Insider Program for Business.
->- If you do not have an AAD account, install Insider Preview builds on individual devices with a registered Microsoft account.
-
-### Install on a virtual machine 
-This option enables you to run Insider Preview builds without changing the Windows 10 production build already running on a device.
-  
-For guidance on setting up virtual machines on your device, see [Introduction to Hyper-V on Windows 10](https://docs.microsoft.com/virtualization/hyper-v-on-windows/about/).
- 
-To download the latest Insider Preview build to run on your virtual machine, see
-[Windows Insider Preview downloads](https://www.microsoft.com/software-download/windowsinsiderpreviewadvanced) 
-
-## Manage Windows Insider Preview builds
-
-Starting with Windows 10, version 1709, administrators can control how and when devices receive Windows Insider Preview builds.
-
-The **Manage preview builds** setting gives enables or prevents preview build installation on a device. You can also decide to stop preview builds once the release is public.
-* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business** - *Manage preview builds*
-* MDM: **Update/ManagePreviewBuilds**
-
->[!NOTE]
->**MDM Values for ManagePreviewBuilds**:
->* 0 - Disable preview builds
->* 1 - Disable preview builds once next release is public
->* 2 - Enable preview builds
->* 3 - Preview builds are left to user selection *(default)*
-
-The **Branch Readiness Level** settings allows you to choose between preview [flight rings](#flight-rings), and defer or pause the delivery of updates.
-* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and Feature Updates are received*
-* MDM: [**Update/BranchReadinessLevel**](/windows/client-management/mdm/policy-csp-update#update-branchreadinesslevel)
-
-![Group Policy dialog showing the "Select when Preview Builds and Feature updates are received" configuration panel](images/waas-wipfb-policy1.png)
-
-### Individual enrollment
-
-If you want to manage Windows Insider preview builds prior to Windows 10, version 1709, or wish to enroll a single device, follow these steps:
-
-1. Enroll your device by going to **Start > Settings > Update & security > Windows Insider Program** and selecting **Get Started**. Sign-in using the account you used to register for the Windows Insider Program.
-2. Read the privacy statement and then click **Next**, **Confirm**,
-3. Schedule a restart. You are now ready to install your first preview build.
-4. To install the first preview, open **Start** > **Settings** > **Update & security** > **Windows Insider Program** and select your Windows Insider level. The device receives the most recent Windows Insider build for the Windows Insider level you select. 
-
->[!NOTE]
->To enroll your device, you’ll require administration rights on the device, which must be running Windows 10, Version 1703 or later. If you are already registered in the Windows Insider Program using your Microsoft account, you’ll need to [switch enrollment to the organizational account](#how-to-switch-between-your-msa-and-your-corporate-aad-account).
-
->[!TIP]
->Administrators have the option to use [Device Health](/windows/deployment/update/device-health-monitor) in Windows Analytics to monitor devices running Windows 10 Insider Preview builds.
-
-## Flight rings
-
-Flight rings are used to evaluate the quality of our software as it is released to progressively larger audiences. We will flight a Feature Update, application, etc. to the first ring if it passes all required automated testing in the lab. The flight will continue to be evaluated against a set of criteria to ensure it is ready to progress to the next ring.
-
-These are the available flight rings:
-
-### Release Preview
-
-Best for Insiders who prefer to get early access to updates for the Semi-Annual Channel, Microsoft applications, and drivers, with minimal risk to their devices, and still want to provide feedback to make Windows devices great.
-
-Insiders on this level receive builds of Windows just before Microsoft releases them to the Semi-Annual Channel. Although these builds aren’t final, they are the most complete and stable builds available to Windows Insider Program participants. This level provides the best testing platform for organizations that conduct early application compatibility testing on Windows Insider devices.
-
-The Release Preview Ring will only be visible when your Windows build version is the same as the Semi-Annual Channel.
-
-To move from a Preview build to the Semi-Annual Channel, use the [Media Creation Tool](http://go.microsoft.com/fwlink/?LinkId=691209) (for device) or [Windows Device Recovery Tool](http://go.microsoft.com/fwlink/p/?LinkId=522381) (for Mobile) to reinstall Windows.  
-
-### Slow
-
-The Slow Windows Insider level is for users who prefer to see new builds of Windows with minimal risk to their devices but still want to provide feedback to Microsoft about their experience with the new build.
-
-* Builds are sent to the Slow Ring after feedback has been received from Windows Insiders within the Fast Ring and analyzed by our Engineering teams.  
-* These builds will include updates to fix key issues that would prevent many Windows Insiders from being able to use the build on a daily basis.  
-* These builds still might have issues that would be addressed in a future flight.
-* These builds are typically released once a month.
-
-### Fast
-
-Best for Windows Insiders who prefer being the first to get access to builds and feature updates--with some risk to their devices--in order to identify issues, and provide suggestions and ideas to make Windows software and devices great.
-
-* Windows Insiders with devices in the Fast Ring should be prepared for more issues that might block key activities that are important to you or might require significant workarounds. 
-* Because we are also validating a build on a smaller set of devices before going to Fast, there is also a chance that some features might work on some devices but might fail in other device configurations. 
-* Windows Insiders should be ready to reinstall Windows using the [Media Creation Tool](http://go.microsoft.com/fwlink/?LinkId=691209) or [Windows Device Recovery Tool](http://go.microsoft.com/fwlink/p/?LinkId=522381) when you are significantly blocked.
-* Remember to report any issue to us through the Windows Insider Feedback Hub or the Windows Insider community forum.
-* These builds are typically released once a week.
-
->[!NOTE]
->Once your device is updated to Windows 10 and you select your desired flight ring, the process known as "Compatibility check" will need to run in the background. There is no manual way to force this process to run. This process allows for the discovery of your OS type (32-bit, 64-bit), build edition (Home, Pro, Enterprise), country and language settings, and other required information. Once this process is complete, your device will be auto-targeted for the next available flight for your selected ring. For the first build on any given device, this might take up to 24 hours to complete.
-
-### How to switch between flight rings
-
-During your time in the Windows Insider Program, you might want to change between flight rings for any number of reasons. Starting with Windows 10, version 1709, use the **Branch Readiness Level** to switch between flight rings.
- 
-* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and Feature Updates are received*
-* MDM: [**Update/BranchReadinessLevel**](/windows/client-management/mdm/policy-csp-update#update-branchreadinesslevel)
-
-To switch flights prior to Windows 10, version 1709, follow these steps:
-
-1. Go to **Settings > Updates & Security >  Windows Insider Program**
-2. Under **Choose your level**, select between the following rings -
-  * [Windows Insider Fast](#fast)
-  * [Windows Insider Slow](#slow)
-  * [Release Preview](#release-preview)
-
-
-## How to switch between your MSA and your Corporate AAD account
-
-If you were using your Microsoft Account (MSA) to enroll to the Windows Insider Program, switch to your organizational account by going to **Settings > Updates & Security >  Windows Insider Program**, and under **Windows Insider account** select **Change**.
-
-![Change Windows Insider account](images/waas-wipfb-change-user.png)
-
->[!NOTE]
->If you would like to use your corporate account, your device must be connected to your corporate account in AAD for the account to appear in the account list.
-
-## Sharing Feedback Via the Feedback Hub
-As you know a key benefit to being a Windows Insider is Feedback. It’s definitely a benefit to us, and we hope it’s a benefit to you. Feedback is vital for making changes and improvements in Windows 10. Receiving quality and actionable feedback is key in achieving these goals.
-
-Use the [**Feedback Hub App**](feedback-hub://?referrer=wipForBizDocs&tabid=2) to submit your feedback to Microsoft.  
-
-When providing feedback, consider the following: 
-* Check for existing feedback on the topic you are preparing to log. Another user might have already shared the same feedback. If they have, “upvote” the existing feedback to help prevent duplicate submissions. Adding additional comments to existing feedback can help others by providing clarity to existing information or additional scenarios to review.
-* Provide as much information to us as possible: include reproduction steps, screenshots, any detail you think would help us experience the issue as you have, so that we can work on a fix and get it into a new build as soon as possible.
-
->[!TIP]
->You can then track feedback provided by all users in your organization through the Feedback Hub. Simply filter by **My Organization**. 
->
->If you're signed in to the Feedback Hub App using your personal Microsoft Account (MSA), you can switch to your work account, by clicking on your account, signing out, and signing back in.
-
->[!NOTE]
->If you signed into the Feedback Hub previously with your MSA, your feedback and badges will not be transferred to your Azure AD sign-in. However, you can switch back to your MSA account in the Feedback Hub to access feedback you’ve submitted and badges you’ve earned.
-
-### User consent requirement
-
-Feedback Hub needs the user’s consent to access their AAD account profile data (we read their name, organizational tenant ID, and user ID). When they sign in for the first time with the AAD account, they will see a popup asking for their permission, like this:
-
-![Feedback Hub consent to AAD pop-up](images/waas-wipfb-aad-consent.png)
-
-Once agreed, everything will work fine, and that user won't be prompted for permission again.
-
-#### Something went wrong
-
-The option for users to give consent for apps to access their profile data is controlled through Azure Active Directory. This means the AAD administrators have the ability to allow or block users from giving consent.
-
-In case the administrators blocked this option, when the user signs in with the AAD account, they will see the following error message:
-
-![Feedback Hub consent error message](images/waas-wipfb-aad-error.png)
-
-This blocks the user from signing in, which means they won't be able to use the Feedback Hub app with their AAD credentials.
-
-**To fix this issue**, an administrator of the AAD directory will need to enable user consent for apps to access their data.
-
-To do this through the **classic Azure portal**:
-1. Go to https://manage.windowsazure.com/ .
-2. Switch to the **Active Directory** dashboard.  
-   ![Azure classic portal dashboard button](images/waas-wipfb-aad-classicaad.png)
-3. Select the appropriate directory and go to the **Configure** tab.
-4. Under the **integrated applications** section, enable **Users might give applications permissions to access their data**.  
-   ![Azure classic portal enable consent](images/waas-wipfb-aad-classicenable.png)
-
-To do this through the **new Azure portal**:
-1. Go to https://portal.azure.com/ .
-2. Switch to the **Active Directory** dashboard.  
-   ![Azure new portal dashboard button](images/waas-wipfb-aad-newaad.png)
-3. Switch to the appropriate directory.  
-   ![Azure new portal switch directory button](images/waas-wipfb-aad-newdirectorybutton.png)
-4. Under the **Manage** section, select **User settings**.  
-   ![Azure new portal user settings](images/waas-wipfb-aad-newusersettings.png)
-5. In the **Enterprise applications** section, enable **Users can allow apps to access their data**.  
-   ![Azure new portal enable consent](images/waas-wipfb-aad-newenable.png)
-
-## Not receiving Windows 10 Insider Preview build updates?
-
-In some cases, your device might not update to the latest Windows Insider Preview build as expected. Here are items that you can review to troubleshoot this issue:
-
-### Perform a manual check for updates 
-Go to **Settings > Updates & Security**. Review available updates or select **Check for updates**.
-
->[!NOTE]
->If you have set Active Hours, ensure your device is left turned on and signed in during the off-hours so the install process can complete.
-
-### Make sure Windows is activated 
-Go to **Settings > Updates & Security > Activation** to verify Windows is activated.
-
-### Make sure your corporate account in AAD is connected to your device
-Open **Settings \ Accounts \ Access work or school**. If your device is not listed as connected to your account in AAD, click Connect and enter your AAD account.
-
-### Make sure you have selected a flight ring
-Open **Settings > Update & Security > Windows Insider Program** and select your flight ring.
-
-### Have you recently done a roll-back? 
-If so, double-check your flight settings under **Settings > Update & Security > Windows Insider Program**.
-
-### Did you do a clean installion? 
-After a clean installation and initial setup of a Microsoft or corporate account (even one that has been used previously for flighting) the appropriate targeting needs to take place for your device. This background process is known as Compatibility Checker and will run during idle time on your device. This process might take up to 24 hours. To ensure that this occurs in a timely manner, leave your device turned on. 
-
-### Are there known issues for your current build?
-On rare occasion, there might be an issue with a build that could lead to issues with updates being received. Check the most recent blog post or contact the Windows Insider team on Twitter for verification (*@WindowsInsider*). You can also check the **Feedback Hub** for announcements and known issues.
-
-## Exiting flighting
-
-After you’ve tried the latest Windows Insider Preview builds, you might want to opt out. In order to do that, go to  **Settings > Update & Security > Windows Insider Program** and select **Stop Insider Preview Builds**. Follow the on-screen instructions to stop flighting to your device.
-
-To go from a Preview build to the Semi-Annual Channel, use the [Media Creation Tool](http://go.microsoft.com/fwlink/?LinkId=691209) (for device) or [Windows Device Recovery Tool](http://go.microsoft.com/fwlink/p/?LinkId=522381) (for Mobile) to reinstall Windows.  
-
-## Unregister
-
-If you no longer plan to manage Windows Insider Preview policies for your organization, you will need to [unregister your domain with the Windows Insider Program](https://insider.windows.com/insiderorgleaveprogram/). 
-
-Unregistering will not allow any other administrators at your organization to continue to set policies to manage Windows Insider Preview builds across your organization.
-
-Your individual registration with the Insider program will not be impacted. If you wish to leave the Insider program, see the [leave the program](https://insider.windows.com/how-to-overview/#leave-the-program) instructions.
-
->[!IMPORTANT]
->Once your domain is unregistered, setting the **Branch Readiness Level** to preview builds will have no effect. Return this setting to its unconfigured state in order to enable users to control it from their devices.
-
-## Community 
-
-Windows Insiders are a part of a global community focused on innovation, creativity, and growth in their world.  
-
-The Windows Insider program enables you to deepen connections to learn from peers and to connect to subject matter experts (inside Microsoft, Insiders in your local community and in another country) who understand your unique challenges, and who can provide strategic advice on how to maximize your impact.
- 
-Collaborate and learn from experts in the [Windows Insider Tech Community](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/bd-p/WindowsInsiderProgram)
-
-
-## Additional help resources
-
-* [**Windows Blog**](https://blogs.windows.com/blog/tag/windows-insider-program/) - With each new build release we publish a Windows Blog post that outlines key feature changes as well as known issues that Insiders might encounter while using the build.
-* [**Microsoft Technical Community for Windows Insiders**](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/bd-p/WindowsInsiderProgram) - Engage with Windows Insiders around the world in a community dedicated to the Windows Insider Program.
-* [**Windows Insider Preview community forum**](https://answers.microsoft.com/en-us/insider/forum/insider_wintp) - Answers is Microsoft’s forum platform and there is an entire area dedicated to the Windows Insider Program. Insiders can filter between device, Office, Edge, and many others.
-
-## Learn More
-- [Windows Insider Program for Business using Azure Active Directory](waas-windows-insider-for-business-aad.md)
-- [Windows Insider Program for Business Frequently Asked Questions](waas-windows-insider-for-business-faq.md)
-
-## Related Topics
-- [Overview of Windows as a service](waas-overview.md)
-- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
-- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
-- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
-- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
index a1fb98a31e..d17beb7903 100644
--- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
+++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
@@ -8,8 +8,8 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: jaimeo
 ms.author: jaimeo
-ms.date: 05/02/2018
-ms.localizationpriority: medium
+ms.date: 07/20/2018
+ms.localizationpriority: high
 ---
 
 # Frequently asked questions and troubleshooting Windows Analytics
@@ -20,10 +20,13 @@ This topic compiles the most common issues encountered with configuring and usin
 
 If you've followed the steps in the [Enrolling devices in Windows Analytics](windows-analytics-get-started.md) topic and are still encountering problems, you might find the solution here.
 
-[Devices not showing up](#devices-not-showing-up)
+[Devices not appearing in Upgrade Readiness](#devices-not-appearing-in-upgrade-readiness)
 
-[Device Health crash data not appearing](#device-health-crash-data-not-appearing)
+[Devices not appearing in Device Health Device Reliability](#devices-not-appearing-in-device-health-device-reliability)
 
+[Device crashes not appearing in Device Health Device Reliability](#device-crashes-not-appearing-in-device-health-device-reliability)
+
+[Apps not appearing in Device Health App Reliability](#apps-not-appearing-in-device-health-app-reliability)
 
 [Upgrade Readiness shows many "Computers with outdated KB"](#upgrade-readiness-shows-many-computers-with-outdated-kb)
 
@@ -36,11 +39,12 @@ If you've followed the steps in the [Enrolling devices in Windows Analytics](win
 [Exporting large data sets](#exporting-large-data-sets)
 
 
-### Devices not showing up
+### Devices not appearing in Upgrade Readiness
 
 In Log Analytics, go to **Settings > Connected sources > Windows telemetry** and verify that you are subscribed to the Windows Analytics solutions you intend to use.
 
 Even though devices can take 2-3 days after enrollment to show up due to latency in the system, you can now verify the status of your devices with a few hours of running the deployment script as described in [You can now check on the status of your computers within hours of running the deployment script](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/) on the Windows Analytics blog.
+
 >[!NOTE]
 > If you generate the status report and get an error message saying "Sorry! We’re not recognizing your Commercial Id," go to **Settings > Connected sources > Windows telemetry** and unsubscribe, wait a minute and then re-subscribe to Upgrade Readiness.
  
@@ -57,77 +61,96 @@ If you want to check a large number of devices, you should run the latest script
 
 If you think the issue might be related to a network proxy, check "Enable data sharing" section of the [Enrolling devices in Windows Analytics](windows-analytics-get-started.md) topic. Also see [Understanding connectivity scenarios and the deployment script](https://blogs.technet.microsoft.com/upgradeanalytics/2017/03/10/understanding-connectivity-scenarios-and-the-deployment-script/) on the Windows Analytics blog.
 
-If you have deployed images that have not been generalized, then many of them might have the same ID and so analytics will see them as one device. If you suspect this is the issue, then you can reset the IDs on the non-generalized devices by performing these steps:
+If you have deployed images that have not been generalized, then many of them might have the same ID and so Windows Analytics will see them as one device. If you suspect this is the issue, then you can reset the IDs on the non-generalized devices by performing these steps:
 1. Net stop diagtrack
 2. Reg delete hklm\software\microsoft\sqmclient /v MachineId /f
 3. Net start diagtrack
 
+#### Devices not appearing in Device Health Device Reliability
 
-### Device Health crash data not appearing
+[![Device Reliability tile showing device count highlighted](images/device-reliability-device-count.png)](images/device-reliability-device-count.png)
 
-#### Is WER disabled?
-If Windows Error Reporting (WER) is disabled or redirected on your Windows devices, then reliability information cannot be shown in Device Health.
+If you have devices that appear in other solutions, but not Device Health, follow these steps to investigate the issue:
+1. Confirm that the devices are running Windows10.
+2. Verify that the Commercial ID is present in the device's registry. For details see [https://gpsearch.azurewebsites.net/#13551](https://gpsearch.azurewebsites.net/#13551).
+3. Confirm that devices have opted in to provide diagnostic data by checking in the registry that **AllowTelemetry** is set to 2 (Enhanced) or 3 (Full) in **HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection** (or **HKLM\Software\Policies\Microsoft\Windows\DataCollection**, which takes precedence if set).
+4. Verify that devices can reach the endpoints specified in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md). Also check settings for SSL inspection and proxy authentication; see [Configuring endpoint access with SSL inspection](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started#configuring-endpoint-access-with-ssl-inspection) for more information.
+5. Wait 48 hours for activity to appear in the reports.
+6. If you need additional troubleshooting, contact Microsoft Support.
 
-Check these registry settings in **HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting**:
 
-- Verify that the value "Disabled" (REG_DWORD), if set, is 0.
-- Verify that the value "DontSendAdditionalData" (REG_DWORD), if set, is 0.
-- Verify that the value "CorporateWERServer" (REG_SZ) is not configured.
+### Device crashes not appearing in Device Health Device Reliability
 
-If you need further information on Windows Error Reporting (WER) settings, see WER Settings. 
+[![Device Reliability tile showing crash count highlighted](images/device-reliability-crash-count.png)](images/device-reliability-crash-count.png)
+
+If you know that devices are experiencing stop error crashes that do not seem to be reflected in the count of devices with crashes, follow these steps to investigate the issue:
+
+1. Verify that devices are reporting data properly by following the steps in the [Devices not appearing in Device Health Device Reliability](#devices-not-appearing-in-device-health-device-reliability) section of this topic.
+2. Trigger a known crash on a test device by using a tool such as [NotMyFault](https://docs.microsoft.com/sysinternals/downloads/notmyfault) from Windows Sysinternals.
+3. Verify that Windows Error Reporting (WER) is not disabled or redirected by confirming the registry settings in **HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting** (or **HKLM\Software\Policies\Microsoft\Windows\DataCollection**, which will take precedence if set):
+
+    - Verify that the value "Disabled" (REG_DWORD), if set, is 0.
+    - Verify that the value "DontSendAdditionalData" (REG_DWORD), if set, is 0.
+    - Verify that the value "CorporateWERServer" (REG_SZ) is not configured.
+
+4. Verify that WER can reach all diagnostic endpoints specified in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md)--if WER can only reach some of the endpoints, it could be included in the device count while not reporting crashes.
+5. Check that crash reports successfully complete the round trip with Event 1001 and that BucketID is not blank. A typical such event looks like this:
+
+   [![Event viewer detail showing Event 1001 details](images/event_1001.png)](images/event_1001.png)
+ 
+   You can use the following Windows PowerShell snippet to summarize recent occurences of Event 1001. Most events should have a value for BucketID (a few intermittent blank values are OK, however).
+
+   ```powershell
+   $limitToMostRecentNEvents = 20
+   Get-WinEvent -FilterHashTable @{ProviderName="Windows Error Reporting"; ID=1001} | 
+     ?{ $_.Properties[2].Value -match "crash|blue" } |
+     % { [pscustomobject]@{ 
+       TimeCreated=$_.TimeCreated
+       WEREvent=$_.Properties[2].Value
+       BucketId=$_.Properties[0].Value
+       ContextHint = $(
+          if($_.Properties[2].Value -eq "bluescreen"){"kernel"}
+          else{ $_.Properties[5].Value }
+       )
+     }} | Select-Object -First $limitToMostRecentNEvents
+   ```
+   The output should look something like this:
+   [![Typical output for this snippet](images/device-reliability-event1001-PSoutput.png)](images/device-reliability-event1001-PSoutput.png)
+
+6. Check that some other installed device, app, or crash monitoring solution is not intercepting crash events.
+7. Wait 48 hours for activity to appear in the reports.
+8. If you need additional troubleshooting, contact Microsoft Support.
 
 #### Endpoint connectivity
 
 Devices must be able to reach the endpoints specified in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
 
-If you are using proxy server authentication, it is worth taking extra care to check the configuration. Prior to Windows 10, version 1703, WER uploads error reports in the machine context. Both user (typically authenticated) and machine (typically anonymous) contexts require access through proxy servers to the diagnostic endpoints. In Windows 10, version 1703, and later WER will attempt to use the context of the user that is logged on for proxy authentication such that only the user account requires proxy access.
- 
-Therefore, it's important to ensure that both machine and user accounts have access to the endpoints using authentication (or to whitelist the endpoints so that outbound proxy authentication is not required). For suggested methods, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md#configuring-endpoint-access-with-proxy-server-authentication).
- 
-To test access as a given user, you can run this Windows PowerShell cmdlet *while logged on as that user*: 
+If you are using proxy server authentication, it's worth taking extra care to check the configuration. Prior to Windows 10, version 1703, WER only uploads error reports in the machine context, so whitelisting endpoints to allow non-authenticated access was typically used. In Windows 10, version 1703 and later versions, WER will attempt to use the context of the user that is logged on for proxy authentication such that only the user account requires proxy access.
 
-```powershell
 
-$endPoints = @(
-        'watson.telemetry.microsoft.com'
-        'oca.telemetry.microsoft.com'
-        'v10.events.data.microsoft.com'
-    )
+For more information, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md#configuring-endpoint-access-with-proxy-server-authentication).
 
-$endPoints | %{ Test-NetConnection -ComputerName $_ -Port 443 -ErrorAction Continue } | Select-Object -Property ComputerName,TcpTestSucceeded
+### Apps not appearing in Device Health App Reliability
 
-```
+[![App Reliability tile showing relability events trend](images/app-reliability.png)](images/app-reliability.png)
 
-If this is successful, `TcpTestSucceeded` should return `True` for each of the endpoints.
+If apps that you know are crashing do not appear in App Reliability, follow these steps to investigate the issue:
 
-To test access in the machine context (requires administrative rights), run the above as SYSTEM using PSexec or Task Scheduler, as in this example:
+1. Double-check the steps in the [Devices not appearing in Device Health Device Reliability](#devices-not-appearing-in-device-health-device-reliability) and [Device crashes not appearing in Device Health Device Reliability](#device-crashes-not-appearing-in-device-health-device-reliability) sections of this topic.
+2. Confirm that an in-scope application has crashed on an enrolled device. Keep the following points in mind:
+    - Not all user-mode crashes are included in App Reliability, which tracks only apps that have a GUI, have been used interactively by a user, and are not part of the operating system.
+    - Enrolling more devices helps to ensure that there are enough naturally occurring app crashes.
+    - You can also use test apps which are designed to crash on demand.
 
-```powershell
+3. Verify that *per-user* Windows Error Reporting (WER) is not disabled or redirected by confirming the registry settings in **HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting** (or **HKCU\Software\Policies\Microsoft\Windows\DataCollection**, which will take precedence if set):
 
-[scriptblock]$accessTest = {
-    $endPoints = @(
-        'watson.telemetry.microsoft.com'
-        'oca.telemetry.microsoft.com'
-        'v10.events.data.microsoft.com'
-    )
+    - Verify that the value "Disabled" (REG_DWORD), if set, is 0.
+    - Verify that the value "DontSendAdditionalData" (REG_DWORD), if set, is 0.
+    - Verify that the value "CorporateWERServer" (REG_SZ) is not configured.
+4. Check that some other installed device, app, or crash monitoring solution is not intercepting crash events.
+5. Wait 48 hours for activity to appear in the reports.
+6. If you need additional troubleshooting, contact Microsoft Support.
 
-    $endPoints | %{ Test-NetConnection -ComputerName $_ -Port 443 -ErrorAction Continue } | Select-Object -Property ComputerName,TcpTestSucceeded
-}
-
-$scriptFullPath = Join-Path $env:ProgramData "TestAccessToMicrosoftEndpoints.ps1"
-$outputFileFullPath = Join-Path $env:ProgramData "TestAccessToMicrosoftEndpoints_Output.txt"
-$accessTest.ToString() > $scriptFullPath
-$null > $outputFileFullPath
-$taskAction = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "-ExecutionPolicy Bypass -Command `"&{$scriptFullPath > $outputFileFullPath}`"" 
-$taskTrigger = New-ScheduledTaskTrigger -Once -At (Get-Date).Addseconds(10)
-$task = Register-ScheduledTask -User 'NT AUTHORITY\SYSTEM' -TaskName 'MicrosoftTelemetryAccessTest' -Trigger $taskTrigger -Action $taskAction -Force
-Start-Sleep -Seconds 120
-Unregister-ScheduledTask -TaskName $task.TaskName -Confirm:$false
-Get-Content $outputFileFullPath
-
-```
-
-As in the other example, if this is successful, `TcpTestSucceeded` should return `True` for each of the endpoints.
 
 ### Upgrade Readiness shows many "Computers with outdated KB"
 If you see a large number of devices reported as shown in this screenshot of the Upgrade Readiness tile:
@@ -162,12 +185,15 @@ Double-check that IE site discovery opt-in has been configured in the deployment
 Also, on Windows 10 devices remember that IE site discovery requires data diagnostics set to the Enhanced level.
 Finally, Upgrade Readiness only collects IE site discovery data on devices that are not yet upgraded to the target operating system version specified in the Upgrade Readiness Overview blade. This is because Upgrade Readiness targets upgrade planning (for devices not yet upgraded).
 
+>[!NOTE]
+> IE site discovery is disabled on devices running Windows 7 and Windows 8.1 that are in Switzerland and EU countries.
+
 ### Device Names don't show up on Windows 10 devices
 Starting with Windows 10, version 1803, the device name is no longer collected by default and requires a separate opt-in. For more information, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
 
 ### Disable Upgrade Readiness
 
-If you want to stop using Upgrade Readiness and stop sending diagnostic data data to Microsoft, follow these steps:
+If you want to stop using Upgrade Readiness and stop sending diagnostic data to Microsoft, follow these steps:
 
 1.  Unsubscribe from the Upgrade Readiness solution in the OMS portal. In the OMS portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option.
 
@@ -225,3 +251,6 @@ System Center Configuration Manager (SCCM) considers a device ready to upgrade i
 Currently, you can choose the criteria you wish to use:
 - To use the SCCM criteria, create the collection of devices ready to upgrade within the SCCM console (using the analytics connector).
 - To use the Upgrade Readiness criteria, export the list of ready-to-upgrade devices from the corresponding Upgrade Readiness report, and then build the SCCM collection from that spreadsheet.
+
+### How does Upgrade Readiness collect the inventory of devices and applications?
+For details about this process and some tips, see [How does Upgrade Readiness in WA collects application inventory for your OMS workspace?](https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/How-does-Upgrade-Readiness-in-WA-collects-application-inventory/ba-p/213586) on the Windows Analytics blog.
\ No newline at end of file
diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md
index a783fc5d09..610f176f33 100644
--- a/windows/deployment/update/windows-analytics-get-started.md
+++ b/windows/deployment/update/windows-analytics-get-started.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: jaimeo
 ms.author: jaimeo
-ms.date: 03/08/2018
+ms.date: 07/18/2018
 ms.localizationpriority: medium
 ---
 
@@ -52,6 +52,9 @@ To enable data sharing, configure your proxy sever to whitelist the following en
 | `http://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. |
 | `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
 | `https://oca.telemetry.microsoft.com`  | Online Crash Analysis; required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
+| `https://login.live.com` | Windows Error Reporting (WER); required by Device Health for device tickets. |
+| `https://www.msftncsi.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. |
+| `https://www.msftconnecttest.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. **Note:** In this context login.live.com is *not* used for access to Microsoft Account consumer services. The endpoint is used only as part of the WIndows Error Reporting protocol to enhance the integrity of error reports. |
 
 
 >[!NOTE]
diff --git a/windows/deployment/update/windows-analytics-privacy.md b/windows/deployment/update/windows-analytics-privacy.md
index 30197dd5d4..49c1fc93cc 100644
--- a/windows/deployment/update/windows-analytics-privacy.md
+++ b/windows/deployment/update/windows-analytics-privacy.md
@@ -8,8 +8,8 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: jaimeo
 ms.author: jaimeo
-ms.date: 04/05/2018
-ms.localizationpriority: medium
+ms.date: 07/02/2018
+ms.localizationpriority: high
 ---
 
 # Windows Analytics and privacy
@@ -37,6 +37,7 @@ The data flow sequence is as follows:
 
 See these topics for additional background information about related privacy issues:
 
+- [Windows 10 and the GDPR for IT Decision Makers](https://docs.microsoft.com/windows/privacy/gdpr-it-guidance)
 - [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization)
 - [Windows 7, Windows 8, and Windows 8.1 Appraiser Telemetry Events, and Fields](https://go.microsoft.com/fwlink/?LinkID=822965) (link downloads a PDF file)
 - [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703)
@@ -44,7 +45,8 @@ See these topics for additional background information about related privacy iss
 - [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview)
 - [Licensing Terms and Documentation](https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=31)
 - [Learn about security and privacy at Microsoft datacenters](http://www.microsoft.com/datacenters)
-- [Confidence in the trusted cloud](https://azure.microsoft.com/en-us/support/trust-center/) 
+- [Confidence in the trusted cloud](https://azure.microsoft.com/support/trust-center/)
+- [Trust Center](https://www.microsoft.com/trustcenter)
 
 ### Can Windows Analytics be used without a direct client connection to the Microsoft Data Management Service?
 No, the entire service is powered by Windows diagnostic data, which requires that devices have this direct connectivity.
diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md
index 494351fd7c..90965a2bd0 100644
--- a/windows/deployment/upgrade/setupdiag.md
+++ b/windows/deployment/upgrade/setupdiag.md
@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.date: 05/30/2018
-ms.localizationpriority: medium
+ms.date: 07/18/2018
+ms.localizationpriority: high
 ---
 
 # SetupDiag
@@ -18,13 +18,33 @@ ms.localizationpriority: medium
 
 >[!NOTE]
 >This is a 300 level topic (moderate advanced).<br>
->See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.<br>
 
-[SetupDiag.exe](https://go.microsoft.com/fwlink/?linkid=870142) is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. 
+&nbsp;[![Download SetupDiag](../images/download.png)](https://go.microsoft.com/fwlink/?linkid=870142)
+
+## About SetupDiag
+
+<I>Current version of SetupDiag: 1.3.1.0</I>
+
+SetupDiag is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. 
 
 SetupDiag works by examining Windows Setup log files. It attempts to parse these log files to determine the root cause of a failure to update or upgrade the computer to Windows 10. SetupDiag can be run on the computer that failed to update, or you can export logs from the computer to another location and run SetupDiag in offline mode.
 
-See the [Release notes](#release-notes) section at the bottom of this topic for information about updates to this tool. 
+To quickly use SetupDiag on your current computer:
+1. Verify that your system meets the [requirements](#requirements) described below. If needed, install the [.NET framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137).
+2. [Download SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142).
+3. If your web browser asks what to do with the file, choose **Save**. By default, the file will be saved to your **Downloads** folder. You can also save it to a different location if desired by using **Save As**.
+4. When SetupDiag has finished downloading, open the folder where you downloaded the file. As mentioned above, by default this is your **Downloads** folder which is displayed in File Explorer under **Quick access** in the left navigation pane.
+5. Double-click the **SetupDiag** file to run it. Click **Yes** if you are asked to approve running the program.
+    - Double-clicking the file to run it will automatically close the command window when SetupDiag has completed its analysis. If you wish to keep this window open instead, and review the messages that you see, run the program by typing **SetupDiag** at the command prompt instead of double-clicking it. You will need to change directories to the location of SetupDiag to run it this way.
+6. A command window will open while SetupDiag diagnoses your computer. Wait for this to finish.
+7. When SetupDiag finishes, two files will be created in the same folder where you double-clicked SetupDiag. One is a configuration file, the other is a log file.
+8. Use Notepad to open the log file: **SetupDiagResults.log**.
+9. Review the information that is displayed. If a rule was matched this can tell you why the computer failed to upgrade, and potentially how to fix the problem. See the [Text log sample](#text-log-sample) below.
+
+For instructions on how to run the tool in offline more and with more advanced options, see the [Parameters](#parameters) and [Examples](#examples) sections below.
+
+The [Release notes](#release-notes) section at the bottom of this topic has information about recent updates to this tool. 
 
 ## Requirements
 
@@ -43,8 +63,9 @@ See the [Release notes](#release-notes) section at the bottom of this topic for
 | /Output:\<path to results file\> | <ul><li>This optional parameter enables you to specify the output file for results. This is where you will find what SetupDiag was able to determine.  Only text format output is supported.  UNC paths will work, provided the context under which SetupDiag runs has access to the UNC path.  If the path has a space in it, you must enclose the entire path in double quotes (see the example section below). <li>Default: If not specified, SetupDiag will create the file **SetupDiagResults.log** in the same  directory where SetupDiag.exe is run.</ul> |
 | /Mode:\<Offline \| Online\>  |  <ul><li>This optional parameter allows you to specify the mode in which SetupDiag will operate: Offline or Online.<li>Offline: tells SetupDiag to run against a set of log files already captured from a failed system.  In this mode you can run anywhere you have access to the log files.  This mode does not require SetupDiag to be run on the computer that failed to update. When you specify offline mode, you must also specify the /LogsPath: parameter.<li>Online: tells SetupDiag that it is being run on the computer that failed to update. SetupDiag will attempt find log files and resources in standard Windows locations, such as the **%SystemDrive%\$Windows.~bt** directory for setup log files.<li>Log file search paths are configurable in the SetupDiag.exe.config file, under the SearchPath key.  Search paths are comma separated.  Note: A large number of search paths will extend the time required for SetupDiag to return results.<li>Default: If not specified, SetupDiag will run in Online mode.</ul> |
 | /LogsPath:\<Path to logs\> | <ul><li>This optional parameter is required only when **/Mode:Offline** is specified.  This tells SetupDiag.exe where to find the log files. These log files can be in a flat folder format, or containing multiple subdirectories.  SetupDiag will recursively search all child directories. This parameter should be omitted when the **/Mode:Online** is specified.</ul> |
-| /ZipLogs:\<True \| False\> | <ul><li>This optional parameter tells SetupDiag.exe to create a zip file continuing its results and all the log files it parsed.  The zip file is created in the same directory where SetupDiag.exe is run.<li>Default: If not specified, a value of 'true' is used.</ul> |
+| /ZipLogs:\<True \| False\> | <ul><li>This optional parameter tells SetupDiag.exe to create a zip file containing the results and all the log files it parsed.  The zip file is created in the same directory where SetupDiag.exe is run.<li>Default: If not specified, a value of 'true' is used.</ul> |
 | /Verbose | <ul><li>This optional parameter will output much more data to the log file produced by SetupDiag.exe.  By default SetupDiag will only produce a log file entry for serious errors.  Using **/Verbose** will cause SetupDiag to always produce a log file with debugging details, which can be useful when reporting a problem with SetupDiag.</ul> |
+| /Format:\<xml \| json\> | <ul><li>This optional parameter can be used to output log files in xml or JSON format.  If this parameter is not specified, text format is used by default.</ul> |
 
 ### Examples:
 
@@ -346,10 +367,26 @@ Each rule name and its associated unique rule identifier are listed with a descr
     - Matches DPX expander failures in the down-level phase of update from WU.  Will output the package name, function, expression and error code.
 41. FindFatalPluginFailure – E48E3F1C-26F6-4AFB-859B-BF637DA49636
     - Matches any plug in failure that setupplatform decides is fatal to setup.  Will output the plugin name, operation and error code.
-
+42. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC
+    - Indicates critical failure in the AdvancedInstaller while running an installer package, includes the .exe being called, the phase, mode, component and error codes.
+43. MigrationAbortedDueToPluginFailure - D07A24F6-5B25-474E-B516-A730085940C9
+    - Indicates a critical failure in a migration plugin that causes setup to abort the migration.  Will provide the setup operation, plug in name, plug in action and error code.
+44. DISMAddPackageFailed - 6196FF5B-E69E-4117-9EC6-9C1EAB20A3B9
+    - Indicates a critical failure during a DISM add package operation.  Will specify the Package Name, DISM error and add package error code.
 
 ## Release notes
 
+07/16/2018 - SetupDiag v1.3.1 is released with 44 rules, as a standalone tool available from the Download Center.
+   - This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but does not have debugger binaries installed.
+
+07/10/2018 - SetupDiag v1.30 is released with 44 rules, as a standalone tool available from the Download Center.
+   - Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues.
+   - New feature: Ability to output logs in JSON and XML format.
+       - Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic.
+       - If the “/Format:xml” or “/Format:json” parameter is omitted, the log output format will default to text.
+   - New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive.
+   - 3 new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed.
+
 05/30/2018 - SetupDiag v1.20 is released with 41 rules, as a standalone tool available from the Download Center.
    - Fixed a bug in device install failure detection in online mode.
    - Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate.  This change enables the tool to analyze update failures that occur prior to calling SetupHost.
@@ -364,6 +401,84 @@ Each rule name and its associated unique rule identifier are listed with a descr
 
 03/30/2018 - SetupDiag v1.00 is released with 26 rules, as a standalone tool available from the Download Center.
 
+## Sample logs
+
+### Text log sample
+
+```
+Matching Profile found: OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6
+System Information:
+	Machine Name = Offline
+	Manufacturer = MSI
+	Model = MS-7998
+	HostOSArchitecture = x64
+	FirmwareType = PCAT
+	BiosReleaseDate = 20160727000000.000000+000
+	BiosVendor = BIOS Date: 07/27/16 10:01:46 Ver: V1.70
+	BiosVersion = 1.70
+	HostOSVersion = 10.0.15063
+	HostOSBuildString = 15063.0.amd64fre.rs2_release.170317-1834
+	TargetOSBuildString = 10.0.16299.15 (rs3_release.170928-1534)
+	HostOSLanguageId = 2057
+	HostOSEdition = Core
+	RegisteredAV = Windows Defender,
+	FilterDrivers = WdFilter,wcifs,WIMMount,luafv,Wof,FileInfo,
+	UpgradeStartTime = 3/21/2018 9:47:16 PM
+	UpgradeEndTime = 3/21/2018 10:02:40 PM
+	UpgradeElapsedTime = 00:15:24
+	ReportId = dd4db176-4e3f-4451-aef6-22cf46de8bde
+
+Error: SetupDiag reports Optional Component installation failed to open OC Package. Package Name: Foundation, Error: 0x8007001F
+Recommend you check the "Windows Modules Installer" service (Trusted Installer) is started on the system and set to automatic start, reboot and try the update again.  Optionally, you can check the status of optional components on the system (search for Windows Features), uninstall any unneeded optional components, reboot and try the update again.
+Error: SetupDiag reports down-level failure, Operation: Finalize, Error: 0x8007001F - 0x50015
+Refer to https://docs.microsoft.com/en-us/windows/deployment/upgrade/upgrade-error-codes for error information.
+```
+
+### XML log sample
+
+```
+<?xml version="1.0" encoding="utf-16"?>
+<SetupDiag xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="https://docs.microsoft.com/en-us/windows/deployment/upgrade/setupdiag">
+  <Version>1.3.0.0</Version>
+  <ProfileName>DiskSpaceBlockInDownLevel</ProfileName>
+  <ProfileGuid>6080AFAC-892E-4903-94EA-7A17E69E549E</ProfileGuid>
+  <SystemInfo>
+    <MachineName>Offline</MachineName>
+    <Manufacturer>Microsoft Corporation</Manufacturer>
+    <Model>Virtual Machine</Model>
+    <HostOSArchitecture>x64</HostOSArchitecture>
+    <FirmwareType>UEFI</FirmwareType>
+    <BiosReleaseDate>20171012000000.000000+000</BiosReleaseDate>
+    <BiosVendor>Hyper-V UEFI Release v2.5</BiosVendor>
+    <BiosVersion>Hyper-V UEFI Release v2.5</BiosVersion>
+    <HostOSVersion>10.0.14393</HostOSVersion>
+    <HostOSBuildString>14393.1794.amd64fre.rs1_release.171008-1615</HostOSBuildString>
+    <TargetOSBuildString>10.0.16299.15 (rs3_release.170928-1534)</TargetOSBuildString>
+    <HostOSLanguageId>1033</HostOSLanguageId>
+    <HostOSEdition>Core</HostOSEdition>
+    <RegisteredAV />
+    <FilterDrivers />
+    <UpgradeStartTime>2017-12-21T12:56:22</UpgradeStartTime>
+    <UpgradeElapsedTime />
+    <UpgradeEndTime>2017-12-21T13:22:46</UpgradeEndTime>
+    <RollbackStartTime>0001-01-01T00:00:00</RollbackStartTime>
+    <RollbackEndTime>0001-01-01T00:00:00</RollbackEndTime>
+    <RollbackElapsedTime />
+    <CommercialId>Offline</CommercialId>
+    <SetupReportId>06600fcd-acc0-40e4-b7f8-bb984dc8d05a</SetupReportId>
+    <ReportId>06600fcd-acc0-40e4-b7f8-bb984dc8d05a</ReportId>
+  </SystemInfo>
+  <FailureData>Warning: Found Disk Space Hard Block.</FailureData>
+  <Remediation>You must free up at least "6603" MB of space on the System Drive, and try again.</Remediation>
+</SetupDiag>
+```
+
+### JSON log sample
+
+```
+{"Version":"1.3.0.0","ProfileName":"DiskSpaceBlockInDownLevel","ProfileGuid":"6080AFAC-892E-4903-94EA-7A17E69E549E","SystemInfo":{"BiosReleaseDate":"20171012000000.000000+000","BiosVendor":"Hyper-V UEFI Release v2.5","BiosVersion":"Hyper-V UEFI Release v2.5","CV":null,"CommercialId":"Offline","FilterDrivers":"","FirmwareType":"UEFI","HostOSArchitecture":"x64","HostOSBuildString":"14393.1794.amd64fre.rs1_release.171008-1615","HostOSEdition":"Core","HostOSLanguageId":"1033","HostOSVersion":"10.0.14393","MachineName":"Offline","Manufacturer":"Microsoft Corporation","Model":"Virtual Machine","RegisteredAV":"","ReportId":"06600fcd-acc0-40e4-b7f8-bb984dc8d05a","RollbackElapsedTime":"PT0S","RollbackEndTime":"\/Date(-62135568000000-0800)\/","RollbackStartTime":"\/Date(-62135568000000-0800)\/","SDMode":1,"SetupReportId":"06600fcd-acc0-40e4-b7f8-bb984dc8d05a","TargetOSArchitecture":null,"TargetOSBuildString":"10.0.16299.15 (rs3_release.170928-1534)","UpgradeElapsedTime":"PT26M24S","UpgradeEndTime":"\/Date(1513891366000-0800)\/","UpgradeStartTime":"\/Date(1513889782000-0800)\/"},"FailureData":["Warning: Found Disk Space Hard Block."],"DeviceDriverInfo":null,"Remediation":["You must free up at least \"6603\" MB of space on the System Drive, and try again."]}
+```
+
 ## Related topics
 
 [Resolve Windows 10 upgrade errors: Technical information for IT Pros](https://docs.microsoft.com/en-us/windows/deployment/upgrade/resolve-windows-10-upgrade-errors)
\ No newline at end of file
diff --git a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md
index d3f4fb87fd..80369e62f5 100644
--- a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md
+++ b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md
@@ -3,7 +3,7 @@ title: Upgrade Readiness - Additional insights
 description: Explains additional features of Upgrade Readiness.
 ms.prod: w10
 author: jaimeo
-ms.date: 04/03/2018
+ms.date: 07/02/2018
 ---
 
 # Upgrade Readiness - Additional insights
@@ -50,11 +50,13 @@ This blade reports the number of devices that have installed a firmware update t
 
 ## Site discovery
 
-The site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 7, Windows 8.1, and Windows 10. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data.
+The IE site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 7, Windows 8.1, and Windows 10. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data.
 
 > [!NOTE] 
 > Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. The data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
 
+>IE site discovery is disabled on devices running Windows 7 and Windows 8.1 that are in Switzerland and EU countries.
+
 In order to use site discovery, a separate opt-in is required; see [Enrolling devices in Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started).
 
 ### Review most active sites
diff --git a/windows/deployment/upgrade/upgrade-readiness-requirements.md b/windows/deployment/upgrade/upgrade-readiness-requirements.md
index ac75385be4..6e85f14d18 100644
--- a/windows/deployment/upgrade/upgrade-readiness-requirements.md
+++ b/windows/deployment/upgrade/upgrade-readiness-requirements.md
@@ -40,7 +40,7 @@ While Upgrade Readiness can be used to assist with updating devices from Windows
 
 Upgrade Readiness is offered as a solution in Microsoft Operations Management Suite (OMS) and Azure Log Analytics, a collection of cloud based services for managing on premises and cloud computing environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/) or the Azure [Log Analytics overview](https://azure.microsoft.com/services/log-analytics/).
 
-If you’re already using OMS or Azure Log Analytics, you’ll find Upgrade Readiness in the Solutions Gallery. Click the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution’s details page. Upgrade Readiness is now visible in your workspace. You can also 
+If you’re already using OMS or Azure Log Analytics, you’ll find Upgrade Readiness in the Solutions Gallery. Click the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution’s details page. Upgrade Readiness is now visible in your workspace. 
 
 If you are not using OMS or Azure Log Analytics, go to [Log Analytics](https://azure.microsoft.com/services/log-analytics/) on Microsoft.com and select **Start free** to start the setup process. During the process, you’ll create a workspace and add the Upgrade Readiness solution to it.
 
diff --git a/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md b/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md
index a927b0db6d..3f049881af 100644
--- a/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md
+++ b/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md
@@ -49,7 +49,7 @@ To change an application's upgrade decision:
 1. Select **Decide upgrade readiness** to view applications with issues. 
 2. In the table view, select an **UpgradeDecision** value. 
 3. Select **Decide upgrade readiness** to change the upgrade decision for each application.
-4. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
+4. Select the applications you want to change to a specific upgrade decision and then select the appropriate option from the **Select upgrade decision** list.
 5. Click **Save** when finished.  
 
 IMPORTANT: Ensure that you have the most recent versions of the compatibility update and related KBs installed to get the most up-to-date compatibility information.
diff --git a/windows/deployment/upgrade/windows-10-downgrade-paths.md b/windows/deployment/upgrade/windows-10-downgrade-paths.md
deleted file mode 100644
index 8f56af65a7..0000000000
--- a/windows/deployment/upgrade/windows-10-downgrade-paths.md
+++ /dev/null
@@ -1,140 +0,0 @@
----
-title: Windows 10 downgrade paths (Windows 10)
-description: You can downgrade Windows 10 if the downgrade path is supported.
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.localizationpriority: medium
-ms.pagetype: mobile
-author: greg-lindsay
-ms.date: 06/15/2018
----
-
-# Windows 10 downgrade paths
-**Applies to**
-
--   Windows 10
-
-## Downgrading Windows 10
-
-This topic provides a summary of supported Windows 10 downgrade paths. You might need to downgrade the edition of Windows 10, for example, if an Enterprise license is expired. To perform a downgrade, you can use the same methods as when performing an [edition upgrade](windows-10-edition-upgrades.md). For example, you might downgrade an Enterprise edition by manually entering a valid Pro license key.
-
-If a downgrade is supported, then your apps and settings can be migrated from the current edition to the downgraded edition. If a path is not supported, then a clean install is required.
-
-Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 by entering a different product key is not supported. The only downgrade method available for this the rollback of a previous upgrade.  You also cannot downgrade from a later version to an earlier version of the same edition (Ex: Windows 10 Pro 1709 to 1703) unless the rollback process is used.
-
->**Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
-
->**Windows N/KN**: Windows "N" and "KN" SKUs follow the same rules shown below.
-
-### Supported Windows 10 downgrade paths
-
->[!NOTE]
->Edition changes that are considered upgrades (Ex: Pro to Enterprise) are not shown here.<br> 
->Switching between different editions of Pro is also not strictly considered an edition downgrade, but is included here for clarity. 
-
-✔ = Supported downgrade path<br>
-
-<br>
-<table border="0" cellpadding="1">
-    <tr>
-        <td colspan="10" align="center">Destination edition</td>
-    </tr>
-    <tr>
-        <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
-        <td></td>
-        <td>Home</td>
-        <td>Pro</td>
-        <td>Pro for Workstations</td>
-        <td>Pro Education</td>
-        <td>Education</td>
-        <td>Enterprise LTSC</td>
-        <td>Enterprise</td>
-    </tr>
-    <tr>
-        <td rowspan="9" nowrap="nowrap" valign="middle">Starting edition</td>
-    </tr>
-    <tr>
-        <td>Home</td>
-        <td></td>
-        <td></td>
-        <td></td>
-        <td></td>
-        <td></td>
-        <td></td>
-        <td></td>
-    </tr>
-    <tr>
-        <td>Pro</td>
-        <td></td>
-        <td></td>
-        <td align="center">✔</td>
-        <td align="center">✔</td>
-        <td></td>
-        <td></td>
-        <td></td>
-    </tr>
-    <tr>
-        <td>Pro for Workstations</td>
-        <td></td>
-        <td></td>
-        <td></td>
-        <td></td>
-        <td></td>
-        <td></td>
-        <td></td>
-    </tr>
-    <tr>
-        <td>Pro Education</td>
-        <td></td>
-        <td align="center">✔</td>
-        <td align="center">✔</td>
-        <td></td>
-        <td></td>
-        <td></td>
-        <td></td>
-    </tr>
-    <tr>
-        <td>Education</td>
-        <td></td>
-        <td align="center">✔</td>
-        <td align="center">✔</td>
-        <td align="center">✔</td>
-        <td></td>
-        <td></td>
-        <td></td>
-    </tr>
-    <tr>
-        <td>Enterprise LTSC</td>
-        <td></td>
-        <td align="center"></td>
-        <td align="center"></td>
-        <td align="center"></td>
-        <td align="center"></td>
-        <td></td>
-        <td></td>
-    </tr>
-    <tr>
-        <td>Enterprise</td>
-        <td></td>
-        <td align="center">✔</td>
-        <td align="center">✔</td>
-        <td align="center">✔</td>
-        <td align="center">✔</td>
-        <td></td>
-        <td></td>
-    </tr>
-</table>
-
-
-## Related Topics
-
-[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)<br>
-[Windows upgrade and migration considerations](windows-upgrade-and-migration-considerations.md)<br>
-[Windows 10 edition upgrade](windows-10-edition-upgrades.md)<br>
-[Windows 10 upgrade paths](windows-10-upgrade-paths.md)
-
-
-
-
-
diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md
index 73052174b6..f0f9e52ba2 100644
--- a/windows/deployment/upgrade/windows-10-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md
@@ -8,7 +8,7 @@ ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: mobile
 author: greg-lindsay
-ms.date: 04/30/2018
+ms.date: 07/06/2018
 ---
 
 # Windows 10 edition upgrade
@@ -18,13 +18,15 @@ ms.date: 04/30/2018
 -   Windows 10
 -   Windows 10 Mobile
 
-With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md).
+With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md). Downgrading the edition of Windows is discussed in the [License expiration](#license-expiration) section on this page.
+
+For a list of operating systems that qualify for the Windows 10 Pro Upgrade or Windows 10 Enterprise Upgrade through Microsoft Volume Licensing, see [Windows 10 Qualifying Operating Systems](http://download.microsoft.com/download/2/d/1/2d14fe17-66c2-4d4c-af73-e122930b60f6/Windows10-QOS.pdf).
 
 The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer. **Note**: The reboot requirement for upgrading from Pro to Enterprise was removed in version 1607. 
 
 ![not supported](../images/x_blk.png) (X) = not supported</br>
 ![supported, reboot required](../images/check_grn.png) (green checkmark) = supported, reboot required</br>
-![supported, no reboot](../images/check_blu.png) (blue checkmark) = supported, no reboot required
+![supported, no reboot](../images/check_blu.png) (blue checkmark) = supported, no reboot required<br>
 
 <!-- OLD TABLE and key
 X = unsupported <BR>
@@ -56,7 +58,6 @@ X = unsupported <BR>
 | **Pro Education > Education** | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) <br>(MSfB) | ![supported, reboot required](../images/check_grn.png) | ![not supported](../images/x_blk.png) |
 | **Enterprise > Education** | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) <br>(MSfB) | ![supported, reboot required](../images/check_grn.png) | ![not supported](../images/x_blk.png) |
 | **Enterprise LTSC > Enterprise** | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) | ![supported, reboot required](../images/check_grn.png) <br>(MSfB) | ![supported, reboot required](../images/check_grn.png) | ![not supported](../images/x_blk.png) |
-| **Pro for Workstations > Pro Education** | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) | ![supported, no reboot](../images/check_blu.png) <br>(MSfB) | ![supported, no reboot](../images/check_blu.png) | ![not supported](../images/x_blk.png) |
 | **Mobile > Mobile Enterprise** | ![supported, no reboot](../images/check_blu.png) |![supported, no reboot](../images/check_blu.png) | ![not supported](../images/x_blk.png) | ![not supported](../images/x_blk.png) | ![not supported](../images/x_blk.png) | ![not supported](../images/x_blk.png) |
 
 > [!NOTE]
@@ -118,4 +119,128 @@ If you do not have a product key, you can upgrade your edition of Windows 10 th
     
     **Note**<br>If you are a Windows 10 Home N or Windows 10 Home KN user and have trouble finding your applicable upgrade in the Microsoft Store, click [here](ms-windows-store://windowsupgrade/).
 
- 
+## License expiration
+
+Volume license customers whose license has expired will need to change the edition of Windows 10 to an edition with an active license. Switching to a downgraded edition of Windows 10 is possible using the same methods that were used to perform an edition upgrade. If the downgrade path is supported, then your apps and settings can be migrated from the current edition. If a path is not supported, then a clean install is required.
+
+Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 by entering a different product key is not supported.  You also cannot downgrade from a later version to an earlier version of the same edition (Ex: Windows 10 Pro 1709 to 1703) unless the rollback process is used. This topic does not discuss version downgrades.
+
+Note: If you are using [Windows 10 Enterprise Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation) and a license expires, devices will automatically revert to the original edition when the grace period expires.
+
+### Scenario example
+
+Downgrading from Enterprise
+- Original edition: **Professional OEM**
+- Upgrade edition: **Enterprise**
+- Valid downgrade paths: **Pro, Pro for Workstations, Pro Education, Education**
+
+You can move directly from Enterprise to any valid destination edition. In this example, downgrading to Pro for Workstations, Pro Education, or Education requires an additional activation key to supercede the firmware-embedded Pro key. In all cases, you must comply with [Microsoft License Terms](https://www.microsoft.com/useterms). If you are a volume license customer, refer to the [Microsoft Volume Licensing Reference Guide](https://www.microsoft.com/en-us/download/details.aspx?id=11091).
+
+### Supported Windows 10 downgrade paths
+
+✔ = Supported downgrade path<br>
+&nbsp;S&nbsp; = Supported; Not considered a downgrade or an upgrade<br>
+[blank] = Not supported or not a downgrade<br>
+
+<br>
+<table border="0" cellpadding="1">
+    <tr>
+        <td colspan="10" align="center">Destination edition</td>
+    </tr>
+    <tr>
+        <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+        <td></td>
+        <td>Home</td>
+        <td>Pro</td>
+        <td>Pro for Workstations</td>
+        <td>Pro Education</td>
+        <td>Education</td>
+        <td>Enterprise LTSC</td>
+        <td>Enterprise</td>
+    </tr>
+    <tr>
+        <td rowspan="9" nowrap="nowrap" valign="middle">Starting edition</td>
+    </tr>
+    <tr>
+        <td>Home</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Pro</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Pro for Workstations</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Pro Education</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Education</td>
+        <td></td>
+        <td align="center">✔</td>
+        <td align="center">✔</td>
+        <td align="center">✔</td>
+        <td></td>
+        <td></td>
+        <td>S</td>
+    </tr>
+    <tr>
+        <td>Enterprise LTSC</td>
+        <td></td>
+        <td align="center"></td>
+        <td align="center"></td>
+        <td align="center"></td>
+        <td align="center"></td>
+        <td></td>
+        <td></td>
+    </tr>
+    <tr>
+        <td>Enterprise</td>
+        <td></td>
+        <td align="center">✔</td>
+        <td align="center">✔</td>
+        <td align="center">✔</td>
+        <td align="center">S</td>
+        <td></td>
+        <td></td>
+    </tr>
+</table>
+
+>**Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
+
+>**Windows N/KN**: Windows "N" and "KN" SKUs follow the same rules shown above.
+
+Some slightly more complex scenarios are not represented by the table above. For example, you can perform an upgrade from Pro to Pro for Workstation on a computer with an embedded Pro key using a Pro for Workstation license key, and then later downgrade this computer back to Pro with the firmware-embedded key. The downgrade is allowed but only because the pre-installed OS is Pro.
+
+## Related topics
+
+[Windows 10 upgrade paths](https://docs.microsoft.com/windows/deployment/upgrade/windows-10-upgrade-paths)<br>
+[Windows 10 volume license media](https://docs.microsoft.com/windows/deployment/windows-10-media)<br>
+[Windows 10 Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation)
\ No newline at end of file
diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md
index 4a31dcba54..4ca5f1bd95 100644
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.localizationpriority: medium
 ms.pagetype: mobile
 author: greg-lindsay
-ms.date: 05/29/2018
+ms.date: 07/06/2018
 ---
 
 # Windows 10 upgrade paths
@@ -305,8 +305,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
 
 [Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)<br>
 [Windows upgrade and migration considerations](windows-upgrade-and-migration-considerations.md)<br>
-[Windows 10 edition upgrade](windows-10-edition-upgrades.md)<br>
-[Windows 10 downgrade paths](windows-10-downgrade-paths.md)
+[Windows 10 edition upgrade](windows-10-edition-upgrades.md)
 
 
 
diff --git a/windows/deployment/windows-autopilot/TOC.md b/windows/deployment/windows-autopilot/TOC.md
index 3bdaf3e0ba..13ef2ce85b 100644
--- a/windows/deployment/windows-autopilot/TOC.md
+++ b/windows/deployment/windows-autopilot/TOC.md
@@ -1,8 +1,23 @@
-# [Overview of Windows Autopilot](windows-10-autopilot.md)
-
-## [The Windows Autopilot Deployment Program in Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles)
-## [The Windows Autopilot Deployment Program in Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot)
-## [The Windows Autopilot Deployment Program in Microsoft 365 Business & Office 365 Admin portal](https://support.office.com/article/Create-and-edit-Autopilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa)
-## [The Windows Autopilot Deployment Program in Partner Center](https://msdn.microsoft.com/partner-center/autopilot)
-## [Demo the Windows Autopilot Deployment Program on a Virtual Machine](windows-10-autopilot-demo-vm.md)
-
+# [Windows Autopilot](windows-autopilot.md)
+## [Requirements](windows-autopilot-requirements.md)
+### [Configuration requirements](windows-autopilot-requirements-configuration.md)
+### [Network requirements](windows-autopilot-requirements-network.md)
+### [Licensing requirements](windows-autopilot-requirements-licensing.md)
+## [Scenarios and Capabilities](windows-autopilot-scenarios.md)
+### [User-driven mode](user-driven.md)
+### [Self-deploying mode](self-deploying.md)
+### [Enrollment status page](enrollment-status.md)
+### [Windows Autopilot Reset](windows-autopilot-reset.md)
+#### [Remote reset](windows-autopilot-reset-remote.md)
+#### [Local reset](windows-autopilot-reset-local.md)
+## Administering Autopilot
+### [Configuring](configure-autopilot.md)
+#### [Adding devices](add-devices.md)
+#### [Creating profiles](profiles.md)
+### [Administering Autopilot via Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles)
+### [Administering Autopilot via Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot)
+### [Administering Autopilot via Microsoft 365 Business & Office 365 Admin portal](https://support.office.com/article/Create-and-edit-Autopilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa)
+### [Administering Autopilot via Partner Center](https://msdn.microsoft.com/partner-center/autopilot)
+## Getting started
+### [Demonstrate Autopilot deployment on a VM](demonstrate-deployment-on-vm.md)
+## [Troubleshooting](troubleshooting.md)
diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md
new file mode 100644
index 0000000000..f01143dd4c
--- /dev/null
+++ b/windows/deployment/windows-autopilot/add-devices.md
@@ -0,0 +1,67 @@
+---
+title: Adding devices
+description: How to add devices to Windows Autopilot
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+ms.sitesec: library
+ms.pagetype: deploy
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/18
+---
+
+# Adding devices to Windows Autopilot
+
+**Applies to**
+
+-   Windows 10
+
+Before deploying a device using Windows Autopilot, the device must be registered with the Windows Autopilot deployment service. Ideally, this would be performed by the OEM, reseller, or distributor from which the devices were purchased, but this can also be done by the organization by collecting the hardware identity and uploading it manually.
+
+## Device identification
+
+To define a device to the Windows Autopilot deployment service, a unique hardware ID for the device needs to be captured and uploaded to the service. While this step is ideally done by the hardware vendor (OEM, reseller, or distributor), automatically associating the device with an organization, it is also possible to do this through a harvesting process that collects the device from within a running Windows 10 version 1703 or later installation.
+
+The hardware ID, also commonly referred to as a hardware hash, contains several details about the device, including its manufacturer, model, device serial number, hard drive serial number, and many other attributes that can be used to uniquely identify that device.
+
+Note that the hardware hash also contains details about when it was generated, so it will change each time it is generated. When the Windows Autopilot Deployment Service attempts to match a device, it considers changes like that, as well as more substantial changes such as a new hard drive, and is still able to match successfully. But substantial changes to the hardware, such as motherboard replacement, would not match, so the device would need to be re-uploaded.
+
+## Collecting the hardware ID from existing devices using PowerShell
+
+The hardware ID, or hardware hash, for an existing device is available through Windows Management Instrumentation (WMI), as long as that device is running Windows 10 version 1703 or later. To help gather this information, as well as the serial number of the device (useful to see at a glance the machine to which it belongs), a PowerShell script called [Get-WindowsAutoPilotInfo.ps1 has been published to the PowerShell Gallery website](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo).
+
+To use this script, you can download it from the PowerShell Gallery and run it on each computer, or you can install it directly from the PowerShell Gallery. To install it directly and capture the hardware hash from the local computer, these commands can be used:
+
+*md c:\\HWID*
+
+*Set-Location c:\\HWID*
+
+*Set-ExecutionPolicy Unrestricted*
+
+*Install-Script -Name Get-WindowsAutoPilotInfo*
+
+*Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv*
+
+Note that you must run this PowerShell script with administrator privileges (elevated). It can also be run remotely, as long as WMI permissions are in place and WMI is accessible through the Windows Firewall on that remote computer. See the Get-WindowsAutoPilotInfo script’s help (using “Get-Help Get-WindowsAutoPilotInfo.ps1”) for more information.
+
+## Collecting the hardware ID from existing devices using System Center Configuration Manager
+
+Starting with System Center Configuration Manager current branch version 1802, the hardware hashes for existing Windows 10 version 1703 and higher devices are automatically collected by Configuration Manager. See the [What’s new in version 1802](https://docs.microsoft.com/en-us/sccm/core/plan-design/changes/whats-new-in-version-1802#report-on-windows-autopilot-device-information) documentation for more details.
+
+## Uploading hardware IDs
+
+Once the hardware IDs have been captured from existing devices, they can be uploaded through a variety of means. See the detailed documentation for each available mechanism:
+
+For guidance on how to register devices, configure and apply deployment profiles, follow one of the available administration options:
+
+-   [Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot)
+
+-   [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles)
+
+-   [Microsoft 365 Business & Office 365 Admin](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa)
+
+-   [Partner Center](https://msdn.microsoft.com/partner-center/autopilot)
+
+For those using Microsoft Intune, devices should normally be uploaded via Intune; for those using Microsoft 365 Business, its administrative portal would be used. For [Cloud Solution Provider (CSP)](https://partnercenter.microsoft.com/en-us/partner/cloud-solution-provider) partners uploading devices on the behalf of a customer that they are authorized to manage, Partner Center can be used. For any other scenario, the Microsoft Store for Business is available.
diff --git a/windows/deployment/windows-autopilot/configure-autopilot.md b/windows/deployment/windows-autopilot/configure-autopilot.md
new file mode 100644
index 0000000000..c5856a1af6
--- /dev/null
+++ b/windows/deployment/windows-autopilot/configure-autopilot.md
@@ -0,0 +1,32 @@
+---
+title: Configure Autopilot deployment
+description: How to configure Windows Autopilot deployment
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+ms.sitesec: library
+ms.pagetype: deploy
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/18
+---
+
+# Configure Autopilot deployment
+
+**Applies to**
+
+-   Windows 10
+
+## Deploying new devices
+
+When deploying new devices using Windows Autopilot, a common set of steps are required:
+
+1.  [Register devices with the Windows Autopilot deployment service](add-devices.md). Ideally, this step would be performed by the OEM, reseller, or distributor from which the devices were purchased, but this can also be done by the organization by collecting the hardware identity and uploading it manually.
+
+2.  [Assign a profile of settings to each device](profiles.md), specifying how the device should be deployed and what user experience should be presented.
+
+3.  Boot the device. When the device is connected to a network with internet access, it will contact the Windows Autopilot deployment service to see if the device is registered, and if it is, it will download the profile settings which are used to customize the end user experience.
+
+<img src="./images/image2.png" width="511" height="249" />
+
diff --git a/windows/deployment/windows-autopilot/windows-10-autopilot-demo-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
similarity index 94%
rename from windows/deployment/windows-autopilot/windows-10-autopilot-demo-vm.md
rename to windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index a093eb31cd..ca44b1c9f9 100644
--- a/windows/deployment/windows-autopilot/windows-10-autopilot-demo-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -1,5 +1,5 @@
 ---
-title: Demo the Windows Autopilot Deployment Program on a Virtual Machine
+title: Demonstrate Autopilot deployment on a VM
 description: Step-by-step instructions on how to set-up a Virtual Machine with a Windows Autopilot deployment
 keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
 ms.prod: w10
@@ -8,11 +8,11 @@ ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: deploy
 author: coreyp-at-msft
-ms.author: coreyp
-ms.date: 05/09/18
+ms.author: greg-lindsay
+ms.date: 07/13/18
 ---
 
-# Demo the Windows Autopilot Deployment Program on a Virtual Machine
+# Demonstrate Autopilot deployment on a VM
 
 **Applies to**
 
@@ -27,10 +27,10 @@ In this topic you'll learn how to set-up a Windows Autopilot deployment for a Vi
 
 These are the thing you'll need on your device to get started:
 * Installation media for the latest version of Windows 10 Professional or Enterprise (ISO file)
-* Internet access (see [Network connectivity requirements](windows-10-autopilot.md#network-connectivity-requirements))
+* Internet access (see [Network connectivity requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot#network-connectivity-requirements))
 * Hypervisor needs to be unoccupied, or used by Hyper-V, as we will be using Hyper-V to create the Virtual Machine
 
-See additional prerequisites in the [Windows Autopilot overview topic](windows-10-autopilot.md#prerequisites).
+See additional prerequisites in the [Windows Autopilot overview topic](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot#prerequisites).
 
 ## Create your Virtual Machine
 
@@ -209,4 +209,3 @@ Once you select a language and a keyboard layout, your company branded sign-in s
 
 Windows Autopilot will now take over to automatically join your Virtual Machine into Azure Active Directory and enroll it to Microsoft Intune. Use the checkpoints you've created to go through this process again with different settings.
 
-Missing something in this topic? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub://?referrer=techDocsUcPage&tabid=2&contextid=897&newFeedback=true&topic=windows-10-autopilot-demo-vm.md). 
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/enrollment-status.md b/windows/deployment/windows-autopilot/enrollment-status.md
new file mode 100644
index 0000000000..a63c814e8c
--- /dev/null
+++ b/windows/deployment/windows-autopilot/enrollment-status.md
@@ -0,0 +1,52 @@
+---
+title: Windows Autopilot Enrollment Status page 
+description: Gives an overview of the enrollment status page capabilities, configuration
+keywords: Autopilot Plug and Forget, Windows 10
+ms.prod: w10
+ms.technology: Windows
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype:
+ms.localizationpriority: high
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/2018
+---
+
+# Windows Autopilot Enrollment Status page
+
+The Windows Autopilot Enrollment Status page displaying the status of the complete device configuration process.  Incorporating feedback from customers, this provides information to the user to show that the device is being set up and can be configured to prevent access to the desktop until the configuration is complete. 
+ 
+ ![Enrollment Status Page](images/enrollment-status-page.png)
+
+## Available settings
+
+ The following settings can be configured:
+
+ - Show app and profile installation progress.  When enabled, the Enrollment Status page is displayed.
+ - Block device use until all apps and profiles are installed.  When enabled, the Enrollment Status page will be displayed until the device configuraton process is complete.  When not enabled, the user can dismiss the page at any time.
+ - Allow users to reset device if installation errors occur.
+ - Allow users to use device if installation errors occur.
+ - Show error when installation takes longer than the specified number of minutes.
+ - Show custom error message when an error occurs.
+ - Allow users to collect logs about installation errors.
+
+## Installation progresss tracked
+
+The Enrollment Status page tracks a subset of the available MDM CSP policies that are delivered to the device as part of the complete device configuration process.  The specific types of policies that are tracked include:
+
+- Certain types of app installations.
+    - Enterprise modern apps (Appx/MSIX) installed by the [Enterprise Modern App Managment CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/enterprisemodernappmanagement-csp).
+    - Enterprise desktop apps (single-file MSIs) installed by the [Enterprise Desktop App Management CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/enterprisedesktopappmanagement-csp).
+- Certain device configuration policies.
+
+Presently the following types of policies are not tracked:
+
+- Intune Management Extentions PowerShell scripts.
+- Office 365 ProPlus installations.
+- System Center Configuration Manager apps, packages, and task sequences.
+
+## For more information
+
+For more information on configuring the Enrollment Status page, [see the Microsoft Intune documentation](https://docs.microsoft.com/en-us/intune/windows-enrollment-status).  For details about the underlying implementation, see the [FirstSyncStatus details in the DMClient CSP docuementation](https://docs.microsoft.com/en-us/windows/client-management/mdm/dmclient-csp).
+
diff --git a/windows/deployment/windows-autopilot/images/autopilot-reset-customlogin.png b/windows/deployment/windows-autopilot/images/autopilot-reset-customlogin.png
new file mode 100644
index 0000000000..d86cb57895
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/autopilot-reset-customlogin.png differ
diff --git a/windows/deployment/windows-autopilot/images/autopilot-reset-lockscreen.png b/windows/deployment/windows-autopilot/images/autopilot-reset-lockscreen.png
new file mode 100644
index 0000000000..f6fa6d3467
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/autopilot-reset-lockscreen.png differ
diff --git a/windows/deployment/windows-autopilot/images/enrollment-status-page.png b/windows/deployment/windows-autopilot/images/enrollment-status-page.png
new file mode 100644
index 0000000000..9bb550c20b
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/enrollment-status-page.png differ
diff --git a/windows/deployment/windows-autopilot/images/image1.png b/windows/deployment/windows-autopilot/images/image1.png
new file mode 100644
index 0000000000..ed70e84120
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/image1.png differ
diff --git a/windows/deployment/windows-autopilot/images/image2.png b/windows/deployment/windows-autopilot/images/image2.png
new file mode 100644
index 0000000000..9790d50b35
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/image2.png differ
diff --git a/windows/deployment/windows-autopilot/images/self-deploy-welcome.png b/windows/deployment/windows-autopilot/images/self-deploy-welcome.png
new file mode 100644
index 0000000000..3ab1e4b304
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/self-deploy-welcome.png differ
diff --git a/windows/deployment/windows-autopilot/images/windows_glyph.png b/windows/deployment/windows-autopilot/images/windows_glyph.png
new file mode 100644
index 0000000000..3a41d4dfb1
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/windows_glyph.png differ
diff --git a/windows/deployment/windows-autopilot/profiles.md b/windows/deployment/windows-autopilot/profiles.md
new file mode 100644
index 0000000000..fc61dba235
--- /dev/null
+++ b/windows/deployment/windows-autopilot/profiles.md
@@ -0,0 +1,35 @@
+---
+title: Configure Autopilot profiles
+description: How to configure Windows Autopilot deployment
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+ms.sitesec: library
+ms.pagetype: deploy
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/18
+---
+
+# Configure Autopilot profiles
+
+**Applies to**
+
+-   Windows 10
+
+For each device that has been defined to the Windows Autopilot deployment service, a profile of settings needs to be applied to specify the exact behavior of that device when it is deployed. The following profile settings are available:
+
+-   **Skip Cortana, OneDrive and OEM registration setup pages**. All devices registered with Autopilot will automatically skip these pages during the out-of-box experience (OOBE) process.
+
+-   **Automatically setup for work or school**. All devices registered with Autopilot will automatically be considered work or school devices, so this question will not be asked during the OOBE process.
+
+-   **Sign in experience with company branding**. Instead of presenting a generic Azure Active Directory sign-in page, all devices registered with Autopilot will automatically present a customized sign-in page with the organization’s name, logon, and additional help text, as configured in Azure Active Directory. See [Add company branding to your directory](https://docs.microsoft.com/azure/active-directory/customize-branding#add-company-branding-to-your-directory) to customize these settings.
+
+-   **Skip privacy settings**. This optional Autopilot profile setting enables organizations to not ask about privacy settings during the OOBE process. This is typically desirable so that the organization can configure these settings via Intune or other management tool.
+
+-   **Disable local admin account creation on the device**. Organizations can decide whether the user setting up the device should have administrator access once the process is complete.
+
+-   **Skip End User License Agreement (EULA)**. Starting in Windows 10 version 1709, organizations can decide to skip the EULA page presented during the OOBE process. This means that organizations accept the EULA terms on behalf of their users.
+
+-   **Disable Windows consumer features**. Starting in Windows 10 version 1803, organizations can disable Windows consumer features so that the device does not automatically install any additional Microsoft Store apps when the user first signs into the device. See the [MDM documentation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) for more details.
diff --git a/windows/deployment/windows-autopilot/rip-and-replace.md b/windows/deployment/windows-autopilot/rip-and-replace.md
new file mode 100644
index 0000000000..b75fced878
--- /dev/null
+++ b/windows/deployment/windows-autopilot/rip-and-replace.md
@@ -0,0 +1,19 @@
+---
+title: Rip and Replace
+description: Listing of Autopilot scenarios
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+ms.sitesec: library
+ms.pagetype: deploy
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/2018
+---
+
+# Rip and replace
+
+**Applies to: Windows 10**
+
+DO NOT PUBLISH.  Just a placeholder for now, coming with 1809.
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/self-deploying.md b/windows/deployment/windows-autopilot/self-deploying.md
new file mode 100644
index 0000000000..278068cc1c
--- /dev/null
+++ b/windows/deployment/windows-autopilot/self-deploying.md
@@ -0,0 +1,76 @@
+---
+title: Windows Autopilot Self-Deploying mode (Preview) 
+description: Gives an overview of Autopilot Plug and Forget and how to use it.
+keywords: Autopilot Plug and Forget, Windows 10
+ms.prod: w10
+ms.technology: Windows
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype:
+ms.localizationpriority: high
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/2018
+---
+
+# Windows Autopilot Self-Deploying mode (Preview)
+
+**Applies to: Windows 10, build 17672 or later**
+
+Windows Autopilot self-deploying mode offers truly zero touch provisioning. With this mode, all you need to do is power on a device, plug it into Ethernet, and watch Windows Autopilot fully configure the device. No additional user interaction is required.
+>[!NOTE]
+>In order to display an organization-specific logo and organization name during the Autopilot process, Azure Active Directory Company Branding needs to be configured with the images and text that should be displayed.  See [Quickstart: Add company branding to your sign-in page in Azure AD](https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/customize-branding) for more details. 
+
+![The user experience with Windows Autopilot self-deploying mode](images/self-deploy-welcome.png)
+
+>[!NOTE]
+>While today there is a “Next” button that must be clicked to continue the deployment process, and an Activities opt-in page in OOBE, both of these will be removed in future Insider Preview builds to enable a completely automated deployment process – no user authentication or user interaction will be required. 
+ 
+Self-deploying mode can register the device into an organization’s Azure Active Directory tenant, enroll the device in the organization’s mobile device management (MDM) provider (leveraging Azure AD for automatic MDM enrollment), and ensure that all policies, applications, certificates, and networking profiles are provisioned on the device before the user ever logs on (levering the enrollment status page to prevent access to the desktop until the device is fully provisioned). 
+
+>[!NOTE]
+>Self-deploying mode does not support Active Directory Join or Hybrid Azure AD Join.  All devices will be joined to Azure Active Directory.
+
+Because self-deploying mode uses a device’s TPM 2.0 hardware to authenticate the device into an organization’s Azure AD tenant, devices without TPM 2.0 cannot be used with this mode.
+
+>[!NOTE]
+>If you attempt a self-deploying mode deployment on a device that does not have support TPM 2.0 or on a virtual machine, the process will fail when verifying the device with an 0x800705B4 timeout error.
+
+Windows Autopilot self-deploying mode enables you to effortlessly deploy Windows 10 as a kiosk, digital signage device, or a shared device.  When setting up a kiosk, you can leverage the new Kiosk Browser, an app built on Microsoft Edge that can be used to create a tailored, MDM-managed browsing experience. When combined with MDM policies to create a local account and configure it to automatically log on, the complete configuration of the device can be automated. Find out more about these options by reading simplifying kiosk management for IT with Windows 10.  See [Set up a kiosk or digital sign in Intune or other MDM service](https://docs.microsoft.com/en-us/windows/configuration/setup-kiosk-digital-signage#set-up-a-kiosk-or-digital-sign-in-intune-or-other-mdm-service) for additional details.
+  
+Windows Autopilot self-deploying mode is available on Windows 10 build 17672 or higher. When configuring an Autopilot profile in Microsoft Intune, you’ll see a new drop-down menu that asks for the deployment mode. In that menu, select Self-deploying (preview) and apply that profile to the devices you’d like to validate. 
+
+## Step by step
+
+In order to perform a self-deploying mode deployment using Windows Autopilot, the following preparation steps need to be completed:
+
+-   Create an Autopilot profile for self-deploying mode with the desired settings.  In Microsoft Intune, this mode is explicitly chosen when creating the profile. (Note that it is not possible to create a profile in the Microsoft Store for Business or Partner Center for self-deploying mode.)
+-   If using Intune, create a device group in Azure Active Directory and assign the Autopilot profile to that group.
+
+For each machine that will be deployed using self-deploying mode, these additional steps are needed:
+
+-   Ensure that the device supports TPM 2.0 and device attestation.  (Note that virtual machines are not supported.)
+-   Ensure that the device has been added to Windows Autopilot.  This can be done automatically by an OEM or partner at the time the device is purchased, or it can be done through a manual harvesting process later.  See [Adding devices to Windows Autopilot](add-devices.md) for more information.
+-   Ensure an Autopilot profile has been assigned to the device:
+    -   If using Intune and Azure Active Directory dynamic device groups, this can be done automatically.
+    -   If using Intune and Azure Active Directory static device groups, manually add the device to the device group.
+    -   If using other methods (e.g. Microsoft Store for Business or Partner Center), manually assign an Autopilot profile to the device.
+
+## Validation
+
+When performing a self-deploying mode deployment using Windows Autopilot, the following end-user experience should be observed:
+
+-   Once connected to a network, the Autopilot profile will be downloaded.
+-   If the Autopilot profile has been configured to automatically configure the language, locale, and keyboard layout, these OOBE screens should be skipped as long as Ethernet connectivity is available.  Otherwise, manual steps are required:
+    -   If multiple languages are preinstalled in Windows 10, the user must pick a language.
+    -   The user must pick a locale and a keyboard layout, and optionally a second keyboard layout.
+-   If connected via Ethernet, no network prompt is expected.  If no Ethernet connection is available and Wi-fi is built in, the user needs to connect to a wireless network.
+-   Windows 10 will check for critical OOBE updates, and if any are available they will be automatically installed (rebooting if required).
+-   The device will join Azure Active Directory.
+-   After joining Azure Active Directory, the device will enroll in Intune (or other configured MDM services).
+-   The [enrollment status page](enrollment-status.md) will be displayed.
+-   Depending on the device settings deployed, the device will either:
+    -   Remain at the logon screen, where any member of the organization can log on by specifying their Azure AD credentials.
+    -   Automatically sign in as a local account, for devices configured as a kiosk or digital signage.
+
+In case the observed results do not match these expectations, consult the [Windows Autopilot Troubleshooting](troubleshooting.md) documentation.
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/troubleshooting.md b/windows/deployment/windows-autopilot/troubleshooting.md
new file mode 100644
index 0000000000..6a9b183060
--- /dev/null
+++ b/windows/deployment/windows-autopilot/troubleshooting.md
@@ -0,0 +1,92 @@
+---
+title: Troubleshooting Windows Autopilot
+description: This topic goes over Windows Autopilot and how it helps setup OOBE Windows 10 devices.
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+ms.sitesec: library
+ms.pagetype: deploy
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/2018
+---
+
+# Troubleshooting Windows Autopilot
+
+**Applies to: Windows 10**
+
+Windows Autopilot is designed to simplify all parts of the Windows device lifecycle, but there are always situations where issues may arise, either due to configuration or other issues.  To assist with troubleshooting efforts, review the following information.
+
+## Windows Autopilot deployment
+
+Regardless of whether performing user-driven or self-deploying device deployments, the troubleshooting process is the mostly the same.  It is useful to understand the flow for a specific device:
+
+-   Network connection established.  This can be a wireless (Wi-fi) or wired (Ethernet) connection.
+-   Windows Autopilot profile downloaded.  Whether using a wired connection or manually establishing a wireless connection, the Windows Autopilot profile will be downloaded from the Autopilot deployment service as soon as the network connection is in place.
+-   User authentication.  When performing a user-driven deployment, the user will enter their Azure Active Directory credentials, which will be validated.
+-   Azure Active Directory join.  For user-driven deployments, the device will be joined to Azure AD using the specified user credentials.  For self-deploying scenarios, the device will be joined without specifying any user credentials.
+-   Automatic MDM enrollment.  As part of the Azure AD join process, the device will enroll in the MDM service configured in Azure AD (e.g. Microsoft Intune).
+-   Settings are applied.  If the [enrollment status page](enrollment-status.md) is configured, most settings will be applied while the enrollment status page is displayed.  If not configured or available, settings will be applied after the user is signed in.
+
+For troubleshooting, key activities to perform are:
+
+-   Configuration.  Has Azure Active Directory and Microsoft Intune (or an equivalent MDM service) been configured as specified in [Windows Autopilot configuration requirements](windows-autopilot-requirements-configuration.md)?
+-   Network connectivity.  Can the device access the services described in [Windows Autopilot networking requirements](windows-autopilot-requirements-network.md)?
+-   Autopilot OOBE behavior.  Were only the expected out-of-box experience screens displayed?  Was the Azure AD credentials page customized with organization-specific details as expected?
+-   Azure AD join issues.  Was the device able to join Azure Active Directory?
+-   MDM enrollment issues.  Was the device able to enroll in Microsoft Intune (or an equivalent MDM service)?
+
+### Troubleshooting Autopilot OOBE issues
+
+If the expected Autopilot behavior does not occur during the out-of-box experience (OOBE), it is useful to see whether the device received an Autopilot profile and what settings that profile contained.  Depending on the Windows 10 release, there are different mechanisms available to do that.
+
+#### Windows 10 version 1803 and above
+
+To see details related to the Autopilot profile settings and OOBE flow, Windows 10 version 1803 and above adds event log entries.  These can be viewed using Event Viewer, navigating to the log at **Application and Services Logs –> Microsoft –> Windows –> Provisioning-Diagnostics-Provider –> AutoPilot**.  The following events may be recorded, depending on the scenario and profile configuration.
+
+| Event ID | Type | Description |
+|----------|------|-------------| 
+| 100 | Warning | “AutoPilot policy [name] not found.”  This is typically a temporary problem, while the device is waiting for an Autopilot profile to be downloaded. |
+| 101 | Info | “AutoPilotGetPolicyDwordByName succeeded: policy name = [setting name]; policy value [value].”  This shows Autopilot retrieving and processing numeric OOBE settings. |
+| 103 | Info | “AutoPilotGetPolicyStringByName succeeded: policy name = [name]; value = [value].”  This shows Autopilot retrieving and processing OOBE setting strings such as the Azure AD tenant name. |
+| 109 | Info | “AutoPilotGetOobeSettingsOverride succeeded:  OOBE setting [setting name]; state = [state].”  This shows Autopilot retrieving and processing state-related OOBE settings. |
+| 111 | Info | “AutoPilotRetrieveSettings succeeded.”  This means that the settings stored in the Autopilot profile that control the OOBE behavior have been retrieved successfully. |
+| 153 | Info | “AutoPilotManager reported the state changed from [original state] to [new state].”  Typically this should say “ProfileState_Unknown” to “ProfileState_Available” to show that a profile was available for the device and downloaded, so the device is ready to be deployed using Autopilot. |
+| 160 | Info | “AutoPilotRetrieveSettings beginning acquisition.”  This shows that Autopilot is getting ready to download the needed Autopilot profile settings. |
+| 161 | Info | “AutoPilotManager retrieve settings succeeded.”  The Autopilot profile was successfully downloaded. |
+| 163 | Info | “AutoPilotManager determined download is not required and the device is already provisioned.  Clean or reset the device to change this.”  This message indicates that an Autopilot profile is resident on the device; it typically would only be removed by the **Sysprep /Generalize** process. |
+| 164 | Info | “AutoPilotManager determined Internet is available to attempt policy download.” |
+| 171 | Error | “AutoPilotManager failed to set TPM identity confirmed.  HRESULT=[error code].”  This indicates an issue performing TPM attestation, needed to complete the self-deploying mode process. | 
+| 172 | Error | “AutoPilotManager failed to set AutoPilot profile as available.  HRESULT=[error code].”  This is typically related to event ID 171. |
+
+In addition to the event log entries, the registry and ETW trace options described below also work with Windows 10 version 1803 and above.
+
+#### Windows 10 version 1709 and above
+
+On Windows 10 version 1709 and above, information about the Autopilot profile settings are stored in the registry on the device after they are received from the Autopilot deployment service.  These can be found at **HKLM\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot**.  Available registry entries include:
+
+| Value | Description |
+|-------|-------------|
+| AadTenantId | The GUID of the Azure AD tenant the user signed into.  This should match the tenant that the device was registered with; if it does not match the user will receive an error. |
+| CloudAssignedTenantDomain | The Azure AD tenant the device has been registered with, e.g. “contosomn.onmicrosoft.com.”  If the device is not registered with Autopilot, this value will be blank. |
+| CloudAssignedTenantId | The GUID of the Azure AD tenant the device has been registered with (the GUID corresponds to the tenant domain from the CloudAssignedTenantDomain registry value).  If the device isn’t registered with Autopilot, this value will be blank.|
+| IsAutoPilotDisabled | If set to 1, this indicates that the device is not registered with Autopilot.  This could also indicate that the Autopilot profile could not be downloaded due to network connectivity or firewall issues, or network timeouts. |
+| TenantMatched | This will be set to 1 if the tenant ID of the user matches the tenant ID that the device was registered with.  If this is 0, the user would be shown an error and forced to start over. |
+| CloudAssignedOobeConfig | This is a bitmap that shows which Autopilot settings were configured.  Values include: SkipCortanaOptIn = 1, OobeUserNotLocalAdmin = 2, SkipExpressSettings = 4, SkipOemRegistration = 8, SkipEula = 16 |
+
+#### Windows 10 version 1703 and above
+
+On Windows 10 version 1703 and above, ETW tracing can be used to capture detailed information from Autopilot and related components.  The resulting ETW trace files can then be viewed using the Windows Performance Analyzer or similar tools.  See [the advanced troubleshooting blog](https://blogs.technet.microsoft.com/mniehaus/2017/12/13/troubleshooting-windows-autopilot-level-300400/) for more information.
+
+### Troubleshooting Azure AD Join issues
+
+The most common issue joining a device to Azure AD is related to Azure AD permissions.  Ensure [the correct configuration is in place](windows-autopilot-requirements-configuration.md) to allow users to join devices to Azure AD.  Errors can also happen if the user has exceeded the number of devices that they are allowed to join, as configured in Azure AD.
+
+Error code 801C0003 will typically be reported on an error page titled "Something went wrong."  This error means that the Azure AD join failed.
+
+### Troubleshooting Intune enrollment issues
+
+See [this knowledge base article](https://support.microsoft.com/en-us/help/4089533/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune) for assistance with Intune enrollment issues.  Common issues include incorrect or missing licenses assigned to the user or too many devices enrolled for the user.
+
+Error code 80180018 will typiclaly be reported on an error page titled "Something went wrong."  This error means that the MDM enrollment failed.
diff --git a/windows/deployment/windows-autopilot/user-driven-aad.md b/windows/deployment/windows-autopilot/user-driven-aad.md
new file mode 100644
index 0000000000..9d2d62ae45
--- /dev/null
+++ b/windows/deployment/windows-autopilot/user-driven-aad.md
@@ -0,0 +1,19 @@
+---
+title: User-driven mode for AAD
+description: Listing of Autopilot scenarios
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+ms.sitesec: library
+ms.pagetype: deploy
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/2018
+---
+
+# Windows Autopilot user-driven mode for Azure Active Directory
+
+**Applies to: Windows 10**
+
+DO NOT PUBLISH.  This eventually will contain the AAD-specific instuctions currently in user-driven.md.
diff --git a/windows/deployment/windows-autopilot/user-driven-hybrid.md b/windows/deployment/windows-autopilot/user-driven-hybrid.md
new file mode 100644
index 0000000000..3f65705d3f
--- /dev/null
+++ b/windows/deployment/windows-autopilot/user-driven-hybrid.md
@@ -0,0 +1,20 @@
+---
+title: Hybrid AAD Join
+description: Listing of Autopilot scenarios
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+ms.sitesec: library
+ms.pagetype: deploy
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/2018
+---
+
+
+# Windows Autopilot user-driven mode for Hybrid Azure Active Directory Join
+
+**Applies to: Windows 10**
+
+DO NOT PUBLISH.  This eventually will contain the AD-specific (hybrid) instuctions.  This will be in preview at a later point in time.
diff --git a/windows/deployment/windows-autopilot/user-driven.md b/windows/deployment/windows-autopilot/user-driven.md
new file mode 100644
index 0000000000..761a0c5fe2
--- /dev/null
+++ b/windows/deployment/windows-autopilot/user-driven.md
@@ -0,0 +1,62 @@
+---
+title: Windows Autopilot User-Driven Mode
+description: Canonical Autopilot scenario
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+ms.sitesec: library
+ms.pagetype: deploy
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/2018
+---
+
+# Windows Autopilot User-Driven Mode
+
+**Applies to: Windows 10 version 1703 and above**
+
+Windows Autopilot user-driven mode is designed to enable new Windows 10 devices to be transformed from their initial state, directly from the factory, into a ready-to-use state without requiring that IT personnel ever touch the device.  The process is designed to be simple so that anyone can complete it, enabling devices to be shipped or distributed to the end user directly with simple instructions:
+
+-   Unbox the device, plug it in, and turn it on.
+-   Choose a language, locale and keyboard.
+-   Connect it to a wireless or wired network with internet access.
+-   Specify your e-mail address and password for your organization account.
+
+After completing those simple steps, the remainder of the process is completely automated, with the device being joined to the organization, enrolled in Intune (or another MDM service), and fully configured as defined by the organization.  Any additional prompts during the Out-of-Box Experience (OOBE) can be supressed; see [Configuring Autopilot Profiles](profiles.md) for options that are available.
+
+Today, Windows Autopilot user-driven mode supports joining devices to Azure Active Directory.  Support for Hybrid Azure Active Directory Join (with devices joined to an on-premises Active Directory domain) will be available in a future Windows 10 release.  See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/en-us/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
+
+## Step by step
+
+In order to perform a user-driven deployment using Windows Autopilot, the following preparation steps need to be completed:
+
+-   Ensure that the users who will be performing user-driven mode deployments are able to join devices to Azure Active Directory.  See [Configure device settings](https://docs.microsoft.com/en-us/azure/active-directory/device-management-azure-portal#configure-device-settings) in the Azure Active Directory documentation for more information.
+-   Create an Autopilot profile for user-driven mode with the desired settings.  In Microsoft Intune, this mode is explicitly chosen when creating the profile. With Microsoft Store for Business and Partner Center, user-driven mode is the default and does not need to be selected.
+-   If using Intune, create a device group in Azure Active Directory and assign the Autopilot profile to that group.
+
+For each machine that will be deployed using user-driven deployment, these additional steps are needed:
+
+-   Ensure that the device has been added to Windows Autopilot.  This can be done automatically by an OEM or partner at the time the device is purchased, or it can be done through a manual harvesting process later.  See [Adding devices to Windows Autopilot](add-devices.md) for more information.
+-   Ensure an Autopilot profile has been assigned to the device:
+    -   If using Intune and Azure Active Directory dynamic device groups, this can be done automatically.
+    -   If using Intune and Azure Active Directory static device groups, manually add the device to the device group.
+    -   If using other methods (e.g. Microsoft Store for Business or Partner Center), manually assign an Autopilot profile to the device.
+
+## Validation
+
+When performing a user-driven deployment using Windows Autopilot, the following end-user experience should be observed:
+
+-   If multiple languages are preinstalled in Windows 10, the user must pick a language.
+-   The user must pick a locale and a keyboard layout, and optionally a second keyboard layout.
+-   If connected via Ethernet, no network prompt is expected.  If no Ethernet connection is available and Wi-fi is built in, the user needs to connect to a wireless network.
+-   Once connected to a network, the Autopilot profile will be downloaded.
+-   Windows 10 will check for critical OOBE updates, and if any are available they will be automatically installed (rebooting if required).
+-   The user will be prompted for Azure Active Directory credentials, with a customized user experience showing the Azure AD tenant name, logo, and sign-in text.
+-   Once correct credentials have been entered, the device will join Azure Active Directory.
+-   After joining Azure Active Directory, the device will enroll in Intune (or other configured MDM services).
+-   If configured, the [enrollment status page](enrollment-status.md) will be displayed.
+-   Once the device configuration tasks have completed, the user will be signed into Windows 10 using the credentials they previously provided.
+-   Once signed in, the enrollment status page will again be displayed for user-targeted configuration tasks.
+
+In case the observed results do not match these expectations, consult the [Windows Autopilot Troubleshooting](troubleshooting.md) documentation.
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md
new file mode 100644
index 0000000000..ffc0f40009
--- /dev/null
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md
@@ -0,0 +1,34 @@
+---
+title: Windows Autopilot configuration requirements
+description: This topic goes over Windows Autopilot and how it helps setup OOBE Windows 10 devices.
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+ms.sitesec: library
+ms.pagetype: deploy
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/2018
+---
+
+# Windows Autopilot configuration requirements
+
+**Applies to: Windows 10**
+
+Before Windows Autopilot can be used, some configuration tasks are required to support the common Autopilot scenarios.  
+
+-   Configure Azure Active Directory automatic enrollment.  For Microsoft Intune, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/en-us/intune/windows-enroll#enable-windows-10-automatic-enrollment) for details.  If using a different MDM service, contact the vendor for the specific URLs or configuration needed for those services.
+-   Configure Azure Active Directory custom branding.  In order to display an organization-specific logon page during the Autopilot process, Azure Active Directory needs to be configured with the images and text that should be displayed.  See [Quickstart: Add company branding to your sign-in page in Azure AD](https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/customize-branding) for more details.  Note that the "square logo" and "sign-in page text" are the key elements for Autopilot, as well as the Azure Active Directory tenant name (configured separately in the Azure AD tenant properties).
+-   Enable [Windows Subscription Activation](https://docs.microsoft.com/en-us/windows/deployment/windows-10-enterprise-subscription-activation) if desired, in order to automatically step up from Windows 10 Pro to Windows 10 Enterprise.
+
+Specific scenarios will then have additional requirements.  Generally, there are two specific tasks:
+
+-   Device registration.  Devices need to be added to Windows Autopilot to support most Windows Autopilot scenarios.  See [Adding devices to Windows Autopilot](add-devices.md) for more details.
+-   Profile configuration.  Once devices have been added to Windows Autopilot, a profile of settings needs to be applied to each device.  See [Configure Autopilot profiles](profiles.md) for details.  Note that Microsoft Intune can automate this profile assignment; see [Create an AutoPilot device group](https://docs.microsoft.com/en-us/intune/enrollment-autopilot#create-an-autopilot-device-group) and [Assign an AutoPilot deployment profile to a device group](https://docs.microsoft.com/en-us/intune/enrollment-autopilot#assign-an-autopilot-deployment-profile-to-a-device-group) for more information.
+
+See [Windows Autopilot Scenarios](windows-autopilot-scenarios.md) for additional details.
+
+For a walkthrough for some of these and related steps, see this video:
+</br>
+<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/KYVptkpsOqs" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe> 
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md
new file mode 100644
index 0000000000..cb4b220902
--- /dev/null
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md
@@ -0,0 +1,39 @@
+---
+title: Windows Autopilot licensing requirements
+description: This topic goes over Windows Autopilot and how it helps setup OOBE Windows 10 devices.
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+ms.sitesec: library
+ms.pagetype: deploy
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/2018
+---
+
+# Windows Autopilot licensing requirements
+
+**Applies to: Windows 10**
+
+Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory; it also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs:
+
+-   Windows 10 version 1703 or higher must be used. The Professional, Professional for Education, Business, Enterprise, and Education editions are supported.
+
+-   One of the following, to provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality:
+
+    -   Microsoft 365 Business subscriptions
+    
+    -   Microsoft 365 F1 subscriptions
+
+    -   Microsoft 365 Enterprise E3 or E5 subscriptions, which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune)
+
+    -   Enterprise Mobility + Security E3 or E5 subscriptions, which include all needed Azure AD and Intune features
+
+    -   Azure Active Directory Premium P1 or P2 and Intune subscriptions (or an alternative MDM service)
+
+Additionally, the following are also recommended but not required:
+
+-   Office 365 ProPlus, which can be deployed easily via Intune (or other MDM services)
+
+-   [Windows Subscription Activation](https://docs.microsoft.com/en-us/windows/deployment/windows-10-enterprise-subscription-activation), to automatically step up devices from Windows 10 Pro to Windows 10 Enterprise
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md
new file mode 100644
index 0000000000..6ed585912e
--- /dev/null
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md
@@ -0,0 +1,83 @@
+---
+title: Windows Autopilot networking requirements
+description: This topic goes over Windows Autopilot and how it helps setup OOBE Windows 10 devices.
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+ms.sitesec: library
+ms.pagetype: deploy
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/2018
+---
+
+# Windows Autopilot networking requirements
+
+**Applies to: Windows 10**
+
+Windows Autopilot depends on a variety of internet-based services; access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following:
+
+-   Ensure DNS name resolution for internet DNS names
+
+-   Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP)
+
+In environments that have more restrictive internet access, or for those that require authentication before internet access can be obtained, additional configuration may be required to whitelist access to the needed services. For additional details about each of these services and their specific requirements, review the following details:
+
+-   **Windows Autopilot Deployment Service (and Windows Activation).**  After a network connection is in place, each Windows 10 device will contact the Windows Autopilot Deployment Service using the same services used for Windows Activation. See the following link for details:
+
+    -   <https://support.microsoft.com/en-us/help/921471/windows-activation-or-validation-fails-with-error-code-0x8004fe33>
+
+-   **Azure Active Directory.**  User credentials are validated by Azure Active Directory, then the device may also be joined to Azure Active Directory. See the following link for more information:
+
+    -   <https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2>
+
+-   **Intune.**  Once authenticated, Azure Active Directory will trigger the enrollment of the device into the Intune MDM service. See the following link for details:
+
+    -   <https://docs.microsoft.com/en-us/intune/network-bandwidth-use> (Network communication requirements section)
+
+-   **Windows Update.**  During the OOBE process, as well as after the Windows 10 OS is fully configured, the Windows Update service is leveraged to retrieve needed updates.
+
+    -   <https://support.microsoft.com/en-us/help/818018/how-to-solve-connection-problems-concerning-windows-update-or-microsof>
+
+    -   NOTE:  If Windows Update is inaccessible, the AutoPilot process will still continue.
+
+-   **Delivery Optimization.**  When downloading Windows Updates and Microsoft Store apps and app updates (with additional content types expected in the future), the Delivery Optimization service is contacted to enable peer-to-peer sharing of content, so that all devices don’t need to download it from the internet.
+
+    -   <https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization>
+
+    -   NOTE: If Delivery Optimization is inaccessible, the AutoPilot process will still continue.
+
+-   **Network Time Protocol (NTP) Sync.**  When a Windows device starts up, it will talk to a network time server to ensure that the time on the device is accurate.
+
+    -   Ensure that UDP port 123 to time.windows.com is accessible.
+
+-   **Domain Name Services (DNS).**  To resolve DNS names for all services, the device communicates with a DNS server, typically provided via DHCP.  This DNS server must be able to resolve internet names.
+
+-   **Diagnostics data.**  To enable Windows Analytics and related diagnostics capabilities, see the following documentation:
+
+    -   <https://docs.microsoft.com/en-us/windows/configuration/configure-windows-diagnostic-data-in-your-organization>
+
+    -   NOTE: If diagnostic data cannot be sent, the Autopilot process will still continue.
+
+-   **Network Connection Status Indicator (NCSI).**  Windows must be able to tell that the device is able to access the internet.
+
+    -   <https://docs.microsoft.com/en-us/windows/configuration/manage-windows-endpoints-version-1709> (Network Connection Status Indicator section, [www.msftconnecttest.com](http://www.msftconnecttest.com) must be resolvable via DNS and accessible via HTTP)
+
+-   **Windows Notification Services (WNS).**  This service is used to enable Windows to receive notifications from apps and services.
+
+    -   <https://docs.microsoft.com/en-us/windows/configuration/manage-windows-endpoints-version-1709> (Microsoft store section)
+
+    -   NOTE: If the WNS services are not available, the Autopilot process will still continue.
+
+-   **Microsoft Store, Microsoft Store for Business.**  Apps in the Microsoft Store can be pushed to the device, triggered via Intune (MDM).  App updates and additional apps may also be needed when the user first logs in.
+
+    -   <https://docs.microsoft.com/en-us/microsoft-store/prerequisites-microsoft-store-for-business> (also includes Azure AD and Windows Notification Services)
+
+    -   NOTE: If the Microsoft Store is not accessible, the AutoPilot process will still continue.
+
+-   **Office 365.**  As part of the Intune device configuration, installation of Office 365 ProPlus may be required.
+
+    -   <https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2> (includes all Office services, DNS names, IP addresses; includes Azure AD and other services that may overlap with those listed above)
+
+-   **Certificate revocation lists (CRLs).**  Some of these services will also need to check certificate revocation lists (CRLs) for certificates used in the services.  A full list of these is documented in the Office documentation at <https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2#bkmk_crl> and <https://aka.ms/o365chains>.
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
new file mode 100644
index 0000000000..1ffd9e4582
--- /dev/null
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
@@ -0,0 +1,23 @@
+---
+title: Windows Autopilot requirements
+description: This topic goes over Windows Autopilot and how it helps setup OOBE Windows 10 devices.
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+ms.sitesec: library
+ms.pagetype: deploy
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/2018
+---
+
+# Windows Autopilot requirements
+
+**Applies to: Windows 10**
+
+Windows Autopilot depends on specific capabilities available in Windows 10, Azure Active Directory, and MDM services such as Microsoft Intune.  In order to use Windows Autopilot and leverage these capabilities, some requirements must be met:
+
+-   [Licensing requirements](windows-autopilot-requirements-licensing.md) must be met.
+-   [Networking requirements](windows-autopilot-requirements-network.md) need to be met.
+-   [Configuration requirements](windows-autopilot-requirements-configuration.md) need to be completed.
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md
new file mode 100644
index 0000000000..408201cc01
--- /dev/null
+++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md
@@ -0,0 +1,64 @@
+---
+title: Reset devices using local Windows Autopilot Reset
+description: Gives an overview of Local Autopilot Reset and how to use it.
+keywords: Autopilot Reset, Windows 10
+ms.prod: w10
+ms.technology: Windows
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype:
+ms.localizationpriority: high
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/2018
+---
+
+# Reset devices with local Windows Autopilot Reset 
+
+**Applies to: Windows 10, version 1709 and above
+
+IT admins can perform a local Windows Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen any time and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With a local Autopilot Reset, devices are returned to a fully configured or known IT-approved state.
+
+To enable local Autopilot Reset in Windows 10:
+
+1. [Enable the policy for the feature](#enable-autopilot-reset)
+2. [Trigger a reset for each device](#trigger-autopilot-reset)
+
+## Enable local Windows Autopilot Reset
+
+To enable a local Windows Autopilot Reset, the **DisableAutomaticReDeploymentCredentials** policy must be configured. This policy is documented in the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-credentialproviders), **CredentialProviders/DisableAutomaticReDeploymentCredentials**. By default, local Windows Autopilot is disabled. This ensures that a local Autopilot Reset is not triggered by accident.
+
+You can set the policy using one of these methods:
+
+- MDM provider
+
+    - When using Intune, you can create a new device configuration profile, specifying "Windows 10 or later" for the platform, "Device restrictions" for the profile type, and "General" for the settings category.  The **Automatic Redeployment** setting should be set to **Allow**.  Deploy this setting to all devices where a local reset should be permitted.
+    - If you're using an MDM provider other than Intune, check your MDM provider documentation on how to set this policy. 
+
+- Windows Configuration Designer
+
+    You can [use Windows Configuration Designer](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-create-package) to set the **Runtime settings > Policies > CredentialProviders > DisableAutomaticReDeploymentCredentials** setting to 0 and then create a provisioning package.
+
+- Set up School PCs app
+
+    The latest release of the Set up School PCs app supports enabling local Windows Autopilot Reset.
+
+## Trigger local Windows Autopilot Reset
+
+Performing a local Windows Autopilot Reset is a two-step process: trigger it and then authenticate. Once you've done these two steps, you can let the process execute and once it is done, the device is again ready for use. 
+
+**To trigger a local Autopilot Reset**
+
+1. From the Windows device lock screen, enter the keystroke: **CTRL + ![Windows key](images/windows_glyph.png) + R**. 
+
+    ![Enter CTRL+Windows key+R on the Windows lockscreen](images/autopilot-reset-lockscreen.png)
+
+    This will open up a custom login screen for the local Autopilot Reset. The screen serves two purposes:
+    1. Confirm/verify that the end user has the right to trigger Local Autopilot Reset
+    2. Notify the user in case a provisioning package, created using Windows Configuration Designer, will be used as part of the process.
+
+    ![Custom login screen for local Autopilot Reset](images/autopilot-reset-customlogin.png)
+
+2. Sign in with the admin account credentials. If you created a provisioning package, plug in the USB drive and trigger the local Autopilot Reset.
+
+    Once the local Autopilot Reset is triggered, the reset process starts. Once provisioning is complete, the device is again ready for use.
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md
new file mode 100644
index 0000000000..fe614b16a0
--- /dev/null
+++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md
@@ -0,0 +1,36 @@
+---
+title: Reset devices with remote Autopilot Reset (Preview)
+description: Gives an overview of remote Autopilot Reset and how to use it.
+keywords: Autopilot Reset, Windows 10
+ms.prod: w10
+ms.technology: Windows
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype:
+ms.localizationpriority: high
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/2018
+---
+
+# Reset devices with remote Windows Autopilot Reset (Preview)
+
+**Applies to: Windows 10, build 17672 or later**
+
+When performing a remote Windows Autopilot Reset, an MDM service such an Microsoft Intune can be used to initiate the reset process, avoiding the need for IT staff or other administrators to visit each machine to initiate the process.
+
+To enable a device for a remote Windows Autopilot Reset, the device must be MDM managed, joined to Azure AD, and configured to use the [enrollment status page](enrollment-status.md).
+
+## Triggering a remote Windows Autopilot Reset
+
+To trigger a remote Windows Autopilot Reset via Intune, follow these steps:
+ 
+-   Navigate to **Devices** tab in the Intune console. 
+-   In the **All devices** view, select the targeted reset devices and then click **More** to view device actions. 
+-   Select **Autopilot Reset** to kick-off the reset task. 
+
+>[!NOTE]
+>The Autopilot Reset option will not be enabled in Microsoft Intune for devices not running Windows 10 build 17672 or higher.
+
+Once the reset is complete, the device is again ready for use.
+ 
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset.md b/windows/deployment/windows-autopilot/windows-autopilot-reset.md
new file mode 100644
index 0000000000..6093540d82
--- /dev/null
+++ b/windows/deployment/windows-autopilot/windows-autopilot-reset.md
@@ -0,0 +1,53 @@
+---
+title: Windows Autopilot Reset
+description: Gives an overview of Remote Autopilot Reset and how to use it.
+keywords: Autopilot Reset, Windows 10
+ms.prod: w10
+ms.technology: Windows
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype:
+ms.localizationpriority: high
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/2018
+---
+
+# Windows Autopilot Reset
+
+**Applies to: Windows 10** 
+
+Windows Autopilot Reset removes personal files, apps, and settings and reapplies a device’s original settings, maintaining its identity connection to Azure AD and its management connection to Intune so that the device is once again ready for use. Windows Autopilot Reset takes the device back to a business-ready state, allowing the next user to sign in and get productive quickly and simply. 
+
+The Windows Autopilot Reset process automatically retains information from the existing device:
+ 
+-   Set the region, language, and keyboard to the originally-configured values.
+-   Wi-Fi connection details.
+-   Provisioning packages previously applied to the device, as well as a provisioning package present on a USB drive when the reset process is initiated. 
+-   Azure Active Directory device membership and MDM enrollment information.
+
+Windows Autopilot Reset will block the user from accessing the desktop until this information is restored, including re-applying any provisioning packages.  For devices enrolled in an MDM service, Windows Autopilot Reset will also block until an MDM sync is completed.  This requires configuring the device to use the [enrollment status page](enrollment-status.md).
+
+>[!IMPORTANT] 
+>To reestablish Wi-Fi connectivity after reset, make sure the **Connect automatically** box is checked for the device's wireless network connection. 
+
+## Scenarios
+
+Windows Autopilot Reset supports two scenarios:
+
+-   [Local reset](windows-autopilot-reset-local.md), initiated by IT personnel or other administrators from the organization.
+-   [Remote reset](windows-autopilot-reset-remote.md), initiated remotely by IT personnel via an MDM service such as Microsoft Intune.
+
+Additional requirements and configuration details apply with each scenario; see the detailed links above for more information.
+
+## Troubleshooting
+
+Windows Autopilot Reset requires that the [Windows Recovery Environment (WinRE)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference) is correctly configured and enabled on the device. If it is not configured and enabled, an error such as `Error code: ERROR_NOT_SUPPORTED (0x80070032)` will be reported.
+
+To make sure WinRE is enabled, use the [REAgentC.exe tool](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reagentc-command-line-options) to run the following command:
+
+```
+reagentc /enable
+```
+
+If Windows Autopilot Reset fails after enabling WinRE, or if you are unable to enable WinRE, please contact [Microsoft Support](https://support.microsoft.com) for assistance.
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
new file mode 100644
index 0000000000..2618056f2d
--- /dev/null
+++ b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
@@ -0,0 +1,26 @@
+---
+title: Windows Autopilot scenarios
+description: Listing of Autopilot scenarios
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+ms.sitesec: library
+ms.pagetype: deploy
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/2018
+---
+
+# Windows Autopilot scenarios
+
+**Applies to: Windows 10**
+
+Windows Autopilot includes support for a growing list of scenarios, designed to support common organization needs which can vary based on the type of organization and their progress moving to Windows 10 and [transitioning to modern management](https://docs.microsoft.com/en-us/windows/client-management/manage-windows-10-in-your-organization-modern-management).
+
+For details about these scenarios, see these additional topics:
+
+-   [Windows Autopilot user-driven mode](user-driven.md), for devices that will be set up by a member of the organization and configured for that person.
+-   [Windows Autopilot self-deploying mode](self-deploying.md), for devices that will be automatically configured for shared use, as a kiosk, or as a digital signage device.
+-   [Windows Autopilot Reset](windows-autopilot-reset.md), 
+
diff --git a/windows/deployment/windows-autopilot/windows-autopilot.md b/windows/deployment/windows-autopilot/windows-autopilot.md
new file mode 100644
index 0000000000..39eb571f2a
--- /dev/null
+++ b/windows/deployment/windows-autopilot/windows-autopilot.md
@@ -0,0 +1,26 @@
+---
+title: Overview of Windows Autopilot
+description: This topic goes over Windows Autopilot and how it helps setup OOBE Windows 10 devices.
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+ms.sitesec: library
+ms.pagetype: deploy
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/2018
+---
+
+# Overview of Windows Autopilot
+
+**Applies to: Windows 10**
+
+Windows Autopilot is designed to simplify all parts of the lifecycle of Windows devices, for both IT and end users, from initial deployment through the eventual end of life. Leveraging cloud-based services, it can reduce the overall costs for deploying, managing, and retiring devices by reducing the amount of time that IT needs to spend on these processes and the amount of infrastructure that they need to maintain, while ensuring ease of use for all types of end users.
+
+<img src="images/image1.png">
+
+When initially deploying new Windows devices, Windows Autopilot leverages the OEM-optimized version of Windows 10 that is preinstalled on the device, saving organizations the effort of having to maintain custom images as well as drivers for every model of device being used. Instead of re-imaging the device, that existing Windows 10 installation can be transformed into a “business-ready” state, applying settings and policies, installing apps, and even changing the edition of Windows 10 being used (e.g. from Windows 10 Pro to Windows 10 Enterprise, to support advanced features).
+
+Once deployed, Windows 10 devices can be managed by tools such as Microsoft Intune, Windows Update for Business, System Center Configuration Manager, and other similar tools. Windows Autopilot can help with device re-purposing scenarios, leveraging Windows Autopilot Reset to quickly prepare a device for a new user, as well as in break/fix scenarios to enable a device to quickly be brought back to a business-ready state.
+
diff --git a/windows/privacy/TOC.md b/windows/privacy/TOC.md
index e3d3190996..05709993b8 100644
--- a/windows/privacy/TOC.md
+++ b/windows/privacy/TOC.md
@@ -14,4 +14,6 @@
 ### [Windows 10, version 1709 and newer diagnostic data for the Full level](windows-diagnostic-data.md)
 ### [Windows 10, version 1703 diagnostic data for the Full level](windows-diagnostic-data-1703.md)
 ## [Manage Windows 10 connection endpoints](manage-windows-endpoints.md)
+### [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md)
+### [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md)
 ## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
index b46ecc7203..2d9a36b358 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
@@ -556,7 +556,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
 
-This event indicates Indicates that the DecisionApplicationFile object is no longer present.
+This event indicates that the DecisionApplicationFile object is no longer present.
 
 The following fields are available:
 
@@ -880,7 +880,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
 
-This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
+This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
 
 The following fields are available:
 
@@ -1863,7 +1863,7 @@ The following fields are available:
 
 ### TelClientSynthetic.HeartBeat_5
 
-This event sends data about the health and quality of the diagnostic data data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
+This event sends data about the health and quality of the diagnostic data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
 
 The following fields are available:
 
@@ -3125,8 +3125,8 @@ The following fields are available:
 - **BIOSVendor**  The vendor of the device's system bios
 - **BiosVersion**  The version of the device's system bios
 - **BiosReleaseDate**  The release date of the device's system bios
-- **SystemBIOSMajorRelease**  The major release version of the device's system system
-- **SystemBIOSMinorRelease**  The minor release version of the device's system system
+- **SystemBIOSMajorRelease**  The major release version of the device's system bios
+- **SystemBIOSMinorRelease**  The minor release version of the device's system bios
 - **BiosFamily**  The device's family as defined in system bios
 - **BiosSKUNumber**  The device's SKU as defined in system bios
 - **ClientVersion**  The version number of the software distribution client
@@ -3479,7 +3479,7 @@ The following fields are available:
 - **HostOSBuildNumber**  The build number of the previous OS.
 - **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT
 - **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
+- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
 - **Setup360Extended**  Extension of result - more granular information about phase/action when the potential failure happened
 - **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
 
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
index 35e98f0a3c..191b1f06be 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
@@ -6,10 +6,10 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: medium
-author: eross-msft
-ms.author: lizross
-ms.date: 03/13/2018
+localizationpriority: high
+author: danihalfin
+ms.author: daniha
+ms.date: 06/20/2018
 ---
 
 
@@ -922,7 +922,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
 
-This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
+This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
 
 The following fields are available:
 
@@ -1169,7 +1169,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
 
-This event indicates Indicates that the DecisionApplicationFile object is no longer present.
+This event indicates that the DecisionApplicationFile object is no longer present.
 
 The following fields are available:
 
@@ -1816,7 +1816,7 @@ The following fields are available:
 
 ### TelClientSynthetic.HeartBeat_5
 
-This event sends data about the health and quality of the diagnostic data data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
+This event sends data about the health and quality of the diagnostic data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
 
 The following fields are available:
 
@@ -2773,11 +2773,92 @@ The following fields are available:
 - **UserGuid**  The CEIP user ID.
 
 
+## Remediation events
+
+>[!NOTE]
+>Events from this provider are sent with the installation of KB4023057 and any subsequent Windows update. For details, see [this support article](https://support.microsoft.com/help/4023057).
+
+### Microsoft.Windows.Remediation.Applicable
+
+Reports whether a specific remediation to issues preventing security and quality updates is applicable based on detection.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **DetectedCondition** Boolean true if detect condition is true and perform action will be run.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by the remediation system.
+- **PackageVersion** Current package version of Remediation.
+- **PluginName** Name of the remediation plugin specified for each generic plugin event.
+- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated is disabled.
+- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
+- **RemediationShellDeviceSccm** TRUE if the device is SCCM managed.
+- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely.
+- **Result** Result for detection or perform action phases of the remediation system.
+
+### Microsoft.Windows.Remediation.ChangePowerProfileDetection
+
+Indicates whether the remediation system can put in a request to defer a system-initiated sleep to enable installation of security or quality updates.
+
+The following fields are available:
+
+- **ActionName** A descriptive name for the plugin action.
+- **CurrentPowerPlanGUID** The ID of the current power plan configured on the device.
+- **CV** Correlation vector.
+- **GlobalEventCounter** Counter that indicates the ordering of events on the device.
+- **PackageVersion** Current package version of remediation service.
+- **RemediationBatteryPowerBatteryLevel** Integer between 0 and 100 indicating % battery power remaining (if not on battery, expect 0).
+- **RemediationFUInProcess** Result that shows whether the device is currently installing a feature update.
+- **RemediationScanInProcess** Result that shows whether the device is currently scanning for updates.
+- **RemediationTargetMachine** Result that shows whether this device is a candidate for remediation(s) that will fix update issues.
+- **SetupMutexAvailable** Result that shows whether setup mutex is available or not.
+- **SysPowerStatusAC** Result that shows whether system is on AC power or not.
+
+### Microsoft.Windows.Remediation.Completed
+
+Enables tracking the completion of a process that remediates issues preventing security and quality updates.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by the remediation system.
+- **PackageVersion** Current package version of Remediation.
+- **PluginName** Name of the specific remediation for each generic plugin event.
+- **RemediationNoisyHammerTaskKickOffIsSuccess** Event that indicates the Update Assistant task has been started successfully.
+- **Result** Indicates whether the remediation has completed.
+
+### Microsoft.Windows.Remediation.RemediationShellMainExeEventId
+
+Enables tracking the ID of a process that remediates issues preventing security and quality updates.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by the remediation system.
+- **PackageVersion** Current package version of Remediation.
+- **RemediationShellCanAcquireSedimentMutex** True if the remediation was able to acquire the sediment mutex. False if it is already running.
+- **RemediationShellExecuteShellResult** Indicates if the remediation system completed without errors.
+- **RemediationShellFoundDriverDll** Indicates whether the remediation system found its component files to run properly.
+- **RemediationShellLoadedShellDriver** Indicates whether the remediation system loaded its component files to run properly.
+- **RemediationShellLoadedShellFunction** Indicates whether the remediation system loaded the functions from its component files to run properly.
+
+### Microsoft.Windows.Remediation.Started
+
+Enables tracking the start of a process that remediates issues preventing security and quality updates.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by the remediation system.
+- **PackageVersion** Current package version of Remediation.
+- **PluginName** Name of the specific remediation for each generic plugin event.
+- **Result** Results of the detection or perform action phases of the remediation system.
+
+
 ## Setup events
 
 ### SetupPlatformTel.SetupPlatformTelActivityStarted
 
-"This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date. "
+This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
 
 The following fields are available:
 
@@ -3504,7 +3585,7 @@ The following fields are available:
 - **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
 - **Setup360Extended**  Extension of result - more granular information about phase/action when the potential failure happened
 - **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
+- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
 - **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT
 - **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
 - **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields.md
index 341093a206..84da766a22 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields.md
@@ -530,7 +530,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
 
-This event indicates Indicates that the DecisionApplicationFile object is no longer present.
+This event indicates that the DecisionApplicationFile object is no longer present.
 
 The following fields are available:
 
@@ -814,7 +814,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
 
-This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
+This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
 
 The following fields are available:
 
@@ -4411,7 +4411,7 @@ The following fields are available:
 - **ReportId**  With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
 - **Setup360Extended**  Extension of result - more granular information about phase/action when the potential failure happened
 - **Setup360Mode**  The phase of Setup360. Example: Predownload, Install, Finalize, Rollback
-- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
+- **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
 - **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT
 - **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
 - **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index 3fda54cb26..17d45d542b 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -25,7 +25,7 @@ To frame a discussion about diagnostic data, it is important to understand Micro
 
 -	**Control.** We offer customers control of the diagnostic data they share with us by providing easy-to-use management tools.
 -	**Transparency.** We provide information about the diagnostic data that Windows and Windows Server collects so our customers can make informed decisions.
--	**Security.** We encrypt diagnostic data in transit from your device and protect that data at our secure data centers.
+-	**Security.** We encrypt diagnostic data in transit from your device via TLS 1.2, and additionally use certificate pinning to secure the connection.
 -	**Strong legal protections.** We respect customers’ local privacy laws and fight for legal protection of their privacy as a fundamental human right.
 -	**No content-based targeting.** We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or emails, through the Windows diagnostic data system.  Customer content inadvertently collected is kept confidential and not used for user targeting.
 -	**Benefits to you.** We collect Windows diagnostic data to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all our customers.
diff --git a/windows/privacy/gdpr-it-guidance.md b/windows/privacy/gdpr-it-guidance.md
index a87e41b1a2..1e8232c373 100644
--- a/windows/privacy/gdpr-it-guidance.md
+++ b/windows/privacy/gdpr-it-guidance.md
@@ -156,7 +156,9 @@ Windows diagnostic data collection level can be set by a user in Windows (*Start
 >[!NOTE]
 >For more information on the Enhanced level, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).  
 
-* For Windows 10, version 1709, and Windows 10, version 1703, the recommended Windows diagnostic level configuration for EEA and Switzerland residents is “Basic”.
+* For Windows 10, version 1709, and Windows 10, version 1703, the recommended Windows diagnostic level configuration for EEA and Switzerland commercial users is “Basic”.
+
+* For Windows 7, Microsoft recommends configuring enterprise devices for Windows Analytics to facilitate upgrade planning to Windows 10.
 
 ## Controlling the data collection and notification about it
 
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 184fc84a1b..379b8c9e13 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -542,7 +542,7 @@ Find the Microsoft Edge Group Policy objects under **Computer Configuration** &g
 
 | Policy                                               | Description                                                                                         |
 |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Allow configuration updates for the Books Library            | Choose whether configuration updates are done for the Books Library. <br /> Default: Disabled       |
+| Allow configuration updates for the Books Library            | Choose whether configuration updates are done for the Books Library. <br /> Default: Enabled       |
 | Configure Autofill                                    | Choose whether employees can use autofill on websites. <br /> Default: Enabled                      |
 | Configure Do Not Track         | Choose whether employees can send Do Not Track headers.<br /> Default: Disabled                     |
 | Configure Password Manager                            | Choose whether employees can save passwords locally on their devices. <br /> Default: Enabled       |
@@ -571,7 +571,7 @@ Alternatively, you can configure the Microsoft Group Policies using the followin
 | Policy | Registry path |
 | - | - |
 | Allow Address Bar drop-down list suggestions  | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI<br/>REG_DWORD name: ShowOneBox<br/>Value: 0|
-| Allow configuration updates for the Books Library  | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary<br/>REG_DWORD name: AllowConfigurationUpdateForBooksLibrary<br/>Value: 0|
+| Allow configuration updates for the Books Library  | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary<br/>REG_DWORD name: AllowConfigurationUpdateForBooksLibrary<br/>Value: 1|
 | Configure Autofill  | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main<br/>REG_SZ name: Use FormSuggest<br/>Value : **no** |
 | Configure Do Not Track   | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main<br/>REG_DWORD name: DoNotTrack<br/> REG_DWORD: 1 |
 | Configure Password Manager | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main<br/>REG_SZ name: FormSuggest Passwords<br /> REG_SZ: **no** |
diff --git a/windows/privacy/manage-windows-endpoints.md b/windows/privacy/manage-windows-endpoints.md
index c9bc42d287..721814aabe 100644
--- a/windows/privacy/manage-windows-endpoints.md
+++ b/windows/privacy/manage-windows-endpoints.md
@@ -5,10 +5,10 @@ keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-ms.localizationpriority: medium
-author: brianlic-msft
-ms.author: brianlic
-ms.date: 11/21/2017
+ms.localizationpriority: high
+author: danihalfin
+ms.author: daniha
+ms.date: 6/26/2018
 ---
 # Manage Windows 10 connection endpoints
 
@@ -482,250 +482,11 @@ If you disable this endpoint, Windows Defender won't be able to update its malwa
 |----------------|----------|------------|----------------------------------|
 |Various|HTTPS|go.microsoft.com| 1709 |
 
-## Endpoints for other Windows editions
+## Other Windows 10 editions
 
-In addition to the endpoints listed for Windows 10 Enterprise, the following endpoints are available on other editions of Windows 10, version 1709.
-
-## Windows 10 Home
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-| *.tlu.dl.delivery.mp.microsoft.com.c.footprint.net | HTTP | Enables connections to Windows Update. |
-| *.wac.phicdn.net | HTTP | Used by the Verizon Content Delivery Network to perform Windows updates. |
-| *.1.msftsrvcs.vo.llnwi.net | HTTP | Used for Windows Update downloads of apps and OS updates. |
-| *.c-msedge.net | HTTP | Used by OfficeHub to get the metadata of Office apps. |
-| *.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update. |
-| *.dscd.akamai.net | HTTP | Used to download content. |
-| *.dspg.akamaiedge.net | HTTP | Used to check for updates to maps that have been downloaded for offline use. |
-| *.hwcdn.net | HTTP | Used by the Highwinds Content Delivery Network to perform Windows updates. |
-| *.m1-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
-| *.search.msn.com | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
-| *.wac.edgecastcdn.net | TLSv1.2 | Used by the Verizon Content Delivery Network to perform Windows updates. |
-| *.wns.windows.com | TLSv1.2 | Used for the Windows Push Notification Services (WNS). |
-| *prod.do.dsp.mp.microsoft.com | TLSv1.2\/HTTPS | Used for Windows Update downloads of apps and OS updates. |
-| .g.akamaiedge.net | HTTP | Used to check for updates to maps that have been downloaded for offline use. |
-| telecommand.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. |
-| 2.dl.delivery.mp.microsoft.com | HTTP | Enables connections to Windows Update. |
-| 2.tlu.dl.delivery.mp.microsoft.com | HTTP | Enables connections to Windows Update. |
-| arc.msn.com | HTTPS | Used to retrieve Windows Spotlight metadata. |
-| arc.msn.com.nsatc.net | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
-| a-ring.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
-| au.download.windowsupdate.com | HTTP | Used to download operating system patches and updates. |
-| b-ring.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
-| candycrushsoda.king.com | TLSv1.2 | Used for Candy Crush Saga updates. |
-| cdn.content.prod.cms.msn.com | HTTP | Used to retrieve Windows Spotlight metadata. |
-| cdn.onenote.net | HTTP | Used for OneNote Live Tile. |
-| client-office365-tas.msedge.net | HTTP | Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
-| config.edge.skype.com | HTTP | Used to retrieve Skype configuration values. |
-| ctldl.windowsupdate.com | HTTP | Used to download certificates that are publicly known to be fraudulent. |
-| cy2.displaycatalog.md.mp.microsoft.com.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
-| cy2.licensing.md.mp.microsoft.com.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
-| cy2.purchase.md.mp.microsoft.com.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
-| cy2.settings.data.microsoft.com.akadns.net | TLSv1.2 | Used as a way for apps to dynamically update their configuration. |
-| cy2.vortex.data.microsoft.com.akadns.net | TLSv1.2 | Used to retrieve Windows Insider Preview builds. |
-| definitionupdates.microsoft.com | HTTPS | Used for Windows Defender definition updates. |
-| displaycatalog.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
-| dl.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
-| dual-a-0001.a-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
-| fe2.update.microsoft.com | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| fe2.update.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2\/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| fg.download.windowsupdate.com.c.footprint.net | HTTP | Used to download operating system patches and updates. |
-| fp.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
-| g.live.com/1rewlive5skydrive/ | HTTPS | Used by a redirection service to automatically update URLs. |
-| g.msn.com.nsatc.net | HTTP | Used to retrieve Windows Spotlight metadata. |
-| geo-prod.do.dsp.mp.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update. |
-| go.microsoft.com | HTTPS | Used by a redirection service to automatically update URLs. |
-| img-prod-cms-rt-microsoft-com.akamaized.net | HTTPS | Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). |
-| *.login.msa.akadns6.net | TLSv1.2 | Used for Microsoft accounts to sign in. |
-| licensing.mp.microsoft.com | HTTPS | Used for online activation and some app licensing. |
-| location-inference-westus.cloudapp.net | TLSv1.2 | Used for location data. |
-| login.live.com | HTTPS | Used to authenticate a device. |
-| mediaredirect.microsoft.com | HTTPS | Used by the Groove Music app to update HTTP handler status. |
-| modern.watson.data.microsoft.com.akadns.net | TLSv1.2 | Used by Windows Error Reporting. |
-| msftsrvcs.vo.llnwd.net | HTTP | Enables connections to Windows Update. |
-| msnbot-*.search.msn.com | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
-| oem.twimg.com | HTTPS | Used for the Twitter Live Tile. |
-| oneclient.sfx.ms | HTTPS | Used by OneDrive for Business to download and verify app updates. |
-| peer4-wst.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
-| pti.store.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
-| pti.store.microsoft.com.unistore.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
-| purchase.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
-| ris.api.iris.microsoft.com.akadns.net | TLSv1.2\/HTTPS | Used to retrieve Windows Spotlight metadata. |
-| settings-win.data.microsoft.com | HTTPS | Used for Windows apps to dynamically update their configuration. |
-| sls.update.microsoft.com.nsatc.net | TLSv1.2\/HTTPS | Enables connections to Windows Update. |
-| star-mini.c10r.facebook.com | TLSv1.2 | Used for the Facebook Live Tile. |
-| storecatalogrevocation.storequality.microsoft.com | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store. |
-| storeedgefd.dsx.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
-| store-images.s-microsoft.com | HTTP | Used to get images that are used for Microsoft Store suggestions. |
-| tile-service.weather.microsoft.com | HTTP | Used to download updates to the Weather app Live Tile. |
-| tsfe.trafficshaping.dsp.mp.microsoft.com | TLSv1.2 | Used for content regulation. |
-| v10.vortex-win.data.microsoft.com | HTTPS | Used to retrieve Windows Insider Preview builds. |
-| wallet.microsoft.com | HTTPS | Used by the Microsoft Wallet app. |
-| wallet-frontend-prod-westus.cloudapp.net | TLSv1.2 | Used by the Microsoft Wallet app. |
-| watson.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. |
-| wdcp.microsoft.akadns.net | TLSv1.2 | Used for Windows Defender when Cloud-based Protection is enabled. |
-| wildcard.twimg.com | TLSv1.2 | Used for the Twitter Live Tile. |
-| www.bing.com | HTTP | Used for updates for Cortana, apps, and Live Tiles. |
-| www.facebook.com | HTTPS | Used for the Facebook Live Tile. |
-| [www.microsoft.com](http://www.microsoft.com/) | HTTPS | Used for updates for Cortana, apps, and Live Tiles. |
-
-## Windows 10 Pro
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-| *.*.akamai.net | HTTP | Used to download content. |
-| *.*.akamaiedge.net | TLSv1.2\/HTTP | Used to check for updates to maps that have been downloaded for offline use. |
-| *.a-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
-| *.blob.core.windows.net | HTTPS | Used by Windows Update to update words used for language input methods. |
-| *.c-msedge.net | HTTP | Used by OfficeHub to get the metadata of Office apps. |
-| *.dl.delivery.mp.microsoft.com | HTTP | Enables connections to Windows Update. |
-| *.dspb.akamaiedge.net | TLSv1.2 | Used to check for updates to maps that have been downloaded for offline use. |
-| *.dspg.akamaiedge.net | TLSv1.2 | Used to check for updates to maps that have been downloaded for offline use. |
-| *.e-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
-| *.login.msa.akadns6.net | TLSv1.2 | Used for Microsoft accounts to sign in. |
-| *.s-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
-| *.telecommand.telemetry.microsoft.com.akadns.net | TLSv1.2 | Used by Windows Error Reporting. |
-| *.wac.edgecastcdn.net | TLSv1.2 | Used by the Verizon Content Delivery Network to perform Windows updates. |
-| *.wac.phicdn.net | HTTP | Used by the Verizon Content Delivery Network to perform Windows updates. |
-| *.wns.windows.com | TLSv1.2 | Used for the Windows Push Notification Services (WNS). |
-| *prod.do.dsp.mp.microsoft.com | TLSv1.2\/HTTPS | Used for Windows Update downloads of apps and OS updates. |
-| 3.dl.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
-| 3.dl.delivery.mp.microsoft.com.c.footprint.net | HTTP | Enables connections to Windows Update. |
-| 3.tlu.dl.delivery.mp.microsoft.com | HTTP | Enables connections to Windows Update. |
-| 3.tlu.dl.delivery.mp.microsoft.com.c.footprint.net | HTTP | Enables connections to Windows Update. |
-| arc.msn.com | HTTPS | Used to retrieve Windows Spotlight metadata. |
-| arc.msn.com.nsatc.net | TLSv1.3 | Used to retrieve Windows Spotlight metadata. |
-| au.download.windowsupdate.com | HTTPS | Used to download operating system patches and updates. |
-| b-ring.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
-| candycrushsoda.king.com | HTTPS | Used for Candy Crush Saga updates. |
-| cdn.content.prod.cms.msn.com | HTTP | Used to retrieve Windows Spotlight metadata. |
-| cdn.onenote.net | HTTPS | Used for OneNote Live Tile. |
-| client-office365-tas.msedge.net | HTTPS | Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
-| config.edge.skype.com | HTTPS | Used to retrieve Skype configuration values. |
-| ctldl.windowsupdate.com | HTTP | Used to download certificates that are publicly known to be fraudulent. |
-| cs12.<span class="anchor" id="_Hlk500262422"></span>wpc.v0cdn.net | HTTP | Used by the Verizon Content Delivery Network to download content for Windows upgrades with Wireless Planning and Coordination (WPC). |
-| cy2.displaycatalog.md.mp.microsoft.com.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
-| cy2.settings.data.microsoft.com.akadns.net | TLSv1.2 | Used as a way for apps to dynamically update their configuration. |
-| cy2.vortex.data.microsoft.com.akadns.net | TLSv1.2 | Used to retrieve Windows Insider Preview builds. |
-| definitionupdates.microsoft.com | HTTPS | Used for Windows Defender definition updates. |
-| displaycatalog.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
-| download.windowsupdate.com | HTTP | Enables connections to Windows Update. |
-| evoke-windowsservices-tas.msedge.net | HTTPS | Used by the Photos app to download configuration files, and to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
-| fe2.update.microsoft.com | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| fe2.update.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2\/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| fe3.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| fg.download.windowsupdate.com.c.footprint.net | HTTP | Used to download operating system patches and updates. |
-| fp.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
-| fs.microsoft.com | HTTPS | Used to download fonts on demand |
-| g.live.com | HTTP | Used by a redirection service to automatically update URLs. |
-| g.msn.com | HTTPS | Used to retrieve Windows Spotlight metadata. |
-| g.msn.com.nsatc.net | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
-| geo-prod.do.dsp.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
-| geover-prod.do.dsp.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
-| go.microsoft.com | HTTPS | Used by a redirection service to automatically update URLs. |
-| gpla1.wac.v2cdn.net | HTTP | Used for Baltimore CyberTrust Root traffic. . |
-| img-prod-cms-rt-microsoft-com.akamaized.net | HTTPS | Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). |
-| licensing.mp.microsoft.com | HTTPS | Used for online activation and some app licensing. |
-| location-inference-westus.cloudapp.net | TLSv1.2 | Used for location data. |
-| login.live.com | HTTPS | Used to authenticate a device. |
-| l-ring.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
-| mediaredirect.microsoft.com | HTTPS | Used by the Groove Music app to update HTTP handler status. |
-| modern.watson.data.microsoft.com.akadns.net | TLSv1.2 | Used by Windows Error Reporting. |
-| msnbot-*.search.msn.com | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
-| oem.twimg.com | HTTP | Used for the Twitter Live Tile. |
-| oneclient.sfx.ms | HTTP | Used by OneDrive for Business to download and verify app updates. |
-| peer1-wst.msedge.net | HTTP | Used by OfficeHub to get the metadata of Office apps. |
-| pti.store.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
-| pti.store.microsoft.com.unistore.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
-| purchase.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
-| ris.api.iris.microsoft.com | HTTPS | Used to retrieve Windows Spotlight metadata. |
-| settings-win.data.microsoft.com | HTTPS | Used for Windows apps to dynamically update their configuration. |
-| sls.update.microsoft.com | HTTPS | Enables connections to Windows Update. |
-| storecatalogrevocation.storequality.microsoft.com | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store. |
-| storeedgefd.dsx.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
-| store-images.s-microsoft.com | HTTPS | Used to get images that are used for Microsoft Store suggestions. |
-| store-images.s-microsoft.com | HTTPS | Used to get images that are used for Microsoft Store suggestions. |
-| telecommand.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. |
-| tile-service.weather.microsoft.com | HTTP | Used to download updates to the Weather app Live Tile. |
-| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation. |
-| v10.vortex-win.data.microsoft.com | HTTPS | Used to retrieve Windows Insider Preview builds. |
-| wallet.microsoft.com | HTTPS | Used by the Microsoft Wallet app. |
-| watson.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. |
-| wdcp.microsoft.akadns.net | HTTPS | Used for Windows Defender when Cloud-based Protection is enabled. |
-| wildcard.twimg.com | TLSv1.2 | Used for the Twitter Live Tile. |
-| www.bing.com | TLSv1.2 | Used for updates for Cortana, apps, and Live Tiles. |
-| www.facebook.com | HTTPS | Used for the Facebook Live Tile. |
-| [www.microsoft.com](http://www.microsoft.com/) | HTTPS | Used for updates for Cortana, apps, and Live Tiles. |
-
-## Windows 10 Education
-
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-| *.a-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
-| *.b.akamaiedge.net | TLSv1.2 | Used to check for updates to maps that have been downloaded for offline use. |
-| *.c-msedge.net | HTTP | Used by OfficeHub to get the metadata of Office apps. |
-| *.dscb1.akamaiedge.net | HTTP | Used to check for updates to maps that have been downloaded for offline use. |
-| *.dscd.akamai.net | HTTP | Used to download content. |
-| *.dspb.akamaiedge.net | TLSv1.2 | Used to check for updates to maps that have been downloaded for offline use. |
-| *.dspw65.akamai.net | HTTP | Used to download content. |
-| *.e-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
-| *.g.akamai.net | HTTP | Used to download content. |
-| *.g.akamaiedge.net | TLSv1.2 | Used to check for updates to maps that have been downloaded for offline use. |
-| *.l.windowsupdate.com | HTTP | Enables connections to Windows Update. |
-| *.s-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
-| *.wac.phicdn.net | HTTP | Used by the Verizon Content Delivery Network to perform Windows updates |
-| *.wns.windows.com | TLSv1.2 | Used for the Windows Push Notification Services (WNS). |
-| *prod.do.dsp.mp.microsoft.com | TLSv1.2 | Used for Windows Update downloads of apps and OS updates. |
-| *prod.do.dsp.mp.microsoft.com.nsatc.net | TLSv1.2 | Used for Windows Update downloads of apps and OS updates. |
-| 3.dl.delivery.mp.microsoft.com.c.footprint.net | HTTP | Enables connections to Windows Update. |
-| 3.tlu.dl.delivery.mp.microsoft.com.c.footprint.net | HTTP | Enables connections to Windows Update. |
-| a-ring.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
-| au.download.windowsupdate.com | HTTP | Used to download operating system patches and updates. |
-| cdn.onenote.net | HTTPS | Used for OneNote Live Tile. |
-| cds.*.hwcdn.net | HTTP | Used by the Highwinds Content Delivery Network to perform Windows updates. |
-| co4.telecommand.telemetry.microsoft.com.akadns.net | TLSv1.2 | Used by Windows Error Reporting. |
-| config.edge.skype.com | HTTPS | Used to retrieve Skype configuration values. |
-| ctldl.windowsupdate.com | HTTP | Used to download certificates that are publicly known to be fraudulent. |
-| cs12.wpc.v0cdn.net | HTTP | Used by the Verizon Content Delivery Network to download content for Windows upgrades with Wireless Planning and Coordination (WPC). |
-| cy2.displaycatalog.md.mp.microsoft.com.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
-| cy2.settings.data.microsoft.com.akadns.net | TLSv1.2 | Used as a way for apps to dynamically update their configuration. |
-| cy2.vortex.data.microsoft.com.akadns.net | TLSv1.2 | Used to retrieve Windows Insider Preview builds. |
-| dl.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
-| download.windowsupdate.com | HTTP | Enables connections to Windows Update. |
-| evoke-windowsservices-tas.msedge.net/ab | HTTPS | Used by the Photos app to download configuration files, and to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
-| fe2.update.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update. |
-| fg.download.windowsupdate.com.c.footprint.net | HTTP | Used to download operating system patches and updates. |
-| fp.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
-| g.msn.com.nsatc.net | TLSv1.2\/HTTP | Used to retrieve Windows Spotlight metadata. |
-| geo-prod.do.dsp.mp.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update. |
-| geover-prod.do.dsp.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
-| go.microsoft.com | HTTPS | Used by a redirection service to automatically update URLs. |
-| gpla1.wac.v2cdn.net | HTTP | Used for Baltimore CyberTrust Root traffic. . |
-| ipv4.login.msa.akadns6.net | TLSv1.2 | Used for Microsoft accounts to sign in. |
-| licensing.mp.microsoft.com | HTTPS | Used for online activation and some app licensing. |
-| location-inference-westus.cloudapp.net | TLSv1.2 | Used for location data. |
-| login.live.com/* | HTTPS | Used to authenticate a device. |
-| l-ring.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
-| mediaredirect.microsoft.com | HTTPS | Used by the Groove Music app to update HTTP handler status. |
-| modern.watson.data.microsoft.com.akadns.net | TLSv1.2 | Used by Windows Error Reporting. |
-| msftconnecttest.com/* | HTTP | Used by Network Connection Status Indicator (NCSI) to detect Internet connectivity and corporate network connectivity status. |
-| msnbot-65-52-108-198.search.msn.com | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
-| oneclient.sfx.ms | HTTP | Used by OneDrive for Business to download and verify app updates. |
-| peer1-wst.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
-| pti.store.microsoft.com.unistore.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
-| settings-win.data.microsoft.com | HTTPS | Used for Windows apps to dynamically update their configuration. |
-| sls.update.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update. |
-| store-images.s-microsoft.com | HTTPS | Used to get images that are used for Microsoft Store suggestions. |
-| tile-service.weather.microsoft.com | HTTP | Used to download updates to the Weather app Live Tile. |
-| telecommand.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. |
-| tsfe.trafficshaping.dsp.mp.microsoft.com | TLSv1.2 | Used for content regulation. |
-| wallet.microsoft.com | HTTPS | Used by the Microsoft Wallet app. |
-| watson.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. |
-| wdcp.microsoft.akadns.net | TLSv1.2 | Used for Windows Defender when Cloud-based Protection is enabled. |
-| www.bing.com | HTTPS | Used for updates for Cortana, apps, and Live Tiles. |
+To view endpoints for non-Enterprise Windows 10 editions, see:
+- [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md)
+- [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md)
 
 ## Related links
 
diff --git a/windows/privacy/windows-diagnostic-data-1703.md b/windows/privacy/windows-diagnostic-data-1703.md
index 67fd23abec..15ce44125d 100644
--- a/windows/privacy/windows-diagnostic-data-1703.md
+++ b/windows/privacy/windows-diagnostic-data-1703.md
@@ -1,6 +1,6 @@
 ---
 title: Windows 10 diagnostic data for the Full diagnostic data level (Windows 10)
-description: Use this article to learn about the types of data that is collected the the Full diagnostic data level.
+description: Use this article to learn about the types of data that is collected the Full diagnostic data level.
 keywords: privacy,Windows 10
 ms.prod: w10
 ms.mktglfcycl: manage
diff --git a/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md
new file mode 100644
index 0000000000..601a236c61
--- /dev/null
+++ b/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md
@@ -0,0 +1,273 @@
+---
+title: Windows 10, version 1709, connection endpoints for non-Enterprise editions
+description: Explains what Windows 10 endpoints are used in non-Enterprise editions.
+keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.localizationpriority: high
+author: danihalfin
+ms.author: daniha
+ms.date: 6/26/2018
+---
+# Windows 10, version 1709, connection endpoints for non-Enterprise editions
+
+ **Applies to**
+
+- Windows 10 Home, version 1709
+- Windows 10 Professional, version 1709
+- Windows 10 Education, version 1709
+
+In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-endpoints.md), the following endpoints are available on other editions of Windows 10, version 1709.
+
+We used the following methodology to derive these network endpoints:
+
+1.	Set up the latest version of Windows 10 on a test virtual machine using the default settings. 
+2.	Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
+3.	Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
+4.	Compile reports on traffic going to public IP addresses.
+5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
+
+> [!NOTE]
+> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
+
+## Windows 10 Home
+
+| **Destination** | **Protocol** | **Description** |
+| --- | --- | --- |
+| *.tlu.dl.delivery.mp.microsoft.com.c.footprint.net | HTTP | Enables connections to Windows Update. |
+| *.wac.phicdn.net | HTTP | Used by the Verizon Content Delivery Network to perform Windows updates. |
+| *.1.msftsrvcs.vo.llnwi.net | HTTP | Used for Windows Update downloads of apps and OS updates. |
+| *.c-msedge.net | HTTP | Used by OfficeHub to get the metadata of Office apps. |
+| *.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update. |
+| *.dscd.akamai.net | HTTP | Used to download content. |
+| *.dspg.akamaiedge.net | HTTP | Used to check for updates to maps that have been downloaded for offline use. |
+| *.hwcdn.net | HTTP | Used by the Highwinds Content Delivery Network to perform Windows updates. |
+| *.m1-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
+| *.search.msn.com | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
+| *.wac.edgecastcdn.net | TLSv1.2 | Used by the Verizon Content Delivery Network to perform Windows updates. |
+| *.wns.windows.com | TLSv1.2 | Used for the Windows Push Notification Services (WNS). |
+| *prod.do.dsp.mp.microsoft.com | TLSv1.2\/HTTPS | Used for Windows Update downloads of apps and OS updates. |
+| .g.akamaiedge.net | HTTP | Used to check for updates to maps that have been downloaded for offline use. |
+| telecommand.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. |
+| 2.dl.delivery.mp.microsoft.com | HTTP | Enables connections to Windows Update. |
+| 2.tlu.dl.delivery.mp.microsoft.com | HTTP | Enables connections to Windows Update. |
+| arc.msn.com | HTTPS | Used to retrieve Windows Spotlight metadata. |
+| arc.msn.com.nsatc.net | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
+| a-ring.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
+| au.download.windowsupdate.com | HTTP | Used to download operating system patches and updates. |
+| b-ring.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
+| candycrushsoda.king.com | TLSv1.2 | Used for Candy Crush Saga updates. |
+| cdn.content.prod.cms.msn.com | HTTP | Used to retrieve Windows Spotlight metadata. |
+| cdn.onenote.net | HTTP | Used for OneNote Live Tile. |
+| client-office365-tas.msedge.net | HTTP | Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
+| config.edge.skype.com | HTTP | Used to retrieve Skype configuration values. |
+| ctldl.windowsupdate.com | HTTP | Used to download certificates that are publicly known to be fraudulent. |
+| cy2.displaycatalog.md.mp.microsoft.com.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
+| cy2.licensing.md.mp.microsoft.com.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
+| cy2.purchase.md.mp.microsoft.com.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
+| cy2.settings.data.microsoft.com.akadns.net | TLSv1.2 | Used as a way for apps to dynamically update their configuration. |
+| cy2.vortex.data.microsoft.com.akadns.net | TLSv1.2 | Used to retrieve Windows Insider Preview builds. |
+| definitionupdates.microsoft.com | HTTPS | Used for Windows Defender definition updates. |
+| displaycatalog.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
+| dl.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
+| dual-a-0001.a-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
+| fe2.update.microsoft.com | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| fe2.update.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2\/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| fg.download.windowsupdate.com.c.footprint.net | HTTP | Used to download operating system patches and updates. |
+| fp.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
+| g.live.com/1rewlive5skydrive/ | HTTPS | Used by a redirection service to automatically update URLs. |
+| g.msn.com.nsatc.net | HTTP | Used to retrieve Windows Spotlight metadata. |
+| geo-prod.do.dsp.mp.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update. |
+| go.microsoft.com | HTTPS | Used by a redirection service to automatically update URLs. |
+| img-prod-cms-rt-microsoft-com.akamaized.net | HTTPS | Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). |
+| *.login.msa.akadns6.net | TLSv1.2 | Used for Microsoft accounts to sign in. |
+| licensing.mp.microsoft.com | HTTPS | Used for online activation and some app licensing. |
+| location-inference-westus.cloudapp.net | TLSv1.2 | Used for location data. |
+| login.live.com | HTTPS | Used to authenticate a device. |
+| mediaredirect.microsoft.com | HTTPS | Used by the Groove Music app to update HTTP handler status. |
+| modern.watson.data.microsoft.com.akadns.net | TLSv1.2 | Used by Windows Error Reporting. |
+| msftsrvcs.vo.llnwd.net | HTTP | Enables connections to Windows Update. |
+| msnbot-*.search.msn.com | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
+| oem.twimg.com | HTTPS | Used for the Twitter Live Tile. |
+| oneclient.sfx.ms | HTTPS | Used by OneDrive for Business to download and verify app updates. |
+| peer4-wst.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
+| pti.store.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
+| pti.store.microsoft.com.unistore.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
+| purchase.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
+| ris.api.iris.microsoft.com.akadns.net | TLSv1.2\/HTTPS | Used to retrieve Windows Spotlight metadata. |
+| settings-win.data.microsoft.com | HTTPS | Used for Windows apps to dynamically update their configuration. |
+| sls.update.microsoft.com.nsatc.net | TLSv1.2\/HTTPS | Enables connections to Windows Update. |
+| star-mini.c10r.facebook.com | TLSv1.2 | Used for the Facebook Live Tile. |
+| storecatalogrevocation.storequality.microsoft.com | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store. |
+| storeedgefd.dsx.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
+| store-images.s-microsoft.com | HTTP | Used to get images that are used for Microsoft Store suggestions. |
+| tile-service.weather.microsoft.com | HTTP | Used to download updates to the Weather app Live Tile. |
+| tsfe.trafficshaping.dsp.mp.microsoft.com | TLSv1.2 | Used for content regulation. |
+| v10.vortex-win.data.microsoft.com | HTTPS | Used to retrieve Windows Insider Preview builds. |
+| wallet.microsoft.com | HTTPS | Used by the Microsoft Wallet app. |
+| wallet-frontend-prod-westus.cloudapp.net | TLSv1.2 | Used by the Microsoft Wallet app. |
+| watson.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. |
+| wdcp.microsoft.akadns.net | TLSv1.2 | Used for Windows Defender when Cloud-based Protection is enabled. |
+| wildcard.twimg.com | TLSv1.2 | Used for the Twitter Live Tile. |
+| www.bing.com | HTTP | Used for updates for Cortana, apps, and Live Tiles. |
+| www.facebook.com | HTTPS | Used for the Facebook Live Tile. |
+| [www.microsoft.com](http://www.microsoft.com/) | HTTPS | Used for updates for Cortana, apps, and Live Tiles. |
+
+## Windows 10 Pro
+
+| **Destination** | **Protocol** | **Description** |
+| --- | --- | --- |
+| *.*.akamai.net | HTTP | Used to download content. |
+| *.*.akamaiedge.net | TLSv1.2\/HTTP | Used to check for updates to maps that have been downloaded for offline use. |
+| *.a-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
+| *.blob.core.windows.net | HTTPS | Used by Windows Update to update words used for language input methods. |
+| *.c-msedge.net | HTTP | Used by OfficeHub to get the metadata of Office apps. |
+| *.dl.delivery.mp.microsoft.com | HTTP | Enables connections to Windows Update. |
+| *.dspb.akamaiedge.net | TLSv1.2 | Used to check for updates to maps that have been downloaded for offline use. |
+| *.dspg.akamaiedge.net | TLSv1.2 | Used to check for updates to maps that have been downloaded for offline use. |
+| *.e-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
+| *.login.msa.akadns6.net | TLSv1.2 | Used for Microsoft accounts to sign in. |
+| *.s-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
+| *.telecommand.telemetry.microsoft.com.akadns.net | TLSv1.2 | Used by Windows Error Reporting. |
+| *.wac.edgecastcdn.net | TLSv1.2 | Used by the Verizon Content Delivery Network to perform Windows updates. |
+| *.wac.phicdn.net | HTTP | Used by the Verizon Content Delivery Network to perform Windows updates. |
+| *.wns.windows.com | TLSv1.2 | Used for the Windows Push Notification Services (WNS). |
+| *prod.do.dsp.mp.microsoft.com | TLSv1.2\/HTTPS | Used for Windows Update downloads of apps and OS updates. |
+| 3.dl.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
+| 3.dl.delivery.mp.microsoft.com.c.footprint.net | HTTP | Enables connections to Windows Update. |
+| 3.tlu.dl.delivery.mp.microsoft.com | HTTP | Enables connections to Windows Update. |
+| 3.tlu.dl.delivery.mp.microsoft.com.c.footprint.net | HTTP | Enables connections to Windows Update. |
+| arc.msn.com | HTTPS | Used to retrieve Windows Spotlight metadata. |
+| arc.msn.com.nsatc.net | TLSv1.3 | Used to retrieve Windows Spotlight metadata. |
+| au.download.windowsupdate.com | HTTPS | Used to download operating system patches and updates. |
+| b-ring.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
+| candycrushsoda.king.com | HTTPS | Used for Candy Crush Saga updates. |
+| cdn.content.prod.cms.msn.com | HTTP | Used to retrieve Windows Spotlight metadata. |
+| cdn.onenote.net | HTTPS | Used for OneNote Live Tile. |
+| client-office365-tas.msedge.net | HTTPS | Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
+| config.edge.skype.com | HTTPS | Used to retrieve Skype configuration values. |
+| ctldl.windowsupdate.com | HTTP | Used to download certificates that are publicly known to be fraudulent. |
+| cs12.<span class="anchor" id="_Hlk500262422"></span>wpc.v0cdn.net | HTTP | Used by the Verizon Content Delivery Network to download content for Windows upgrades with Wireless Planning and Coordination (WPC). |
+| cy2.displaycatalog.md.mp.microsoft.com.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
+| cy2.settings.data.microsoft.com.akadns.net | TLSv1.2 | Used as a way for apps to dynamically update their configuration. |
+| cy2.vortex.data.microsoft.com.akadns.net | TLSv1.2 | Used to retrieve Windows Insider Preview builds. |
+| definitionupdates.microsoft.com | HTTPS | Used for Windows Defender definition updates. |
+| displaycatalog.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
+| download.windowsupdate.com | HTTP | Enables connections to Windows Update. |
+| evoke-windowsservices-tas.msedge.net | HTTPS | Used by the Photos app to download configuration files, and to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
+| fe2.update.microsoft.com | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| fe2.update.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2\/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| fe3.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| fg.download.windowsupdate.com.c.footprint.net | HTTP | Used to download operating system patches and updates. |
+| fp.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
+| fs.microsoft.com | HTTPS | Used to download fonts on demand |
+| g.live.com | HTTP | Used by a redirection service to automatically update URLs. |
+| g.msn.com | HTTPS | Used to retrieve Windows Spotlight metadata. |
+| g.msn.com.nsatc.net | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
+| geo-prod.do.dsp.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
+| geover-prod.do.dsp.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
+| go.microsoft.com | HTTPS | Used by a redirection service to automatically update URLs. |
+| gpla1.wac.v2cdn.net | HTTP | Used for Baltimore CyberTrust Root traffic. . |
+| img-prod-cms-rt-microsoft-com.akamaized.net | HTTPS | Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). |
+| licensing.mp.microsoft.com | HTTPS | Used for online activation and some app licensing. |
+| location-inference-westus.cloudapp.net | TLSv1.2 | Used for location data. |
+| login.live.com | HTTPS | Used to authenticate a device. |
+| l-ring.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
+| mediaredirect.microsoft.com | HTTPS | Used by the Groove Music app to update HTTP handler status. |
+| modern.watson.data.microsoft.com.akadns.net | TLSv1.2 | Used by Windows Error Reporting. |
+| msnbot-*.search.msn.com | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
+| oem.twimg.com | HTTP | Used for the Twitter Live Tile. |
+| oneclient.sfx.ms | HTTP | Used by OneDrive for Business to download and verify app updates. |
+| peer1-wst.msedge.net | HTTP | Used by OfficeHub to get the metadata of Office apps. |
+| pti.store.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
+| pti.store.microsoft.com.unistore.akadns.net | HTTPS | Used to communicate with Microsoft Store. |
+| purchase.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
+| ris.api.iris.microsoft.com | HTTPS | Used to retrieve Windows Spotlight metadata. |
+| settings-win.data.microsoft.com | HTTPS | Used for Windows apps to dynamically update their configuration. |
+| sls.update.microsoft.com | HTTPS | Enables connections to Windows Update. |
+| storecatalogrevocation.storequality.microsoft.com | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store. |
+| storeedgefd.dsx.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
+| store-images.s-microsoft.com | HTTPS | Used to get images that are used for Microsoft Store suggestions. |
+| store-images.s-microsoft.com | HTTPS | Used to get images that are used for Microsoft Store suggestions. |
+| telecommand.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. |
+| tile-service.weather.microsoft.com | HTTP | Used to download updates to the Weather app Live Tile. |
+| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation. |
+| v10.vortex-win.data.microsoft.com | HTTPS | Used to retrieve Windows Insider Preview builds. |
+| wallet.microsoft.com | HTTPS | Used by the Microsoft Wallet app. |
+| watson.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. |
+| wdcp.microsoft.akadns.net | HTTPS | Used for Windows Defender when Cloud-based Protection is enabled. |
+| wildcard.twimg.com | TLSv1.2 | Used for the Twitter Live Tile. |
+| www.bing.com | TLSv1.2 | Used for updates for Cortana, apps, and Live Tiles. |
+| www.facebook.com | HTTPS | Used for the Facebook Live Tile. |
+| [www.microsoft.com](http://www.microsoft.com/) | HTTPS | Used for updates for Cortana, apps, and Live Tiles. |
+
+## Windows 10 Education
+
+| **Destination** | **Protocol** | **Description** |
+| --- | --- | --- |
+| *.a-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
+| *.b.akamaiedge.net | TLSv1.2 | Used to check for updates to maps that have been downloaded for offline use. |
+| *.c-msedge.net | HTTP | Used by OfficeHub to get the metadata of Office apps. |
+| *.dscb1.akamaiedge.net | HTTP | Used to check for updates to maps that have been downloaded for offline use. |
+| *.dscd.akamai.net | HTTP | Used to download content. |
+| *.dspb.akamaiedge.net | TLSv1.2 | Used to check for updates to maps that have been downloaded for offline use. |
+| *.dspw65.akamai.net | HTTP | Used to download content. |
+| *.e-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
+| *.g.akamai.net | HTTP | Used to download content. |
+| *.g.akamaiedge.net | TLSv1.2 | Used to check for updates to maps that have been downloaded for offline use. |
+| *.l.windowsupdate.com | HTTP | Enables connections to Windows Update. |
+| *.s-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. |
+| *.wac.phicdn.net | HTTP | Used by the Verizon Content Delivery Network to perform Windows updates |
+| *.wns.windows.com | TLSv1.2 | Used for the Windows Push Notification Services (WNS). |
+| *prod.do.dsp.mp.microsoft.com | TLSv1.2 | Used for Windows Update downloads of apps and OS updates. |
+| *prod.do.dsp.mp.microsoft.com.nsatc.net | TLSv1.2 | Used for Windows Update downloads of apps and OS updates. |
+| 3.dl.delivery.mp.microsoft.com.c.footprint.net | HTTP | Enables connections to Windows Update. |
+| 3.tlu.dl.delivery.mp.microsoft.com.c.footprint.net | HTTP | Enables connections to Windows Update. |
+| a-ring.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
+| au.download.windowsupdate.com | HTTP | Used to download operating system patches and updates. |
+| cdn.onenote.net | HTTPS | Used for OneNote Live Tile. |
+| cds.*.hwcdn.net | HTTP | Used by the Highwinds Content Delivery Network to perform Windows updates. |
+| co4.telecommand.telemetry.microsoft.com.akadns.net | TLSv1.2 | Used by Windows Error Reporting. |
+| config.edge.skype.com | HTTPS | Used to retrieve Skype configuration values. |
+| ctldl.windowsupdate.com | HTTP | Used to download certificates that are publicly known to be fraudulent. |
+| cs12.wpc.v0cdn.net | HTTP | Used by the Verizon Content Delivery Network to download content for Windows upgrades with Wireless Planning and Coordination (WPC). |
+| cy2.displaycatalog.md.mp.microsoft.com.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
+| cy2.settings.data.microsoft.com.akadns.net | TLSv1.2 | Used as a way for apps to dynamically update their configuration. |
+| cy2.vortex.data.microsoft.com.akadns.net | TLSv1.2 | Used to retrieve Windows Insider Preview builds. |
+| dl.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
+| download.windowsupdate.com | HTTP | Enables connections to Windows Update. |
+| evoke-windowsservices-tas.msedge.net/ab | HTTPS | Used by the Photos app to download configuration files, and to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
+| fe2.update.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update. |
+| fg.download.windowsupdate.com.c.footprint.net | HTTP | Used to download operating system patches and updates. |
+| fp.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
+| g.msn.com.nsatc.net | TLSv1.2\/HTTP | Used to retrieve Windows Spotlight metadata. |
+| geo-prod.do.dsp.mp.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update. |
+| geover-prod.do.dsp.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
+| go.microsoft.com | HTTPS | Used by a redirection service to automatically update URLs. |
+| gpla1.wac.v2cdn.net | HTTP | Used for Baltimore CyberTrust Root traffic. . |
+| ipv4.login.msa.akadns6.net | TLSv1.2 | Used for Microsoft accounts to sign in. |
+| licensing.mp.microsoft.com | HTTPS | Used for online activation and some app licensing. |
+| location-inference-westus.cloudapp.net | TLSv1.2 | Used for location data. |
+| login.live.com/* | HTTPS | Used to authenticate a device. |
+| l-ring.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
+| mediaredirect.microsoft.com | HTTPS | Used by the Groove Music app to update HTTP handler status. |
+| modern.watson.data.microsoft.com.akadns.net | TLSv1.2 | Used by Windows Error Reporting. |
+| msftconnecttest.com/* | HTTP | Used by Network Connection Status Indicator (NCSI) to detect Internet connectivity and corporate network connectivity status. |
+| msnbot-65-52-108-198.search.msn.com | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
+| oneclient.sfx.ms | HTTP | Used by OneDrive for Business to download and verify app updates. |
+| peer1-wst.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
+| pti.store.microsoft.com.unistore.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
+| settings-win.data.microsoft.com | HTTPS | Used for Windows apps to dynamically update their configuration. |
+| sls.update.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update. |
+| store-images.s-microsoft.com | HTTPS | Used to get images that are used for Microsoft Store suggestions. |
+| tile-service.weather.microsoft.com | HTTP | Used to download updates to the Weather app Live Tile. |
+| telecommand.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. |
+| tsfe.trafficshaping.dsp.mp.microsoft.com | TLSv1.2 | Used for content regulation. |
+| wallet.microsoft.com | HTTPS | Used by the Microsoft Wallet app. |
+| watson.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. |
+| wdcp.microsoft.akadns.net | TLSv1.2 | Used for Windows Defender when Cloud-based Protection is enabled. |
+| www.bing.com | HTTPS | Used for updates for Cortana, apps, and Live Tiles. |
\ No newline at end of file
diff --git a/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md
new file mode 100644
index 0000000000..ea2c517a4f
--- /dev/null
+++ b/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md
@@ -0,0 +1,148 @@
+---
+title: Windows 10, version 1803, connection endpoints for non-Enterprise editions
+description: Explains what Windows 10 endpoints are used in non-Enterprise editions.
+keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.localizationpriority: high
+author: danihalfin
+ms.author: daniha
+ms.date: 6/26/2018
+---
+# Windows 10, version 1803, connection endpoints for non-Enterprise editions
+
+ **Applies to**
+
+- Windows 10 Home, version 1803
+- Windows 10 Professional, version 1803
+- Windows 10 Education, version 1803
+
+In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-endpoints.md), the following endpoints are available on other editions of Windows 10, version 1803.
+
+We used the following methodology to derive these network endpoints:
+
+1.	Set up the latest version of Windows 10 on a test virtual machine using the default settings. 
+2.	Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
+3.	Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
+4.	Compile reports on traffic going to public IP addresses.
+5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
+
+> [!NOTE]
+> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
+
+## Windows 10 Family
+
+| **Destination** | **Protocol** | **Description** |
+| --- | --- | --- |
+| *.e-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
+| *.g.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
+| *.s-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
+| *.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ | HTTP | Enables connections to Windows Update. |
+| arc.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
+| arc.msn.com/v3/Delivery/Placement	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
+| client-office365-tas.msedge.net*	| HTTPS |	Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
+| config.edge.skype.com/config/*	| HTTPS |	Used to retrieve Skype configuration values. |
+| ctldl.windowsupdate.com/msdownload/update* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
+| cy2.displaycatalog.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
+| cy2.licensing.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
+| cy2.settings.data.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
+| displaycatalog.mp.microsoft.com*	| HTTPS |	Used to communicate with Microsoft Store. |
+|dm3p.wns.notify.windows.com.akadns.net	| HTTPS |	Used for the Windows Push Notification Services (WNS). |
+| fe2.update.microsoft.com*	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| fe3.delivery.dsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| fe3.delivery.mp.microsoft.com	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| g.live.com/odclientsettings/Prod	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
+| g.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
+| geo-prod.dodsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update. |
+| ipv4.login.msa.akadns6.net	| HTTPS |	Used for Microsoft accounts to sign in. |
+| licensing.mp.microsoft.com/v7.0/licenses/content	| HTTPS |	Used for online activation and some app licensing. |
+| location-inference-westus.cloudapp.net	| HTTPS |	Used for location data. |
+| maps.windows.com/windows-app-web-link	| HTTPS |	Link to Maps application. |
+| modern.watson.data.microsoft.com.akadns.net	| HTTPS |	Used by Windows Error Reporting. |
+| ocos-office365-s2s.msedge.net*	| HTTPS | Used to connect to the Office 365 portal's shared infrastructure. |
+| ocsp.digicert.com* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
+| oneclient.sfx.ms*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
+| query.prod.cms.rt.microsoft.com*	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
+| ris.api.iris.microsoft.com*	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
+| settings.data.microsoft.com/settings/v2.0/*	| HTTPS |	Used for Windows apps to dynamically update their configuration. |
+| settings-win.data.microsoft.com/settings/*	| HTTPS |	Used as a way for apps to dynamically update their configuration.  |
+| sls.update.microsoft.com*	| HTTPS |	Enables connections to Windows Update. |
+| storecatalogrevocation.storequality.microsoft.com*	| HTTPS |	Used to revoke licenses for malicious apps on the Microsoft Store. |
+| storeedgefd.dsx.mp.microsoft.com*	| HTTPS |	Used to communicate with Microsoft Store. |
+| tile-service.weather.microsoft.com* | HTTP | Used to download updates to the Weather app Live Tile. |
+| tsfe.trafficshaping.dsp.mp.microsoft.com	| HTTPS |	Used for content regulation. |
+| ip5.afdorigin-prod-am02.afdogw.com	| HTTPS |	Used to serve office 365 experimentation traffic. |
+| watson.telemetry.microsoft.com/Telemetry.Request	| HTTPS |	Used by Windows Error Reporting. |
+
+
+## Windows 10 Pro
+
+| **Destination** | **Protocol** | **Description** |
+| --- | --- | --- |
+| *.e-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
+| *.g.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
+| *.s-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
+| *.tlu.dl.delivery.mp.microsoft.com/* | HTTP | Enables connections to Windows Update. |
+| *geo-prod.dodsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update. |
+| arc.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
+| au.download.windowsupdate.com/* | HTTP | Enables connections to Windows Update. |
+| ctldl.windowsupdate.com/msdownload/update/* | HTTP |	Used to download certificates that are publicly known to be fraudulent. |
+| cy2.licensing.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
+| cy2.settings.data.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
+| dm3p.wns.notify.windows.com.akadns.net	| HTTPS |	Used for the Windows Push Notification Services (WNS) |
+| fe3.delivery.dsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| g.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
+| ipv4.login.msa.akadns6.net	| HTTPS |	Used for Microsoft accounts to sign in. |
+| location-inference-westus.cloudapp.net	| HTTPS |	Used for location data. |
+| modern.watson.data.microsoft.com.akadns.net	| HTTPS |	Used by Windows Error Reporting. |
+| ocsp.digicert.com* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
+| ris.api.iris.microsoft.com.akadns.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
+| tile-service.weather.microsoft.com/* | HTTP |	Used to download updates to the Weather app Live Tile. |
+| tsfe.trafficshaping.dsp.mp.microsoft.com	| HTTPS |	Used for content regulation. |
+| vip5.afdorigin-prod-am02.afdogw.com	| HTTPS |	Used to serve office 365 experimentation traffic |
+
+
+## Windows 10 Education
+
+| **Destination** | **Protocol** | **Description** |
+| --- | --- | --- |
+| *.b.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
+| *.e-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
+| *.g.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
+| *.s-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
+| *.telecommand.telemetry.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
+| *.tlu.dl.delivery.mp.microsoft.com* | HTTP | Enables connections to Windows Update. |
+| *.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
+| *geo-prod.do.dsp.mp.microsoft.com	| HTTPS |	Enables connections to Windows Update. |
+| au.download.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
+| cdn.onenote.net/livetile/*	| HTTPS |	Used for OneNote Live Tile. |
+| client-office365-tas.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
+| config.edge.skype.com/*	| HTTPS |	Used to retrieve Skype configuration values.  |
+| ctldl.windowsupdate.com/* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
+| cy2.displaycatalog.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
+| cy2.licensing.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
+| cy2.settings.data.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
+| displaycatalog.mp.microsoft.com/*	| HTTPS |	Used to communicate with Microsoft Store. | 
+| download.windowsupdate.com/*	| HTTPS |	Enables connections to Windows Update. |
+| emdl.ws.microsoft.com/* | HTTP | Used to download apps from the Microsoft Store. |
+| fe2.update.microsoft.com/*	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| fe3.delivery.dsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| fe3.delivery.mp.microsoft.com/*	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| g.live.com/odclientsettings/*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
+| g.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
+| ipv4.login.msa.akadns6.net	| HTTPS |	Used for Microsoft accounts to sign in. |
+| licensing.mp.microsoft.com/*	| HTTPS |	Used for online activation and some app licensing. |
+| maps.windows.com/windows-app-web-link	| HTTPS |	Link to Maps application |
+| modern.watson.data.microsoft.com.akadns.net	| HTTPS |	Used by Windows Error Reporting. |
+| ocos-office365-s2s.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal's shared infrastructure. |
+| ocsp.digicert.com* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
+| oneclient.sfx.ms/*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
+| settings-win.data.microsoft.com/settings/*	| HTTPS |	Used as a way for apps to dynamically update their configuration. |
+| sls.update.microsoft.com/*	| HTTPS |	Enables connections to Windows Update. |
+| storecatalogrevocation.storequality.microsoft.com/*	| HTTPS |	Used to revoke licenses for malicious apps on the Microsoft Store. |
+| tile-service.weather.microsoft.com/* | HTTP | Used to download updates to the Weather app Live Tile. |
+| tsfe.trafficshaping.dsp.mp.microsoft.com	| HTTPS |	Used for content regulation. |
+| vip5.afdorigin-prod-ch02.afdogw.com	| HTTPS |	Used to serve office 365 experimentation traffic. |
+| watson.telemetry.microsoft.com/Telemetry.Request	| HTTPS |	Used by Windows Error Reporting. |
+| bing.com/*	| HTTPS |	Used for updates for Cortana, apps, and Live Tiles. |
diff --git a/windows/privacy/windows-personal-data-services-configuration.md b/windows/privacy/windows-personal-data-services-configuration.md
index 4b824f3b1d..9c969844b3 100644
--- a/windows/privacy/windows-personal-data-services-configuration.md
+++ b/windows/privacy/windows-personal-data-services-configuration.md
@@ -109,7 +109,7 @@ This setting determines whether a device shows notifications about Windows diagn
 >| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection |
 >| **Value** | DisableTelemetryOptInChangeNotification |
 >| **Type** | REG_DWORD |
->| **Setting** | "00000001" |
+>| **Setting** | "00000000" |
 
 #### MDM
 
diff --git a/windows/security/TOC.md b/windows/security/TOC.md
index 1a508b07b8..ad302db477 100644
--- a/windows/security/TOC.md
+++ b/windows/security/TOC.md
@@ -1,5 +1,7 @@
 # [Security](index.yml)
 ## [Identity and access management](identity-protection/index.md)
-## [Threat protection](threat-protection/index.md)
 ## [Information protection](information-protection/index.md)
-## [Hardware-based protection](hardware-protection/index.md)
\ No newline at end of file
+## [Hardware-based protection](hardware-protection/index.md)
+## [Threat protection](threat-protection/index.md)
+
+
diff --git a/windows/security/hardware-protection/TOC.md b/windows/security/hardware-protection/TOC.md
index 86788da403..3dac21b0fa 100644
--- a/windows/security/hardware-protection/TOC.md
+++ b/windows/security/hardware-protection/TOC.md
@@ -2,7 +2,7 @@
 
 ## [Encrypted Hard Drive](encrypted-hard-drive.md)
 
-## [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md)
+## [Windows Defender System Guard](how-hardware-based-containers-help-protect-windows.md)
 
 ## [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)
 
diff --git a/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows.md b/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows.md
index 8b6124f000..c26efe3d4f 100644
--- a/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows.md
+++ b/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows.md
@@ -15,46 +15,37 @@ ms.date: 06/29/2017
 Windows 10 uses containers to isolate sensitive system services and data, enabling them to remain secure even when the operating system has been compromised. 
 Windows 10 protects critical resources, such as the Windows authentication stack, single sign-on tokens, Windows Hello biometric stack, and Virtual Trusted Platform Module, by using a container type called Windows Defender System Guard. 
 
-Protecting system services and data with Windows Defender System Guard is an important first step, but is just the beginning of what we need to do as it doesn’t protect the rest of the operating system, information on the device, other apps, or the network. 
-Since systems are generally compromised through the application layer, and often though browsers, Windows 10 includes Windows Defender Application Guard to isolate Microsoft Edge from the operating system, information on the device, and the network. 
-With this, Windows can start to protect the broader range of resources.
+Windows Defender System Guard reorganizes the existing Windows 10 system integrity features under one roof and sets up the next set of investments in Windows security. It's designed to make the these security guarantees:
 
-The following diagram shows Windows Defender System Guard and Windows Defender Application Guard in relation to the Windows 10 operating system.
+- Protect and maintain the integrity of the system as it starts up
+- Protect and maintain the integrity of the system after it's running
+- Validate that system integrity has truly been maintained through local and remote attestation
 
-![Application Guard and System Guard](images/application-guard-and-system-guard.png)
+## Maintaining the integrity of the system as it starts
 
-## What security threats do containers protect against
+With Windows 7, one of the means attackers would use to persist and evade detection was to install what is often referred to as a bootkit or rootkit on the system. This malicious software would start before Windows started, or during the boot process itself, enabling it to start with the highest level of privilege.
 
-Exploiting zero days and vulnerabilities are an increasing threat that attackers are attempting to take advantage of. 
-The following diagram shows the traditional Windows software stack: a kernel with an app platform, and an app running on top of it. 
-Let’s look at how an attacker might elevate privileges and move down the stack.
+With Windows 10 running on modern hardware (that is, Windows 8-certified or greater) we have a hardware-based root of trust that helps us ensure that no unauthorized firmware or software (such as a bootkit) can start before the Windows bootloader. This hardware-based root of trust comes from the device’s [Secure Boot feature](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-8.1-and-8/hh824987), which is part of the Unified Extensible Firmware Interface (UEFI). 
 
-![Traditional Windows software stack](images/traditional-windows-software-stack.png)
+After successful verification and startup of the device’s firmware and Windows bootloader, the next opportunity for attackers to tamper with the system’s integrity is while the rest of the Windows operating system and defenses are starting. As an attacker, embedding your malicious code using a rootkit within the boot process enables you to gain the maximum level of privilege and gives you the ability to more easily persist and evade detection. 
 
-In desktop operating systems, those apps typically run under the context of the user’s privileges. 
-If the app was malicious, it would have access to all the files in the file system, all the settings that you as a user Standard user have access to, and so on. 
+This is where Windows Defender System Guard protection begins with its ability to ensure that only properly signed and secure Windows files and drivers, including third party, can start on the device. At the end of the Windows boot process, System Guard will start the system’s antimalware solution, which scans all third party drivers, at which point the system boot process is completed. In the end, Windows Defender System Guard helps ensure that the system securely boots with integrity and that it hasn’t been compromised before the remainder of your system defenses start.
 
-A different type of app may run under the context of an Administrator. 
-If attackers exploit a vulnerability in that app, they could gain Administrator privileges. 
-Then they can start turning off defenses. 
+![Boot time integrity](images/windows-defender-system-guard-boot-time-integrity.png)
 
-They can poke down a little bit lower in the stack and maybe elevate to System, which is greater than Administrator. 
-Or if they can exploit the kernel mode, they can turn on and turn off all defenses, while at the same time making the computer look healthy. 
-SecOps tools could report the computer as healthy when in fact it’s completely under the control of someone else.
+## Maintaining integrity of the system after it’s running (run time)
 
-One way to address this threat is to use a sandbox, as smartphones do. 
-That puts a layer between the app layer and the Windows platform services. 
-Universal Windows Platform (UWP) applications work this way. 
-But what if a vulnerability in the sandbox exists? 
-The attacker can escape and take control of the system.
+Prior to Windows 10, if an attacker exploited the system and gained SYSTEM level privilege or they compromised the kernel itself, it was game over. The level of control that an attacker would acquire in this condition would enable them to tamper with and bypass many, if not all, of your system defenses. While we have a number of development practices and technologies (such as Windows Defender Exploit Guard) that have made it difficult to gain this level of privilege in Windows 10, the reality is that we needed a way to maintain the integrity of the most sensitive Windows services and data, even when the highest level of privilege has been secured by an adversary.
 
-## How containers help protect Windows 10
+With Windows 10, we introduced the concept of virtualization-based security (VBS), which enables us to contain the most sensitive Windows services and data in hardware-based isolation, which is the Windows Defender System Guard container. This secure environment provides us with the hardware-based security boundary we need to be able to secure and maintain the integrity of critical system services at run time like Credential Guard, Device Guard, Virtual TPM and parts of Windows Defender Exploit Guard, just to name a few.
 
-Windows 10 addresses this by using virtualization based security to isolate more and more components out of Windows (left side) over time and moving those components into a separate, isolated hardware container. 
-The container helps prevent zero days and vulnerabilities from allowing an attacker to take control of a device.
+![Windows Defender System Guard](images/windows-defender-system-guard.png) 
 
-Anything that's running in that container on the right side will be safe, even from Windows, even if the kernel's compromised. 
-Anything that's running in that container will also be secure against a compromised app. 
-Initially, Windows Defender System Guard will protect things like authentication and other system services and data that needs to resist malware, and more things will be protected over time.
+## Validating platform integrity after Windows is running (run time)
+
+While Windows Defender System Guard provides advanced protection that will help protect and maintain the integrity of the platform during boot and at run time, the reality is that we must apply an "assume breach" mentality to even our most sophisticated security technologies. We should be able to trust that the technologies are successfully doing their jobs, but we also need the ability to verify that they were successful in achieving their goals. When it comes to platform integrity, we can’t just trust the platform, which potentially could be compromised, to self-attest to its security state. So Windows Defender System Guard includes a series of technologies that enable remote analysis of the device’s integrity.
+
+As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device’s Trusted Platform Module 2.0 (TPM 2.0). This process and data are hardware-isolated away from Windows to help ensure that the measurement data is not subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device’s firmware, hardware configuration state, and Windows boot-related components, just to name a few. After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM. Upon request, a management system like Intune or System Center Configuration Manager can acquire them for remote analysis. If Windows Defender System Guard indicates that the device lacks integrity, the management system can take a series of actions, such as denying the device access to resources.
+
+![Windows Defender System Guard](images/windows-defender-system-guard-validate-system-integrity.png) 
 
-![Windows Defender System Guard](images/windows-defender-system-guard.png)
diff --git a/windows/security/hardware-protection/images/windows-defender-system-guard-boot-time-integrity.png b/windows/security/hardware-protection/images/windows-defender-system-guard-boot-time-integrity.png
new file mode 100644
index 0000000000..1761e2e539
Binary files /dev/null and b/windows/security/hardware-protection/images/windows-defender-system-guard-boot-time-integrity.png differ
diff --git a/windows/security/hardware-protection/images/windows-defender-system-guard-validate-system-integrity.png b/windows/security/hardware-protection/images/windows-defender-system-guard-validate-system-integrity.png
new file mode 100644
index 0000000000..fbd6a798b0
Binary files /dev/null and b/windows/security/hardware-protection/images/windows-defender-system-guard-validate-system-integrity.png differ
diff --git a/windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
index 525ead7434..3b52d2e805 100644
--- a/windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
@@ -28,7 +28,7 @@ With TPM 1.2 and Windows 10, version 1507 or 1511, you can also take the followi
 
 -   [Turn on or turn off the TPM](#turn-on-or-turn-off)
 
-For information about the TPM cmdlets, see [TPM Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj603116.aspx).
+For information about the TPM cmdlets, see [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule/?view=win10-ps).
 
 ## About TPM initialization and ownership
 
@@ -83,7 +83,7 @@ There are several ways to clear the TPM:
 
 -   **Clear the TPM as part of a complete reset of the computer**: You might want to remove all files from the computer and completely reset it, for example, in preparation for a clean installation. To do this, we recommend that you use the **Reset** option in **Settings**. When you perform a reset and use the **Remove everything** option, it will clear the TPM as part of the reset. You might be prompted to press a key before the TPM can be cleared. For more information, see the “Reset this PC” section in [Recovery options in Windows 10](https://support.microsoft.com/en-us/help/12415/windows-10-recovery-options).
 
--   **Clear the TPM to fix “reduced functionality” or “Not ready” TPM status**: If you open TPM.msc and see that the TPM status is something other than **Ready**, you can can try using TPM.msc to clear the TPM and fix the status. However, be sure to review the precautions in the next section.
+-   **Clear the TPM to fix “reduced functionality” or “Not ready” TPM status**: If you open TPM.msc and see that the TPM status is something other than **Ready**, you can try using TPM.msc to clear the TPM and fix the status. However, be sure to review the precautions in the next section.
 
 ### Precautions to take before clearing the TPM
 
@@ -165,7 +165,7 @@ This capability was fully removed from TPM.msc in later versions of Windows.
 
 ## Use the TPM cmdlets
 
-You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj603116.aspx).
+You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule/?view=win10-ps).
 
 ## Related topics
 
diff --git a/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md
index fe5000ea4f..41d6404f4b 100644
--- a/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: brianlic-msft
-ms.date: 08/16/2017
+ms.date: 06/29/2018
 ---
 
 # TPM Group Policy settings
@@ -52,22 +52,28 @@ This policy setting allows you to enforce or ignore the computer's local list of
 
 The local list of blocked TPM commands is configured outside of Group Policy by typing **tpm.msc** at the command prompt to open the TPM Management Console, or scripting using the **Win32\_Tpm** interface. (The default list of blocked TPM commands is preconfigured by Windows.) 
 
-
 If you enable this policy setting, the Windows operating system will ignore the computer's local list of blocked TPM commands, and it will block only those TPM commands that are specified by Group Policy or the default list.
 
 If you disable or do not configure this policy setting, Windows will block the TPM commands in the local list, in addition to the commands that are specified in Group Policy and the default list of blocked TPM commands.
 
 ## Configure the level of TPM owner authorization information available to the operating system
 
-Beginning with Windows 10 version 1607 and Windows Server 2016, this policy setting is no longer used by Windows, but it continues to appear in GPEdit.msc for compatibility with previous versions. 
+>[!IMPORTANT]
+>Beginning with Windows 10 version 1607 and Windows Server 2016, this policy setting is no longer used by Windows, but it continues to appear in GPEdit.msc for compatibility with previous versions. Beginning with Windows 10 version 1703, the default value is 5. This value is implemented during provisioning so that another Windows component can either delete it or take ownership of it, depending on the system configuration. For TPM 2.0, a value of 5 means keep the lockout authorization. For TPM 1.2, it means discard the Full TPM owner authorization and retain only the Delegated authorization.
 
-This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information that is stored locally, the Windows operating system and TPM-based applications can perform certain actions in the TPM that require TPM owner authorization without requiring the user to enter the TPM owner password.
+This policy setting configured which TPM authorization values are stored in the registry of the local computer. Certain authorization values are required in order to allow Windows to perform certain actions.
+
+|TPM 1.2 value | TPM 2.0 value | Purpose | Kept at level 0?| Kept at level 2?| Kept at level 4? |
+|--------------|---------------|---------|-----------------|-----------------|------------------|
+| OwnerAuthAdmin | StorageOwnerAuth | Create SRK | No      | Yes             | Yes              |
+| OwnerAuthEndorsement | EndorsementAuth | Create or use EK (1.2 only: Create AIK) | No  | Yes  | Yes   |
+| OwnerAuthFull | LockoutAuth  | Reset/change Dictionary Attack Protection | No | No | No   |
 
 There are three TPM owner authentication settings that are managed by the Windows operating system. You can choose a value of **Full**, **Delegate**, or **None**.
 
--   **Full**   This setting stores the full TPM owner authorization, the TPM administrative delegation blob, and the TPM user delegation blob in the local registry. With this setting, you can use the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that do not require you to reset the TPM anti-hammering logic or change the TPM owner authorization value. Some TPM-based applications may require that this setting is changed before features that depend on the TPM anti-hammering logic can be used.
+-   **Full**   This setting stores the full TPM owner authorization, the TPM administrative delegation blob, and the TPM user delegation blob in the local registry. With this setting, you can use the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that do not require you to reset the TPM anti-hammering logic or change the TPM owner authorization value. Some TPM-based applications may require that this setting is changed before features that depend on the TPM anti-hammering logic can be used. Full owner authorization in TPM 1.2 is similar to lockout authorization in TPM 2.0. Owner authorization has a different meaning for TPM 2.0.
 
--   **Delegated**   This setting stores only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM antihammering logic. This is the default setting in Windows.
+-   **Delegated**   This setting stores only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM antihammering logic. This is the default setting in Windows prior to version 1703.
 
 -   **None**   This setting provides compatibility with previous operating systems and applications. You can also use it for scenarios when TPM owner authorization cannot be stored locally. Using this setting might cause issues with some TPM-based applications.
 
@@ -88,11 +94,10 @@ The following table shows the TPM owner authorization values in the registry.
 | 2          | Delegated |
 | 4          | Full      |
 
-A value of 5 means discard the **Full** TPM owner authorization for TPM 1.2 but keep it for TPM 2.0.
- 
+
 If you enable this policy setting, the Windows operating system will store the TPM owner authorization in the registry of the local computer according to the TPM authentication setting you choose.
 
-If you disable or do not configure this policy setting, and the **Turn on TPM backup to Active Directory Domain Services** policy setting is also disabled or not configured, the default setting is to store the full TPM authorization value in the local registry. If this policy is disabled or not
+On Windows 10 prior to version 1607, if you disable or do not configure this policy setting, and the **Turn on TPM backup to Active Directory Domain Services** policy setting is also disabled or not configured, the default setting is to store the full TPM authorization value in the local registry. If this policy is disabled or not
 configured, and the **Turn on TPM backup to Active Directory Domain Services** policy setting is enabled, only the administrative delegation and the user delegation blobs are stored in the local registry.
 
 ## Standard User Lockout Duration
diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md
index 09953fe371..cdfbc8c21a 100644
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@@ -92,7 +92,7 @@ The Administrator account cannot be deleted or removed from the Administrators g
 
 **Security considerations**
 
-Because the Administrator account is known to exist on many versions of the Windows operating system, it is a best practice to disable the Administrator account when possible to make it more difficult for malicious users to gain access to to the server or client computer.
+Because the Administrator account is known to exist on many versions of the Windows operating system, it is a best practice to disable the Administrator account when possible to make it more difficult for malicious users to gain access to the server or client computer.
 
 You can rename the Administrator account. However, a renamed Administrator account continues to use the same automatically assigned security identifier (SID), which can be discovered by malicious users. For more information about how to rename or disable a user account, see [Disable or activate a local user account](http://technet.microsoft.com/library/cc732112.aspx) and [Rename a local user account](http://technet.microsoft.com/library/cc725595.aspx).
 
diff --git a/windows/security/identity-protection/configure-s-mime.md b/windows/security/identity-protection/configure-s-mime.md
index f88ca13870..e5086ff9c0 100644
--- a/windows/security/identity-protection/configure-s-mime.md
+++ b/windows/security/identity-protection/configure-s-mime.md
@@ -64,7 +64,7 @@ On the device, perform the following steps: (add select certificate)
 7.  Tap the back arrow.
 
 ## Encrypt or sign individual messages
-1.  While composing a message, choose **Options** from the ribbon. On phone, **Options** can be accessed by tapping the the ellipsis (...).
+1.  While composing a message, choose **Options** from the ribbon. On phone, **Options** can be accessed by tapping the ellipsis (...).
 
 2.  Use **Sign** and **Encrypt** icons to turn on digital signature and encryption for this message.
 
diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
index 0e9283f815..31116809dd 100644
--- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
+++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
@@ -24,10 +24,10 @@ Windows, today, natively only supports the use of a single credential (password,
 
 Windows 10 offers Multifactor device unlock by extending Windows Hello with trusted signals, administrators can configure Windows 10 to request a combination of factors and trusted signals to unlock their devices. 
 
-Which organizations can take advanage of Multifactor unlock? Those who:
+Which organizations can take advantage of Multifactor unlock? Those who:
 * Have expressed that PINs alone do not meet their security needs.
 * Want to prevent Information Workers from sharing credentials.
-* Want their orgs to comply with regulatory two-factor authentication policy.
+* Want their organizations to comply with regulatory two-factor authentication policy.
 * Want to retain the familiar Windows logon UX and not settle for a custom solution.
  
 You enable multifactor unlock using Group Policy.  The **Configure device unlock factors** policy setting is located under **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**.
@@ -188,7 +188,8 @@ The IPv6 DNS server represented in Internet standard hexadecimal encoding. An IP
 <ipv6DnsServer>21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A%2</ipv6DnsServer>
 ```
 ##### dnsSuffix
-The fully qualified domain name of your organizations internal dns suffix where any part of the fully qualified domain name in this setting exists in the computer's primary dns suffix.  The **signal** element may contain one or more **dnsSuffix** elements.<br>
+The fully qualified domain name of your 
+s internal dns suffix where any part of the fully qualified domain name in this setting exists in the computer's primary dns suffix.  The **signal** element may contain one or more **dnsSuffix** elements.<br>
 **Example**
 ```
 <dnsSuffix>corp.contoso.com</dnsSuffix>
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index 15a3fdc61d..d4cda1fcb1 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -217,7 +217,7 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv
 5. The **Select User, Computer, Service Account, or Group** dialog box appears. In the **Enter the object name to select** text box, type **KeyCredential Admins**.  Click **OK**.
 6. In the **Applies to** list box, select **Descendant User objects**.
 7. Using the scroll bar, scroll to the bottom of the page and click **Clear all**.
-8. In the **Properties** section, select **Read msDS-KeyCredentialLink** and **Write msDS-KeyCrendentialLink**.
+8. In the **Properties** section, select **Read msDS-KeyCredentialLink** and **Write msDS-KeyCredentialLink**.
 9. Click **OK** three times to complete the task. 
 
 ## Configure the Device Registration Service
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
index a07b0f9acd..b09e2f8ec6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
@@ -253,7 +253,7 @@ The definition helps you to verify whether the values are present or if you need
  
 #### Issue objectSID of the computer account on-premises
 
-**`http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid`** - This claim must contain the the **objectSid** value of the on-premises computer account. In AD FS, you can add an issuance transform rule that looks like this:
+**`http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid`** - This claim must contain the **objectSid** value of the on-premises computer account. In AD FS, you can add an issuance transform rule that looks like this:
 
     @RuleName = "Issue objectSID for domain-joined computers"
     c1:[
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
index 9ac1099b03..effbe6b03a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
@@ -51,7 +51,7 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 > The following is the enrollment behavior prior to Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/en-us/help/4088889).
 
 > The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. 
-> **This synchronization latency delays the the user's ability to authenticate and use on-premises resouces until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
+> **This synchronization latency delays the user's ability to authenticate and use on-premises resouces until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
 > [!NOTE]
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
index 3b76fcd29c..ce00462dc9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
@@ -38,7 +38,7 @@ Sign-in a domain controller or management workstations with *Domain Admin* equiv
 5. The **Select User, Computer, Service Account, or Group** dialog box appears. In the **Enter the object name to select** text box, type **KeyCredential Admins**.  Click **OK**.
 6. In the **Applies to** list box, select **Descendant User objects**.
 7. Using the scroll bar, scroll to the bottom of the page and click **Clear all**.
-8. In the **Properties** section, select **Read msDS-KeyCredentialLink** and **Write msDS-KeyCrendentialLink**.
+8. In the **Properties** section, select **Read msDS-KeyCredentialLink** and **Write msDS-KeyCredentialLink**.
 9. Click **OK** three times to complete the task. 
 
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index ec87d95afa..c4889c081a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -49,7 +49,7 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 
 > [!IMPORTANT]
 > The minimum time needed to syncrhonize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. 
-> **This synchronization latency delays the the user's ability to authenticate and use on-premises resouces until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
+> **This synchronization latency delays the user's ability to authenticate and use on-premises resouces until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
 > [!NOTE]
diff --git a/windows/security/index.yml b/windows/security/index.yml
index b928c6db2b..05c303413e 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -14,7 +14,7 @@ metadata:
 
   keywords: protect, company, data, Windows, device, app, management, Microsoft365, e5, e3
 
-  ms.localizationpriority: medium
+  ms.localizationpriority: high
 
   author: brianlic-msft
 
@@ -22,7 +22,7 @@ metadata:
 
   manager: brianlic
 
-  ms.date: 02/06/2018
+  ms.date: 07/12/2018
 
   ms.topic: article
 
@@ -78,199 +78,17 @@ sections:
 
       title: Information protection
 
-- title: Security features built in to Windows 10 
-
+- title: Windows Defender Advanced Threat Protection
   items:
-
-  - type: paragraph
-
-    text: 'Windows 10 enables critical security features to protect your device right from the start.'
-
-  - type: list
-
-    style: cards
-
-    className: cardsM
-
-    columns: 3
-
-    items:
-
-    - href: \windows\security\hardware-protection\how-hardware-based-containers-help-protect-windows
-
-      html: <p>Protect the boot process and maintain system integrity</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_identity-protection.svg
-      
-      title: Windows Defender System Guard
-
-    - href: \windows\security\threat-protection\windows-defender-antivirus\windows-defender-antivirus-in-windows-10
-
-      html: <p>Protect against malware management using next-generation antivirus technologies</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_threat-protection.svg
-      
-      title: Windows Defender Antivirus
-
-    - href: \windows\security\information-protection\bitlocker\bitlocker-overview
-
-      html: <p>Prevent data theft from lost or stolen devices</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_information-protection.svg
-      
-      title: BitLocker
-
-- title: Security features in Microsoft 365 E3
-
-  items:
-
-  - type: paragraph
-
-    text: 'Windows 10 Enterprise provides the foundation for Microsoft 365 E3 and a secure modern workplace.'
-
-  - type: list
-
-    style: cards
-
-    className: cardsM
-
-    columns: 3
-
-    items:
-
-    - href: \windows\security\identity-protection\hello-for-business\hello-overview
-
-      html: <p>Give users a more personal and secure way to access their devices</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_identity-protection.svg
-      
-      title: Windows Hello for Business
-      
-    - href: \windows\security\threat-protection\windows-defender-application-control\windows-defender-application-control
-
-      html: <p>Lock down applications that run on a device</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_threat-protection.svg
-      
-      title: Windows Defender Application Control
-
-    - href: \windows\security\information-protection\windows-information-protection\protect-enterprise-data-using-wip
-
-      html: <p>Prevent accidental data leaks from enterprise devices</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_information-protection.svg
-      
-      title: Windows Information Protection 
-
-- title: Security features in Microsoft 365 E5
-
-  items:
-
-  - type: paragraph
-
-    text: 'Get all of the protection from Microsoft 365 E3 security, plus these cloud-based security features to help you defend against even the most advanced threats.'
-
-  - type: list
-
-    style: cards
-
-    className: cardsM
-
-    columns: 3
-
-    items:
-
-    - href: https://docs.microsoft.com/azure/active-directory/active-directory-identityprotection
-
-      html: <p>Identity Protection and Privileged Identity Management</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_identity-protection.svg
-      
-      title: Azure Active Directory P2
-
-    - href: \windows\security\threat-protection\Windows-defender-atp\windows-defender-advanced-threat-protection
-
-      html: <p>Detect, investigate, and respond to advanced cyberattacks</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_threat-protection.svg
-      
-      title: Windows Defender Advanced Threat Protection 
-
-    - href: https://www.microsoft.com/cloud-platform/azure-information-protection
-
-      html: <p>Protect documents and email automatically</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_information-protection.svg
-      
-      title: Azure Information Protection P2
-
-- title: Videos
-
-  items:
-
   - type: markdown
-
-    text: ">[![VIDEO](images/next-generation-windows-security-vision.png)](https://www.youtube.com/watch?v=IvZySDNfNpo)"
-
-  - type: markdown
-
-    text: ">[![VIDEO](images/fall-creators-update-next-gen-security.png)](https://www.youtube.com/watch?v=JDGMNFwyUg8)"
-    
-- title: Additional security features in Windows 10 
-
-  items:
-
-  - type: paragraph
-
-    text: 'These additional security features are also built in to Windows 10 Enterprise.'
-
-  - type: list
-
-    style: unordered
-
-    items:
-
-    - html: <a href="/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security">Windows Defender Firewall</a>
-    - html: <a href="/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard">Windows Defender Exploit Guard</a>
-    - html: <a href="/windows/security/identity-protection/credential-guard/credential-guard">Windows Defender Credential Guard</a>
-    - html: <a href="/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control">Windows Defender Application Control</a>  
-    - html: <a href="/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview">Windows Defender Application Guard</a>
-    - html: <a href="/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview">Windows Defender SmartScreen</a>  
-    - html: <a href="/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center">Windows Defender Security Center</a>
-      
-- title: Security Resources
-
-  items:
-
-  - type: list
-
-    style: unordered
-
-    items:
-
-    - html: <a href="https://www.microsoft.com/wdsi">Windows Defender Security Intelligence</a>
-    - html: <a href="https://cloudblogs.microsoft.com/microsoftsecure/">Microsoft Secure blog</a>
-    - html: <a href="https://portal.msrc.microsoft.com/">Security Update blog</a>
-    - html: <a href="https://technet.microsoft.com/security/dn440717.aspx(d=robot)">Microsoft Security Response Center (MSRC)</a>
-    - html: <a href="https://blogs.technet.microsoft.com/msrc/">MSRC Blog</a>
-    - html: <a href="https://www.microsoft.com/wdsi/threats/ransomware">Ransomware FAQ</a>
-    
-
+    text: "
+      Prevent, detect, investigate, and respond to advanced threats. The following capabilities are available across multiple products that make up the Windows Defender ATP platform.
+      <br>&nbsp;<br>
+      <table border='0'><tr><td><b>Attack surface reduction</b></td><td><b>Next generation protection</b></td><td><b>Endpoint detection and response</b></td><td><b>Auto investigation and remediation</b></td><td><b>Security posture</b></td></tr>
+      <tr><td>[Hardware based isolation](https://docs.microsoft.com/en-us/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows)<br><br>[Application control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)<br><br>[Exploit protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard)<br><br>[Network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)<br><br>[Device restrictions](https://docs.microsoft.com/en-us/intune/device-restrictions-configure)<br><br>[Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard)<br><br>[Network firewall](https://docs.microsoft.com/en-us/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security)<br><br>[Attack surface reduction controls](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)</td>
+      <td>[Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)<br><br>[Machine learning](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus)<br><br>[Automated sandbox service](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus)</td>
+      <td>[Alerts queue](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection)<br><br>[Historical endpoint data](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection#machine-timeline)<br><br>[Realtime and historical threat hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)<br><br>[API and SIEM integration](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection)<br><br>[Response orchestration](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection)<br><br>[Forensic collection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection#collect-investigation-package-from-machines)<br><br>[Threat intelligence](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection)<br><br>[Advanced detonation and analysis service](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection#deep-analysis)</td>
+      <td>[Automated investigation and remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection)<br><br>[Threat remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#how-threats-are-remediated)<br><br>[Manage automated investigations](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#manage-automated-investigations)<br><br>[Analyze automated investigation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#analyze-automated-investigations)</td>
+      <td>[Asset inventory](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)<br><br>[Operating system baseline compliance](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)<br><br>[Recommended improvement actions](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)<br><br>[Secure score](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)<br><br>[Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection)<br><br>[Reporting and trends](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection)</td>
+      </tr>
+      </table>"
\ No newline at end of file
diff --git a/windows/security/information-protection/TOC.md b/windows/security/information-protection/TOC.md
index c845e7e6aa..636404ef31 100644
--- a/windows/security/information-protection/TOC.md
+++ b/windows/security/information-protection/TOC.md
@@ -15,7 +15,7 @@
 ### [Prepare your organization for BitLocker: Planning and policies](bitlocker\prepare-your-organization-for-bitlocker-planning-and-policies.md)
 ### [BitLocker basic deployment](bitlocker\bitlocker-basic-deployment.md)
 ### [BitLocker: How to deploy on Windows Server 2012 and later](bitlocker\bitlocker-how-to-deploy-on-windows-server.md)
-### [BitLocker: Management recommendations for enterprises](bitlocker\bitlocker-management-for-enterprises.md)
+### [BitLocker: Management for enterprises](bitlocker\bitlocker-management-for-enterprises.md)
 ### [BitLocker: How to enable Network Unlock](bitlocker\bitlocker-how-to-enable-network-unlock.md)
 ### [BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker](bitlocker\bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md)
 ### [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker\bitlocker-use-bitlocker-recovery-password-viewer.md)
diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
index cd19782c52..9721dffec5 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
@@ -8,85 +8,44 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: brianlic-msft
-ms.date: 10/27/2017
+ms.date: 07/18/2018
 ---
 
-# BitLocker Management Recommendations for Enterprises
+# BitLocker Management for Enterprises
 
-This topic explains recommendations for managing BitLocker, both on-premises using older hardware and cloud-based management of modern devices. 
+The ideal for BitLocker management is to eliminate the need for IT admins to set management policies using tools or other mechanisms by having Windows perform tasks that are more practical to automate. This vision leverages modern hardware developments. The growth of TPM 2.0, Secure Boot, and other hardware improvements, for example, has helped to alleviate the support burden on the helpdesk, and we are seeing a consequent decrease in support call volumes, yielding improved user satisfaction. Windows continues to be the focus for new features and improvements for built-in encryption management, such as automatically enabling encryption on devices that support Modern Standby beginning with Windows 8.1. 
 
-## Forward-looking recommendations for managing BitLocker
+Though much Windows BitLocker [documentation](bitlocker-overview.md) has been published, customers frequently ask for recommendations and pointers to specific, task-oriented documentation that is both easy to digest and focused on how to deploy and manage BitLocker. This article links to relevant documentation, products, and services to help answer this and other related frequently-asked questions, and also provides BitLocker recommendations for different types of computers.
 
-The ideal for modern BitLocker management is to eliminate the need for IT admins to set management policies using tools or other mechanisms by having Windows perform tasks that it is more practical to automate. This vision leverages modern hardware developments. The growth of TPM 2.0, Secure Boot, and other hardware improvements, for example, has helped to alleviate the support burden on the helpdesk, and we are seeing a consequent decrease in support call volumes, yielding improved user satisfaction.
-
-Therefore, we recommend that you upgrade your hardware so that your devices comply with Modern Standby or [Hardware Security Test Interface (HSTI)](https://msdn.microsoft.com/library/windows/hardware/mt712332.aspx) specifications to take advantage of their automated features, for example, when using Azure Active Directory (Azure AD). 
-
-Though much  Windows BitLocker [documentation](bitlocker-overview.md) has been published, customers frequently ask for recommendations and pointers to specific, task-oriented documentation that is both easy to digest and focused on how to deploy and manage BitLocker. This article links to relevant documentation, products, and services to help answer this and other related frequently-asked questions, and also provides BitLocker recommendations for:
-
-   - [Domain-joined computers](#dom_join)
-
-   - [Devices joined to Azure Active Directory (Azure AD)](#azure_ad)
-
-   - [Workplace-joined PCs and Phones](#work_join)
-
-   - [Servers](#servers)
-
-   - [Scripts](#powershell)
-
-   <br />
-
-## BitLocker management at a glance
-
-| | PC – Old Hardware | PC – New* Hardware |[Servers](#servers)/[VMs](#VMs) | Phone 
-|---|---|----|---|---|
-|On-premises Domain-joined |[MBAM](#MBAM25)| [MBAM](#MBAM25) | [Scripts](#powershell) |N/A|
-|Cloud-managed|[MDM](#MDM) |Auto-encryption|[Scripts](#powershell)|[MDM](#MDM)/EAS|
-
-<br />
-*PC hardware that supports Modern Standby or HSTI 
-
-<br />
-<br />
-
- <a id="dom_join"></a>
-## Recommendations for domain-joined computers
-
-Windows continues to be the focus for new features and improvements for built-in encryption management, for example, automatically enabling encryption on devices that support Modern Standby beginning with Windows 8.1. For more information, see  [Overview of BitLocker Device Encryption in Windows 10](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption).
+## Managing domain-joined computers and moving to cloud  
 
 Companies that image their own computers using Microsoft System Center 2012 Configuration Manager SP1 (SCCM) or later can use an existing task sequence to [pre-provision BitLocker](https://technet.microsoft.com/library/hh846237.aspx#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](https://technet.microsoft.com/library/hh846237.aspx#BKMK_EnableBitLocker). This can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use SCCM to pre-set any desired [BitLocker Group Policy](https://technet.microsoft.com/library/ee706521(v=ws.10).aspx).
 
-For older client computers with BitLocker that are domain joined on-premises, Microsoft BitLocker Administration and Management<sup>[1]</sup> (MBAM) remains the best way to manage BitLocker. MBAM continues to be maintained and receives security patches. Using MBAM provides the following functionality:
+Enterprises can use [Microsoft BitLocker Administration and Management (MBAM)](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](https://support.microsoft.com/en-us/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201) or they can receive extended support until July 2024. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. When moving to cloud-based management, following these steps could be helpful:
 
-- Encrypts device with BitLocker using MBAM
-- Stores BitLocker Recovery keys in MBAM Server
-- Provides Recovery key access to end-user, helpdesk and advanced helpdesk
-- Provides Reporting on Compliance and Recovery key access audit
+1. Disable MBAM management and leave MBAM as only a database backup for the recovery key.
+2. Join the computers to Azure Active Directory (Azure AD). 
+3. Use `Manage-bde -protectors -aadbackup` to backup the recovery key to Azure AD.
 
-<a id="MBAM25"></a>
-<sup>[1]</sup>The latest MBAM version is [MBAM 2.5](https://technet.microsoft.com/windows/hh826072.aspx) with Service Pack 1 (SP1).
+BitLocker recovery keys can be managed from Azure AD thereafter. The MBAM database does not need to be migrated. 
 
-<br />
+Enterprises that choose to continue managing BitLocker on-premises after MBAM support ends can use the [BitLocker WMI provider class](https://msdn.microsoft.com/library/windows/desktop/aa376483) to create a custom management solution. 
 
-<a id="azure_ad"></a>
-## Recommendations for devices joined to Azure Active Directory
+## Managing devices joined to Azure Active Directory
 
-<a id="MDM"></a>
-
-Devices joined to Azure Active Directory (Azure AD) are managed using Mobile Device Management (MDM) policy such as [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). BitLocker Device Encryption status can be queried from managed machines via the [Policy Configuration Settings Provider](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) (CSP), which reports on whether BitLocker Device Encryption is enabled on the device. Compliance with BitLocker Device Encryption policy can be a requirement for [Conditional Access](https://www.microsoft.com/cloud-platform/conditional-access) to services like Exchange Online and SharePoint Online.
+Devices joined to Azure Active Directory (Azure AD) are managed using Mobile Device Management (MDM) policy from an MDM solution such as [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). BitLocker Device Encryption status can be queried from managed machines via the [Policy Configuration Settings Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider), which reports on whether BitLocker Device Encryption is enabled on the device. Compliance with BitLocker Device Encryption policy can be a requirement for [Conditional Access](https://www.microsoft.com/cloud-platform/conditional-access) to services like Exchange Online and SharePoint Online.
 
 Starting with Windows 10 version 1703 (also known as the Windows Creators Update), the enablement of BitLocker can be triggered over MDM either by the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) or the [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp). The BitLocker CSP adds policy options that go beyond ensuring that encryption has occurred, and is available on computers that run Windows 10 Business or Enterprise editions and on Windows Phones.
 
 For hardware that is compliant with Modern Standby and HSTI, when using either of these features, BitLocker Device Encryption is automatically turned on whenever the user joins a device to Azure AD. Azure AD provides a portal where recovery keys are also backed up, so users can retrieve their own recovery key for self-service, if required. For older devices that are not yet encrypted, beginning with Windows 10 version 1703 (the Windows 10 Creators Update), admins can use the [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp) to trigger encryption and store the recovery key in Azure AD.
 
 
-<a id="work_join"></a>
-## Workplace-joined PCs and phones
+## Managing workplace-joined PCs and phones
 
-For Windows PCs and Windows Phones that enroll using **Connect to work or school account**, BitLocker Device Encryption is managed over MDM, and similarly for Azure AD domain join. 
+For Windows PCs and Windows Phones that enroll using **Connect to work or school account**, BitLocker Device Encryption is managed over MDM, the same as devices joined to Azure AD.
 
-<a id="servers"></a>
 
-##  Recommendations for servers
+##  Managing servers
 
 Servers are often installed, configured, and deployed using PowerShell, so the recommendation is to also use [PowerShell to enable BitLocker on a server](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md#a-href-idbkmk-blcmdletsabitlocker-cmdlets-for-windows-powershell), ideally as part of the initial setup. BitLocker is an Optional Component (OC) in Windows Server, so follow the directions in [BitLocker: How to deploy on Windows Server 2012 and later](bitlocker-how-to-deploy-on-windows-server.md) to add the BitLocker OC. 
 
@@ -98,8 +57,6 @@ If you are installing a server manually, such as a stand-alone server, then choo
 
  For more information, see the Bitlocker FAQs article and other useful links in [Related Articles](#articles).
  
-<a id ="powershell"></a>
-
 ## PowerShell examples
 
 For Azure AD-joined computers, including virtual machines, the recovery password should be stored in Azure Active Directory.  
@@ -136,8 +93,6 @@ PS C:\>$SecureString = ConvertTo-SecureString "123456" -AsPlainText -Force
 PS C:\> Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -Pin $SecureString -TPMandPinProtector
   ``` 
 
-<a id = "articles"></a>
-
 ## Related Articles
 
 [BitLocker: FAQs](bitlocker-frequently-asked-questions.md)
diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
index 29a5d2fc39..66780914d3 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: brianlic-msft
-ms.date: 05/03/2018
+ms.date: 07/10/2018
 ---
 
 # BitLocker To Go FAQ
@@ -18,5 +18,7 @@ ms.date: 05/03/2018
 
 ## What is BitLocker To Go?
 
-BitLocker To Go is BitLocker Drive Encryption on removable data drives. This includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems.
+BitLocker To Go is BitLocker Drive Encryption on removable data drives. This includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems. 
+
+As with BitLocker, drives that are encrypted using BitLocker To Go can be opened with a password or smart card on another computer by using **BitLocker Drive Encryption** in Control Panel. 
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md
index d871cf396b..1edcded5ee 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: brianlic-msft
-ms.date: 05/03/2018
+ms.date: 07/10/2018
 ---
 
 # Using BitLocker with other programs FAQ
@@ -89,11 +89,11 @@ Yes. However, shadow copies made prior to enabling BitLocker will be automatical
 
 BitLocker should work like any specific physical machine within its hardware limitations as long as the environment (physical or virtual) meets Windows Operating System requirements to run.
 - With TPM - Yes it is supported
-- Without  TPM - Yes it is supported (with password ) protector
+- Without  TPM - Yes it is supported (with password protector)
 
-BitLocker is also supported on data volume VHDs, such as those used by clusters, if you are running Windows 10, Windows 8.1, Windows 8, Windows Server 2012, or Windows Server 2012 R2.
+BitLocker is also supported on data volume VHDs, such as those used by clusters, if you are running Windows 10, Windows 8.1, Windows 8, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.
 
 ## Can I use BitLocker with virtual machines (VMs)?
 
-Yes. Password protectors and virtual TPMs can be used with BitLocker to protect virtual machines. VMs can be domain joined, Azure AD-joined, or workplace-joined (in **Settings** under **Accounts** > **Access work or school** > **Connect** to receive policy. You can enable encryption either while creating the VM or by using other existing management tools such as the BitLocker CSP, or even by using a startup script or logon script delivered by Group Policy. Windows Server 2016 also supports [Shielded VMs and guarded fabric](https://docs.microsoft.com/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-and-shielded-vms-top-node) to protect VMs from malicious administrators.  
+Yes. Password protectors and virtual TPMs can be used with BitLocker to protect virtual machines. VMs can be domain joined, Azure AD-joined, or workplace-joined (via **Settings** > **Accounts** > **Access work or school** > **Connect**) to receive policy. You can enable encryption either while creating the VM or by using other existing management tools such as the BitLocker CSP, or even by using a startup script or logon script delivered by Group Policy. Windows Server 2016 also supports [Shielded VMs and guarded fabric](https://docs.microsoft.com/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-and-shielded-vms-top-node) to protect VMs from malicious administrators.  
 
diff --git a/windows/security/information-protection/index.md b/windows/security/information-protection/index.md
index 4afe213341..4da67275f3 100644
--- a/windows/security/information-protection/index.md
+++ b/windows/security/information-protection/index.md
@@ -11,7 +11,7 @@ ms.date: 02/05/2018
 
 # Information protection
 
-Learn more about how to secure documents and and other data across your organization.
+Learn more about how to secure documents and other data across your organization.
 
 | Section | Description |
 |-|-|
diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
index c0310f6f4e..92e3401948 100644
--- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
+++ b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
@@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
+author: justinha
 ms.localizationpriority: medium
 ms.date: 09/11/2017
 ---
diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
index 51a816a4fa..0743b419b6 100644
--- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+++ b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
+author: justinha
 ms.localizationpriority: medium
 ms.date: 10/31/2017
 ---
@@ -41,10 +41,7 @@ The recovery process included in this topic only works for desktop devices. WIP
     >[!Important]
     >Because the private keys in your DRA .pfx files can be used to decrypt any WIP file, you must protect them accordingly. We highly recommend storing these files offline, keeping copies on a smart card with strong protection for normal use and master copies in a secured physical location.
 
-4. Add your EFS DRA certificate to your WIP policy using a deployment tool, such as Microsoft Intune or System Center Configuration Manager.
-
-    >[!Note]
-    >To add your EFS DRA certificate to your policy by using Microsoft Intune, see the [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) topic. To add your EFS DRA certificate to your policy by using System Center Configuration Manager, see the [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) topic.
+4. Add your EFS DRA certificate to your WIP policy using a deployment tool, such as [Microsoft Intune](create-wip-policy-using-intune.md) or [System Center Configuration Manager](create-wip-policy-using-sccm.md).
 
 ## Verify your data recovery certificate is correctly set up on a WIP client computer
 
@@ -52,7 +49,7 @@ The recovery process included in this topic only works for desktop devices. WIP
 
 2. Open an app on your protected app list, and then create and save a file so that it’s encrypted by WIP.
 
-3.	Open a command prompt with elevated rights, navigate to where you stored the file you just created, and then run this command:
+3. Open a command prompt with elevated rights, navigate to where you stored the file you just created, and then run this command:
 
     <code>cipher /c <i>filename</i></code>
 
diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md
index b31e26bc2e..990c0c34c4 100644
--- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md
+++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
+author: justinha
 ms.localizationpriority: medium
 ms.date: 09/11/2017
 ---
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index e7659f76d0..a293cb908b 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -5,10 +5,10 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
+author: justinha
 ms.author: justinha
 ms.localizationpriority: medium
-ms.date: 05/30/2018
+ms.date: 07/10/2018
 ---
 
 # Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune
@@ -379,7 +379,7 @@ Starting with Windows 10, version 1703, Intune automatically determines your cor
 
 1.	From the **App policy** blade, click the name of your policy, and then click **Required settings**.
 
-2.  If the auto-defined identity isn’t correct, you can change the info in the **Corporate identity** field. If you need to add additional domains, for example your email domains, you can do it in the **Advanced settings** area.
+2.  If the auto-defined identity isn’t correct, you can change the info in the **Corporate identity** field. If you need to add domains, for example your email domains, you can do it in the **Advanced settings** area.
 
     ![Microsoft Intune, Set your corporate identity for your organization](images/wip-azure-required-settings-corp-identity.png)
 
@@ -487,7 +487,7 @@ After you've decided where your protected apps can access enterprise data on you
     
     - **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile.** Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are:
         
-        - **On (recommended).** Turns on the feature and provides the additional protection.
+        - **On.** Turns on the feature and provides the additional protection.
         
         - **Off, or not configured.** Doesn't enable this feature.
     
@@ -497,7 +497,7 @@ After you've decided where your protected apps can access enterprise data on you
         
         - **Off.** Stop local encryption keys from being revoked from a device during unenrollment. For example if you’re migrating between Mobile Device Management (MDM) solutions.
         
-    - **Show the Windows Information Protection icon overlay.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are:
+    - **Show the enterprise data protection icon.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are:
     
         - **On.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but protected apps, the icon overlay also appears on the app tile and with Managed text on the app name in the **Start** menu.
         
@@ -509,6 +509,12 @@ After you've decided where your protected apps can access enterprise data on you
         
         - **Off, or not configured.** Stops using Azure Rights Management encryption with WIP.
 
+    - **Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files.
+    
+        - **On.** Starts Windows Search Indexer to index encrypted files.
+    
+        - **Off, or not configured.** Stops Windows Search Indexer from indexing encrypted files.
+
 ## Choose to set up Azure Rights Management with WIP
 WIP can integrate with Microsoft Azure Rights Management to enable secure sharing of files by using removable drives such as USB drives. For more info about Azure Rights Management, see [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management). To integrate Azure Rights Management with WIP, you must already have Azure Rights Management set up.
 
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md
index a2d2b485a4..1b084c9605 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md
@@ -195,7 +195,7 @@ Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the
 ### Add an AppLocker policy file
 Now we’re going to add an AppLocker XML file to the **App Rules** list. You’ll use this option if you want to add multiple apps at the same time. For more info, see [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview).
 
-**To create a Packaged App rule rule and xml file**
+**To create a Packaged App rule and xml file**
 1.	Open the Local Security Policy snap-in (SecPol.msc).
     
 2.	In the left pane, click **Application Control Policies** > **AppLocker** > **Packaged App Rules**.
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md
index 2d44748948..e5590cd3ed 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md
@@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
+author: justinha
 ms.author: justinha
 ms.date: 05/30/2018
 localizationpriority: medium
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md
index dbc27f74a8..1c8de7d581 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
+author: justinha
 ms.localizationpriority: medium
 ms.date: 10/16/2017
 ---
diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
index 93cc37550a..d686c6df22 100644
--- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
+author: justinha
 ms.localizationpriority: medium
 ms.date: 09/11/2017
 ---
diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md
index 7cc7975a21..fa52656359 100644
--- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md
+++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
+author: justinha
 ms.localizationpriority: medium
 ms.date: 09/11/2017
 ---
diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
index 0bd2b3e912..cc99d381bd 100644
--- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
+author: justinha
 ms.localizationpriority: medium
 ms.date: 05/30/2018
 ---
diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
index fb8238b948..8e0e18f98a 100644
--- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
+++ b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
+author: justinha
 ms.localizationpriority: medium
 ms.date: 09/11/2017
 ---
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network-autodetect.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network-autodetect.png
index 517c4a4ad3..7fff387ab2 100644
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network-autodetect.png and b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network-autodetect.png differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png
index 7775888473..cd8e0d0388 100644
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png and b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-corp-identity.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-corp-identity.png
index c467cd1e24..752ea852ce 100644
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-corp-identity.png and b/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-corp-identity.png differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-protection-mode.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-protection-mode.png
index bdd625c9c6..734f23b46c 100644
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-protection-mode.png and b/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-protection-mode.png differ
diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
index 58d83ff733..9dce29791b 100644
--- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
+author: justinha
 ms.author: justinha
 ms.date: 05/30/2018
 ms.localizationpriority: medium
diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md
index 71de7778d6..6baff2c026 100644
--- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md
+++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md
@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
+author: justinha
 ms.localizationpriority: medium
 ms.date: 10/13/2017
 ---
diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
index e424f3101d..b0cbdd55e6 100644
--- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
+++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
+author: justinha
 ms.localizationpriority: medium
 ms.date: 10/13/2017
 ---
diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
index ab62ce51f4..f9318f3384 100644
--- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
+author: justinha
 ms.localizationpriority: medium
 ms.date: 09/11/2017
 ---
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index e505bd17da..b7ac65f33b 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -1,875 +1,916 @@
 # [Threat protection](index.md)
 
 
-## [The Windows Defender Security Center app](windows-defender-security-center/windows-defender-security-center.md)
-### [Customize the Windows Defender Security Center app for your organization](windows-defender-security-center/wdsc-customize-contact-information.md)
-### [Hide Windows Defender Security Center app notifications](windows-defender-security-center/wdsc-hide-notifications.md)
-### [Manage Windows Defender Security Center in Windows 10 in S mode](windows-defender-security-center\wdsc-windows-10-in-s-mode.md)
-### [Virus and threat protection](windows-defender-security-center/wdsc-virus-threat-protection.md)
-### [Account protection](windows-defender-security-center\wdsc-account-protection.md)
-### [Firewall and network protection](windows-defender-security-center\wdsc-firewall-network-protection.md)
-### [App and browser control](windows-defender-security-center\wdsc-app-browser-control.md)
-### [Device security](windows-defender-security-center\wdsc-device-security.md)
-### [Device performance and health](windows-defender-security-center\wdsc-device-performance-health.md)
-### [Family options](windows-defender-security-center\wdsc-family-options.md)
-
 
 
 
 
 ## [Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md)
-###Get started
-#### [Minimum requirements](windows-defender-atp\minimum-requirements-windows-defender-advanced-threat-protection.md)
-#### [Validate licensing and complete setup](windows-defender-atp\licensing-windows-defender-advanced-threat-protection.md)
-#### [Troubleshoot subscription and portal access issues](windows-defender-atp\troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
-#### [Preview features](windows-defender-atp\preview-windows-defender-advanced-threat-protection.md)
-#### [Data storage and privacy](windows-defender-atp\data-storage-privacy-windows-defender-advanced-threat-protection.md)
-#### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md)
-### [Onboard machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
-#### [Onboard Windows 10 machines](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md)
-##### [Onboard machines using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-##### [Onboard machines using System Center Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-##### [Onboard machines using Mobile Device Management tools](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-###### [Onboard machines using Microsoft Intune](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-windows-10-machines-using-microsoft-intune)
-##### [Onboard machines using a local script](windows-defender-atp\configure-endpoints-script-windows-defender-advanced-threat-protection.md)
-##### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp\configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-#### [Onboard servers](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md)
-#### [Onboard non-Windows machines](windows-defender-atp\configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
-#### [Run a detection test on a newly onboarded machine](windows-defender-atp\run-detection-test-windows-defender-advanced-threat-protection.md)
-#### [Run simulated attacks on machines](windows-defender-atp\attack-simulations-windows-defender-advanced-threat-protection.md)
-#### [Configure proxy and Internet connectivity settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md)
-#### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
-### [Understand the Windows Defender ATP portal](windows-defender-atp\use-windows-defender-advanced-threat-protection.md)
-#### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md)
-#### [View the Security operations dashboard](windows-defender-atp\security-operations-dashboard-windows-defender-advanced-threat-protection.md)
-#### [View the Secure Score dashboard and improve your secure score](windows-defender-atp\secure-score-dashboard-windows-defender-advanced-threat-protection.md)
-#### [View the Threat analytics dashboard and take recommended mitigation actions](windows-defender-atp\threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+### [Windows Defender Security Center](windows-defender-atp/windows-defender-security-center-atp.md)
+####Get started
+##### [Minimum requirements](windows-defender-atp\minimum-requirements-windows-defender-advanced-threat-protection.md)
+##### [Validate licensing and complete setup](windows-defender-atp\licensing-windows-defender-advanced-threat-protection.md)
+##### [Troubleshoot subscription and portal access issues](windows-defender-atp\troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
+##### [Preview features](windows-defender-atp\preview-windows-defender-advanced-threat-protection.md)
+##### [Data storage and privacy](windows-defender-atp\data-storage-privacy-windows-defender-advanced-threat-protection.md)
+##### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md)
+#### [Onboard machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
+##### [Onboard previous versions of Windows](windows-defender-atp\onboard-downlevel-windows-defender-advanced-threat-protection.md)
+##### [Onboard Windows 10 machines](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md)
+###### [Onboard machines using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
+###### [Onboard machines using System Center Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
+###### [Onboard machines using Mobile Device Management tools](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+####### [Onboard machines using Microsoft Intune](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-machines-using-microsoft-intune)
+###### [Onboard machines using a local script](windows-defender-atp\configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp\configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+##### [Onboard servers](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md)
+##### [Onboard non-Windows machines](windows-defender-atp\configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
+##### [Run a detection test on a newly onboarded machine](windows-defender-atp\run-detection-test-windows-defender-advanced-threat-protection.md)
+##### [Run simulated attacks on machines](windows-defender-atp\attack-simulations-windows-defender-advanced-threat-protection.md)
+##### [Configure proxy and Internet connectivity settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md)
+##### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+#### [Understand the portal ](windows-defender-atp\use-windows-defender-advanced-threat-protection.md)
+##### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md)
+##### [View the Security operations dashboard](windows-defender-atp\security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+##### [View the Secure Score dashboard and improve your secure score](windows-defender-atp\secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+##### [View the Threat analytics dashboard and take recommended mitigation actions](windows-defender-atp\threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
 
-###Investigate and remediate threats
-####Alerts queue
-##### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
-##### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md)
-##### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md)
-##### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md)
-##### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md)
-##### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md)
-##### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md)
-##### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md)
+####Investigate and remediate threats
+#####Alerts queue
+###### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
+###### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md)
+###### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md)
+###### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md)
+###### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md)
+###### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md)
+###### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md)
+###### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md)
 
 
 
 
-####Machines list
-##### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
-##### [Manage machine group and tags](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
-##### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
-##### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
-###### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
-###### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
-###### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
-###### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
+#####Machines list
+###### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
+###### [Manage machine group and tags](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
+###### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
+###### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
+####### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
+####### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
+####### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
+####### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
 
 
-#### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
-##### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md)
-###### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
-###### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
-###### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
-###### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
-###### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
-###### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
-###### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-##### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md)
-###### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
-###### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
-###### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
-###### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
-###### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-###### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
-####### [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
-####### [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
-####### [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
+##### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
+###### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md)
+####### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
+####### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
+####### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
+####### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
+####### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
+####### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
+####### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+
+###### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md)
+####### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
+####### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
+####### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
+####### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
+####### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+####### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
+######## [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
+######## [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
+######## [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
+
+###### [Query data using Advanced hunting](windows-defender-atp\advanced-hunting-windows-defender-advanced-threat-protection.md)
+####### [Advanced hunting reference](windows-defender-atp\advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
+####### [Advanced hunting query language best practices](windows-defender-atp\advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
 
 #### [Use Automated investigation to investigate and remediate threats](windows-defender-atp\automated-investigations-windows-defender-advanced-threat-protection.md)
-#### [Query data using Advanced hunting](windows-defender-atp\advanced-hunting-windows-defender-advanced-threat-protection.md)
-##### [Advanced hunting reference](windows-defender-atp\advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
-##### [Advanced hunting query language best practices](windows-defender-atp\advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
+####  [Protect users, data, and devices with conditional access](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md)
 
+####API and SIEM support
+##### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
+###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
+###### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md)
+###### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md)
+###### [Windows Defender ATP alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md)
+###### [Pull alerts using REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+###### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md)
 
-## [Protect users, data, and devices with conditional access](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md)
+##### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md)
+###### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
+###### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
+###### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md)
+###### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md)
+###### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md)
+###### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md)
+###### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)
+###### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md)
+#######Actor
+######## [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md)
+######## [Get actor related alerts](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
+#######Alerts
+######## [Get alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
+######## [Get alert related actor information](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
+######## [Get alert related domain information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
+######## [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
+######## [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
+######## [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
+########Domain
+#########  [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
+######### [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
+######### [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
+######### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
 
-###API and SIEM support
-#### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
-##### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
-##### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md)
-##### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md)
-##### [Windows Defender ATP alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md)
-##### [Pull alerts using REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md)
+#######File
+######## [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
+######## [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md)
+######## [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md)
+######## [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md)
+######## [Get FileActions collection API](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
+######## [Unblock file API](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
 
-#### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-##### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md)
-##### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md)
-##### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md)
-##### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
-#### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)
-##### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md)
-######Actor
-####### [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md)
-####### [Get actor related alerts](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
-######Alerts
-####### [Get alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
-####### [Get alert related actor information](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related domain information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
-######Domain
-#######  [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
-####### [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
-####### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
-
-######File
-####### [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
-####### [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md)
-####### [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md)
-####### [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md)
-####### [Get FileActions collection API](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
-####### [Unblock file API](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
-
-######IP
-####### [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md)
-####### [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md)
-####### [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md)
-######Machines
-####### [Collect investigation package API](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
-####### [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
-####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
-####### [Get FileMachineAction object API](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
-####### [Get FileMachineActions collection API](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
-####### [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md)
-####### [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
-####### [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get MachineAction object API](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
-####### [Get MachineActions collection API](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
-####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
-####### [Get package SAS URI API](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
-####### [Isolate machine API](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
-####### [Release machine from isolation API](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
-####### [Remove app restriction API](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
-####### [Request sample API](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
-####### [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
-####### [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
-####### [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
+#######IP
+######## [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md)
+######## [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md)
+######## [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md)
+#######Machines
+######## [Collect investigation package API](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
+######## [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
+######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
+######## [Get FileMachineAction object API](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
+######## [Get FileMachineActions collection API](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
+######## [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md)
+######## [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
+######## [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get MachineAction object API](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
+######## [Get MachineActions collection API](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
+######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
+######## [Get package SAS URI API](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
+######## [Isolate machine API](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
+######## [Release machine from isolation API](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
+######## [Remove app restriction API](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
+######## [Request sample API](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
+######## [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
+######## [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
+######## [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
 
 
 
-######User
-####### [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
-####### [Get user information](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md)
-####### [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
+#######User
+######## [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
+######## [Get user information](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md)
+######## [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
 
-###Reporting
-#### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
+####Reporting
+##### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
 
-###Check service health and sensor state
-#### [Check sensor state](windows-defender-atp\check-sensor-status-windows-defender-advanced-threat-protection.md)
+####Check service health and sensor state
+##### [Check sensor state](windows-defender-atp\check-sensor-status-windows-defender-advanced-threat-protection.md)
 ##### [Fix unhealthy sensors](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
 ##### [Inactive machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
 ##### [Misconfigured machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
-#### [Check service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md)
-### [Configure Windows Defender ATP Settings](windows-defender-atp\preferences-setup-windows-defender-advanced-threat-protection.md)
-
-####General
-##### [Update data retention settings](windows-defender-atp\data-retention-settings-windows-defender-advanced-threat-protection.md)
-##### [Configure alert notifications](windows-defender-atp\configure-email-notifications-windows-defender-advanced-threat-protection.md)
-##### [Enable and create Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
-##### [Enable Secure score security controls](windows-defender-atp\enable-secure-score-windows-defender-advanced-threat-protection.md)
-##### [Configure advanced features](windows-defender-atp\advanced-features-windows-defender-advanced-threat-protection.md)
+##### [Check service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md)
 
 
-####Permissions
-##### [Manage portal access using RBAC](windows-defender-atp\rbac-windows-defender-advanced-threat-protection.md)
-##### [Create and manage machine groups](windows-defender-atp\machine-groups-windows-defender-advanced-threat-protection.md)
-
-####APIs
-##### [Enable Threat intel](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md)
-
-####Rules
-##### [Manage suppression rules](windows-defender-atp\manage-suppression-rules-windows-defender-advanced-threat-protection.md)
-##### [Manage automation allowed/blocked](windows-defender-atp\manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
-##### [Manage automation file uploads](windows-defender-atp\manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
-##### [Manage automation folder exclusions](windows-defender-atp\manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
-
-####Machine management
-##### [Onboarding machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
-##### [Offboarding machines](windows-defender-atp\offboard-machines-windows-defender-advanced-threat-protection.md)
-
-### [Configure Windows Defender ATP time zone settings](windows-defender-atp\time-settings-windows-defender-advanced-threat-protection.md)
-
-### [Access the Windows Defender ATP Community Center](windows-defender-atp\community-windows-defender-advanced-threat-protection.md)
-### [Troubleshoot Windows Defender ATP](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md)
-#### [Review events and errors on machines with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)
-### [Windows Defender Antivirus compatibility with Windows Defender ATP](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md)
-
-##	[Windows Defender Antivirus in Windows 10](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
-### [Windows Defender AV in the Windows Defender Security Center app](windows-defender-antivirus\windows-defender-security-center-antivirus.md)
-
-### [Windows Defender AV on Windows Server 2016](windows-defender-antivirus\windows-defender-antivirus-on-windows-server-2016.md)
-
-### [Windows Defender Antivirus compatibility](windows-defender-antivirus\windows-defender-antivirus-compatibility.md)
-#### [Use limited periodic scanning in Windows Defender AV](windows-defender-antivirus\limited-periodic-scanning-windows-defender-antivirus.md)
+####[Configure Windows Defender Security Center settings](windows-defender-atp\preferences-setup-windows-defender-advanced-threat-protection.md)
+#####General
+###### [Update data retention settings](windows-defender-atp\data-retention-settings-windows-defender-advanced-threat-protection.md)
+###### [Configure alert notifications](windows-defender-atp\configure-email-notifications-windows-defender-advanced-threat-protection.md)
+###### [Enable and create Power BI reports using Windows Defender Security center data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
+###### [Enable Secure score security controls](windows-defender-atp\enable-secure-score-windows-defender-advanced-threat-protection.md)
+###### [Configure advanced features](windows-defender-atp\advanced-features-windows-defender-advanced-threat-protection.md)
 
 
-### [Evaluate Windows Defender Antivirus protection](windows-defender-antivirus\evaluate-windows-defender-antivirus.md)
+#####Permissions
+###### [Manage portal access using RBAC](windows-defender-atp\rbac-windows-defender-advanced-threat-protection.md)
+###### [Create and manage machine groups](windows-defender-atp\machine-groups-windows-defender-advanced-threat-protection.md)
+
+#####APIs
+###### [Enable Threat intel](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md)
+###### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md)
+
+#####Rules
+###### [Manage suppression rules](windows-defender-atp\manage-suppression-rules-windows-defender-advanced-threat-protection.md)
+###### [Manage automation allowed/blocked](windows-defender-atp\manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+###### [Manage automation file uploads](windows-defender-atp\manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
+###### [Manage automation folder exclusions](windows-defender-atp\manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
+
+#####Machine management
+###### [Onboarding machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
+###### [Offboarding machines](windows-defender-atp\offboard-machines-windows-defender-advanced-threat-protection.md)
+
+#### [Configure Windows Defender Security Center time zone settings](windows-defender-atp\time-settings-windows-defender-advanced-threat-protection.md)
+
+#### [Access the Windows Defender Security Center Community Center](windows-defender-atp\community-windows-defender-advanced-threat-protection.md)
+#### [Troubleshoot Windows Defender ATP service issues](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md)
+##### [Review events and errors on machines with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)
+#### [Windows Defender Antivirus compatibility with Windows Defender ATP](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md)
+
+###	[Windows Defender Antivirus](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
+#### [Windows Defender AV in the Windows Defender Security app](windows-defender-antivirus\windows-defender-security-center-antivirus.md)
+#### [Windows Defender AV on Windows Server 2016](windows-defender-antivirus\windows-defender-antivirus-on-windows-server-2016.md)
+
+#### [Windows Defender Antivirus compatibility](windows-defender-antivirus\windows-defender-antivirus-compatibility.md)
+##### [Use limited periodic scanning in Windows Defender AV](windows-defender-antivirus\limited-periodic-scanning-windows-defender-antivirus.md)
 
 
-### [Deploy, manage updates, and report on Windows Defender Antivirus](windows-defender-antivirus\deploy-manage-report-windows-defender-antivirus.md)
-#### [Deploy and enable Windows Defender Antivirus](windows-defender-antivirus\deploy-windows-defender-antivirus.md)
-##### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md)
-#### [Report on Windows Defender Antivirus protection](windows-defender-antivirus\report-monitor-windows-defender-antivirus.md)
-##### [Troubleshoot Windows Defender Antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md)
-#### [Manage updates and apply baselines](windows-defender-antivirus\manage-updates-baselines-windows-defender-antivirus.md)
-##### [Manage protection and definition updates](windows-defender-antivirus\manage-protection-updates-windows-defender-antivirus.md)
-##### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus\manage-protection-update-schedule-windows-defender-antivirus.md)
-##### [Manage updates for endpoints that are out of date](windows-defender-antivirus\manage-outdated-endpoints-windows-defender-antivirus.md)
-##### [Manage event-based forced updates](windows-defender-antivirus\manage-event-based-updates-windows-defender-antivirus.md)
-##### [Manage updates for mobile devices and VMs](windows-defender-antivirus\manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
+#### [Evaluate Windows Defender Antivirus protection](windows-defender-antivirus\evaluate-windows-defender-antivirus.md)
 
 
-### [Configure Windows Defender Antivirus features](windows-defender-antivirus\configure-windows-defender-antivirus-features.md)
-#### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus\utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
-##### [Enable cloud-delivered protection](windows-defender-antivirus\enable-cloud-protection-windows-defender-antivirus.md)
-##### [Specify the cloud-delivered protection level](windows-defender-antivirus\specify-cloud-protection-level-windows-defender-antivirus.md)
-##### [Configure and validate network connections](windows-defender-antivirus\configure-network-connections-windows-defender-antivirus.md)
-##### [Enable the Block at First Sight feature](windows-defender-antivirus\configure-block-at-first-sight-windows-defender-antivirus.md)
-##### [Configure the cloud block timeout period](windows-defender-antivirus\configure-cloud-block-timeout-period-windows-defender-antivirus.md)
-#### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus\configure-protection-features-windows-defender-antivirus.md)
-##### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus\detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
-##### [Enable and configure always-on protection and monitoring](windows-defender-antivirus\configure-real-time-protection-windows-defender-antivirus.md)
-#### [Configure end-user interaction with Windows Defender AV](windows-defender-antivirus\configure-end-user-interaction-windows-defender-antivirus.md)
-##### [Configure the notifications that appear on endpoints](windows-defender-antivirus\configure-notifications-windows-defender-antivirus.md)
-##### [Prevent users from seeing or interacting with the user interface](windows-defender-antivirus\prevent-end-user-interaction-windows-defender-antivirus.md)
-##### [Prevent or allow users to locally modify policy settings](windows-defender-antivirus\configure-local-policy-overrides-windows-defender-antivirus.md)
+#### [Deploy, manage updates, and report on Windows Defender Antivirus](windows-defender-antivirus\deploy-manage-report-windows-defender-antivirus.md)
+##### [Deploy and enable Windows Defender Antivirus](windows-defender-antivirus\deploy-windows-defender-antivirus.md)
+###### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md)
+##### [Report on Windows Defender Antivirus protection](windows-defender-antivirus\report-monitor-windows-defender-antivirus.md)
+###### [Troubleshoot Windows Defender Antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md)
+##### [Manage updates and apply baselines](windows-defender-antivirus\manage-updates-baselines-windows-defender-antivirus.md)
+###### [Manage protection and definition updates](windows-defender-antivirus\manage-protection-updates-windows-defender-antivirus.md)
+###### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus\manage-protection-update-schedule-windows-defender-antivirus.md)
+###### [Manage updates for endpoints that are out of date](windows-defender-antivirus\manage-outdated-endpoints-windows-defender-antivirus.md)
+###### [Manage event-based forced updates](windows-defender-antivirus\manage-event-based-updates-windows-defender-antivirus.md)
+###### [Manage updates for mobile devices and VMs](windows-defender-antivirus\manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
 
 
-### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus\customize-run-review-remediate-scans-windows-defender-antivirus.md)
-#### [Configure and validate exclusions in Windows Defender AV scans](windows-defender-antivirus\configure-exclusions-windows-defender-antivirus.md)
-##### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus\configure-extension-file-exclusions-windows-defender-antivirus.md)
-##### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus\configure-process-opened-file-exclusions-windows-defender-antivirus.md)
-##### [Configure exclusions in Windows Defender AV on Windows Server 2016](windows-defender-antivirus\configure-server-exclusions-windows-defender-antivirus.md)
-#### [Configure scanning options in Windows Defender AV](windows-defender-antivirus\configure-advanced-scan-types-windows-defender-antivirus.md)
-#### [Configure remediation for scans](windows-defender-antivirus\configure-remediation-windows-defender-antivirus.md)
-#### [Configure scheduled scans](windows-defender-antivirus\scheduled-catch-up-scans-windows-defender-antivirus.md)
-#### [Configure and run scans](windows-defender-antivirus\run-scan-windows-defender-antivirus.md)
-#### [Review scan results](windows-defender-antivirus\review-scan-results-windows-defender-antivirus.md)
-#### [Run and review the results of a Windows Defender Offline scan](windows-defender-antivirus\windows-defender-offline.md)
+#### [Configure Windows Defender Antivirus features](windows-defender-antivirus\configure-windows-defender-antivirus-features.md)
+##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus\utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+###### [Enable cloud-delivered protection](windows-defender-antivirus\enable-cloud-protection-windows-defender-antivirus.md)
+###### [Specify the cloud-delivered protection level](windows-defender-antivirus\specify-cloud-protection-level-windows-defender-antivirus.md)
+###### [Configure and validate network connections](windows-defender-antivirus\configure-network-connections-windows-defender-antivirus.md)
+###### [Enable the Block at First Sight feature](windows-defender-antivirus\configure-block-at-first-sight-windows-defender-antivirus.md)
+###### [Configure the cloud block timeout period](windows-defender-antivirus\configure-cloud-block-timeout-period-windows-defender-antivirus.md)
+##### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus\configure-protection-features-windows-defender-antivirus.md)
+###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus\detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
+###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus\configure-real-time-protection-windows-defender-antivirus.md)
+##### [Configure end-user interaction with Windows Defender AV](windows-defender-antivirus\configure-end-user-interaction-windows-defender-antivirus.md)
+###### [Configure the notifications that appear on endpoints](windows-defender-antivirus\configure-notifications-windows-defender-antivirus.md)
+###### [Prevent users from seeing or interacting with the user interface](windows-defender-antivirus\prevent-end-user-interaction-windows-defender-antivirus.md)
+###### [Prevent or allow users to locally modify policy settings](windows-defender-antivirus\configure-local-policy-overrides-windows-defender-antivirus.md)
+
+
+#### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus\customize-run-review-remediate-scans-windows-defender-antivirus.md)
+##### [Configure and validate exclusions in Windows Defender AV scans](windows-defender-antivirus\configure-exclusions-windows-defender-antivirus.md)
+###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus\configure-extension-file-exclusions-windows-defender-antivirus.md)
+###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus\configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+###### [Configure exclusions in Windows Defender AV on Windows Server 2016](windows-defender-antivirus\configure-server-exclusions-windows-defender-antivirus.md)
+##### [Configure scanning options in Windows Defender AV](windows-defender-antivirus\configure-advanced-scan-types-windows-defender-antivirus.md)
+##### [Configure remediation for scans](windows-defender-antivirus\configure-remediation-windows-defender-antivirus.md)
+##### [Configure scheduled scans](windows-defender-antivirus\scheduled-catch-up-scans-windows-defender-antivirus.md)
+##### [Configure and run scans](windows-defender-antivirus\run-scan-windows-defender-antivirus.md)
+##### [Review scan results](windows-defender-antivirus\review-scan-results-windows-defender-antivirus.md)
+##### [Run and review the results of a Windows Defender Offline scan](windows-defender-antivirus\windows-defender-offline.md)
 #### [Restore quarantined files in Windows Defender AV](windows-defender-antivirus\restore-quarantined-files-windows-defender-antivirus.md)
 
 
-### [Review event logs and error codes to troubleshoot issues](windows-defender-antivirus\troubleshoot-windows-defender-antivirus.md)
+##### [Review event logs and error codes to troubleshoot issues](windows-defender-antivirus\troubleshoot-windows-defender-antivirus.md)
 
 
 
-### [Manage Windows Defender AV in your business](windows-defender-antivirus\configuration-management-reference-windows-defender-antivirus.md)
-#### [Use Group Policy settings to configure and manage Windows Defender AV](windows-defender-antivirus\use-group-policy-windows-defender-antivirus.md)
-#### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](windows-defender-antivirus\use-intune-config-manager-windows-defender-antivirus.md)
-#### [Use PowerShell cmdlets to configure and manage Windows Defender AV](windows-defender-antivirus\use-powershell-cmdlets-windows-defender-antivirus.md)
-#### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](windows-defender-antivirus\use-wmi-windows-defender-antivirus.md)
-#### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](windows-defender-antivirus\command-line-arguments-windows-defender-antivirus.md)
+##### [Manage Windows Defender AV in your business](windows-defender-antivirus\configuration-management-reference-windows-defender-antivirus.md)
+###### [Use Group Policy settings to configure and manage Windows Defender AV](windows-defender-antivirus\use-group-policy-windows-defender-antivirus.md)
+###### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](windows-defender-antivirus\use-intune-config-manager-windows-defender-antivirus.md)
+###### [Use PowerShell cmdlets to configure and manage Windows Defender AV](windows-defender-antivirus\use-powershell-cmdlets-windows-defender-antivirus.md)
+###### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](windows-defender-antivirus\use-wmi-windows-defender-antivirus.md)
+###### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](windows-defender-antivirus\command-line-arguments-windows-defender-antivirus.md)
 
 
 
-## [Windows Defender Exploit Guard](windows-defender-exploit-guard\windows-defender-exploit-guard.md)
-### [Evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\evaluate-windows-defender-exploit-guard.md)
-#### [Use auditing mode to evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\audit-windows-defender-exploit-guard.md)
-#### [View Exploit Guard events](windows-defender-exploit-guard\event-views-exploit-guard.md)
 
-### [Exploit protection](windows-defender-exploit-guard\exploit-protection-exploit-guard.md)
-#### [Comparison with Enhanced Mitigation Experience Toolkit](windows-defender-exploit-guard\emet-exploit-protection-exploit-guard.md)
-#### [Evaluate Exploit protection](windows-defender-exploit-guard\evaluate-exploit-protection.md)
-#### [Enable Exploit protection](windows-defender-exploit-guard\enable-exploit-protection.md)
-#### [Customize Exploit protection](windows-defender-exploit-guard\customize-exploit-protection.md)
-##### [Import, export, and deploy Exploit protection configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
-### [Attack surface reduction](windows-defender-exploit-guard\attack-surface-reduction-exploit-guard.md)
+
+
+
+
+
+
+
+
+
+
+
+
+### [Windows Defender Exploit Guard](windows-defender-exploit-guard\windows-defender-exploit-guard.md)
+#### [Evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\evaluate-windows-defender-exploit-guard.md)
+##### [Use auditing mode to evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\audit-windows-defender-exploit-guard.md)
+##### [View Exploit Guard events](windows-defender-exploit-guard\event-views-exploit-guard.md)
+#### [Exploit protection](windows-defender-exploit-guard\exploit-protection-exploit-guard.md)
+##### [Comparison with Enhanced Mitigation Experience Toolkit](windows-defender-exploit-guard\emet-exploit-protection-exploit-guard.md)
+##### [Evaluate Exploit protection](windows-defender-exploit-guard\evaluate-exploit-protection.md)
+##### [Enable Exploit protection](windows-defender-exploit-guard\enable-exploit-protection.md)
+##### [Customize Exploit protection](windows-defender-exploit-guard\customize-exploit-protection.md)
+###### [Import, export, and deploy Exploit protection configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
+##### [Memory integrity](windows-defender-exploit-guard\memory-integrity.md)
+###### [Requirements for virtualization-based protection of code integrity](windows-defender-exploit-guard\requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
+###### [Enable virtualization-based protection of code integrity](windows-defender-exploit-guard\enable-virtualization-based-protection-of-code-integrity.md)
+#### [Attack surface reduction](windows-defender-exploit-guard\attack-surface-reduction-exploit-guard.md)
 #### [Evaluate Attack surface reduction](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md)
 #### [Enable Attack surface reduction](windows-defender-exploit-guard\enable-attack-surface-reduction.md)
 #### [Customize Attack surface reduction](windows-defender-exploit-guard\customize-attack-surface-reduction.md)
 #### [Troubleshoot Attack surface reduction rules](windows-defender-exploit-guard\troubleshoot-asr.md)
-### [Network Protection](windows-defender-exploit-guard\network-protection-exploit-guard.md)
+#### [Network Protection](windows-defender-exploit-guard\network-protection-exploit-guard.md)
 #### [Evaluate Network Protection](windows-defender-exploit-guard\evaluate-network-protection.md)
 #### [Enable Network Protection](windows-defender-exploit-guard\enable-network-protection.md)
 #### [Troubleshoot Network protection](windows-defender-exploit-guard\troubleshoot-np.md)
-### [Controlled folder access](windows-defender-exploit-guard\controlled-folders-exploit-guard.md)
+#### [Controlled folder access](windows-defender-exploit-guard\controlled-folders-exploit-guard.md)
 #### [Evaluate Controlled folder access](windows-defender-exploit-guard\evaluate-controlled-folder-access.md)
 #### [Enable Controlled folder access](windows-defender-exploit-guard\enable-controlled-folders-exploit-guard.md)
 #### [Customize Controlled folder access](windows-defender-exploit-guard\customize-controlled-folders-exploit-guard.md)
-### [Memory integrity](windows-defender-exploit-guard\memory-integrity.md)
-#### [Requirements for virtualization-based protection of code integrity](windows-defender-exploit-guard\requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
-#### [Enable virtualization-based protection of code integrity](windows-defender-exploit-guard\enable-virtualization-based-protection-of-code-integrity.md)
 
 
-## [Windows Defender Application Control](windows-defender-application-control/windows-defender-application-control.md)
-
-## [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
-
-## [Windows Defender Device Guard: virtualization-based security and WDAC](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
-
-## [Windows Defender SmartScreen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md)
-### [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md)
-### [Set up and use Windows Defender SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md)
-
-##[Windows Defender Application Guard](windows-defender-application-guard/wd-app-guard-overview.md)
-###[System requirements for Windows Defender Application Guard](windows-defender-application-guard/reqs-wd-app-guard.md)
-###[Prepare and install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md)
-###[Configure the Group Policy settings for Windows Defender Application Guard](windows-defender-application-guard/configure-wd-app-guard.md)
-###[Testing scenarios using Windows Defender Application Guard in your business or organization](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
-###[Frequently Asked Questions - Windows Defender Application Guard](windows-defender-application-guard/faq-wd-app-guard.md)
-
-## [Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md)
-
-## [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md)
-
-## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-intrusion-detection.md)
-
-## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md)
-
-## [Security auditing](auditing/security-auditing-overview.md)
-### [Basic security audit policies](auditing/basic-security-audit-policies.md)
-#### [Create a basic audit policy for an event category](auditing/create-a-basic-audit-policy-settings-for-an-event-category.md)
-#### [Apply a basic audit policy on a file or folder](auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md)
-#### [View the security event log](auditing/view-the-security-event-log.md)
-#### [Basic security audit policy settings](auditing/basic-security-audit-policy-settings.md)
-##### [Audit account logon events](auditing/basic-audit-account-logon-events.md)
-##### [Audit account management](auditing/basic-audit-account-management.md)
-##### [Audit directory service access](auditing/basic-audit-directory-service-access.md)
-##### [Audit logon events](auditing/basic-audit-logon-events.md)
-##### [Audit object access](auditing/basic-audit-object-access.md)
-##### [Audit policy change](auditing/basic-audit-policy-change.md)
-##### [Audit privilege use](auditing/basic-audit-privilege-use.md)
-##### [Audit process tracking](auditing/basic-audit-process-tracking.md)
-##### [Audit system events](auditing/basic-audit-system-events.md)
-### [Advanced security audit policies](auditing/advanced-security-auditing.md)
-#### [Planning and deploying advanced security audit policies](auditing/planning-and-deploying-advanced-security-audit-policies.md)
-#### [Advanced security auditing FAQ](auditing/advanced-security-auditing-faq.md)
-##### [Which editions of Windows support advanced audit policy configuration](auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md)
-#### [Using advanced security auditing options to monitor dynamic access control objects](auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md)
-##### [Monitor the central access policies that apply on a file server](auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md)
-##### [Monitor the use of removable storage devices](auditing/monitor-the-use-of-removable-storage-devices.md)
-##### [Monitor resource attribute definitions](auditing/monitor-resource-attribute-definitions.md)
-##### [Monitor central access policy and rule definitions](auditing/monitor-central-access-policy-and-rule-definitions.md)
-##### [Monitor user and device claims during sign-in](auditing/monitor-user-and-device-claims-during-sign-in.md)
-##### [Monitor the resource attributes on files and folders](auditing/monitor-the-resource-attributes-on-files-and-folders.md)
-##### [Monitor the central access policies associated with files and folders](auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md)
-##### [Monitor claim types](auditing/monitor-claim-types.md)
-#### [Advanced security audit policy settings](auditing/advanced-security-audit-policy-settings.md)
-##### [Audit Credential Validation](auditing/audit-credential-validation.md)
-###### [Event 4774 S, F: An account was mapped for logon.](auditing/event-4774.md)
-###### [Event 4775 F: An account could not be mapped for logon.](auditing/event-4775.md)
-###### [Event 4776 S, F: The computer attempted to validate the credentials for an account.](auditing/event-4776.md)
-###### [Event 4777 F: The domain controller failed to validate the credentials for an account.](auditing/event-4777.md)
-##### [Audit Kerberos Authentication Service](auditing/audit-kerberos-authentication-service.md)
-###### [Event 4768 S, F: A Kerberos authentication ticket, TGT, was requested.](auditing/event-4768.md)
-###### [Event 4771 F: Kerberos pre-authentication failed.](auditing/event-4771.md)
-###### [Event 4772 F: A Kerberos authentication ticket request failed.](auditing/event-4772.md)
-##### [Audit Kerberos Service Ticket Operations](auditing/audit-kerberos-service-ticket-operations.md)
-###### [Event 4769 S, F: A Kerberos service ticket was requested.](auditing/event-4769.md)
-###### [Event 4770 S: A Kerberos service ticket was renewed.](auditing/event-4770.md)
-###### [Event 4773 F: A Kerberos service ticket request failed.](auditing/event-4773.md)
-##### [Audit Other Account Logon Events](auditing/audit-other-account-logon-events.md)
-##### [Audit Application Group Management](auditing/audit-application-group-management.md)
-##### [Audit Computer Account Management](auditing/audit-computer-account-management.md)
-###### [Event 4741 S: A computer account was created.](auditing/event-4741.md)
-###### [Event 4742 S: A computer account was changed.](auditing/event-4742.md)
-###### [Event 4743 S: A computer account was deleted.](auditing/event-4743.md)
-##### [Audit Distribution Group Management](auditing/audit-distribution-group-management.md)
-###### [Event 4749 S: A security-disabled global group was created.](auditing/event-4749.md)
-###### [Event 4750 S: A security-disabled global group was changed.](auditing/event-4750.md)
-###### [Event 4751 S: A member was added to a security-disabled global group.](auditing/event-4751.md)
-###### [Event 4752 S: A member was removed from a security-disabled global group.](auditing/event-4752.md)
-###### [Event 4753 S: A security-disabled global group was deleted.](auditing/event-4753.md)
-##### [Audit Other Account Management Events](auditing/audit-other-account-management-events.md)
-###### [Event 4782 S: The password hash an account was accessed.](auditing/event-4782.md)
-###### [Event 4793 S: The Password Policy Checking API was called.](auditing/event-4793.md)
-##### [Audit Security Group Management](auditing/audit-security-group-management.md)
-###### [Event 4731 S: A security-enabled local group was created.](auditing/event-4731.md)
-###### [Event 4732 S: A member was added to a security-enabled local group.](auditing/event-4732.md)
-###### [Event 4733 S: A member was removed from a security-enabled local group.](auditing/event-4733.md)
-###### [Event 4734 S: A security-enabled local group was deleted.](auditing/event-4734.md)
-###### [Event 4735 S: A security-enabled local group was changed.](auditing/event-4735.md)
-###### [Event 4764 S: A group’s type was changed.](auditing/event-4764.md)
-###### [Event 4799 S: A security-enabled local group membership was enumerated.](auditing/event-4799.md)
-##### [Audit User Account Management](auditing/audit-user-account-management.md)
-###### [Event 4720 S: A user account was created.](auditing/event-4720.md)
-###### [Event 4722 S: A user account was enabled.](auditing/event-4722.md)
-###### [Event 4723 S, F: An attempt was made to change an account's password.](auditing/event-4723.md)
-###### [Event 4724 S, F: An attempt was made to reset an account's password.](auditing/event-4724.md)
-###### [Event 4725 S: A user account was disabled.](auditing/event-4725.md)
-###### [Event 4726 S: A user account was deleted.](auditing/event-4726.md)
-###### [Event 4738 S: A user account was changed.](auditing/event-4738.md)
-###### [Event 4740 S: A user account was locked out.](auditing/event-4740.md)
-###### [Event 4765 S: SID History was added to an account.](auditing/event-4765.md)
-###### [Event 4766 F: An attempt to add SID History to an account failed.](auditing/event-4766.md)
-###### [Event 4767 S: A user account was unlocked.](auditing/event-4767.md)
-###### [Event 4780 S: The ACL was set on accounts which are members of administrators groups.](auditing/event-4780.md)
-###### [Event 4781 S: The name of an account was changed.](auditing/event-4781.md)
-###### [Event 4794 S, F: An attempt was made to set the Directory Services Restore Mode administrator password.](auditing/event-4794.md)
-###### [Event 4798 S: A user's local group membership was enumerated.](auditing/event-4798.md)
-###### [Event 5376 S: Credential Manager credentials were backed up.](auditing/event-5376.md)
-###### [Event 5377 S: Credential Manager credentials were restored from a backup.](auditing/event-5377.md)
-##### [Audit DPAPI Activity](auditing/audit-dpapi-activity.md)
-###### [Event 4692 S, F: Backup of data protection master key was attempted.](auditing/event-4692.md)
-###### [Event 4693 S, F: Recovery of data protection master key was attempted.](auditing/event-4693.md)
-###### [Event 4694 S, F: Protection of auditable protected data was attempted.](auditing/event-4694.md)
-###### [Event 4695 S, F: Unprotection of auditable protected data was attempted.](auditing/event-4695.md)
-##### [Audit PNP Activity](auditing/audit-pnp-activity.md)
-###### [Event 6416 S: A new external device was recognized by the System.](auditing/event-6416.md)
-###### [Event 6419 S: A request was made to disable a device.](auditing/event-6419.md)
-###### [Event 6420 S: A device was disabled.](auditing/event-6420.md)
-###### [Event 6421 S: A request was made to enable a device.](auditing/event-6421.md)
-###### [Event 6422 S: A device was enabled.](auditing/event-6422.md)
-###### [Event 6423 S: The installation of this device is forbidden by system policy.](auditing/event-6423.md)
-###### [Event 6424 S: The installation of this device was allowed, after having previously been forbidden by policy.](auditing/event-6424.md)
-##### [Audit Process Creation](auditing/audit-process-creation.md)
-###### [Event 4688 S: A new process has been created.](auditing/event-4688.md)
-###### [Event 4696 S: A primary token was assigned to process.](auditing/event-4696.md)
-##### [Audit Process Termination](auditing/audit-process-termination.md)
-###### [Event 4689 S: A process has exited.](auditing/event-4689.md)
-##### [Audit RPC Events](auditing/audit-rpc-events.md)
-###### [Event 5712 S: A Remote Procedure Call, RPC, was attempted.](auditing/event-5712.md)
-##### [Audit Detailed Directory Service Replication](auditing/audit-detailed-directory-service-replication.md)
-###### [Event 4928 S, F: An Active Directory replica source naming context was established.](auditing/event-4928.md)
-###### [Event 4929 S, F: An Active Directory replica source naming context was removed.](auditing/event-4929.md)
-###### [Event 4930 S, F: An Active Directory replica source naming context was modified.](auditing/event-4930.md)
-###### [Event 4931 S, F: An Active Directory replica destination naming context was modified.](auditing/event-4931.md)
-###### [Event 4934 S: Attributes of an Active Directory object were replicated.](auditing/event-4934.md)
-###### [Event 4935 F: Replication failure begins.](auditing/event-4935.md)
-###### [Event 4936 S: Replication failure ends.](auditing/event-4936.md)
-###### [Event 4937 S: A lingering object was removed from a replica.](auditing/event-4937.md)
-##### [Audit Directory Service Access](auditing/audit-directory-service-access.md)
-###### [Event 4662 S, F: An operation was performed on an object.](auditing/event-4662.md)
-###### [Event 4661 S, F: A handle to an object was requested.](auditing/event-4661.md)
-##### [Audit Directory Service Changes](auditing/audit-directory-service-changes.md)
-###### [Event 5136 S: A directory service object was modified.](auditing/event-5136.md)
-###### [Event 5137 S: A directory service object was created.](auditing/event-5137.md)
-###### [Event 5138 S: A directory service object was undeleted.](auditing/event-5138.md)
-###### [Event 5139 S: A directory service object was moved.](auditing/event-5139.md)
-###### [Event 5141 S: A directory service object was deleted.](auditing/event-5141.md)
-##### [Audit Directory Service Replication](auditing/audit-directory-service-replication.md)
-###### [Event 4932 S: Synchronization of a replica of an Active Directory naming context has begun.](auditing/event-4932.md)
-###### [Event 4933 S, F: Synchronization of a replica of an Active Directory naming context has ended.](auditing/event-4933.md)
-##### [Audit Account Lockout](auditing/audit-account-lockout.md)
-###### [Event 4625 F: An account failed to log on.](auditing/event-4625.md)
-##### [Audit User/Device Claims](auditing/audit-user-device-claims.md)
-###### [Event 4626 S: User/Device claims information.](auditing/event-4626.md)
-##### [Audit Group Membership](auditing/audit-group-membership.md)
-###### [Event 4627 S: Group membership information.](auditing/event-4627.md)
-##### [Audit IPsec Extended Mode](auditing/audit-ipsec-extended-mode.md)
-##### [Audit IPsec Main Mode](auditing/audit-ipsec-main-mode.md)
-##### [Audit IPsec Quick Mode](auditing/audit-ipsec-quick-mode.md)
-##### [Audit Logoff](auditing/audit-logoff.md)
-###### [Event 4634 S: An account was logged off.](auditing/event-4634.md)
-###### [Event 4647 S: User initiated logoff.](auditing/event-4647.md)
-##### [Audit Logon](auditing/audit-logon.md)
-###### [Event 4624 S: An account was successfully logged on.](auditing/event-4624.md)
-###### [Event 4625 F: An account failed to log on.](auditing/event-4625.md)
-###### [Event 4648 S: A logon was attempted using explicit credentials.](auditing/event-4648.md)
-###### [Event 4675 S: SIDs were filtered.](auditing/event-4675.md)
-##### [Audit Network Policy Server](auditing/audit-network-policy-server.md)
-##### [Audit Other Logon/Logoff Events](auditing/audit-other-logonlogoff-events.md)
-###### [Event 4649 S: A replay attack was detected.](auditing/event-4649.md)
-###### [Event 4778 S: A session was reconnected to a Window Station.](auditing/event-4778.md)
-###### [Event 4779 S: A session was disconnected from a Window Station.](auditing/event-4779.md)
-###### [Event 4800 S: The workstation was locked.](auditing/event-4800.md)
-###### [Event 4801 S: The workstation was unlocked.](auditing/event-4801.md)
-###### [Event 4802 S: The screen saver was invoked.](auditing/event-4802.md)
-###### [Event 4803 S: The screen saver was dismissed.](auditing/event-4803.md)
-###### [Event 5378 F: The requested credentials delegation was disallowed by policy.](auditing/event-5378.md)
-###### [Event 5632 S, F: A request was made to authenticate to a wireless network.](auditing/event-5632.md)
-###### [Event 5633 S, F: A request was made to authenticate to a wired network.](auditing/event-5633.md)
-##### [Audit Special Logon](auditing/audit-special-logon.md)
-###### [Event 4964 S: Special groups have been assigned to a new logon.](auditing/event-4964.md)
-###### [Event 4672 S: Special privileges assigned to new logon.](auditing/event-4672.md)
-##### [Audit Application Generated](auditing/audit-application-generated.md)
-##### [Audit Certification Services](auditing/audit-certification-services.md)
-##### [Audit Detailed File Share](auditing/audit-detailed-file-share.md)
-###### [Event 5145 S, F: A network share object was checked to see whether client can be granted desired access.](auditing/event-5145.md)
-##### [Audit File Share](auditing/audit-file-share.md)
-###### [Event 5140 S, F: A network share object was accessed.](auditing/event-5140.md)
-###### [Event 5142 S: A network share object was added.](auditing/event-5142.md)
-###### [Event 5143 S: A network share object was modified.](auditing/event-5143.md)
-###### [Event 5144 S: A network share object was deleted.](auditing/event-5144.md)
-###### [Event 5168 F: SPN check for SMB/SMB2 failed.](auditing/event-5168.md)
-##### [Audit File System](auditing/audit-file-system.md)
-###### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md)
-###### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md)
-###### [Event 4660 S: An object was deleted.](auditing/event-4660.md)
-###### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md)
-###### [Event 4664 S: An attempt was made to create a hard link.](auditing/event-4664.md)
-###### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md)
-###### [Event 5051: A file was virtualized.](auditing/event-5051.md)
-###### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md)
-##### [Audit Filtering Platform Connection](auditing/audit-filtering-platform-connection.md)
-###### [Event 5031 F: The Windows Firewall Service blocked an application from accepting incoming connections on the network.](auditing/event-5031.md)
-###### [Event 5150: The Windows Filtering Platform blocked a packet.](auditing/event-5150.md)
-###### [Event 5151: A more restrictive Windows Filtering Platform filter has blocked a packet.](auditing/event-5151.md)
-###### [Event 5154 S: The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.](auditing/event-5154.md)
-###### [Event 5155 F: The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.](auditing/event-5155.md)
-###### [Event 5156 S: The Windows Filtering Platform has permitted a connection.](auditing/event-5156.md)
-###### [Event 5157 F: The Windows Filtering Platform has blocked a connection.](auditing/event-5157.md)
-###### [Event 5158 S: The Windows Filtering Platform has permitted a bind to a local port.](auditing/event-5158.md)
-###### [Event 5159 F: The Windows Filtering Platform has blocked a bind to a local port.](auditing/event-5159.md)
-##### [Audit Filtering Platform Packet Drop](auditing/audit-filtering-platform-packet-drop.md)
-###### [Event 5152 F: The Windows Filtering Platform blocked a packet.](auditing/event-5152.md)
-###### [Event 5153 S: A more restrictive Windows Filtering Platform filter has blocked a packet.](auditing/event-5153.md)
-##### [Audit Handle Manipulation](auditing/audit-handle-manipulation.md)
-###### [Event 4690 S: An attempt was made to duplicate a handle to an object.](auditing/event-4690.md)
-##### [Audit Kernel Object](auditing/audit-kernel-object.md)
-###### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md)
-###### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md)
-###### [Event 4660 S: An object was deleted.](auditing/event-4660.md)
-###### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md)
-##### [Audit Other Object Access Events](auditing/audit-other-object-access-events.md)
-###### [Event 4671: An application attempted to access a blocked ordinal through the TBS.](auditing/event-4671.md)
-###### [Event 4691 S: Indirect access to an object was requested.](auditing/event-4691.md)
-###### [Event 5148 F: The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.](auditing/event-5148.md)
-###### [Event 5149 F: The DoS attack has subsided and normal processing is being resumed.](auditing/event-5149.md)
-###### [Event 4698 S: A scheduled task was created.](auditing/event-4698.md)
-###### [Event 4699 S: A scheduled task was deleted.](auditing/event-4699.md)
-###### [Event 4700 S: A scheduled task was enabled.](auditing/event-4700.md)
-###### [Event 4701 S: A scheduled task was disabled.](auditing/event-4701.md)
-###### [Event 4702 S: A scheduled task was updated.](auditing/event-4702.md)
-###### [Event 5888 S: An object in the COM+ Catalog was modified.](auditing/event-5888.md)
-###### [Event 5889 S: An object was deleted from the COM+ Catalog.](auditing/event-5889.md)
-###### [Event 5890 S: An object was added to the COM+ Catalog.](auditing/event-5890.md)
-##### [Audit Registry](auditing/audit-registry.md)
-###### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md)
-###### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md)
-###### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md)
-###### [Event 4660 S: An object was deleted.](auditing/event-4660.md)
-###### [Event 4657 S: A registry value was modified.](auditing/event-4657.md)
-###### [Event 5039: A registry key was virtualized.](auditing/event-5039.md)
-###### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md)
-##### [Audit Removable Storage](auditing/audit-removable-storage.md)
-##### [Audit SAM](auditing/audit-sam.md)
-###### [Event 4661 S, F: A handle to an object was requested.](auditing/event-4661.md)
-##### [Audit Central Access Policy Staging](auditing/audit-central-access-policy-staging.md)
-###### [Event 4818 S: Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.](auditing/event-4818.md)
-##### [Audit Audit Policy Change](auditing/audit-audit-policy-change.md)
-###### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md)
-###### [Event 4715 S: The audit policy, SACL, on an object was changed.](auditing/event-4715.md)
-###### [Event 4719 S: System audit policy was changed.](auditing/event-4719.md)
-###### [Event 4817 S: Auditing settings on object were changed.](auditing/event-4817.md)
-###### [Event 4902 S: The Per-user audit policy table was created.](auditing/event-4902.md)
-###### [Event 4906 S: The CrashOnAuditFail value has changed.](auditing/event-4906.md)
-###### [Event 4907 S: Auditing settings on object were changed.](auditing/event-4907.md)
-###### [Event 4908 S: Special Groups Logon table modified.](auditing/event-4908.md)
-###### [Event 4912 S: Per User Audit Policy was changed.](auditing/event-4912.md)
-###### [Event 4904 S: An attempt was made to register a security event source.](auditing/event-4904.md)
-###### [Event 4905 S: An attempt was made to unregister a security event source.](auditing/event-4905.md)
-##### [Audit Authentication Policy Change](auditing/audit-authentication-policy-change.md)
-###### [Event 4706 S: A new trust was created to a domain.](auditing/event-4706.md)
-###### [Event 4707 S: A trust to a domain was removed.](auditing/event-4707.md)
-###### [Event 4716 S: Trusted domain information was modified.](auditing/event-4716.md)
-###### [Event 4713 S: Kerberos policy was changed.](auditing/event-4713.md)
-###### [Event 4717 S: System security access was granted to an account.](auditing/event-4717.md)
-###### [Event 4718 S: System security access was removed from an account.](auditing/event-4718.md)
-###### [Event 4739 S: Domain Policy was changed.](auditing/event-4739.md)
-###### [Event 4864 S: A namespace collision was detected.](auditing/event-4864.md)
-###### [Event 4865 S: A trusted forest information entry was added.](auditing/event-4865.md)
-###### [Event 4866 S: A trusted forest information entry was removed.](auditing/event-4866.md)
-###### [Event 4867 S: A trusted forest information entry was modified.](auditing/event-4867.md)
-##### [Audit Authorization Policy Change](auditing/audit-authorization-policy-change.md)
-###### [Event 4703 S: A user right was adjusted.](auditing/event-4703.md)
-###### [Event 4704 S: A user right was assigned.](auditing/event-4704.md)
-###### [Event 4705 S: A user right was removed.](auditing/event-4705.md)
-###### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md)
-###### [Event 4911 S: Resource attributes of the object were changed.](auditing/event-4911.md)
-###### [Event 4913 S: Central Access Policy on the object was changed.](auditing/event-4913.md)
-##### [Audit Filtering Platform Policy Change](auditing/audit-filtering-platform-policy-change.md)
-##### [Audit MPSSVC Rule-Level Policy Change](auditing/audit-mpssvc-rule-level-policy-change.md)
-###### [Event 4944 S: The following policy was active when the Windows Firewall started.](auditing/event-4944.md)
-###### [Event 4945 S: A rule was listed when the Windows Firewall started.](auditing/event-4945.md)
-###### [Event 4946 S: A change has been made to Windows Firewall exception list. A rule was added.](auditing/event-4946.md)
-###### [Event 4947 S: A change has been made to Windows Firewall exception list. A rule was modified.](auditing/event-4947.md)
-###### [Event 4948 S: A change has been made to Windows Firewall exception list. A rule was deleted.](auditing/event-4948.md)
-###### [Event 4949 S: Windows Firewall settings were restored to the default values.](auditing/event-4949.md)
-###### [Event 4950 S: A Windows Firewall setting has changed.](auditing/event-4950.md)
-###### [Event 4951 F: A rule has been ignored because its major version number was not recognized by Windows Firewall.](auditing/event-4951.md)
-###### [Event 4952 F: Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced.](auditing/event-4952.md)
-###### [Event 4953 F: Windows Firewall ignored a rule because it could not be parsed.](auditing/event-4953.md)
-###### [Event 4954 S: Windows Firewall Group Policy settings have changed. The new settings have been applied.](auditing/event-4954.md)
-###### [Event 4956 S: Windows Firewall has changed the active profile.](auditing/event-4956.md)
-###### [Event 4957 F: Windows Firewall did not apply the following rule.](auditing/event-4957.md)
-###### [Event 4958 F: Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer.](auditing/event-4958.md)
-##### [Audit Other Policy Change Events](auditing/audit-other-policy-change-events.md)
-###### [Event 4714 S: Encrypted data recovery policy was changed.](auditing/event-4714.md)
-###### [Event 4819 S: Central Access Policies on the machine have been changed.](auditing/event-4819.md)
-###### [Event 4826 S: Boot Configuration Data loaded.](auditing/event-4826.md)
-###### [Event 4909: The local policy settings for the TBS were changed.](auditing/event-4909.md)
-###### [Event 4910: The group policy settings for the TBS were changed.](auditing/event-4910.md)
-###### [Event 5063 S, F: A cryptographic provider operation was attempted.](auditing/event-5063.md)
-###### [Event 5064 S, F: A cryptographic context operation was attempted.](auditing/event-5064.md)
-###### [Event 5065 S, F: A cryptographic context modification was attempted.](auditing/event-5065.md)
-###### [Event 5066 S, F: A cryptographic function operation was attempted.](auditing/event-5066.md)
-###### [Event 5067 S, F: A cryptographic function modification was attempted.](auditing/event-5067.md)
-###### [Event 5068 S, F: A cryptographic function provider operation was attempted.](auditing/event-5068.md)
-###### [Event 5069 S, F: A cryptographic function property operation was attempted.](auditing/event-5069.md)
-###### [Event 5070 S, F: A cryptographic function property modification was attempted.](auditing/event-5070.md)
-###### [Event 5447 S: A Windows Filtering Platform filter has been changed.](auditing/event-5447.md)
-###### [Event 6144 S: Security policy in the group policy objects has been applied successfully.](auditing/event-6144.md)
-###### [Event 6145 F: One or more errors occurred while processing security policy in the group policy objects.](auditing/event-6145.md)
-##### [Audit Sensitive Privilege Use](auditing/audit-sensitive-privilege-use.md)
-###### [Event 4673 S, F: A privileged service was called.](auditing/event-4673.md)
-###### [Event 4674 S, F: An operation was attempted on a privileged object.](auditing/event-4674.md)
-###### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md)
-##### [Audit Non Sensitive Privilege Use](auditing/audit-non-sensitive-privilege-use.md)
-###### [Event 4673 S, F: A privileged service was called.](auditing/event-4673.md)
-###### [Event 4674 S, F: An operation was attempted on a privileged object.](auditing/event-4674.md)
-###### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md)
-##### [Audit Other Privilege Use Events](auditing/audit-other-privilege-use-events.md)
-###### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md)
-##### [Audit IPsec Driver](auditing/audit-ipsec-driver.md)
-##### [Audit Other System Events](auditing/audit-other-system-events.md)
-###### [Event 5024 S: The Windows Firewall Service has started successfully.](auditing/event-5024.md)
-###### [Event 5025 S: The Windows Firewall Service has been stopped.](auditing/event-5025.md)
-###### [Event 5027 F: The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy.](auditing/event-5027.md)
-###### [Event 5028 F: The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.](auditing/event-5028.md)
-###### [Event 5029 F: The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.](auditing/event-5029.md)
-###### [Event 5030 F: The Windows Firewall Service failed to start.](auditing/event-5030.md)
-###### [Event 5032 F: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.](auditing/event-5032.md)
-###### [Event 5033 S: The Windows Firewall Driver has started successfully.](auditing/event-5033.md)
-###### [Event 5034 S: The Windows Firewall Driver was stopped.](auditing/event-5034.md)
-###### [Event 5035 F: The Windows Firewall Driver failed to start.](auditing/event-5035.md)
-###### [Event 5037 F: The Windows Firewall Driver detected critical runtime error. Terminating.](auditing/event-5037.md)
-###### [Event 5058 S, F: Key file operation.](auditing/event-5058.md)
-###### [Event 5059 S, F: Key migration operation.](auditing/event-5059.md)
-###### [Event 6400: BranchCache: Received an incorrectly formatted response while discovering availability of content.](auditing/event-6400.md)
-###### [Event 6401: BranchCache: Received invalid data from a peer. Data discarded.](auditing/event-6401.md)
-###### [Event 6402: BranchCache: The message to the hosted cache offering it data is incorrectly formatted.](auditing/event-6402.md)
-###### [Event 6403: BranchCache: The hosted cache sent an incorrectly formatted response to the client.](auditing/event-6403.md)
-###### [Event 6404: BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.](auditing/event-6404.md)
-###### [Event 6405: BranchCache: %2 instances of event id %1 occurred.](auditing/event-6405.md)
-###### [Event 6406: %1 registered to Windows Firewall to control filtering for the following: %2.](auditing/event-6406.md)
-###### [Event 6407: 1%.](auditing/event-6407.md)
-###### [Event 6408: Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.](auditing/event-6408.md)
-###### [Event 6409: BranchCache: A service connection point object could not be parsed.](auditing/event-6409.md)
-##### [Audit Security State Change](auditing/audit-security-state-change.md)
-###### [Event 4608 S: Windows is starting up.](auditing/event-4608.md)
-###### [Event 4616 S: The system time was changed.](auditing/event-4616.md)
-###### [Event 4621 S: Administrator recovered system from CrashOnAuditFail.](auditing/event-4621.md)
-##### [Audit Security System Extension](auditing/audit-security-system-extension.md)
-###### [Event 4610 S: An authentication package has been loaded by the Local Security Authority.](auditing/event-4610.md)
-###### [Event 4611 S: A trusted logon process has been registered with the Local Security Authority.](auditing/event-4611.md)
-###### [Event 4614 S: A notification package has been loaded by the Security Account Manager.](auditing/event-4614.md)
-###### [Event 4622 S: A security package has been loaded by the Local Security Authority.](auditing/event-4622.md)
-###### [Event 4697 S: A service was installed in the system.](auditing/event-4697.md)
-##### [Audit System Integrity](auditing/audit-system-integrity.md)
-###### [Event 4612 S: Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.](auditing/event-4612.md)
-###### [Event 4615 S: Invalid use of LPC port.](auditing/event-4615.md)
-###### [Event 4618 S: A monitored security event pattern has occurred.](auditing/event-4618.md)
-###### [Event 4816 S: RPC detected an integrity violation while decrypting an incoming message.](auditing/event-4816.md)
-###### [Event 5038 F: Code integrity determined that the image hash of a file is not valid.](auditing/event-5038.md)
-###### [Event 5056 S: A cryptographic self-test was performed.](auditing/event-5056.md)
-###### [Event 5062 S: A kernel-mode cryptographic self-test was performed.](auditing/event-5062.md)
-###### [Event 5057 F: A cryptographic primitive operation failed.](auditing/event-5057.md)
-###### [Event 5060 F: Verification operation failed.](auditing/event-5060.md)
-###### [Event 5061 S, F: Cryptographic operation.](auditing/event-5061.md)
-###### [Event 6281 F: Code Integrity determined that the page hashes of an image file are not valid.](auditing/event-6281.md)
-###### [Event 6410 F: Code integrity determined that a file does not meet the security requirements to load into a process.](auditing/event-6410.md)
-##### [Other Events](auditing/other-events.md)
-###### [Event 1100 S: The event logging service has shut down.](auditing/event-1100.md)
-###### [Event 1102 S: The audit log was cleared.](auditing/event-1102.md)
-###### [Event 1104 S: The security log is now full.](auditing/event-1104.md)
-###### [Event 1105 S: Event log automatic backup.](auditing/event-1105.md)
-###### [Event 1108 S: The event logging service encountered an error while processing an incoming event published from %1.](auditing/event-1108.md)
-##### [Appendix A: Security monitoring recommendations for many audit events](auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md)
-##### [Registry (Global Object Access Auditing) ](auditing/registry-global-object-access-auditing.md)
-##### [File System (Global Object Access Auditing) ](auditing/file-system-global-object-access-auditing.md)
-
-## [Security policy settings](security-policy-settings/security-policy-settings.md)
-### [Administer security policy settings](security-policy-settings/administer-security-policy-settings.md)
-#### [Network List Manager policies](security-policy-settings/network-list-manager-policies.md)
-### [Configure security policy settings](security-policy-settings/how-to-configure-security-policy-settings.md)
-### [Security policy settings reference](security-policy-settings/security-policy-settings-reference.md)
-#### [Account Policies](security-policy-settings/account-policies.md)
-##### [Password Policy](security-policy-settings/password-policy.md)
-###### [Enforce password history](security-policy-settings/enforce-password-history.md)
-###### [Maximum password age](security-policy-settings/maximum-password-age.md)
-###### [Minimum password age](security-policy-settings/minimum-password-age.md)
-###### [Minimum password length](security-policy-settings/minimum-password-length.md)
-###### [Password must meet complexity requirements](security-policy-settings/password-must-meet-complexity-requirements.md)
-###### [Store passwords using reversible encryption](security-policy-settings/store-passwords-using-reversible-encryption.md)
-##### [Account Lockout Policy](security-policy-settings/account-lockout-policy.md)
-###### [Account lockout duration](security-policy-settings/account-lockout-duration.md)
-###### [Account lockout threshold](security-policy-settings/account-lockout-threshold.md)
-###### [Reset account lockout counter after](security-policy-settings/reset-account-lockout-counter-after.md)
-##### [Kerberos Policy](security-policy-settings/kerberos-policy.md)
-###### [Enforce user logon restrictions](security-policy-settings/enforce-user-logon-restrictions.md)
-###### [Maximum lifetime for service ticket](security-policy-settings/maximum-lifetime-for-service-ticket.md)
-###### [Maximum lifetime for user ticket](security-policy-settings/maximum-lifetime-for-user-ticket.md)
-###### [Maximum lifetime for user ticket renewal](security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md)
-###### [Maximum tolerance for computer clock synchronization](security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md)
-#### [Audit Policy](security-policy-settings/audit-policy.md)
-#### [Security Options](security-policy-settings/security-options.md)
-##### [Accounts: Administrator account status](security-policy-settings/accounts-administrator-account-status.md)
-##### [Accounts: Block Microsoft accounts](security-policy-settings/accounts-block-microsoft-accounts.md)
-##### [Accounts: Guest account status](security-policy-settings/accounts-guest-account-status.md)
-##### [Accounts: Limit local account use of blank passwords to console logon only](security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md)
-##### [Accounts: Rename administrator account](security-policy-settings/accounts-rename-administrator-account.md)
-##### [Accounts: Rename guest account](security-policy-settings/accounts-rename-guest-account.md)
-##### [Audit: Audit the access of global system objects](security-policy-settings/audit-audit-the-access-of-global-system-objects.md)
-##### [Audit: Audit the use of Backup and Restore privilege](security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md)
-##### [Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings](security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md)
-##### [Audit: Shut down system immediately if unable to log security audits](security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md)
-##### [DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md)
-##### [DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md)
-##### [Devices: Allow undock without having to log on](security-policy-settings/devices-allow-undock-without-having-to-log-on.md)
-##### [Devices: Allowed to format and eject removable media](security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md)
-##### [Devices: Prevent users from installing printer drivers](security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md)
-##### [Devices: Restrict CD-ROM access to locally logged-on user only](security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md)
-##### [Devices: Restrict floppy access to locally logged-on user only](security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md)
-##### [Domain controller: Allow server operators to schedule tasks](security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md)
-##### [Domain controller: LDAP server signing requirements](security-policy-settings/domain-controller-ldap-server-signing-requirements.md)
-##### [Domain controller: Refuse machine account password changes](security-policy-settings/domain-controller-refuse-machine-account-password-changes.md)
-##### [Domain member: Digitally encrypt or sign secure channel data (always)](security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md)
-##### [Domain member: Digitally encrypt secure channel data (when possible)](security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md)
-##### [Domain member: Digitally sign secure channel data (when possible)](security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md)
-##### [Domain member: Disable machine account password changes](security-policy-settings/domain-member-disable-machine-account-password-changes.md)
-##### [Domain member: Maximum machine account password age](security-policy-settings/domain-member-maximum-machine-account-password-age.md)
-##### [Domain member: Require strong (Windows 2000 or later) session key](security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md)
-##### [Interactive logon: Display user information when the session is locked](security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md)
-##### [Interactive logon: Don't display last signed-in](security-policy-settings/interactive-logon-do-not-display-last-user-name.md)
-##### [Interactive logon: Don't display username at sign-in](security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md)
-##### [Interactive logon: Do not require CTRL+ALT+DEL](security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md)
-##### [Interactive logon: Machine account lockout threshold](security-policy-settings/interactive-logon-machine-account-lockout-threshold.md)
-##### [Interactive logon: Machine inactivity limit](security-policy-settings/interactive-logon-machine-inactivity-limit.md)
-##### [Interactive logon: Message text for users attempting to log on](security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md)
-##### [Interactive logon: Message title for users attempting to log on](security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md)
-##### [Interactive logon: Number of previous logons to cache (in case domain controller is not available)](security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md)
-##### [Interactive logon: Prompt user to change password before expiration](security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md)
-##### [Interactive logon: Require Domain Controller authentication to unlock workstation](security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md)
-##### [Interactive logon: Require smart card](security-policy-settings/interactive-logon-require-smart-card.md)
-##### [Interactive logon: Smart card removal behavior](security-policy-settings/interactive-logon-smart-card-removal-behavior.md)
-##### [Microsoft network client: Digitally sign communications (always)](security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md)
-##### [Microsoft network client: Digitally sign communications (if server agrees)](security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md)
-##### [Microsoft network client: Send unencrypted password to third-party SMB servers](security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md)
-##### [Microsoft network server: Amount of idle time required before suspending session](security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md)
-##### [Microsoft network server: Attempt S4U2Self to obtain claim information](security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md)
-##### [Microsoft network server: Digitally sign communications (always)](security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md)
-##### [Microsoft network server: Digitally sign communications (if client agrees)](security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agrees.md)
-##### [Microsoft network server: Disconnect clients when logon hours expire](security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md)
-##### [Microsoft network server: Server SPN target name validation level](security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md)
-##### [Network access: Allow anonymous SID/Name translation](security-policy-settings/network-access-allow-anonymous-sidname-translation.md)
-##### [Network access: Do not allow anonymous enumeration of SAM accounts](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md)
-##### [Network access: Do not allow anonymous enumeration of SAM accounts and shares](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md)
-##### [Network access: Do not allow storage of passwords and credentials for network authentication](security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md)
-##### [Network access: Let Everyone permissions apply to anonymous users](security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md)
-##### [Network access: Named Pipes that can be accessed anonymously](security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md)
-##### [Network access: Remotely accessible registry paths](security-policy-settings/network-access-remotely-accessible-registry-paths.md)
-##### [Network access: Remotely accessible registry paths and subpaths](security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md)
-##### [Network access: Restrict anonymous access to Named Pipes and Shares](security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md)
-#####  [Network access: Restrict clients allowed to make remote calls to SAM](security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md)
-##### [Network access: Shares that can be accessed anonymously](security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md)
-##### [Network access: Sharing and security model for local accounts](security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md)
-##### [Network security: Allow Local System to use computer identity for NTLM](security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md)
-##### [Network security: Allow LocalSystem NULL session fallback](security-policy-settings/network-security-allow-localsystem-null-session-fallback.md)
-##### [Network security: Allow PKU2U authentication requests to this computer to use online identities](security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md)
-##### [Network security: Configure encryption types allowed for Kerberos Win7 only](security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md)
-##### [Network security: Do not store LAN Manager hash value on next password change](security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md)
-##### [Network security: Force logoff when logon hours expire](security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md)
-##### [Network security: LAN Manager authentication level](security-policy-settings/network-security-lan-manager-authentication-level.md)
-##### [Network security: LDAP client signing requirements](security-policy-settings/network-security-ldap-client-signing-requirements.md)
-##### [Network security: Minimum session security for NTLM SSP based (including secure RPC) clients](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md)
-##### [Network security: Minimum session security for NTLM SSP based (including secure RPC) servers](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md)
-##### [Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication](security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md)
-##### [Network security: Restrict NTLM: Add server exceptions in this domain](security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md)
-##### [Network security: Restrict NTLM: Audit incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md)
-##### [Network security: Restrict NTLM: Audit NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md)
-##### [Network security: Restrict NTLM: Incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md)
-##### [Network security: Restrict NTLM: NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md)
-##### [Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers](security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md)
-##### [Recovery console: Allow automatic administrative logon](security-policy-settings/recovery-console-allow-automatic-administrative-logon.md)
-##### [Recovery console: Allow floppy copy and access to all drives and folders](security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md)
-##### [Shutdown: Allow system to be shut down without having to log on](security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md)
-##### [Shutdown: Clear virtual memory pagefile](security-policy-settings/shutdown-clear-virtual-memory-pagefile.md)
-##### [System cryptography: Force strong key protection for user keys stored on the computer](security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md)
-##### [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md)
-##### [System objects: Require case insensitivity for non-Windows subsystems](security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md)
-##### [System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)](security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md)
-##### [System settings: Optional subsystems](security-policy-settings/system-settings-optional-subsystems.md)
-##### [System settings: Use certificate rules on Windows executables for Software Restriction Policies](security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md)
-##### [User Account Control: Admin Approval Mode for the Built-in Administrator account](security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md)
-##### [User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop](security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md)
-##### [User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md)
-##### [User Account Control: Behavior of the elevation prompt for standard users](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md)
-##### [User Account Control: Detect application installations and prompt for elevation](security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md)
-##### [User Account Control: Only elevate executables that are signed and validated](security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md)
-##### [User Account Control: Only elevate UIAccess applications that are installed in secure locations](security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md)
-##### [User Account Control: Run all administrators in Admin Approval Mode](security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md)
-##### [User Account Control: Switch to the secure desktop when prompting for elevation](security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md)
-##### [User Account Control: Virtualize file and registry write failures to per-user locations](security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md)
-#### [Advanced security audit policy settings](security-policy-settings/secpol-advanced-security-audit-policy-settings.md)
-#### [User Rights Assignment](security-policy-settings/user-rights-assignment.md)
-##### [Access Credential Manager as a trusted caller](security-policy-settings/access-credential-manager-as-a-trusted-caller.md)
-##### [Access this computer from the network](security-policy-settings/access-this-computer-from-the-network.md)
-##### [Act as part of the operating system](security-policy-settings/act-as-part-of-the-operating-system.md)
-##### [Add workstations to domain](security-policy-settings/add-workstations-to-domain.md)
-##### [Adjust memory quotas for a process](security-policy-settings/adjust-memory-quotas-for-a-process.md)
-##### [Allow log on locally](security-policy-settings/allow-log-on-locally.md)
-##### [Allow log on through Remote Desktop Services](security-policy-settings/allow-log-on-through-remote-desktop-services.md)
-##### [Back up files and directories](security-policy-settings/back-up-files-and-directories.md)
-##### [Bypass traverse checking](security-policy-settings/bypass-traverse-checking.md)
-##### [Change the system time](security-policy-settings/change-the-system-time.md)
-##### [Change the time zone](security-policy-settings/change-the-time-zone.md)
-##### [Create a pagefile](security-policy-settings/create-a-pagefile.md)
-##### [Create a token object](security-policy-settings/create-a-token-object.md)
-##### [Create global objects](security-policy-settings/create-global-objects.md)
-##### [Create permanent shared objects](security-policy-settings/create-permanent-shared-objects.md)
-##### [Create symbolic links](security-policy-settings/create-symbolic-links.md)
-##### [Debug programs](security-policy-settings/debug-programs.md)
-##### [Deny access to this computer from the network](security-policy-settings/deny-access-to-this-computer-from-the-network.md)
-##### [Deny log on as a batch job](security-policy-settings/deny-log-on-as-a-batch-job.md)
-##### [Deny log on as a service](security-policy-settings/deny-log-on-as-a-service.md)
-##### [Deny log on locally](security-policy-settings/deny-log-on-locally.md)
-##### [Deny log on through Remote Desktop Services](security-policy-settings/deny-log-on-through-remote-desktop-services.md)
-##### [Enable computer and user accounts to be trusted for delegation](security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md)
-##### [Force shutdown from a remote system](security-policy-settings/force-shutdown-from-a-remote-system.md)
-##### [Generate security audits](security-policy-settings/generate-security-audits.md)
-##### [Impersonate a client after authentication](security-policy-settings/impersonate-a-client-after-authentication.md)
-##### [Increase a process working set](security-policy-settings/increase-a-process-working-set.md)
-##### [Increase scheduling priority](security-policy-settings/increase-scheduling-priority.md)
-##### [Load and unload device drivers](security-policy-settings/load-and-unload-device-drivers.md)
-##### [Lock pages in memory](security-policy-settings/lock-pages-in-memory.md)
-##### [Log on as a batch job](security-policy-settings/log-on-as-a-batch-job.md)
-##### [Log on as a service](security-policy-settings/log-on-as-a-service.md)
-##### [Manage auditing and security log](security-policy-settings/manage-auditing-and-security-log.md)
-##### [Modify an object label](security-policy-settings/modify-an-object-label.md)
-##### [Modify firmware environment values](security-policy-settings/modify-firmware-environment-values.md)
-##### [Perform volume maintenance tasks](security-policy-settings/perform-volume-maintenance-tasks.md)
-##### [Profile single process](security-policy-settings/profile-single-process.md)
-##### [Profile system performance](security-policy-settings/profile-system-performance.md)
-##### [Remove computer from docking station](security-policy-settings/remove-computer-from-docking-station.md)
-##### [Replace a process level token](security-policy-settings/replace-a-process-level-token.md)
-##### [Restore files and directories](security-policy-settings/restore-files-and-directories.md)
-##### [Shut down the system](security-policy-settings/shut-down-the-system.md)
-##### [Synchronize directory service data](security-policy-settings/synchronize-directory-service-data.md)
-##### [Take ownership of files or other objects](security-policy-settings/take-ownership-of-files-or-other-objects.md)
 
 
-## [Windows security baselines](windows-security-baselines.md)
+### [Windows Defender Application Control](windows-defender-application-control/windows-defender-application-control.md)
+
+
+
+
+
+
+### [Windows Defender Application Guard](windows-defender-application-guard/wd-app-guard-overview.md)
+#### [System requirements for Windows Defender Application Guard](windows-defender-application-guard/reqs-wd-app-guard.md)
+#### [Prepare and install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md)
+#### [Configure the Group Policy settings for Windows Defender Application Guard](windows-defender-application-guard/configure-wd-app-guard.md)
+#### [Testing scenarios using Windows Defender Application Guard in your business or organization](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
+#### [Frequently Asked Questions - Windows Defender Application Guard](windows-defender-application-guard/faq-wd-app-guard.md)
+
+
+## Other security features
+### [The Windows Security app](windows-defender-security-center/windows-defender-security-center.md)
+#### [Customize the Windows Security app for your organization](windows-defender-security-center/wdsc-customize-contact-information.md)
+#### [Hide Windows Security app notifications](windows-defender-security-center/wdsc-hide-notifications.md)
+#### [Manage Windows Security app in Windows 10 in S mode](windows-defender-security-center\wdsc-windows-10-in-s-mode.md)
+#### [Virus and threat protection](windows-defender-security-center/wdsc-virus-threat-protection.md)
+#### [Account protection](windows-defender-security-center\wdsc-account-protection.md)
+#### [Firewall and network protection](windows-defender-security-center\wdsc-firewall-network-protection.md)
+#### [App and browser control](windows-defender-security-center\wdsc-app-browser-control.md)
+#### [Device security](windows-defender-security-center\wdsc-device-security.md)
+#### [Device performance and health](windows-defender-security-center\wdsc-device-performance-health.md)
+#### [Family options](windows-defender-security-center\wdsc-family-options.md)
+
+
+### [Windows Defender SmartScreen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md)
+#### [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md)
+#### [Set up and use Windows Defender SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md)
+
+
+### [Windows Defender Device Guard: virtualization-based security and WDAC](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
+
+
+### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
+
+### [Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md)
+
+### [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md)
+
+### [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-intrusion-detection.md)
+
+### [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md)
+
+### [Security auditing](auditing/security-auditing-overview.md)
+
+#### [Basic security audit policies](auditing/basic-security-audit-policies.md)
+##### [Create a basic audit policy for an event category](auditing/create-a-basic-audit-policy-settings-for-an-event-category.md)
+##### [Apply a basic audit policy on a file or folder](auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md)
+##### [View the security event log](auditing/view-the-security-event-log.md)
+
+##### [Basic security audit policy settings](auditing/basic-security-audit-policy-settings.md)
+###### [Audit account logon events](auditing/basic-audit-account-logon-events.md)
+###### [Audit account management](auditing/basic-audit-account-management.md)
+###### [Audit directory service access](auditing/basic-audit-directory-service-access.md)
+###### [Audit logon events](auditing/basic-audit-logon-events.md)
+###### [Audit object access](auditing/basic-audit-object-access.md)
+###### [Audit policy change](auditing/basic-audit-policy-change.md)
+###### [Audit privilege use](auditing/basic-audit-privilege-use.md)
+###### [Audit process tracking](auditing/basic-audit-process-tracking.md)
+###### [Audit system events](auditing/basic-audit-system-events.md)
+
+##### [Advanced security audit policies](auditing/advanced-security-auditing.md)
+###### [Planning and deploying advanced security audit policies](auditing/planning-and-deploying-advanced-security-audit-policies.md)
+###### [Advanced security auditing FAQ](auditing/advanced-security-auditing-faq.md)
+####### [Which editions of Windows support advanced audit policy configuration](auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md)
+
+###### [Using advanced security auditing options to monitor dynamic access control objects](auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md)
+####### [Monitor the central access policies that apply on a file server](auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md)
+####### [Monitor the use of removable storage devices](auditing/monitor-the-use-of-removable-storage-devices.md)
+####### [Monitor resource attribute definitions](auditing/monitor-resource-attribute-definitions.md)
+####### [Monitor central access policy and rule definitions](auditing/monitor-central-access-policy-and-rule-definitions.md)
+####### [Monitor user and device claims during sign-in](auditing/monitor-user-and-device-claims-during-sign-in.md)
+####### [Monitor the resource attributes on files and folders](auditing/monitor-the-resource-attributes-on-files-and-folders.md)
+####### [Monitor the central access policies associated with files and folders](auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md)
+####### [Monitor claim types](auditing/monitor-claim-types.md)
+
+###### [Advanced security audit policy settings](auditing/advanced-security-audit-policy-settings.md)
+####### [Audit Credential Validation](auditing/audit-credential-validation.md)
+####### [Event 4774 S, F: An account was mapped for logon.](auditing/event-4774.md)
+####### [Event 4775 F: An account could not be mapped for logon.](auditing/event-4775.md)
+####### [Event 4776 S, F: The computer attempted to validate the credentials for an account.](auditing/event-4776.md)
+####### [Event 4777 F: The domain controller failed to validate the credentials for an account.](auditing/event-4777.md)
+###### [Audit Kerberos Authentication Service](auditing/audit-kerberos-authentication-service.md)
+####### [Event 4768 S, F: A Kerberos authentication ticket, TGT, was requested.](auditing/event-4768.md)
+####### [Event 4771 F: Kerberos pre-authentication failed.](auditing/event-4771.md)
+####### [Event 4772 F: A Kerberos authentication ticket request failed.](auditing/event-4772.md)
+###### [Audit Kerberos Service Ticket Operations](auditing/audit-kerberos-service-ticket-operations.md)
+####### [Event 4769 S, F: A Kerberos service ticket was requested.](auditing/event-4769.md)
+####### [Event 4770 S: A Kerberos service ticket was renewed.](auditing/event-4770.md)
+####### [Event 4773 F: A Kerberos service ticket request failed.](auditing/event-4773.md)
+###### [Audit Other Account Logon Events](auditing/audit-other-account-logon-events.md)
+###### [Audit Application Group Management](auditing/audit-application-group-management.md)
+###### [Audit Computer Account Management](auditing/audit-computer-account-management.md)
+####### [Event 4741 S: A computer account was created.](auditing/event-4741.md)
+####### [Event 4742 S: A computer account was changed.](auditing/event-4742.md)
+####### [Event 4743 S: A computer account was deleted.](auditing/event-4743.md)
+###### [Audit Distribution Group Management](auditing/audit-distribution-group-management.md)
+####### [Event 4749 S: A security-disabled global group was created.](auditing/event-4749.md)
+####### [Event 4750 S: A security-disabled global group was changed.](auditing/event-4750.md)
+####### [Event 4751 S: A member was added to a security-disabled global group.](auditing/event-4751.md)
+####### [Event 4752 S: A member was removed from a security-disabled global group.](auditing/event-4752.md)
+####### [Event 4753 S: A security-disabled global group was deleted.](auditing/event-4753.md)
+###### [Audit Other Account Management Events](auditing/audit-other-account-management-events.md)
+####### [Event 4782 S: The password hash an account was accessed.](auditing/event-4782.md)
+####### [Event 4793 S: The Password Policy Checking API was called.](auditing/event-4793.md)
+###### [Audit Security Group Management](auditing/audit-security-group-management.md)
+####### [Event 4731 S: A security-enabled local group was created.](auditing/event-4731.md)
+####### [Event 4732 S: A member was added to a security-enabled local group.](auditing/event-4732.md)
+####### [Event 4733 S: A member was removed from a security-enabled local group.](auditing/event-4733.md)
+####### [Event 4734 S: A security-enabled local group was deleted.](auditing/event-4734.md)
+####### [Event 4735 S: A security-enabled local group was changed.](auditing/event-4735.md)
+####### [Event 4764 S: A group’s type was changed.](auditing/event-4764.md)
+####### [Event 4799 S: A security-enabled local group membership was enumerated.](auditing/event-4799.md)
+###### [Audit User Account Management](auditing/audit-user-account-management.md)
+####### [Event 4720 S: A user account was created.](auditing/event-4720.md)
+####### [Event 4722 S: A user account was enabled.](auditing/event-4722.md)
+####### [Event 4723 S, F: An attempt was made to change an account's password.](auditing/event-4723.md)
+####### [Event 4724 S, F: An attempt was made to reset an account's password.](auditing/event-4724.md)
+####### [Event 4725 S: A user account was disabled.](auditing/event-4725.md)
+####### [Event 4726 S: A user account was deleted.](auditing/event-4726.md)
+####### [Event 4738 S: A user account was changed.](auditing/event-4738.md)
+####### [Event 4740 S: A user account was locked out.](auditing/event-4740.md)
+####### [Event 4765 S: SID History was added to an account.](auditing/event-4765.md)
+####### [Event 4766 F: An attempt to add SID History to an account failed.](auditing/event-4766.md)
+####### [Event 4767 S: A user account was unlocked.](auditing/event-4767.md)
+####### [Event 4780 S: The ACL was set on accounts which are members of administrators groups.](auditing/event-4780.md)
+####### [Event 4781 S: The name of an account was changed.](auditing/event-4781.md)
+####### [Event 4794 S, F: An attempt was made to set the Directory Services Restore Mode administrator password.](auditing/event-4794.md)
+####### [Event 4798 S: A user's local group membership was enumerated.](auditing/event-4798.md)
+####### [Event 5376 S: Credential Manager credentials were backed up.](auditing/event-5376.md)
+####### [Event 5377 S: Credential Manager credentials were restored from a backup.](auditing/event-5377.md)
+###### [Audit DPAPI Activity](auditing/audit-dpapi-activity.md)
+####### [Event 4692 S, F: Backup of data protection master key was attempted.](auditing/event-4692.md)
+####### [Event 4693 S, F: Recovery of data protection master key was attempted.](auditing/event-4693.md)
+####### [Event 4694 S, F: Protection of auditable protected data was attempted.](auditing/event-4694.md)
+####### [Event 4695 S, F: Unprotection of auditable protected data was attempted.](auditing/event-4695.md)
+###### [Audit PNP Activity](auditing/audit-pnp-activity.md)
+####### [Event 6416 S: A new external device was recognized by the System.](auditing/event-6416.md)
+####### [Event 6419 S: A request was made to disable a device.](auditing/event-6419.md)
+####### [Event 6420 S: A device was disabled.](auditing/event-6420.md)
+####### [Event 6421 S: A request was made to enable a device.](auditing/event-6421.md)
+####### [Event 6422 S: A device was enabled.](auditing/event-6422.md)
+####### [Event 6423 S: The installation of this device is forbidden by system policy.](auditing/event-6423.md)
+####### [Event 6424 S: The installation of this device was allowed, after having previously been forbidden by policy.](auditing/event-6424.md)
+###### [Audit Process Creation](auditing/audit-process-creation.md)
+####### [Event 4688 S: A new process has been created.](auditing/event-4688.md)
+####### [Event 4696 S: A primary token was assigned to process.](auditing/event-4696.md)
+###### [Audit Process Termination](auditing/audit-process-termination.md)
+####### [Event 4689 S: A process has exited.](auditing/event-4689.md)
+###### [Audit RPC Events](auditing/audit-rpc-events.md)
+####### [Event 5712 S: A Remote Procedure Call, RPC, was attempted.](auditing/event-5712.md)
+###### [Audit Detailed Directory Service Replication](auditing/audit-detailed-directory-service-replication.md)
+####### [Event 4928 S, F: An Active Directory replica source naming context was established.](auditing/event-4928.md)
+####### [Event 4929 S, F: An Active Directory replica source naming context was removed.](auditing/event-4929.md)
+####### [Event 4930 S, F: An Active Directory replica source naming context was modified.](auditing/event-4930.md)
+####### [Event 4931 S, F: An Active Directory replica destination naming context was modified.](auditing/event-4931.md)
+####### [Event 4934 S: Attributes of an Active Directory object were replicated.](auditing/event-4934.md)
+####### [Event 4935 F: Replication failure begins.](auditing/event-4935.md)
+####### [Event 4936 S: Replication failure ends.](auditing/event-4936.md)
+####### [Event 4937 S: A lingering object was removed from a replica.](auditing/event-4937.md)
+###### [Audit Directory Service Access](auditing/audit-directory-service-access.md)
+####### [Event 4662 S, F: An operation was performed on an object.](auditing/event-4662.md)
+####### [Event 4661 S, F: A handle to an object was requested.](auditing/event-4661.md)
+###### [Audit Directory Service Changes](auditing/audit-directory-service-changes.md)
+####### [Event 5136 S: A directory service object was modified.](auditing/event-5136.md)
+####### [Event 5137 S: A directory service object was created.](auditing/event-5137.md)
+####### [Event 5138 S: A directory service object was undeleted.](auditing/event-5138.md)
+####### [Event 5139 S: A directory service object was moved.](auditing/event-5139.md)
+####### [Event 5141 S: A directory service object was deleted.](auditing/event-5141.md)
+###### [Audit Directory Service Replication](auditing/audit-directory-service-replication.md)
+####### [Event 4932 S: Synchronization of a replica of an Active Directory naming context has begun.](auditing/event-4932.md)
+####### [Event 4933 S, F: Synchronization of a replica of an Active Directory naming context has ended.](auditing/event-4933.md)
+###### [Audit Account Lockout](auditing/audit-account-lockout.md)
+####### [Event 4625 F: An account failed to log on.](auditing/event-4625.md)
+###### [Audit User/Device Claims](auditing/audit-user-device-claims.md)
+####### [Event 4626 S: User/Device claims information.](auditing/event-4626.md)
+###### [Audit Group Membership](auditing/audit-group-membership.md)
+####### [Event 4627 S: Group membership information.](auditing/event-4627.md)
+###### [Audit IPsec Extended Mode](auditing/audit-ipsec-extended-mode.md)
+###### [Audit IPsec Main Mode](auditing/audit-ipsec-main-mode.md)
+###### [Audit IPsec Quick Mode](auditing/audit-ipsec-quick-mode.md)
+###### [Audit Logoff](auditing/audit-logoff.md)
+####### [Event 4634 S: An account was logged off.](auditing/event-4634.md)
+####### [Event 4647 S: User initiated logoff.](auditing/event-4647.md)
+###### [Audit Logon](auditing/audit-logon.md)
+####### [Event 4624 S: An account was successfully logged on.](auditing/event-4624.md)
+####### [Event 4625 F: An account failed to log on.](auditing/event-4625.md)
+####### [Event 4648 S: A logon was attempted using explicit credentials.](auditing/event-4648.md)
+####### [Event 4675 S: SIDs were filtered.](auditing/event-4675.md)
+###### [Audit Network Policy Server](auditing/audit-network-policy-server.md)
+###### [Audit Other Logon/Logoff Events](auditing/audit-other-logonlogoff-events.md)
+####### [Event 4649 S: A replay attack was detected.](auditing/event-4649.md)
+####### [Event 4778 S: A session was reconnected to a Window Station.](auditing/event-4778.md)
+####### [Event 4779 S: A session was disconnected from a Window Station.](auditing/event-4779.md)
+####### [Event 4800 S: The workstation was locked.](auditing/event-4800.md)
+####### [Event 4801 S: The workstation was unlocked.](auditing/event-4801.md)
+####### [Event 4802 S: The screen saver was invoked.](auditing/event-4802.md)
+####### [Event 4803 S: The screen saver was dismissed.](auditing/event-4803.md)
+####### [Event 5378 F: The requested credentials delegation was disallowed by policy.](auditing/event-5378.md)
+####### [Event 5632 S, F: A request was made to authenticate to a wireless network.](auditing/event-5632.md)
+####### [Event 5633 S, F: A request was made to authenticate to a wired network.](auditing/event-5633.md)
+###### [Audit Special Logon](auditing/audit-special-logon.md)
+####### [Event 4964 S: Special groups have been assigned to a new logon.](auditing/event-4964.md)
+####### [Event 4672 S: Special privileges assigned to new logon.](auditing/event-4672.md)
+###### [Audit Application Generated](auditing/audit-application-generated.md)
+###### [Audit Certification Services](auditing/audit-certification-services.md)
+###### [Audit Detailed File Share](auditing/audit-detailed-file-share.md)
+####### [Event 5145 S, F: A network share object was checked to see whether client can be granted desired access.](auditing/event-5145.md)
+###### [Audit File Share](auditing/audit-file-share.md)
+####### [Event 5140 S, F: A network share object was accessed.](auditing/event-5140.md)
+####### [Event 5142 S: A network share object was added.](auditing/event-5142.md)
+####### [Event 5143 S: A network share object was modified.](auditing/event-5143.md)
+####### [Event 5144 S: A network share object was deleted.](auditing/event-5144.md)
+####### [Event 5168 F: SPN check for SMB/SMB2 failed.](auditing/event-5168.md)
+###### [Audit File System](auditing/audit-file-system.md)
+####### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md)
+####### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md)
+####### [Event 4660 S: An object was deleted.](auditing/event-4660.md)
+####### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md)
+####### [Event 4664 S: An attempt was made to create a hard link.](auditing/event-4664.md)
+####### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md)
+####### [Event 5051: A file was virtualized.](auditing/event-5051.md)
+####### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md)
+###### [Audit Filtering Platform Connection](auditing/audit-filtering-platform-connection.md)
+####### [Event 5031 F: The Windows Firewall Service blocked an application from accepting incoming connections on the network.](auditing/event-5031.md)
+####### [Event 5150: The Windows Filtering Platform blocked a packet.](auditing/event-5150.md)
+####### [Event 5151: A more restrictive Windows Filtering Platform filter has blocked a packet.](auditing/event-5151.md)
+####### [Event 5154 S: The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.](auditing/event-5154.md)
+####### [Event 5155 F: The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.](auditing/event-5155.md)
+####### [Event 5156 S: The Windows Filtering Platform has permitted a connection.](auditing/event-5156.md)
+####### [Event 5157 F: The Windows Filtering Platform has blocked a connection.](auditing/event-5157.md)
+####### [Event 5158 S: The Windows Filtering Platform has permitted a bind to a local port.](auditing/event-5158.md)
+####### [Event 5159 F: The Windows Filtering Platform has blocked a bind to a local port.](auditing/event-5159.md)
+###### [Audit Filtering Platform Packet Drop](auditing/audit-filtering-platform-packet-drop.md)
+####### [Event 5152 F: The Windows Filtering Platform blocked a packet.](auditing/event-5152.md)
+####### [Event 5153 S: A more restrictive Windows Filtering Platform filter has blocked a packet.](auditing/event-5153.md)
+###### [Audit Handle Manipulation](auditing/audit-handle-manipulation.md)
+####### [Event 4690 S: An attempt was made to duplicate a handle to an object.](auditing/event-4690.md)
+###### [Audit Kernel Object](auditing/audit-kernel-object.md)
+####### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md)
+####### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md)
+####### [Event 4660 S: An object was deleted.](auditing/event-4660.md)
+####### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md)
+###### [Audit Other Object Access Events](auditing/audit-other-object-access-events.md)
+####### [Event 4671: An application attempted to access a blocked ordinal through the TBS.](auditing/event-4671.md)
+####### [Event 4691 S: Indirect access to an object was requested.](auditing/event-4691.md)
+####### [Event 5148 F: The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.](auditing/event-5148.md)
+####### [Event 5149 F: The DoS attack has subsided and normal processing is being resumed.](auditing/event-5149.md)
+####### [Event 4698 S: A scheduled task was created.](auditing/event-4698.md)
+####### [Event 4699 S: A scheduled task was deleted.](auditing/event-4699.md)
+####### [Event 4700 S: A scheduled task was enabled.](auditing/event-4700.md)
+####### [Event 4701 S: A scheduled task was disabled.](auditing/event-4701.md)
+####### [Event 4702 S: A scheduled task was updated.](auditing/event-4702.md)
+####### [Event 5888 S: An object in the COM+ Catalog was modified.](auditing/event-5888.md)
+####### [Event 5889 S: An object was deleted from the COM+ Catalog.](auditing/event-5889.md)
+####### [Event 5890 S: An object was added to the COM+ Catalog.](auditing/event-5890.md)
+###### [Audit Registry](auditing/audit-registry.md)
+####### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md)
+####### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md)
+####### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md)
+####### [Event 4660 S: An object was deleted.](auditing/event-4660.md)
+####### [Event 4657 S: A registry value was modified.](auditing/event-4657.md)
+####### [Event 5039: A registry key was virtualized.](auditing/event-5039.md)
+####### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md)
+###### [Audit Removable Storage](auditing/audit-removable-storage.md)
+###### [Audit SAM](auditing/audit-sam.md)
+####### [Event 4661 S, F: A handle to an object was requested.](auditing/event-4661.md)
+###### [Audit Central Access Policy Staging](auditing/audit-central-access-policy-staging.md)
+####### [Event 4818 S: Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.](auditing/event-4818.md)
+###### [Audit Audit Policy Change](auditing/audit-audit-policy-change.md)
+####### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md)
+####### [Event 4715 S: The audit policy, SACL, on an object was changed.](auditing/event-4715.md)
+####### [Event 4719 S: System audit policy was changed.](auditing/event-4719.md)
+####### [Event 4817 S: Auditing settings on object were changed.](auditing/event-4817.md)
+####### [Event 4902 S: The Per-user audit policy table was created.](auditing/event-4902.md)
+####### [Event 4906 S: The CrashOnAuditFail value has changed.](auditing/event-4906.md)
+####### [Event 4907 S: Auditing settings on object were changed.](auditing/event-4907.md)
+####### [Event 4908 S: Special Groups Logon table modified.](auditing/event-4908.md)
+####### [Event 4912 S: Per User Audit Policy was changed.](auditing/event-4912.md)
+####### [Event 4904 S: An attempt was made to register a security event source.](auditing/event-4904.md)
+####### [Event 4905 S: An attempt was made to unregister a security event source.](auditing/event-4905.md)
+###### [Audit Authentication Policy Change](auditing/audit-authentication-policy-change.md)
+####### [Event 4706 S: A new trust was created to a domain.](auditing/event-4706.md)
+####### [Event 4707 S: A trust to a domain was removed.](auditing/event-4707.md)
+####### [Event 4716 S: Trusted domain information was modified.](auditing/event-4716.md)
+####### [Event 4713 S: Kerberos policy was changed.](auditing/event-4713.md)
+####### [Event 4717 S: System security access was granted to an account.](auditing/event-4717.md)
+####### [Event 4718 S: System security access was removed from an account.](auditing/event-4718.md)
+####### [Event 4739 S: Domain Policy was changed.](auditing/event-4739.md)
+####### [Event 4864 S: A namespace collision was detected.](auditing/event-4864.md)
+####### [Event 4865 S: A trusted forest information entry was added.](auditing/event-4865.md)
+####### [Event 4866 S: A trusted forest information entry was removed.](auditing/event-4866.md)
+####### [Event 4867 S: A trusted forest information entry was modified.](auditing/event-4867.md)
+###### [Audit Authorization Policy Change](auditing/audit-authorization-policy-change.md)
+####### [Event 4703 S: A user right was adjusted.](auditing/event-4703.md)
+####### [Event 4704 S: A user right was assigned.](auditing/event-4704.md)
+####### [Event 4705 S: A user right was removed.](auditing/event-4705.md)
+####### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md)
+####### [Event 4911 S: Resource attributes of the object were changed.](auditing/event-4911.md)
+####### [Event 4913 S: Central Access Policy on the object was changed.](auditing/event-4913.md)
+###### [Audit Filtering Platform Policy Change](auditing/audit-filtering-platform-policy-change.md)
+###### [Audit MPSSVC Rule-Level Policy Change](auditing/audit-mpssvc-rule-level-policy-change.md)
+####### [Event 4944 S: The following policy was active when the Windows Firewall started.](auditing/event-4944.md)
+####### [Event 4945 S: A rule was listed when the Windows Firewall started.](auditing/event-4945.md)
+####### [Event 4946 S: A change has been made to Windows Firewall exception list. A rule was added.](auditing/event-4946.md)
+####### [Event 4947 S: A change has been made to Windows Firewall exception list. A rule was modified.](auditing/event-4947.md)
+####### [Event 4948 S: A change has been made to Windows Firewall exception list. A rule was deleted.](auditing/event-4948.md)
+####### [Event 4949 S: Windows Firewall settings were restored to the default values.](auditing/event-4949.md)
+####### [Event 4950 S: A Windows Firewall setting has changed.](auditing/event-4950.md)
+####### [Event 4951 F: A rule has been ignored because its major version number was not recognized by Windows Firewall.](auditing/event-4951.md)
+####### [Event 4952 F: Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced.](auditing/event-4952.md)
+####### [Event 4953 F: Windows Firewall ignored a rule because it could not be parsed.](auditing/event-4953.md)
+####### [Event 4954 S: Windows Firewall Group Policy settings have changed. The new settings have been applied.](auditing/event-4954.md)
+####### [Event 4956 S: Windows Firewall has changed the active profile.](auditing/event-4956.md)
+####### [Event 4957 F: Windows Firewall did not apply the following rule.](auditing/event-4957.md)
+####### [Event 4958 F: Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer.](auditing/event-4958.md)
+###### [Audit Other Policy Change Events](auditing/audit-other-policy-change-events.md)
+####### [Event 4714 S: Encrypted data recovery policy was changed.](auditing/event-4714.md)
+####### [Event 4819 S: Central Access Policies on the machine have been changed.](auditing/event-4819.md)
+####### [Event 4826 S: Boot Configuration Data loaded.](auditing/event-4826.md)
+####### [Event 4909: The local policy settings for the TBS were changed.](auditing/event-4909.md)
+####### [Event 4910: The group policy settings for the TBS were changed.](auditing/event-4910.md)
+####### [Event 5063 S, F: A cryptographic provider operation was attempted.](auditing/event-5063.md)
+####### [Event 5064 S, F: A cryptographic context operation was attempted.](auditing/event-5064.md)
+####### [Event 5065 S, F: A cryptographic context modification was attempted.](auditing/event-5065.md)
+####### [Event 5066 S, F: A cryptographic function operation was attempted.](auditing/event-5066.md)
+####### [Event 5067 S, F: A cryptographic function modification was attempted.](auditing/event-5067.md)
+####### [Event 5068 S, F: A cryptographic function provider operation was attempted.](auditing/event-5068.md)
+####### [Event 5069 S, F: A cryptographic function property operation was attempted.](auditing/event-5069.md)
+####### [Event 5070 S, F: A cryptographic function property modification was attempted.](auditing/event-5070.md)
+####### [Event 5447 S: A Windows Filtering Platform filter has been changed.](auditing/event-5447.md)
+####### [Event 6144 S: Security policy in the group policy objects has been applied successfully.](auditing/event-6144.md)
+####### [Event 6145 F: One or more errors occurred while processing security policy in the group policy objects.](auditing/event-6145.md)
+###### [Audit Sensitive Privilege Use](auditing/audit-sensitive-privilege-use.md)
+####### [Event 4673 S, F: A privileged service was called.](auditing/event-4673.md)
+####### [Event 4674 S, F: An operation was attempted on a privileged object.](auditing/event-4674.md)
+####### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md)
+###### [Audit Non Sensitive Privilege Use](auditing/audit-non-sensitive-privilege-use.md)
+####### [Event 4673 S, F: A privileged service was called.](auditing/event-4673.md)
+####### [Event 4674 S, F: An operation was attempted on a privileged object.](auditing/event-4674.md)
+####### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md)
+###### [Audit Other Privilege Use Events](auditing/audit-other-privilege-use-events.md)
+####### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md)
+###### [Audit IPsec Driver](auditing/audit-ipsec-driver.md)
+###### [Audit Other System Events](auditing/audit-other-system-events.md)
+####### [Event 5024 S: The Windows Firewall Service has started successfully.](auditing/event-5024.md)
+####### [Event 5025 S: The Windows Firewall Service has been stopped.](auditing/event-5025.md)
+####### [Event 5027 F: The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy.](auditing/event-5027.md)
+####### [Event 5028 F: The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.](auditing/event-5028.md)
+####### [Event 5029 F: The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.](auditing/event-5029.md)
+####### [Event 5030 F: The Windows Firewall Service failed to start.](auditing/event-5030.md)
+####### [Event 5032 F: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.](auditing/event-5032.md)
+####### [Event 5033 S: The Windows Firewall Driver has started successfully.](auditing/event-5033.md)
+####### [Event 5034 S: The Windows Firewall Driver was stopped.](auditing/event-5034.md)
+####### [Event 5035 F: The Windows Firewall Driver failed to start.](auditing/event-5035.md)
+####### [Event 5037 F: The Windows Firewall Driver detected critical runtime error. Terminating.](auditing/event-5037.md)
+####### [Event 5058 S, F: Key file operation.](auditing/event-5058.md)
+####### [Event 5059 S, F: Key migration operation.](auditing/event-5059.md)
+####### [Event 6400: BranchCache: Received an incorrectly formatted response while discovering availability of content.](auditing/event-6400.md)
+####### [Event 6401: BranchCache: Received invalid data from a peer. Data discarded.](auditing/event-6401.md)
+####### [Event 6402: BranchCache: The message to the hosted cache offering it data is incorrectly formatted.](auditing/event-6402.md)
+####### [Event 6403: BranchCache: The hosted cache sent an incorrectly formatted response to the client.](auditing/event-6403.md)
+####### [Event 6404: BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.](auditing/event-6404.md)
+####### [Event 6405: BranchCache: %2 instances of event id %1 occurred.](auditing/event-6405.md)
+####### [Event 6406: %1 registered to Windows Firewall to control filtering for the following: %2.](auditing/event-6406.md)
+####### [Event 6407: 1%.](auditing/event-6407.md)
+####### [Event 6408: Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.](auditing/event-6408.md)
+####### [Event 6409: BranchCache: A service connection point object could not be parsed.](auditing/event-6409.md)
+###### [Audit Security State Change](auditing/audit-security-state-change.md)
+####### [Event 4608 S: Windows is starting up.](auditing/event-4608.md)
+####### [Event 4616 S: The system time was changed.](auditing/event-4616.md)
+####### [Event 4621 S: Administrator recovered system from CrashOnAuditFail.](auditing/event-4621.md)
+###### [Audit Security System Extension](auditing/audit-security-system-extension.md)
+####### [Event 4610 S: An authentication package has been loaded by the Local Security Authority.](auditing/event-4610.md)
+####### [Event 4611 S: A trusted logon process has been registered with the Local Security Authority.](auditing/event-4611.md)
+####### [Event 4614 S: A notification package has been loaded by the Security Account Manager.](auditing/event-4614.md)
+####### [Event 4622 S: A security package has been loaded by the Local Security Authority.](auditing/event-4622.md)
+####### [Event 4697 S: A service was installed in the system.](auditing/event-4697.md)
+###### [Audit System Integrity](auditing/audit-system-integrity.md)
+####### [Event 4612 S: Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.](auditing/event-4612.md)
+####### [Event 4615 S: Invalid use of LPC port.](auditing/event-4615.md)
+####### [Event 4618 S: A monitored security event pattern has occurred.](auditing/event-4618.md)
+####### [Event 4816 S: RPC detected an integrity violation while decrypting an incoming message.](auditing/event-4816.md)
+####### [Event 5038 F: Code integrity determined that the image hash of a file is not valid.](auditing/event-5038.md)
+####### [Event 5056 S: A cryptographic self-test was performed.](auditing/event-5056.md)
+####### [Event 5062 S: A kernel-mode cryptographic self-test was performed.](auditing/event-5062.md)
+####### [Event 5057 F: A cryptographic primitive operation failed.](auditing/event-5057.md)
+####### [Event 5060 F: Verification operation failed.](auditing/event-5060.md)
+####### [Event 5061 S, F: Cryptographic operation.](auditing/event-5061.md)
+####### [Event 6281 F: Code Integrity determined that the page hashes of an image file are not valid.](auditing/event-6281.md)
+####### [Event 6410 F: Code integrity determined that a file does not meet the security requirements to load into a process.](auditing/event-6410.md)
+###### [Other Events](auditing/other-events.md)
+####### [Event 1100 S: The event logging service has shut down.](auditing/event-1100.md)
+####### [Event 1102 S: The audit log was cleared.](auditing/event-1102.md)
+####### [Event 1104 S: The security log is now full.](auditing/event-1104.md)
+####### [Event 1105 S: Event log automatic backup.](auditing/event-1105.md)
+####### [Event 1108 S: The event logging service encountered an error while processing an incoming event published from %1.](auditing/event-1108.md)
+###### [Appendix A: Security monitoring recommendations for many audit events](auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md)
+###### [Registry (Global Object Access Auditing) ](auditing/registry-global-object-access-auditing.md)
+###### [File System (Global Object Access Auditing) ](auditing/file-system-global-object-access-auditing.md)
+ 
+
+
+
+
+#### [Security policy settings](security-policy-settings/security-policy-settings.md)
+#### [Administer security policy settings](security-policy-settings/administer-security-policy-settings.md)
+##### [Network List Manager policies](security-policy-settings/network-list-manager-policies.md)
+#### [Configure security policy settings](security-policy-settings/how-to-configure-security-policy-settings.md)
+#### [Security policy settings reference](security-policy-settings/security-policy-settings-reference.md)
+##### [Account Policies](security-policy-settings/account-policies.md)
+###### [Password Policy](security-policy-settings/password-policy.md)
+####### [Enforce password history](security-policy-settings/enforce-password-history.md)
+####### [Maximum password age](security-policy-settings/maximum-password-age.md)
+####### [Minimum password age](security-policy-settings/minimum-password-age.md)
+####### [Minimum password length](security-policy-settings/minimum-password-length.md)
+####### [Password must meet complexity requirements](security-policy-settings/password-must-meet-complexity-requirements.md)
+####### [Store passwords using reversible encryption](security-policy-settings/store-passwords-using-reversible-encryption.md)
+###### [Account Lockout Policy](security-policy-settings/account-lockout-policy.md)
+####### [Account lockout duration](security-policy-settings/account-lockout-duration.md)
+####### [Account lockout threshold](security-policy-settings/account-lockout-threshold.md)
+####### [Reset account lockout counter after](security-policy-settings/reset-account-lockout-counter-after.md)
+###### [Kerberos Policy](security-policy-settings/kerberos-policy.md)
+####### [Enforce user logon restrictions](security-policy-settings/enforce-user-logon-restrictions.md)
+####### [Maximum lifetime for service ticket](security-policy-settings/maximum-lifetime-for-service-ticket.md)
+####### [Maximum lifetime for user ticket](security-policy-settings/maximum-lifetime-for-user-ticket.md)
+####### [Maximum lifetime for user ticket renewal](security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md)
+####### [Maximum tolerance for computer clock synchronization](security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md)
+##### [Audit Policy](security-policy-settings/audit-policy.md)
+##### [Security Options](security-policy-settings/security-options.md)
+###### [Accounts: Administrator account status](security-policy-settings/accounts-administrator-account-status.md)
+###### [Accounts: Block Microsoft accounts](security-policy-settings/accounts-block-microsoft-accounts.md)
+###### [Accounts: Guest account status](security-policy-settings/accounts-guest-account-status.md)
+###### [Accounts: Limit local account use of blank passwords to console logon only](security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md)
+###### [Accounts: Rename administrator account](security-policy-settings/accounts-rename-administrator-account.md)
+###### [Accounts: Rename guest account](security-policy-settings/accounts-rename-guest-account.md)
+###### [Audit: Audit the access of global system objects](security-policy-settings/audit-audit-the-access-of-global-system-objects.md)
+###### [Audit: Audit the use of Backup and Restore privilege](security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md)
+###### [Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings](security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md)
+###### [Audit: Shut down system immediately if unable to log security audits](security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md)
+###### [DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md)
+###### [DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md)
+###### [Devices: Allow undock without having to log on](security-policy-settings/devices-allow-undock-without-having-to-log-on.md)
+###### [Devices: Allowed to format and eject removable media](security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md)
+###### [Devices: Prevent users from installing printer drivers](security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md)
+###### [Devices: Restrict CD-ROM access to locally logged-on user only](security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md)
+###### [Devices: Restrict floppy access to locally logged-on user only](security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md)
+###### [Domain controller: Allow server operators to schedule tasks](security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md)
+###### [Domain controller: LDAP server signing requirements](security-policy-settings/domain-controller-ldap-server-signing-requirements.md)
+###### [Domain controller: Refuse machine account password changes](security-policy-settings/domain-controller-refuse-machine-account-password-changes.md)
+###### [Domain member: Digitally encrypt or sign secure channel data (always)](security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md)
+###### [Domain member: Digitally encrypt secure channel data (when possible)](security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md)
+###### [Domain member: Digitally sign secure channel data (when possible)](security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md)
+###### [Domain member: Disable machine account password changes](security-policy-settings/domain-member-disable-machine-account-password-changes.md)
+###### [Domain member: Maximum machine account password age](security-policy-settings/domain-member-maximum-machine-account-password-age.md)
+###### [Domain member: Require strong (Windows 2000 or later) session key](security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md)
+###### [Interactive logon: Display user information when the session is locked](security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md)
+###### [Interactive logon: Don't display last signed-in](security-policy-settings/interactive-logon-do-not-display-last-user-name.md)
+###### [Interactive logon: Don't display username at sign-in](security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md)
+###### [Interactive logon: Do not require CTRL+ALT+DEL](security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md)
+###### [Interactive logon: Machine account lockout threshold](security-policy-settings/interactive-logon-machine-account-lockout-threshold.md)
+###### [Interactive logon: Machine inactivity limit](security-policy-settings/interactive-logon-machine-inactivity-limit.md)
+###### [Interactive logon: Message text for users attempting to log on](security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md)
+###### [Interactive logon: Message title for users attempting to log on](security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md)
+###### [Interactive logon: Number of previous logons to cache (in case domain controller is not available)](security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md)
+###### [Interactive logon: Prompt user to change password before expiration](security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md)
+###### [Interactive logon: Require Domain Controller authentication to unlock workstation](security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md)
+###### [Interactive logon: Require smart card](security-policy-settings/interactive-logon-require-smart-card.md)
+###### [Interactive logon: Smart card removal behavior](security-policy-settings/interactive-logon-smart-card-removal-behavior.md)
+###### [Microsoft network client: Digitally sign communications (always)](security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md)
+###### [SMBv1 Microsoft network client: Digitally sign communications (always)](security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md)
+###### [SMBv1 Microsoft network client: Digitally sign communications (if server agrees)](security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md)
+###### [Microsoft network client: Send unencrypted password to third-party SMB servers](security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md)
+###### [Microsoft network server: Amount of idle time required before suspending session](security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md)
+###### [Microsoft network server: Attempt S4U2Self to obtain claim information](security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md)
+###### [Microsoft network server: Digitally sign communications (always)](security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md)
+###### [SMBv1 Microsoft network server: Digitally sign communications (always)](security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md)
+###### [SMBv1 Microsoft network server: Digitally sign communications (if client agrees)](security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md)
+###### [Microsoft network server: Disconnect clients when logon hours expire](security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md)
+###### [Microsoft network server: Server SPN target name validation level](security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md)
+###### [Network access: Allow anonymous SID/Name translation](security-policy-settings/network-access-allow-anonymous-sidname-translation.md)
+###### [Network access: Do not allow anonymous enumeration of SAM accounts](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md)
+###### [Network access: Do not allow anonymous enumeration of SAM accounts and shares](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md)
+###### [Network access: Do not allow storage of passwords and credentials for network authentication](security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md)
+###### [Network access: Let Everyone permissions apply to anonymous users](security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md)
+###### [Network access: Named Pipes that can be accessed anonymously](security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md)
+###### [Network access: Remotely accessible registry paths](security-policy-settings/network-access-remotely-accessible-registry-paths.md)
+###### [Network access: Remotely accessible registry paths and subpaths](security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md)
+###### [Network access: Restrict anonymous access to Named Pipes and Shares](security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md)
+######  [Network access: Restrict clients allowed to make remote calls to SAM](security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md)
+###### [Network access: Shares that can be accessed anonymously](security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md)
+###### [Network access: Sharing and security model for local accounts](security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md)
+###### [Network security: Allow Local System to use computer identity for NTLM](security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md)
+###### [Network security: Allow LocalSystem NULL session fallback](security-policy-settings/network-security-allow-localsystem-null-session-fallback.md)
+###### [Network security: Allow PKU2U authentication requests to this computer to use online identities](security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md)
+###### [Network security: Configure encryption types allowed for Kerberos Win7 only](security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md)
+###### [Network security: Do not store LAN Manager hash value on next password change](security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md)
+###### [Network security: Force logoff when logon hours expire](security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md)
+###### [Network security: LAN Manager authentication level](security-policy-settings/network-security-lan-manager-authentication-level.md)
+###### [Network security: LDAP client signing requirements](security-policy-settings/network-security-ldap-client-signing-requirements.md)
+###### [Network security: Minimum session security for NTLM SSP based (including secure RPC) clients](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md)
+###### [Network security: Minimum session security for NTLM SSP based (including secure RPC) servers](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md)
+###### [Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication](security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md)
+###### [Network security: Restrict NTLM: Add server exceptions in this domain](security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md)
+###### [Network security: Restrict NTLM: Audit incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md)
+###### [Network security: Restrict NTLM: Audit NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md)
+###### [Network security: Restrict NTLM: Incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md)
+###### [Network security: Restrict NTLM: NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md)
+###### [Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers](security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md)
+###### [Recovery console: Allow automatic administrative logon](security-policy-settings/recovery-console-allow-automatic-administrative-logon.md)
+###### [Recovery console: Allow floppy copy and access to all drives and folders](security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md)
+###### [Shutdown: Allow system to be shut down without having to log on](security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md)
+###### [Shutdown: Clear virtual memory pagefile](security-policy-settings/shutdown-clear-virtual-memory-pagefile.md)
+###### [System cryptography: Force strong key protection for user keys stored on the computer](security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md)
+###### [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md)
+###### [System objects: Require case insensitivity for non-Windows subsystems](security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md)
+###### [System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)](security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md)
+###### [System settings: Optional subsystems](security-policy-settings/system-settings-optional-subsystems.md)
+###### [System settings: Use certificate rules on Windows executables for Software Restriction Policies](security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md)
+###### [User Account Control: Admin Approval Mode for the Built-in Administrator account](security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md)
+###### [User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop](security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md)
+###### [User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md)
+###### [User Account Control: Behavior of the elevation prompt for standard users](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md)
+###### [User Account Control: Detect application installations and prompt for elevation](security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md)
+###### [User Account Control: Only elevate executables that are signed and validated](security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md)
+###### [User Account Control: Only elevate UIAccess applications that are installed in secure locations](security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md)
+###### [User Account Control: Run all administrators in Admin Approval Mode](security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md)
+###### [User Account Control: Switch to the secure desktop when prompting for elevation](security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md)
+###### [User Account Control: Virtualize file and registry write failures to per-user locations](security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md)
+##### [Advanced security audit policy settings](security-policy-settings/secpol-advanced-security-audit-policy-settings.md)
+##### [User Rights Assignment](security-policy-settings/user-rights-assignment.md)
+###### [Access Credential Manager as a trusted caller](security-policy-settings/access-credential-manager-as-a-trusted-caller.md)
+###### [Access this computer from the network](security-policy-settings/access-this-computer-from-the-network.md)
+###### [Act as part of the operating system](security-policy-settings/act-as-part-of-the-operating-system.md)
+###### [Add workstations to domain](security-policy-settings/add-workstations-to-domain.md)
+###### [Adjust memory quotas for a process](security-policy-settings/adjust-memory-quotas-for-a-process.md)
+###### [Allow log on locally](security-policy-settings/allow-log-on-locally.md)
+###### [Allow log on through Remote Desktop Services](security-policy-settings/allow-log-on-through-remote-desktop-services.md)
+###### [Back up files and directories](security-policy-settings/back-up-files-and-directories.md)
+###### [Bypass traverse checking](security-policy-settings/bypass-traverse-checking.md)
+###### [Change the system time](security-policy-settings/change-the-system-time.md)
+###### [Change the time zone](security-policy-settings/change-the-time-zone.md)
+###### [Create a pagefile](security-policy-settings/create-a-pagefile.md)
+###### [Create a token object](security-policy-settings/create-a-token-object.md)
+###### [Create global objects](security-policy-settings/create-global-objects.md)
+###### [Create permanent shared objects](security-policy-settings/create-permanent-shared-objects.md)
+###### [Create symbolic links](security-policy-settings/create-symbolic-links.md)
+###### [Debug programs](security-policy-settings/debug-programs.md)
+###### [Deny access to this computer from the network](security-policy-settings/deny-access-to-this-computer-from-the-network.md)
+###### [Deny log on as a batch job](security-policy-settings/deny-log-on-as-a-batch-job.md)
+###### [Deny log on as a service](security-policy-settings/deny-log-on-as-a-service.md)
+###### [Deny log on locally](security-policy-settings/deny-log-on-locally.md)
+###### [Deny log on through Remote Desktop Services](security-policy-settings/deny-log-on-through-remote-desktop-services.md)
+###### [Enable computer and user accounts to be trusted for delegation](security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md)
+###### [Force shutdown from a remote system](security-policy-settings/force-shutdown-from-a-remote-system.md)
+###### [Generate security audits](security-policy-settings/generate-security-audits.md)
+###### [Impersonate a client after authentication](security-policy-settings/impersonate-a-client-after-authentication.md)
+###### [Increase a process working set](security-policy-settings/increase-a-process-working-set.md)
+###### [Increase scheduling priority](security-policy-settings/increase-scheduling-priority.md)
+###### [Load and unload device drivers](security-policy-settings/load-and-unload-device-drivers.md)
+###### [Lock pages in memory](security-policy-settings/lock-pages-in-memory.md)
+###### [Log on as a batch job](security-policy-settings/log-on-as-a-batch-job.md)
+###### [Log on as a service](security-policy-settings/log-on-as-a-service.md)
+###### [Manage auditing and security log](security-policy-settings/manage-auditing-and-security-log.md)
+###### [Modify an object label](security-policy-settings/modify-an-object-label.md)
+###### [Modify firmware environment values](security-policy-settings/modify-firmware-environment-values.md)
+###### [Perform volume maintenance tasks](security-policy-settings/perform-volume-maintenance-tasks.md)
+###### [Profile single process](security-policy-settings/profile-single-process.md)
+###### [Profile system performance](security-policy-settings/profile-system-performance.md)
+###### [Remove computer from docking station](security-policy-settings/remove-computer-from-docking-station.md)
+###### [Replace a process level token](security-policy-settings/replace-a-process-level-token.md)
+###### [Restore files and directories](security-policy-settings/restore-files-and-directories.md)
+###### [Shut down the system](security-policy-settings/shut-down-the-system.md)
+###### [Synchronize directory service data](security-policy-settings/synchronize-directory-service-data.md)
+###### [Take ownership of files or other objects](security-policy-settings/take-ownership-of-files-or-other-objects.md)
+
+
+
+
+
+
+### [Windows security baselines](windows-security-baselines.md)
 ### [Security Compliance Toolkit](security-compliance-toolkit-10.md)
 ### [Get support](get-support-for-security-baselines.md)
 
-## [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
+### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
 
 ## [Change history for Threat protection](change-history-for-threat-protection.md)
diff --git a/windows/security/threat-protection/auditing/audit-account-lockout.md b/windows/security/threat-protection/auditing/audit-account-lockout.md
index 3683fa438c..831cb9ee9c 100644
--- a/windows/security/threat-protection/auditing/audit-account-lockout.md
+++ b/windows/security/threat-protection/auditing/audit-account-lockout.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
-ms.date: 04/19/2017
+ms.date: 07/16/2018
 ---
 
 # Audit Account Lockout
@@ -19,7 +19,7 @@ ms.date: 04/19/2017
 
 Audit Account Lockout enables you to audit security events that are generated by a failed attempt to log on to an account that is locked out.
 
-If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. Success audits record successful attempts and failure audits record unsuccessful attempts.
+If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. 
 
 Account lockout events are essential for understanding user activity and detecting potential attacks.
 
diff --git a/windows/security/threat-protection/auditing/audit-logoff.md b/windows/security/threat-protection/auditing/audit-logoff.md
index e9a0c01254..9c9b76a014 100644
--- a/windows/security/threat-protection/auditing/audit-logoff.md
+++ b/windows/security/threat-protection/auditing/audit-logoff.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
-ms.date: 04/19/2017
+ms.date: 07/16/2018
 ---
 
 # Audit Logoff
@@ -25,15 +25,15 @@ There is no failure event in this subcategory because failed logoffs (such as wh
 
 Logon events are essential to understanding user activity and detecting potential attacks. Logoff events are not 100 percent reliable. For example, the computer can be turned off without a proper logoff and shutdown; in this case, a logoff event is not generated.
 
-**Event volume**: Low.
+**Event volume**: High.
 
 This subcategory allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff the security audit event is generated on the computer that the user account logged on to.
 
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
 |-------------------|-----------------|-----------------|------------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | No              | No              | Yes              | No               | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events which, typically has little security relevance. It is more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.<br>Enable Success audit if you want to track, for example, for how long session was active (in correlation with [Audit Logon](audit-logon.md) events) and when user actually logged off.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Member Server     | No              | No              | Yes              | No               | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events which, typically has little security relevance. It is more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.<br>Enable Success audit if you want to track, for example, for how long session was active (in correlation with [Audit Logon](audit-logon.md) events) and when user actually logged off.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Workstation       | No              | No              | Yes              | No               | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events which, typically has little security relevance. It is more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.<br>Enable Success audit if you want to track, for example, for how long session was active (in correlation with [Audit Logon](audit-logon.md) events) and when user actually logged off.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Domain Controller | No              | No              | Yes              | No               | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events, which typically have little security relevance. It is more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.<br>Enable Success audit if you want to track, for example, for how long session was active (in correlation with [Audit Logon](audit-logon.md) events) and when user actually logged off.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Member Server     | No              | No              | Yes              | No               | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events, which typically have little security relevance. It is more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.<br>Enable Success audit if you want to track, for example, for how long session was active (in correlation with [Audit Logon](audit-logon.md) events) and when user actually logged off.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Workstation       | No              | No              | Yes              | No               | This subcategory typically generates huge amount of “[4634](event-4634.md)(S): An account was logged off.” events, which typically have little security relevance. It is more important to audit Logon events using [Audit Logon](audit-logon.md) subcategory, rather than Logoff events.<br>Enable Success audit if you want to track, for example, for how long session was active (in correlation with [Audit Logon](audit-logon.md) events) and when user actually logged off.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
 
 **Events List:**
 
diff --git a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
index fea480a728..af9ea206a6 100644
--- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
+++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
@@ -23,7 +23,7 @@ To set this value to **No auditing**, in the **Properties** dialog box for this
 
 **Default:** No auditing.
 
-## Configure this this security setting
+## Configure this security setting
 
 You can configure this security setting under Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Audit Policy.
 
diff --git a/windows/security/threat-protection/auditing/event-5039.md b/windows/security/threat-protection/auditing/event-5039.md
index f629490f28..fe78230d8c 100644
--- a/windows/security/threat-protection/auditing/event-5039.md
+++ b/windows/security/threat-protection/auditing/event-5039.md
@@ -18,7 +18,7 @@ ms.date: 04/19/2017
 
 This event should be generated when registry key was virtualized using [LUAFV](http://blogs.msdn.com/b/alexcarp/archive/2009/06/25/the-deal-with-luafv-sys.aspx).
 
-This event occurs very rarely during during standard LUAFV registry key virtualization.
+This event occurs very rarely during standard LUAFV registry key virtualization.
 
 There is no example of this event in this document.
 
diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
index 1dedf56d0f..f5fea8b85c 100644
--- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
+++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
@@ -7,8 +7,8 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: security
 ms.sitesec: library
-author: eross-msft
-ms.author: lizross
+author: justinha
+ms.author: justinha
 ms.date: 08/14/2017
 ms.localizationpriority: medium
 ---
diff --git a/windows/security/threat-protection/images/wdatp-pillars2.png b/windows/security/threat-protection/images/wdatp-pillars2.png
new file mode 100644
index 0000000000..60725244e5
Binary files /dev/null and b/windows/security/threat-protection/images/wdatp-pillars2.png differ
diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index f2c623bd85..b589ac9a69 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -10,19 +10,27 @@ ms.date: 02/05/2018
 ---
 
 # Threat Protection
+Windows Defender Advanced Threat Protection (ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Windows Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents and improves security posture.
+
+![Windows Defender ATP components](images/wdatp-pillars2.png)
+
+The following capabilities are available across multiple products that make up the Windows Defender ATP platform. 
+
+**Attack surface reduction**<br>
+The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 
+
+**Next generation protection**<br>
+To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats.
+
+**Endpoint protection and response**<br>
+Endpoint protection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. 
+
+**Auto investigation and remediation**<br>
+In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
+
+**Security posture**<br>
+Windows Defender ATP provides a security posture capability to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security state of your network.
+
+
 
-Learn more about how to help protect against threats in Windows 10 and Windows 10 Mobile.
 
-| Section | Description |
-|-|-|
-|[Windows Defender Security Center](windows-defender-security-center/windows-defender-security-center.md)|Learn about the easy-to-use app that brings together common Windows security features.|
-|[Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md)|Provides info about Windows Defender Advanced Threat Protection (Windows Defender ATP), an out-of-the-box Windows enterprise security service that enables enterprise cybersecurity teams to detect and respond to advanced threats on their networks.|
-|[Windows Defender Antivirus in Windows 10](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)|Provides info about Windows Defender Antivirus, a built-in antimalware solution that helps provide security and antimalware management for desktops, portable computers, and servers. Includes a list of system requirements and new features.|
-|[Windows Defender Application Guard](windows-defender-application-guard/wd-app-guard-overview.md)|Provides info about Windows Defender Application Guard, the hardware-based virtualization solution that helps to isolate a device and operating system from an untrusted browser session.|
-|[Windows Defender Application Control](windows-defender-application-control/windows-defender-application-control.md)|Explains how Windows Defender Application Control restricts the applications that users are allowed to run and the code that runs in the System Core (kernel).|
-|[Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)|Explains how to enable HVCI to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code.|
-|[Windows Defender Smart​Screen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md) |Learn more about Windows Defender SmartScreen.|
-|[Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md) |Learn more about mitigating threats in Windows 10.|
-|[Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |Use Group Policy to override individual **Process Mitigation Options** settings and help to enforce specific app-related security policies.|
-|[Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-intrusion-detection.md) |Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected. |
-|[Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md) |Provides info about how to help protect your company from attacks which may originate from untrusted or attacker controlled font files. |
diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
index 59c71f57ac..38cb2e0298 100644
--- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
+++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
@@ -32,7 +32,7 @@ This topic provides an overview of some of the software and firmware threats fac
 
 ## The security threat landscape
 
-Today’s security threat landscape is one of aggressive and tenacious threats. In previous years, malicious attackers mostly focused on gaining community recognition through their attacks or the thrill of of temporarily taking a system offline. Since then, attacker’s motives have shifted toward making money, including holding devices and data hostage until the owner pays the demanded ransom. Modern attacks increasingly focus on large-scale intellectual property theft; targeted system degradation that can result in financial loss; and now even cyberterrorism that threatens the security of individuals, businesses, and national interests all over the world. These attackers are typically highly trained individuals and security experts, some of whom are in the employ of nation states that have large budgets and seemingly unlimited human resources. Threats like these require an approach that can meet this challenge.
+Today’s security threat landscape is one of aggressive and tenacious threats. In previous years, malicious attackers mostly focused on gaining community recognition through their attacks or the thrill of temporarily taking a system offline. Since then, attacker’s motives have shifted toward making money, including holding devices and data hostage until the owner pays the demanded ransom. Modern attacks increasingly focus on large-scale intellectual property theft; targeted system degradation that can result in financial loss; and now even cyberterrorism that threatens the security of individuals, businesses, and national interests all over the world. These attackers are typically highly trained individuals and security experts, some of whom are in the employ of nation states that have large budgets and seemingly unlimited human resources. Threats like these require an approach that can meet this challenge.
 
 In recognition of this landscape, Windows 10 Creator's Update (Windows 10, version 1703) includes multiple security features that were created to make it difficult (and costly) to find and exploit many software vulnerabilities. These features are designed to:
 
diff --git a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
index c50b81aaaf..871e2e7d7f 100644
--- a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
+++ b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: brianlic-msft
-ms.date: 04/19/2017
+ms.date: 07/13/2017
 ---
 
 # Increase scheduling priority
@@ -33,7 +33,7 @@ Constant: SeIncreaseBasePriorityPrivilege
 
 ### Best practices
 
--   Allow the default value, Administrators, as the only account responsible for controlling process scheduling priorities.
+-   Allow the default value, Administrators and Window Manager/Window Manager Group, as the only accounts responsible for controlling process scheduling priorities.
 
 ### Location
 
@@ -48,11 +48,11 @@ The following table lists the actual and effective default policy values. Defaul
 | Server type or GPO | Default value |
 | - | - |
 | Default Domain Policy| Not defined| 
-| Default Domain Controller Policy| Administrators| 
-| Stand-Alone Server Default Settings | Administrators| 
-| Domain Controller Effective Default Settings | Administrators| 
-| Member Server Effective Default Settings | Administrators| 
-| Client Computer Effective Default Settings | Administrators| 
+| Default Domain Controller Policy| Not defined| 
+| Stand-Alone Server Default Settings | Administrators and Window Manager/Window Manager Group| 
+| Domain Controller Effective Default Settings | Administrators and Window Manager/Window Manager Group| 
+| Member Server Effective Default Settings | Administrators and Window Manager/Window Manager Group|
+| Client Computer Effective Default Settings | Administrators and Window Manager/Window Manager Group| 
  
 ## Policy management
 
@@ -83,11 +83,11 @@ A user who is assigned this user right could increase the scheduling priority of
 
 ### Countermeasure
 
-Verify that only Administrators have the **Increase scheduling priority** user right assigned to them.
+Verify that only Administrators and and Window Manager/Window Manager Group have the **Increase scheduling priority** user right assigned to them.
 
 ### Potential impact
 
-None. Restricting the **Increase scheduling priority** user right to members of the Administrators group is the default configuration.
+None. Restricting the **Increase scheduling priority** user right to members of the Administrators group and and Window Manager/Window Manager Group is the default configuration.
 
 ## Related topics
 
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md
index 0dccc80a87..779be1af43 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md
@@ -1,56 +1,51 @@
 ---
 title: Microsoft network client Digitally sign communications (always) (Windows 10)
-description: Describes the best practices, location, values, policy management and security considerations for the Microsoft network client Digitally sign communications (always) security policy setting.
+description: For SMBv3 and SMBv2, describes the best practices, location, values, policy management and security considerations for the Microsoft network client Digitally sign communications (always) security policy setting.
 ms.assetid: 4b7b0298-b130-40f8-960d-60418ba85f76
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: brianlic-msft
-ms.date: 04/19/2017
+author: justinha
+ms.date: 06/28/2018
 ---
 
 # Microsoft network client: Digitally sign communications (always)
 
 **Applies to**
 -   Windows 10
+-   Windows Server
 
-Describes the best practices, location, values, policy management and security considerations for the **Microsoft network client: Digitally sign communications (always)** security policy setting.
+Describes the best practices, location, values, policy management and security considerations for the **Microsoft network client: Digitally sign communications (always)** security policy setting for SMBv3 and SMBv2. 
 
 ## Reference
 
 The Server Message Block (SMB) protocol provides the basis for file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. 
-This policy setting determines whether SMB packet signing must be negotiated before further communication with the Server service is permitted.
 
-Implementation of digital signatures in high-security networks helps prevent the impersonation of client computers and servers, which is known as "session hijacking." But misuse of these policy settings is a common error that can cause data loss or problems with data access or security.
+Implementation of digital signatures in high-security networks helps prevent the impersonation of client computers and servers, which is known as "session hijacking." But misuse of these policy settings is a common error that can cause data access failure.
 
-If server-side SMB signing is required, a client device will not be able to establish a session with that server, unless it has client-side SMB signing enabled. By default, client-side SMB signing is enabled on workstations, servers, and domain controllers. Similarly, if client-side SMB signing is required, that client device will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
+Beginning with SMBv2 clients and servers, signing can be either required or not required. If this policy setting is enabled, SMBv2 clients will digitally sign all packets. Another policy setting determines whether signing is required for SMBv3 and SMBv2 server communications: [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md).
 
-If server-side SMB signing is enabled, SMB packet signing will be negotiated with client computers that have SMB signing enabled.
+There is a negotiation done between the SMB client and the SMB server to decide whether signing will effectively be used. The following table has the effective behavior for SMBv3 and SMBv2.
 
-Using SMB packet signing can impose up to a 15 percent performance degradation on file service transactions.
+|   | Server – Required | Server – Not Required |
+|---|-------------------|-----------------------|
+| **Client – Required** | Signed | Signed           | 
+| **Client – Not Required** | Signed <sup>1</sup> | Not Signed<sup>2</sup> |
+</br>
+<sup>1</sup> Default for domain controller SMB traffic</br>
+<sup>2</sup> Default for all other SMB traffic
 
-There are three other policy settings that relate to packet-signing requirements for Server Message Block (SMB) communications:
--   [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md)
--   [Microsoft network client: Digitally sign communications (if server agrees)](microsoft-network-client-digitally-sign-communications-if-server-agrees.md)
--   [Microsoft network server: Digitally sign communications (if client agrees)](microsoft-network-server-digitally-sign-communications-if-client-agrees.md)
+Performance of SMB signing is improved in SMBv2. For more details, see [Potential impact](#potential-impact). 
 
 ### Possible values
 
 -   Enabled
 -   Disabled
--   Not defined
 
 ### Best practices
 
-1.  Configure the following security policy settings as follows:
-
-    -   Disable **Microsoft network client: Digitally sign communications (always)**.
-    -   Disable [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md).
-    -   Enable [Microsoft network client: Digitally sign communications (if server agrees)](microsoft-network-client-digitally-sign-communications-if-server-agrees.md).
-    -   Enable [Microsoft network server: Digitally sign communications (if client agrees)](microsoft-network-server-digitally-sign-communications-if-client-agrees.md).
-
-2.  Alternately, you can set all of these policy settings to Enabled, but enabling them can cause slower performance on client devices and prevent them from communicating with legacy SMB applications and operating systems.
+Enable **Microsoft network client: Digitally sign communications (always)**.
 
 ### Location
 
@@ -62,8 +57,8 @@ The following table lists the actual and effective default values for this polic
 
 | Server type or GPO | Default value |
 | - | - |
-| Default Domain Policy| Not defined| 
-| Default Domain Controller Policy | Not defined| 
+| Default Domain Policy| Disabled| 
+| Default Domain Controller Policy | Disabled| 
 | Stand-Alone Server Default Settings | Disabled| 
 | DC Effective Default Settings | Disabled| 
 | Member Server Effective Default Settings | Disabled| 
@@ -83,28 +78,20 @@ This section describes how an attacker might exploit a feature or its configurat
 
 ### Vulnerability
 
-Session hijacking uses tools that allow attackers who have access to the same network as the client device or server to interrupt, end, or steal a session in progress. Attackers can potentially intercept and modify unsigned Server Message Block (SMB) packets and then modify the traffic and forward it so that the server might perform objectionable actions. Alternatively, the attacker could pose as the server or client computer after legitimate authentication, and gain unauthorized access to data.
+Session hijacking uses tools that allow attackers who have access to the same network as the client device or server to interrupt, end, or steal a session in progress. Attackers can potentially intercept and modify unsigned SMB packets and then modify the traffic and forward it so that the server might perform objectionable actions. Alternatively, the attacker could pose as the server or client computer after legitimate authentication, and gain unauthorized access to data.
 
-SMB is the resource-sharing protocol that is supported by many Windows operating systems. It is the basis of NetBIOS and many other protocols. SMB signatures authenticate users and the servers that host the data. If either side fails the authentication process, data transmission does not take place.
+SMB is the resource-sharing protocol that is supported by many Windows operating systems. It is the basis of many modern features like Storage Spaces Direct, Storage Replica, and SMB Direct, as well as many legacy protocols and tools. SMB signatures authenticate users and the servers that host the data. If either side fails the authentication process, data transmission does not take place.
 
 ### Countermeasure
 
-Configure the settings as follows:
+Enable **Microsoft network client: Digitally sign communications (always)**.
 
--   Disable **Microsoft network client: Digitally sign communications (always)**.
--   Disable [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md).
--   Enable [Microsoft network client: Digitally sign communications (if server agrees)](microsoft-network-client-digitally-sign-communications-if-server-agrees.md).
--   Enable [Microsoft network server: Digitally sign communications (if client agrees)](microsoft-network-server-digitally-sign-communications-if-client-agrees.md).
-
-In highly secure environments, we recommend that you configure all of these settings to Enabled. However, that configuration may cause slower performance on client devices and prevent communications with earlier SMB applications and operating systems.
-
->**Note:**  An alternative countermeasure that could protect all network traffic is to implement digital signatures with IPsec. There are hardware-based accelerators for IPsec encryption and signing that could be used to minimize the performance impact on the servers' CPUs. No such accelerators are available for SMB signing.
+>[!NOTE]  
+>An alternative countermeasure that could protect all network traffic is to implement digital signatures with IPsec. There are hardware-based accelerators for IPsec encryption and signing that could be used to minimize the performance impact on the servers' CPUs. No such accelerators are available for SMB signing.
  
 ### Potential impact
 
-Implementations of the SMB file and print-sharing protocol support mutual authentication. This prevents session hijacking attacks and supports message authentication to prevent man-in-the-middle attacks. SMB signing provides this authentication by placing a digital signature into each SMB, which is then verified by the client and the server.
-
-Implementation of SMB signing may negatively affect performance because each packet must be signed and verified. If these settings are enabled on a server that is performing multiple roles, such as a small business server that is serving as a domain controller, file server, print server, and application server, performance may be substantially slowed. Additionally, if you configure devices to ignore all unsigned SMB communications, older applications and operating systems cannot connect. However, if you completely disable all SMB signing, computers are vulnerable to session-hijacking attacks.
+Storage speeds impact performance. A faster drive on the source and destination allows more throughput, which causes more CPU usage of signing. If you are using a 1 Gb Ethernet network or slower storage speed with a modern CPU, there is limited degradation in performance. If you are using a faster network (such as 10 Gb), the performance impact of signing may be greater.
 
 ## Related topics
 
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md
index 0cb1a1d201..740aad436d 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md
@@ -1,59 +1,51 @@
 ---
 title: Microsoft network server Digitally sign communications (always) (Windows 10)
-description: Describes the best practices, location, values, policy management and security considerations for the Microsoft network server Digitally sign communications (always) security policy setting.
+description: For SMBv3 and SMBv2, describes the best practices, location, values, policy management and security considerations for the Microsoft network server Digitally sign communications (always) security policy setting.
 ms.assetid: 2007b622-7bc2-44e8-9cf1-d34b62117ea8
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: brianlic-msft
-ms.date: 04/19/2017
+ms.date: 06/21/2018
 ---
 
 # Microsoft network server: Digitally sign communications (always)
 
 **Applies to**
 -   Windows 10
+-   Windows Server
 
-Describes the best practices, location, values, policy management and security considerations for the **Microsoft network server: Digitally sign communications (always)** security policy setting.
+Describes the best practices, location, values, policy management and security considerations for the **Microsoft network server: Digitally sign communications (always)** security policy setting for SMBv3 and SMBv2.
 
 ## Reference
 
 The Server Message Block (SMB) protocol provides the basis for file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. 
-This policy setting determines whether SMB packet signing must be negotiated before further communication with the Server service is permitted.
 
-Implementation of digital signatures in high-security networks helps to prevent the impersonation of client computers and servers, which is known as "session hijacking." But misuse of these policy settings is a common error that can cause data loss or problems with data access or security.
+Implementation of digital signatures in high-security networks helps prevent the impersonation of client computers and servers, which is known as "session hijacking." But misuse of these policy settings can cause data access failure.
 
-For this policy to take effect on computers running Windows 2000, client-side packet signing must also be enabled. To enable client-side SMB packet signing, set [Microsoft network client: Digitally sign communications (if server agrees)](microsoft-network-client-digitally-sign-communications-if-server-agrees.md). Devices that have this policy set will not be able to communicate with devices that do not have server-side packet signing enabled. By default, server-side packet signing is enabled only on domain controllers. Server-side packet signing can be enabled on devices by setting [Microsoft network server: Digitally sign communications (if client agrees)](microsoft-network-server-digitally-sign-communications-if-client-agrees.md).
+Beginning with SMBv2 clients and servers, signing can be either required or not required. If this policy setting is enabled, SMBv2 clients will digitally sign all packets. Another policy setting determines whether signing is required for SMBv3 and SMBv2 server communications: [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md).
 
-If server-side SMB signing is required, a client device will not be able to establish a session with that server, unless it has client-side SMB signing enabled. By default, client-side SMB signing is enabled on workstations, servers, and domain controllers. Similarly, if client-side SMB signing is required, that client device will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
+There is a negotiation done between the SMB client and the SMB server to decide whether signing will effectively be used. The following table has the effective behavior for SMBv3 and SMBv2.
 
-If server-side SMB signing is enabled, SMB packet signing will be negotiated with client devices that have SMB signing enabled.
+|   | Server – Required | Server – Not Required |
+|---|-------------------|-----------------------|
+| **Client – Required** | Signed | Signed           | 
+| **Client – Not Required** | Signed <sup>1</sup> | Not Signed<sup>2</sup> |
+</br>
+<sup>1</sup> Default for domain controller SMB traffic</br>
+<sup>2</sup> Default for all other SMB traffic
 
-Using SMB packet signing can impose up to a 15 percent performance degradation on file service transactions.
-
-There are three other policy settings that relate to packet-signing requirements for Server Message Block (SMB) communications:
-
--   [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md)
--   [Microsoft network client: Digitally sign communications (if server agrees)](microsoft-network-client-digitally-sign-communications-if-server-agrees.md)
--   [Microsoft network server: Digitally sign communications (if client agrees)](microsoft-network-server-digitally-sign-communications-if-client-agrees.md)
+Performance of SMB signing is improved in SMBv2. For more details, see [Potential impact](#potential-impact). 
 
 ### Possible values
 
 -   Enabled
 -   Disabled
--   Not defined
 
 ### Best practices
 
-1.  Configure the following security policy settings as follows:
-
-    -   Disable [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md).
-    -   Disable **Microsoft network server: Digitally sign communications (always)**.
-    -   Enable [Microsoft network client: Digitally sign communications (if server agrees)](microsoft-network-client-digitally-sign-communications-if-server-agrees.md).
-    -   Enable [Microsoft network server: Digitally sign communications (if client agrees)](microsoft-network-server-digitally-sign-communications-if-client-agrees.md).
-
-2.  Alternately, you can set all of these policy settings to Enabled, but enabling them can cause slower performance on client devices and prevent them from communicating with legacy SMB applications and operating systems.
+Enable **Microsoft network server: Digitally sign communications (always)**.
 
 ### Location
 
@@ -65,11 +57,11 @@ The following table lists the actual and effective default values for this polic
 
 | Server type or GPO | Default value |
 | - | - |
-| Default Domain Policy| Not defined|
+| Default Domain Policy| Disabled|
 | Default Domain Controller Policy | Enabled| 
-| Stand-Alone Server Default Settings | Not defined| 
+| Stand-Alone Server Default Settings | Disabled| 
 | DC Effective Default Settings | Enabled| 
-| Member Server Effective Default Settings| Not defined| 
+| Member Server Effective Default Settings| Disabled| 
 | Client Computer Effective Default Settings | Disabled| 
  
 ## Policy management
@@ -88,26 +80,18 @@ This section describes how an attacker might exploit a feature or its configurat
 
 Session hijacking uses tools that allow attackers who have access to the same network as the client device or server to interrupt, end, or steal a session in progress. Attackers can potentially intercept and modify unsigned Server Message Block (SMB) packets and then modify the traffic and forward it so that the server might perform objectionable actions. Alternatively, the attacker could pose as the server or client device after legitimate authentication and gain unauthorized access to data.
 
-SMB is the resource-sharing protocol that is supported by many Windows operating systems. It is the basis of NetBIOS and many other protocols. SMB signatures authenticate users and the servers that host the data. If either side fails the authentication process, data transmission does not take place.
+SMB is the resource-sharing protocol that is supported by many Windows operating systems. It is the basis of many modern features like Storage Spaces Direct, Storage Replica, and SMB Direct, as well as many legacy protocols and tools. If either side fails the authentication process, data transmission does not take place.
 
 ### Countermeasure
 
-Configure the settings as follows:
+Enable **Microsoft network server: Digitally sign communications (always)**.
 
--   Disable [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md).
--   Disable **Microsoft network server: Digitally sign communications (always)**.
--   Enable [Microsoft network client: Digitally sign communications (if server agrees)](microsoft-network-client-digitally-sign-communications-if-server-agrees.md).
--   Enable [Microsoft network server: Digitally sign communications (if client agrees)](microsoft-network-server-digitally-sign-communications-if-client-agrees.md).
-
-In highly secure environments we recommend that you configure all of these settings to Enabled. However, that configuration may cause slower performance on client devices and prevent communications with earlier SMB applications and operating systems.
-
->**Note:**  An alternative countermeasure that could protect all network traffic is to implement digital signatures with IPsec. There are hardware-based accelerators for IPsec encryption and signing that could be used to minimize the performance impact on the servers' CPUs. No such accelerators are available for SMB signing.
+>[!NOTE]  
+>An alternative countermeasure that could protect all network traffic is to implement digital signatures with IPsec. There are hardware-based accelerators for IPsec encryption and signing that could be used to minimize the performance impact on the servers' CPUs. No such accelerators are available for SMB signing.
  
 ### Potential impact
 
-Implementations of the SMB file and print-sharing protocol support mutual authentication. This prevents session hijacking attacks and supports message authentication to prevent man-in-the-middle attacks. SMB signing provides this authentication by placing a digital signature into each SMB, which is then verified by the client and the server.
-
-Implementation of SMB signing may negatively affect performance because each packet must be signed and verified. If these settings are enabled on a server that is performing multiple roles, such as a small business server that is serving as a domain controller, file server, print server, and application server, performance may be substantially slowed. Additionally, if you configure computers to ignore all unsigned SMB communications, older applications and operating systems cannot connect. However, if you completely disable all SMB signing, devices are vulnerable to session-hijacking attacks.
+Storage speeds impact performance. A faster drive on the source and destination allows more throughput, which causes more CPU usage of signing. If you are using a 1 Gb Ethernet network or slower storage speed with a modern CPU, there is limited degradation in performance. If you are using a faster network (such as 10 Gb), the performance impact of signing may be greater.
 
 ## Related topics
 
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
index a95ce92f8c..b672362f53 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
@@ -25,7 +25,7 @@ ms.date: 07/27/2017
 
 
 The **Network access: Restrict clients allowed to make remote calls to SAM** security policy setting controls which users can enumerate users and groups in the local Security Accounts Manager (SAM) database and Active Directory. 
-The setting was first supported by Windows 10 version 1607 and Windows Server 2016 (RTM) and can be configured on earlier Windows client and server operating systems by installing updates from the the KB articles listed in **Applies to** section of this topic. 
+The setting was first supported by Windows 10 version 1607 and Windows Server 2016 (RTM) and can be configured on earlier Windows client and server operating systems by installing updates from the KB articles listed in **Applies to** section of this topic. 
 
 This topic describes the default values for this security policy setting in different versions of Windows.
 By default, computers beginning with Windows 10 version 1607 and Windows Server 2016 are more restrictive than earlier versions of Windows. 
diff --git a/windows/security/threat-protection/security-policy-settings/security-options.md b/windows/security/threat-protection/security-policy-settings/security-options.md
index 502b856b25..b4d90dc74c 100644
--- a/windows/security/threat-protection/security-policy-settings/security-options.md
+++ b/windows/security/threat-protection/security-policy-settings/security-options.md
@@ -6,8 +6,8 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: brianlic-msft
-ms.date: 08/01/2017
+author: justinha
+ms.date: 06/28/2018
 ---
 
 # Security Options
@@ -66,13 +66,15 @@ For info about setting security policies, see [Configure security policy setting
 | [Interactive logon: Require Domain Controller authentication to unlock workstation](interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md)| Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Require Domain Controller authentication to unlock workstation** security policy setting. |
 | [Interactive logon: Require smart card](interactive-logon-require-smart-card.md) | Describes the best practices, location, values, policy management and security considerations for the **Interactive logon: Require smart card** security policy setting.| 
 | [Interactive logon: Smart card removal behavior](interactive-logon-smart-card-removal-behavior.md) | Describes the best practices, location, values, policy management and security considerations for the **Interactive logon: Smart card removal behavior** security policy setting.| 
-| [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md) | Describes the best practices, location, values, policy management and security considerations for the **Microsoft network client: Digitally sign communications (always)** security policy setting. |
-| [Microsoft network client: Digitally sign communications (if server agrees)](microsoft-network-client-digitally-sign-communications-if-server-agrees.md)| Describes the best practices, location, values, and security considerations for the **Microsoft network client: Digitally sign communications (if server agrees)** security policy setting. |
+| [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md) | Describes the best practices, location, values, policy management and security considerations for the **Microsoft network client: Digitally sign communications (always)** security policy setting for SMBv3 and SMBv2. |
+| [SMBv1 Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md) | Describes the best practices, location, values, policy management and security considerations for the **Microsoft network client: Digitally sign communications (always)** security policy setting for SMBv1 only. |
+| [SMBv1 Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md)| Describes the best practices, location, values, and security considerations for the **Microsoft network client: Digitally sign communications (if server agrees)** security policy setting for SMBv1 only. |
 | [Microsoft network client: Send unencrypted password to third-party SMB servers](microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md)| Describes the best practices, location, values, policy management and security considerations for the **Microsoft network client: Send unencrypted password to third-party SMB servers** security policy setting. |
 | [Microsoft network server: Amount of idle time required before suspending session](microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md)| Describes the best practices, location, values, and security considerations for the **Microsoft network server: Amount of idle time required before suspending session** security policy setting. |
 | [Microsoft network server: Attempt S4U2Self to obtain claim information](microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md)| Describes the best practices, location, values, management, and security considerations for the **Microsoft network server: Attempt S4U2Self to obtain claim information** security policy setting. |
-| [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md)| Describes the best practices, location, values, policy management and security considerations for the **Microsoft network server: Digitally sign communications (always)** security policy setting.| 
-| [Microsoft network server: Digitally sign communications (if client agrees)](microsoft-network-server-digitally-sign-communications-if-client-agrees.md)| Describes the best practices, location, values, policy management and security considerations for the **Microsoft network server: Digitally sign communications (if client agrees)** security policy setting. |
+| [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md)| Describes the best practices, location, values, policy management and security considerations for the **Microsoft network server: Digitally sign communications (always)** security policy setting for SMBv3 and SMBv2.| 
+| [SMBv1 Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md)| Describes the best practices, location, values, policy management and security considerations for the **Microsoft network server: Digitally sign communications (always)** security policy setting for SMBv1 only.| 
+| [SMBv1 Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md)| Describes the best practices, location, values, policy management and security considerations for the **Microsoft network server: Digitally sign communications (if client agrees)** security policy setting for SMBv1 only. |
 | [Microsoft network server: Disconnect clients when logon hours expire](microsoft-network-server-disconnect-clients-when-logon-hours-expire.md)| Describes the best practices, location, values, and security considerations for the **Microsoft network server: Disconnect clients when logon hours expire** security policy setting. |
 | [Microsoft network server: Server SPN target name validation level](microsoft-network-server-server-spn-target-name-validation-level.md)| Describes the best practices, location, and values, policy management and security considerations for the **Microsoft network server: Server SPN target name validation level** security policy setting. |
 | [Network access: Allow anonymous SID/Name translation](network-access-allow-anonymous-sidname-translation.md)| Describes the best practices, location, values, policy management and security considerations for the **Network access: Allow anonymous SID/Name translation** security policy setting.| 
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md
new file mode 100644
index 0000000000..c8cb5783ba
--- /dev/null
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md
@@ -0,0 +1,113 @@
+---
+title: SMBv1 Microsoft network client Digitally sign communications (always) (Windows 10)
+description: For SMBv1 only, describes the best practices, location, values, policy management and security considerations for the Microsoft network client Digitally sign communications (always) security policy setting.
+ms.assetid: 4b7b0298-b130-40f8-960d-60418ba85f76
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+ms.date: 06/19/2018
+---
+
+# SMBv1 Microsoft network client: Digitally sign communications (always)
+
+**Applies to**
+-   Windows 10
+
+This topic is about the Server Message Block (SMB) v1 protocol. SMBv1 is not secure and has been deprecated in Windows. Beginning with Windows 10 Fall Creators Update and Windows Server, version 1709, [SMBv1 is not installed by default](https://support.microsoft.com/help/4034314/smbv1-is-not-installed-by-default-in-windows). 
+
+The rest of this topic describes the best practices, location, values, policy management and security considerations for the **Microsoft network client: Digitally sign communications (always)** security policy setting only for SMBv1. The same policy setting can be applied to computers that run SMBv2. For more information, see [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md).
+
+## Reference
+
+The Server Message Block (SMB) protocol provides the basis for file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. 
+This policy setting determines whether SMB packet signing must be negotiated before further communication with the Server service is permitted.
+
+Implementation of digital signatures in high-security networks helps prevent the impersonation of client computers and servers, which is known as "session hijacking." But misuse of these policy settings is a common error that can cause data loss or problems with data access or security.
+
+If server-side SMB signing is required, a client device will not be able to establish a session with that server, unless it has client-side SMB signing enabled. By default, client-side SMB signing is enabled on workstations, servers, and domain controllers. Similarly, if client-side SMB signing is required, that client device will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
+
+If server-side SMB signing is enabled, SMB packet signing will be negotiated with client computers that have SMB signing enabled.
+
+Using SMB packet signing can impose up to a 15 percent performance degradation on file service transactions.
+
+There are three other policy settings that relate to packet-signing requirements for Server Message Block (SMB) communications:
+-   [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md)
+-   [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md)
+-   [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md)
+
+### Possible values
+
+-   Enabled
+-   Disabled
+-   Not defined
+
+### Best practices
+
+1.  Configure the following security policy settings as follows:
+
+    -   Disable **Microsoft network client: Digitally sign communications (always)**.
+    -   Disable [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md).
+    -   Enable [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md).
+    -   Enable [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md).
+
+2.  Alternately, you can set all of these policy settings to Enabled, but enabling them can cause slower performance on client devices and prevent them from communicating with legacy SMB applications and operating systems.
+
+### Location
+
+Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options
+
+### Default values
+
+The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page.
+
+| Server type or GPO | Default value |
+| - | - |
+| Default Domain Policy| Not defined| 
+| Default Domain Controller Policy | Not defined| 
+| Stand-Alone Server Default Settings | Disabled| 
+| DC Effective Default Settings | Disabled| 
+| Member Server Effective Default Settings | Disabled| 
+| Client Computer Effective Default Settings | Disabled| 
+ 
+## Policy management
+
+This section describes features and tools that are available to help you manage this policy.
+
+### Restart requirement
+
+None. Changes to this policy become effective without a device restart when they are saved locally or distributed through Group Policy.
+
+## Security considerations
+
+This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
+
+### Vulnerability
+
+Session hijacking uses tools that allow attackers who have access to the same network as the client device or server to interrupt, end, or steal a session in progress. Attackers can potentially intercept and modify unsigned Server Message Block (SMB) packets and then modify the traffic and forward it so that the server might perform objectionable actions. Alternatively, the attacker could pose as the server or client computer after legitimate authentication, and gain unauthorized access to data.
+
+SMB is the resource-sharing protocol that is supported by many Windows operating systems. It is the basis of NetBIOS and many other protocols. SMB signatures authenticate users and the servers that host the data. If either side fails the authentication process, data transmission does not take place.
+
+### Countermeasure
+
+Configure the settings as follows:
+
+-   Disable **Microsoft network client: Digitally sign communications (always)**.
+-   Disable [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md).
+-   Enable [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md).
+-   Enable [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md).
+
+In highly secure environments, we recommend that you configure all of these settings to Enabled. However, that configuration may cause slower performance on client devices and prevent communications with earlier SMB applications and operating systems.
+
+>**Note:**  An alternative countermeasure that could protect all network traffic is to implement digital signatures with IPsec. There are hardware-based accelerators for IPsec encryption and signing that could be used to minimize the performance impact on the servers' CPUs. No such accelerators are available for SMB signing.
+ 
+### Potential impact
+
+Implementations of the SMB file and print-sharing protocol support mutual authentication. This prevents session hijacking attacks and supports message authentication to prevent man-in-the-middle attacks. SMB signing provides this authentication by placing a digital signature into each SMB, which is then verified by the client and the server.
+
+Implementation of SMB signing may negatively affect performance because each packet must be signed and verified. If these settings are enabled on a server that is performing multiple roles, such as a small business server that is serving as a domain controller, file server, print server, and application server, performance may be substantially slowed. Additionally, if you configure devices to ignore all unsigned SMB communications, older applications and operating systems cannot connect. However, if you completely disable all SMB signing, computers are vulnerable to session-hijacking attacks.
+
+## Related topics
+
+- [Security Options](security-options.md)
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
similarity index 76%
rename from windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md
rename to windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
index e796441281..707cdf82c8 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
@@ -1,6 +1,6 @@
 ---
-title: Microsoft network client Digitally sign communications (if server agrees) (Windows 10)
-description: Describes the best practices, location, values, and security considerations for the Microsoft network client Digitally sign communications (if server agrees) security policy setting.
+title: SMBv1 Microsoft network client Digitally sign communications (if server agrees) (Windows 10)
+description: For SMBv1 only, describes the best practices, location, values, and security considerations for the Microsoft network client Digitally sign communications (if server agrees) security policy setting.
 ms.assetid: e553f700-aae5-425c-8650-f251c90ba5dd
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -8,14 +8,16 @@ ms.sitesec: library
 ms.pagetype: security
 author: brianlic-msft
 
-ms.date: 04/19/2017
+ms.date: 06/19/2018
 ---
-# Microsoft network client: Digitally sign communications (if server agrees)
+# SMBv1 Microsoft network client: Digitally sign communications (if server agrees)
 
 **Applies to**
 -   Windows 10
 
-Describes the best practices, location, values, and security considerations for the **Microsoft network client: Digitally sign communications (if server agrees)** security policy setting.
+This topic is about the Server Message Block (SMB) v1 protocol. SMBv1 is not secure and has been deprecated in Windows. Beginning with Windows 10 Fall Creators Update and Windows Server, version 1709, [SMBv1 is not installed by default](https://support.microsoft.com/help/4034314/smbv1-is-not-installed-by-default-in-windows). 
+
+The rest of this topic describes the best practices, location, values, and security considerations for the **Microsoft network client: Digitally sign communications (if server agrees)** security policy setting only for SMBv1. The same policy setting can be applied to computers that run SMBv2. For more information, see [Microsoft network client: Digitally sign communications (if server agrees)](microsoft-network-client-digitally-sign-communications-always.md).
 
 ## Reference
 
@@ -31,9 +33,9 @@ Using SMB packet signing can impose up to a 15 percent performance degradation o
 
 There are three other policy settings that relate to packet-signing requirements for Server Message Block (SMB) communications:
 
--   [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md)
--   [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md)
--   [Microsoft network server: Digitally sign communications (if client agrees)](microsoft-network-server-digitally-sign-communications-if-client-agrees.md)
+-   [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md)
+-   [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md)
+-   [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md)
 
 ### Possible values
 
@@ -45,10 +47,10 @@ There are three other policy settings that relate to packet-signing requirements
 
 1.  Configure the following security policy settings as follows:
 
-    -   Disable [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md).
-    -   Disable [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md).
+    -   Disable [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md).
+    -   Disable [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md).
     -   Enable **Microsoft Network Client: Digitally Sign Communications (If Server Agrees)**.
-    -   Enable [Microsoft network server: Digitally sign communications (if client agrees)](microsoft-network-server-digitally-sign-communications-if-client-agrees.md).
+    -   Enable [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md).
 
 2.  Alternately, you can set all of these policy settings to Enabled, but enabling them can cause slower performance on client devices and prevent them from communicating with legacy SMB applications and operating systems.
 
@@ -92,10 +94,10 @@ SMB is the resource-sharing protocol that is supported by many Windows operating
 
 Configure the settings as follows:
 
--   Disable [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md).
--   Disable [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md).
+-   Disable [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md).
+-   Disable [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md).
 -   Enable **Microsoft network client: Digitally sign communications (if server agrees)**.
--   Enable [Microsoft network server: Digitally sign communications (if client agrees)](microsoft-network-server-digitally-sign-communications-if-client-agrees.md).
+-   Enable [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md).
 
 In highly secure environments we recommend that you configure all of these settings to Enabled. However, that configuration may cause slower performance on client devices and prevent communications with earlier SMB applications and operating systems.
 
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md
new file mode 100644
index 0000000000..cff5d35423
--- /dev/null
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md
@@ -0,0 +1,116 @@
+---
+title: SMB v1 Microsoft network server Digitally sign communications (always) (Windows 10)
+description: For SMB v1 only, describes the best practices, location, values, policy management and security considerations for the Microsoft network server Digitally sign communications (always) security policy setting.
+ms.assetid: 2007b622-7bc2-44e8-9cf1-d34b62117ea8
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+ms.date: 06/19/201
+---
+
+# SMB v1 Microsoft network server: Digitally sign communications (always)
+
+**Applies to**
+-   Windows 10
+
+This topic is about the Server Message Block (SMB) v1 protocol. SMBv1 is not secure and has been deprecated in Windows. Beginning with Windows 10 Fall Creators Update and Windows Server, version 1709, [SMB v1 is not installed by default](https://support.microsoft.com/help/4034314/smbv1-is-not-installed-by-default-in-windows).  
+
+The rest of this topic describes the best practices, location, values, policy management and security considerations for the **Microsoft network server: Digitally sign communications (always)** security policy setting only for SMBv1. The same policy setting can be applied to computers that run SMBv2. Fore more information, see [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md).
+
+## Reference
+
+The Server Message Block (SMB) protocol provides the basis for file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. 
+This policy setting determines whether SMB packet signing must be negotiated before further communication with the Server service is permitted.
+
+Implementation of digital signatures in high-security networks helps to prevent the impersonation of client computers and servers, which is known as "session hijacking." But misuse of these policy settings is a common error that can cause data loss or problems with data access or security.
+
+For this policy to take effect on computers running Windows 2000, client-side packet signing must also be enabled. To enable client-side SMB packet signing, set [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md). Devices that have this policy set will not be able to communicate with devices that do not have server-side packet signing enabled. By default, server-side packet signing is enabled only on domain controllers. Server-side packet signing can be enabled on devices by setting [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md).
+
+If server-side SMB signing is required, a client device will not be able to establish a session with that server, unless it has client-side SMB signing enabled. By default, client-side SMB signing is enabled on workstations, servers, and domain controllers. Similarly, if client-side SMB signing is required, that client device will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
+
+If server-side SMB signing is enabled, SMB packet signing will be negotiated with client devices that have SMB signing enabled.
+
+Using SMB packet signing can impose up to a 15 percent performance degradation on file service transactions.
+
+There are three other policy settings that relate to packet-signing requirements for Server Message Block (SMB) communications:
+
+-   [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md)
+-   [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md)
+-   [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md)
+
+### Possible values
+
+-   Enabled
+-   Disabled
+-   Not defined
+
+### Best practices
+
+1.  Configure the following security policy settings as follows:
+
+    -   Disable [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md).
+    -   Disable **Microsoft network server: Digitally sign communications (always)**.
+    -   Enable [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md).
+    -   Enable [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md).
+
+2.  Alternately, you can set all of these policy settings to Enabled, but enabling them can cause slower performance on client devices and prevent them from communicating with legacy SMB applications and operating systems.
+
+### Location
+
+Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options
+
+### Default values
+
+The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page.
+
+| Server type or GPO | Default value |
+| - | - |
+| Default Domain Policy| Not defined|
+| Default Domain Controller Policy | Enabled| 
+| Stand-Alone Server Default Settings | Not defined| 
+| DC Effective Default Settings | Enabled| 
+| Member Server Effective Default Settings| Not defined| 
+| Client Computer Effective Default Settings | Disabled| 
+ 
+## Policy management
+
+This section describes features and tools that are available to help you manage this policy.
+
+### Restart requirement
+
+None. Changes to this policy become effective without a device restart when they are saved locally or distributed through Group Policy.
+
+## Security considerations
+
+This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
+
+### Vulnerability
+
+Session hijacking uses tools that allow attackers who have access to the same network as the client device or server to interrupt, end, or steal a session in progress. Attackers can potentially intercept and modify unsigned Server Message Block (SMB) packets and then modify the traffic and forward it so that the server might perform objectionable actions. Alternatively, the attacker could pose as the server or client device after legitimate authentication and gain unauthorized access to data.
+
+SMB is the resource-sharing protocol that is supported by many Windows operating systems. It is the basis of NetBIOS and many other protocols. SMB signatures authenticate users and the servers that host the data. If either side fails the authentication process, data transmission does not take place.
+
+### Countermeasure
+
+Configure the settings as follows:
+
+-   Disable [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md).
+-   Disable **Microsoft network server: Digitally sign communications (always)**.
+-   Enable [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md).
+-   Enable [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md).
+
+In highly secure environments we recommend that you configure all of these settings to Enabled. However, that configuration may cause slower performance on client devices and prevent communications with earlier SMB applications and operating systems.
+
+>**Note:**  An alternative countermeasure that could protect all network traffic is to implement digital signatures with IPsec. There are hardware-based accelerators for IPsec encryption and signing that could be used to minimize the performance impact on the servers' CPUs. No such accelerators are available for SMB signing.
+ 
+### Potential impact
+
+Implementations of the SMB file and print-sharing protocol support mutual authentication. This prevents session hijacking attacks and supports message authentication to prevent man-in-the-middle attacks. SMB signing provides this authentication by placing a digital signature into each SMB, which is then verified by the client and the server.
+
+Implementation of SMB signing may negatively affect performance because each packet must be signed and verified. If these settings are enabled on a server that is performing multiple roles, such as a small business server that is serving as a domain controller, file server, print server, and application server, performance may be substantially slowed. Additionally, if you configure computers to ignore all unsigned SMB communications, older applications and operating systems cannot connect. However, if you completely disable all SMB signing, devices are vulnerable to session-hijacking attacks.
+
+## Related topics
+
+- [Security Options](security-options.md)
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
similarity index 76%
rename from windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agrees.md
rename to windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
index 2eafb89626..637fa2d2a5 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agrees.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
@@ -1,21 +1,23 @@
 ---
-title: Microsoft network server Digitally sign communications (if client agrees) (Windows 10)
-description: Describes the best practices, location, values, policy management and security considerations for the Microsoft network server Digitally sign communications (if client agrees) security policy setting.
+title: SMBv1 Microsoft network server Digitally sign communications (if client agrees) (Windows 10)
+description: For SMBv1 only, describes the best practices, location, values, policy management and security considerations for the Microsoft network server Digitally sign communications (if client agrees) security policy setting.
 ms.assetid: c92b2e3d-1dbf-4337-a145-b17a585f4fc1
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: brianlic-msft
-ms.date: 04/19/2017
+ms.date: 06/19/2018
 ---
 
-# Microsoft network server: Digitally sign communications (if client agrees)
+# SMBv1 Microsoft network server: Digitally sign communications (if client agrees)
 
 **Applies to**
 -   Windows 10
 
-Describes the best practices, location, values, policy management and security considerations for the **Microsoft network server: Digitally sign communications (if client agrees)** security policy setting.
+This topic is about the Server Message Block (SMB) v1 protocol. SMBv1 is not secure and has been deprecated in Windows. Beginning with Windows 10 Fall Creators Update and Windows Server, version 1709, [SMBv1 is not installed by default](https://support.microsoft.com/help/4034314/smbv1-is-not-installed-by-default-in-windows). 
+
+The rest of this topic describes the best practices, location, values, policy management and security considerations for the **Microsoft network server: Digitally sign communications (if client agrees)** security policy setting only for SMBv1. The same policy setting can be applied to computers that run SMBv2. For more information, see [Microsoft network server: Digitally sign communications (if client agrees)](microsoft-network-server-digitally-sign-communications-always.md).
 
 ## Reference
 
@@ -32,9 +34,9 @@ Using SMB packet signing can impose up to a 15 percent performance degradation o
 
 There are three other policy settings that relate to packet-signing requirements for Server Message Block (SMB) communications:
 
--   [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md)
--   [Microsoft network client: Digitally sign communications (if server agrees)](microsoft-network-client-digitally-sign-communications-if-server-agrees.md)
--   [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md)
+-   [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md)
+-   [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md)
+-   [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md)
 
 ### Possible values
 
@@ -46,9 +48,9 @@ There are three other policy settings that relate to packet-signing requirements
 
 1.  Configure the following security policy settings as follows:
 
-    -   Disable [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md).
-    -   Disable [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md).
-    -   Enable [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md).
+    -   Disable [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md).
+    -   Disable [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md).
+    -   Enable [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md).
     -   Enable **Microsoft Network Server: Digitally Sign Communications (If Client Agrees)**.
 
 2.  Alternately, you can set all of these policy settings to Enabled, but enabling them can cause slower performance on client devices and prevent them from communicating with legacy SMB applications and operating systems.
@@ -92,9 +94,9 @@ SMB is the resource-sharing protocol that is supported by many Windows operating
 
 Configure the settings as follows:
 
--   Disable [Microsoft network client: Digitally sign communications (always)](microsoft-network-client-digitally-sign-communications-always.md).
--   Disable [Microsoft network server: Digitally sign communications (always)](microsoft-network-server-digitally-sign-communications-always.md).
--   Enable [Microsoft network client: Digitally sign communications (if server agrees)](microsoft-network-client-digitally-sign-communications-if-server-agrees.md).
+-   Disable [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md).
+-   Disable [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md).
+-   Enable [Microsoft network client: Digitally sign communications (if server agrees)](smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md).
 -   Enable **Microsoft network server: Digitally sign communications (if client agrees)**.
 
 In highly secure environments we recommend that you configure all of these settings to Enabled. However, that configuration may cause slower performance on client devices and prevent communications with earlier SMB applications and operating systems.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
index fc4ba4c6b4..77cc805406 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/30/2018
+ms.date: 07/10/2018
 
 ---
 
@@ -68,11 +68,9 @@ See [How to create and deploy antimalware policies: Scan settings]( https://docs
 
 **Use Microsoft Intune to configure scanning options**
 
+See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details.
 
 
-See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune: Scan options](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune#specify-scan-options-settings) and [Windows Defender policy settings in Windows 10](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune#windows-defender-1) for more details.
- 
-
 
 <a id="ref1"></a>
 ### Email scanning limitations
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
index ca884944ee..9381eb05f6 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/30/2018
+ms.date: 07/10/2018
 ---
 
 # Configure and validate exclusions based on file extension and folder location
@@ -186,8 +186,7 @@ See [How to create and deploy antimalware policies: Exclusion settings](https://
 
 **Use Microsoft Intune to configure file name, folder, or file extension exclusions:**
 
-
-See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) and [Windows Defender policy settings in Windows 10](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune#windows-defender-1) for more details.
+See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details.
 
 
 **Use the Windows Defender Security Center app to configure file name, folder, or file extension exclusions:**
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
index 05684915fd..43501a9510 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/30/2018
+ms.date: 07/10/2018
 ---
 
 # Configure exclusions for files opened by processes
@@ -142,8 +142,7 @@ See [How to create and deploy antimalware policies: Exclusion settings](https://
 
 **Use Microsoft Intune to exclude files that have been opened by specified processes from scans:**
 
-
-See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) and [Windows Defender policy settings in Windows 10](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune#windows-defender-1) for more details.
+See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details.
 
 
 **Use the Windows Defender Security Center app to exclude files that have been opened by specified processes from scans:**
@@ -173,7 +172,7 @@ Environment variables | The defined variable will be populated as a path when th
 <a id="review"></a>
 ## Review the list of exclusions
 
-You can retrieve the items in the exclusion list with PowerShell, [System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), [Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune), or the [Windows Defender Security Center app](windows-defender-security-center-antivirus.md#exclusions).
+You can retrieve the items in the exclusion list with PowerShell, [System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), [Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure), or the [Windows Defender Security Center app](windows-defender-security-center-antivirus.md#exclusions).
 
 If you use PowerShell, you can retrieve the list in two ways:
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
index 9ab2a46598..c409e9402c 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/30/2018
+ms.date: 07/10/2018
 ---
 
 
@@ -35,7 +35,7 @@ ms.date: 04/30/2018
 
 When Windows Defender Antivirus runs a scan, it will attempt to remediate or remove threats that it finds. You can configure how Windows Defender AV should react to certain threats, whether it should create a restore point before remediating, and when it should remove remediated threats.
 
-This topic describes how to configure these settings with Group Policy, but you can also use [System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#threat-overrides-settings) and [Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune#choose-default-actions-settings).
+This topic describes how to configure these settings with Group Policy, but you can also use [System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#threat-overrides-settings) and [Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure).
 
 You can also use the [`Set-MpPreference` PowerShell cmdlet](https://technet.microsoft.com/itpro/powershell/windows/defender/set-mppreference) or [`MSFT_MpPreference` WMI class](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx) to configure these settings.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md
index c53a13b919..12275ec64d 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 05/21/2018
+ms.date: 07/19/2018
 ---
 
 # Deploy, manage, and report on Windows Defender Antivirus
@@ -41,7 +41,7 @@ You'll also see additional links for:
 Tool|Deployment options (<a href="#fn2" id="ref2">2</a>)|Management options (network-wide configuration and policy or baseline deployment) ([3](#fn3))|Reporting options  
 ---|---|---|---  
 System Center Configuration Manager ([1](#fn1))|Use the [Endpoint Protection point site system role][] and [enable Endpoint Protection with custom client settings][]|With [default and customized antimalware policies][] and [client management][]|With the default [Configuration Manager Monitoring workspace][] and [email alerts][]  
-Microsoft Intune|[Deploy the Microsoft Intune client to endpoints][]|Use and deploy a [custom Intune policy][] and use the Intune console to [manage tasks][]|[Monitor endpoint protection in the Microsoft Intune administration console][]  
+Microsoft Intune|[Add endpoint protection settings in Intune](https://docs.microsoft.com/en-us/intune/endpoint-protection-configure)|[Configure device restriction settings in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure)| [Use the Intune console to manage devices](https://docs.microsoft.com/en-us/intune/device-management)  
 Windows Management Instrumentation|Deploy with Group Policy, System Center Configuration Manager, or manually on individual endpoints.|Use the [Set method of the MSFT_MpPreference class][] and the [Update method of the MSFT_MpSignature class][]|Use the [MSFT_MpComputerStatus][] class and the get method of associated classes in the [Windows Defender WMIv2 Provider][]
 PowerShell|Deploy with Group Policy, System Center Configuration Manager, or manually on individual endpoints.|Use the [Set-MpPreference][] and [Update-MpSignature] [] cmdlets available in the Defender module|Use the appropriate [Get- cmdlets available in the Defender module][]
 Group Policy and Active Directory (domain-joined)|Use a Group Policy Object to deploy configuration changes and ensure Windows Defender Antivirus is enabled.|Use Group Policy Objects (GPOs) to [Configure update options for Windows Defender Antivirus][] and [Configure Windows Defender features][]|Endpoint reporting is not available with Group Policy. You can generate a list of [Group Policies to determine if any settings or policies are not applied][]
diff --git a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
index 55ed3cb681..fa6dae36c3 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 11/20/2017
+ms.date: 07/10/2018
 ---
 
 # Detect and block Potentially Unwanted Applications
@@ -107,8 +107,7 @@ See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use
 
 **Use Intune to configure the PUA protection feature**
 
-See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) and [Windows Defender policy settings in Windows 10](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune#windows-defender-1) for more details.
-
+See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details.
 
 
 ## Related topics
diff --git a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
index 52804b3481..da5b515967 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/30/2018
+ms.date: 07/10/2018
 ---
 
 # Enable cloud-delivered protection in Windows Defender AV
@@ -108,25 +108,22 @@ See the following for more information and allowed parameters:
 
 **Use Intune to enable cloud-delivered protection**
 
-1.  Open the [Microsoft Intune administration console](https://manage.microsoft.com/), and navigate to the associated policy you want to configure.
-2.  Under the **Endpoint Protection** setting, scroll down to the **Endpoint Protection Service** section set the **Submit files automatically when further analysis is required** setting to either of the following:
-    1. **Send samples automatically**
-    1. **Send all samples automatically**
+1. Sign in to the [Azure portal](https://portal.azure.com).
+2. Select **All services > Intune**.
+3. In the **Intune** pane, select **Device configuration > Profiles**, and then select the **Device restrictions** profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure).
+4. Select **Properties**, select **Settings: Configure**, and then select **Windows Defender Antivirus**.
+5. On the **Cloud-delivered protection** switch, select **Enable**.
+6. In the **Prompt users before sample submission** dropdown, select **Send all data without prompting**. 
+7. In the **Submit samples consent** dropdown, select one of the following:
+    1. **Send safe samples automatically**
+    2. **Send all samples automatically**
 
         > [!WARNING]
         > Setting to **Always Prompt** will lower the protection state of the device. Setting to **Never send** means the [Block at First Sight](configure-block-at-first-sight-windows-defender-antivirus.md) feature will not function.
-5. Scroll down to the **Microsoft Active Protection Service** section and set the following settings:
-    
-   Setting | Set to
-    --|--
-    Join Microsoft Active Protection Service | Yes
-    Membership level | Advanced
-    Receive dynamic definitions based on Microsoft Active Protection Service reports | Yes
+8. Click **OK** to exit the **Windows Defender Antivirus** settings pane, click **OK** to exit the **Device restrictions** pane, and then click **Save** to save the changes to your **Device restrictions** profile.
+
+For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/en-us/intune/device-profiles)
   
-3.  Save and [deploy the policy as usual](https://docs.microsoft.com/en-us/intune/deploy-use/common-windows-pc-management-tasks-with-the-microsoft-intune-computer-client).
-
-See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) for more details.
-
 **Enable cloud-delivered protection on individual clients with the Windows Defender Security Center app**
 > [!NOTE]
 > If the **Configure local setting override for reporting Microsoft MAPS** Group Policy setting is set to **Disabled**, then the **Cloud-based protection** setting in Windows Settings will be greyed-out and unavailable. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md
index ba1fdde4da..79696c63e9 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/30/2018
+ms.date: 07/10/2018
 ---
 
 # Report on Windows Defender Antivirus protection
@@ -28,7 +28,7 @@ There are a number of ways you can review protection status and alerts, dependin
 
 
 
-You can use System Center Configuration Manager to [monitor Windows Defender AV protection](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/monitor-endpoint-protection) or [create email alerts](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-configure-alerts), or you can also monitor protection using the [Microsoft Intune console](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune#monitor-endpoint-protection).  
+You can use System Center Configuration Manager to [monitor Windows Defender AV protection](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/monitor-endpoint-protection) or [create email alerts](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-configure-alerts), or you can also monitor protection using [Microsoft Intune](https://docs.microsoft.com/en-us/intune/introduction-intune).  
 
 Microsoft Operations Management Suite has an [Update Compliance add-in](/windows/deployment/update/update-compliance-get-started) that reports on key Windows Defender AV issues, including protection updates and real-time protection settings.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md
index 16d24853fc..151f4e6a10 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 08/26/2017
+ms.date: 07/10/2018
 ---
 
 # Review Windows Defender AV scan results
@@ -83,7 +83,9 @@ Use the [**Get** method of the **MSFT_MpThreat** and **MSFT_MpThreatDetection**]
 
 **Use Microsoft Intune to review Windows Defender AV scan results:**
 
-See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune: Monitor Endpoint Protection](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune#monitor-endpoint-protection).
+1. In Intune, go to **Devices > All Devices** and select the device you want to scan.
+
+2. Click the scan results in **Device actions status**.
 
 
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md
index 7849eb1cd6..4aa2447988 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 08/26/2017
+ms.date: 07/10/2018
 ---
 
 
@@ -98,8 +98,9 @@ See the following for more information and allowed parameters:
 
 **Use Microsoft Intune to run a scan:**
 
+1. In Intune, go to **Devices > All Devices** and select the device you want to scan.
 
-See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune: Run a malware scan](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune#run-a-malware-scan-or-update-malware-definitions-on-a-computer) and [Windows Defender policy settings in Windows 10](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune#windows-defender-1) for more details.
+2. Select **...More** and then select **Quick Scan** or **Full Scan**.
 
 
 ## Related topics
diff --git a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md
index 3bf361e0fd..4439eb8cb4 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/30/2018
+ms.date: 07/10/2018
 ---
 
 
@@ -43,7 +43,7 @@ In addition to always-on real-time protection and [on-demand](run-scan-windows-d
 
 You can configure the type of scan, when the scan should occur, and if the scan should occur after a [protection update](manage-protection-updates-windows-defender-antivirus.md) or if the endpoint is being used. You can also specify when special scans to complete remediation should occur.
 
-This topic describes how to configure scheduled scans with Group Policy, PowerShell cmdlets, and WMI. You can also configure schedules scans with [System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#scheduled-scans-settings) or [Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intunespecify-scan-schedule-settings).
+This topic describes how to configure scheduled scans with Group Policy, PowerShell cmdlets, and WMI. You can also configure schedules scans with [System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#scheduled-scans-settings) or [Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure).
 
 To configure the Group Policy settings described in this topic:
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md
index 4dfdd0e9f8..b2b7a4640f 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/30/2018
+ms.date: 07/19/2018
 ---
 
 # Specify the cloud-delivered protection level
@@ -30,6 +30,7 @@ ms.date: 04/30/2018
 
 - Group Policy
 - System Center Configuration Manager (current branch)
+- Intune
 
 You can specify the level of cloud-protection offered by Windows Defender Antivirus with Group Policy and System Center Configuration Manager.
 
@@ -59,7 +60,25 @@ You can specify the level of cloud-protection offered by Windows Defender Antivi
 
 1.  See [How to create and deploy antimalware policies: Cloud-protection service](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service) for details on configuring System Center Configuration Manager (current branch).
 
+**Use Intune to specify the level of cloud-delivered protection:**
 
+1. Sign in to the [Azure portal](https://portal.azure.com).
+2. Select **All services > Intune**.
+3. In the **Intune** pane, select **Device configuration > Profiles**, and then select the **Device restrictions** profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure).
+4. Select **Properties**, select **Settings: Configure**, and then select **Windows Defender Antivirus**.
+5. On the **File Blocking Level** switch, select one of the following:
+
+    1. **High** to provide a strong level of detection
+    2. **High +** to apply additional protection measures
+    3. **Zero tolerance** to block all unknown executables
+
+        > [!WARNING]
+        > While unlikely, setting this switch to **High** might cause some legitimate files to be detected. The **High +** setting might impact client performance. We recommend you set this to the default level (**Not configured**).
+
+8. Click **OK** to exit the **Windows Defender Antivirus** settings pane, click **OK** to exit the **Device restrictions** pane, and then click **Save** to save the changes to your **Device restrictions** profile.
+
+For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/en-us/intune/device-profiles)
+  
 
 
 ## Related topics
diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md
index df26ab7ae1..403cf6a2e3 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 08/26/2017
+ms.date: 07/19/2018
 ---
 
 # Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV
@@ -22,7 +22,7 @@ In some cases, the protection will be labeled as Endpoint Protection, although t
 
 See the [Endpoint Protection](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-protection) library on docs.microsoft.com for information on using Configuration Manager.
 
-For Microsoft Intune, consult the [Help secure Windows PCs with Endpoint Protection for Microsoft Intune library](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune).
+For Microsoft Intune, consult the [Microsoft Intune library](https://docs.microsoft.com/en-us/intune/introduction-intune) and [Configure device restriction settings in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure).
 
 
 ## Related topics
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
index 47d5189976..db9fd10f0d 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
@@ -68,7 +68,7 @@ This table indicates the functionality and features that are available in each s
 State | Description | [Real-time protection](configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) | [Limited periodic scanning availability](limited-periodic-scanning-windows-defender-antivirus.md) | [File scanning and detection information](customize-run-review-remediate-scans-windows-defender-antivirus.md) | [Threat remediation](configure-remediation-windows-defender-antivirus.md) | [Threat definition updates](manage-updates-baselines-windows-defender-antivirus.md)
 :-|:-|:-:|:-:|:-:|:-:|:-:
 Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Windows Defender ATP service.  | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
-Automatic disabled mode | Windows Defender AV will not be used as the antivirus app. Files will not be scanned and threats will not be remediated. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)]] 
+Automatic disabled mode | Windows Defender AV will not be used as the antivirus app. Files will not be scanned and threats will not be remediated. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] 
 Active mode | Windows Defender AV is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files will be scanned and threats remediated, and detection information will be reported in your configuration tool (such as Configuration Manager or the Windows Defender AV app on the machine itself). | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
 
 If you are enrolled in Windows Defender ATP and you are using a third party antimalware product then passive mode is enabled because [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks. 
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
index 336b74e40b..2754f9f13f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 author: jsuther1974
-ms.date: 06/14/2018
+ms.date: 07/16/2018
 ---
 
 # Microsoft recommended block rules
@@ -78,7 +78,7 @@ For October 2017, we are announcing an update to system.management.automation.dl
 
 Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet:
 
-```
+```xml
 <?xml version="1.0" encoding="utf-8" ?> 
   <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
   <VersionEx>10.0.0.0</VersionEx> 
@@ -655,7 +655,33 @@ Microsoft recommends that you block the following Microsoft-signed applications
   <Deny ID="ID_DENY_D_554" FriendlyName="PowerShellShell 554" Hash="CBD19FDB6338DB02299A3F3FFBBEBF216B18013B3377D1D31E51491C0C5F074C"/>
   <Deny ID="ID_DENY_D_555" FriendlyName="PowerShellShell 555" Hash="3A316A0A470744EB7D18339B76E786564D1E96130766A9895B2222C4066CE820"/>
   <Deny ID="ID_DENY_D_556" FriendlyName="PowerShellShell 556" Hash="68A4A1E8F4E1B903408ECD24608659B390B9E7154EB380D94ADE7FEB5EA470E7"/>
- 
+  <Deny ID="ID_DENY_D_557" FriendlyName="PowerShellShell 556" Hash="45F948AF27F4E698A8546027717901B5F70368EE"/>
+  <Deny ID="ID_DENY_D_558" FriendlyName="PowerShellShell 556" Hash="2D63C337961C6CF2660C5DB906D9070CA38BCE828584874680EC4F5097B82E30"/>
+  <Deny ID="ID_DENY_D_559" FriendlyName="PowerShellShell 556" Hash="DA4CD4B0158B774CE55721718F77ED91E3A42EB3"/>
+  <Deny ID="ID_DENY_D_560" FriendlyName="PowerShellShell 556" Hash="7D181BB7A4A0755FF687CCE34949FC6BD6FBC377E6D4883698E8B45DCCBEA140"/>
+  <Deny ID="ID_DENY_D_561" FriendlyName="PowerShellShell 556" Hash="C67D7B12BBFFD5FBD15FBD892955EA48E6F4B408"/>
+  <Deny ID="ID_DENY_D_562" FriendlyName="PowerShellShell 556" Hash="1DCAD0BBCC036B85875CC0BAF1B65027933624C1A29BE336C79BCDB00FD5467A"/>
+  <Deny ID="ID_DENY_D_563" FriendlyName="PowerShellShell 556" Hash="7D8CAB8D9663926E29CB810B42C5152E8A1E947E"/>
+  <Deny ID="ID_DENY_D_564" FriendlyName="PowerShellShell 556" Hash="2E0203370E6E5437CE2CE1C20895919F806B4E5FEBCBE31F16CB06FC5934F010"/>
+  <Deny ID="ID_DENY_D_565" FriendlyName="PowerShellShell 556" Hash="20E7156E348912C20D35BD4BE2D52C996BF5535E"/>
+  <Deny ID="ID_DENY_D_566" FriendlyName="PowerShellShell 556" Hash="EB26078544BDAA34733AA660A1A2ADE98523DAFD9D58B3995919C0E524F2FFC3"/>
+  <Deny ID="ID_DENY_D_567" FriendlyName="PowerShellShell 556" Hash="B9DD16FC0D02EA34613B086307C9DBEAC30546AF"/>
+  <Deny ID="ID_DENY_D_568" FriendlyName="PowerShellShell 556" Hash="DE5B012C4DC3FE3DD432AF9339C36EFB8D54E8864493EA2BA151F0ADBF3E338C"/>
+  <Deny ID="ID_DENY_D_569" FriendlyName="PowerShellShell 556" Hash="6397AB5D664CDB84A867BC7E22ED0789060C6276"/>
+  <Deny ID="ID_DENY_D_570" FriendlyName="PowerShellShell 556" Hash="B660F6CA0788DA18375602537095C378990E8229B11B57B092AC8A550E9C61E8"/>
+  <Deny ID="ID_DENY_D_571" FriendlyName="PowerShellShell 556" Hash="3BF717645AC3986AAD0B4EA9D196B18D05199DA9"/>
+  <Deny ID="ID_DENY_D_572" FriendlyName="PowerShellShell 556" Hash="364C227F9E57C72F9BFA652B8C1DE738AB4747D0DB68A7B899CA3EE51D802439"/>
+  <Deny ID="ID_DENY_D_573" FriendlyName="PowerShellShell 556" Hash="3A1B06680F119C03C60D12BAC682853ABE430D21"/>
+  <Deny ID="ID_DENY_D_574" FriendlyName="PowerShellShell 556" Hash="850759BCE4B66997CF84E84683A2C1980D4B498821A8AB9C3568EB298B824AE3"/>
+  <Deny ID="ID_DENY_D_575" FriendlyName="PowerShellShell 556" Hash="654C54AA3F2C74FBEB55B961FB1924A7B2737E61"/>
+  <Deny ID="ID_DENY_D_576" FriendlyName="PowerShellShell 556" Hash="B7EA81960C6EECFD2FF385890F158F5B1CB3D1E100C7157AB161B3D23DCA0389"/>
+  <Deny ID="ID_DENY_D_577" FriendlyName="PowerShellShell 556" Hash="496F793112B6BCF4B6EA16E8B2F8C3F5C1FEEB52"/>
+  <Deny ID="ID_DENY_D_578" FriendlyName="PowerShellShell 556" Hash="E430485B577774825CEF53E5125B618A2608F7BE3657BB28383E9A34FCA162FA"/>
+  <Deny ID="ID_DENY_D_579" FriendlyName="PowerShellShell 556" Hash="6EA8CEEA0D2879989854E8C86CECA26EF79F7B19"/>
+  <Deny ID="ID_DENY_D_580" FriendlyName="PowerShellShell 556" Hash="8838FE3D8E2505F3D3D8B98C64739115838A0B443BBBBFB487342F1EE7801360"/>
+  <Deny ID="ID_DENY_D_581" FriendlyName="PowerShellShell 556" Hash="28C5E53DE197E872F7E4772BF40F728F56FE3ACC"/>
+  <Deny ID="ID_DENY_D_582" FriendlyName="PowerShellShell 556" Hash="3493DAEC6EC03E56ECC4A15432C750735F75F9CB38D8779C7783B4DA956BF037"/>
+
   <!-- pubprn.vbs
   --> 
   <!-- rs2 x86fre
@@ -736,6 +762,12 @@ Microsoft recommends that you block the following Microsoft-signed applications
   --> 
   <Deny ID="ID_DENY_D_285" FriendlyName="PSWorkflowUtility 285" Hash="99382ED8FA3577DFD903C01478A79D6D90681406"/> 
   <Deny ID="ID_DENY_D_286" FriendlyName="PSWorkflowUtility 286" Hash="C3A5DAB20947CA8FD092E75C25177E7BAE7884CA58710F14827144C09EA1F94B"/> 
+
+  <!-- winrm.vbs
+  --> 
+  <Deny ID="ID_DENY_D_583" FriendlyName="Winrm 583" Hash="3FA2D2963CBF47FFD5F7F5A9B4576F34ED42E552"/> 
+  <Deny ID="ID_DENY_D_584" FriendlyName="Winrm 584" Hash="6C96E976DC47E0C99B77814E560E0DC63161C463C75FA15B7A7CA83C11720E82"/> 
+ 
   </FileRules>
   <!-- Signers
   --> 
@@ -1339,6 +1371,34 @@ Microsoft recommends that you block the following Microsoft-signed applications
   <FileRuleRef RuleID="ID_DENY_D_554"/>
   <FileRuleRef RuleID="ID_DENY_D_555"/>
   <FileRuleRef RuleID="ID_DENY_D_556"/>
+  <FileRuleRef RuleID="ID_DENY_D_557"/>
+  <FileRuleRef RuleID="ID_DENY_D_558"/>
+  <FileRuleRef RuleID="ID_DENY_D_559"/>
+  <FileRuleRef RuleID="ID_DENY_D_560"/>
+  <FileRuleRef RuleID="ID_DENY_D_561"/>
+  <FileRuleRef RuleID="ID_DENY_D_562"/>
+  <FileRuleRef RuleID="ID_DENY_D_563"/>
+  <FileRuleRef RuleID="ID_DENY_D_564"/>
+  <FileRuleRef RuleID="ID_DENY_D_565"/>
+  <FileRuleRef RuleID="ID_DENY_D_566"/>
+  <FileRuleRef RuleID="ID_DENY_D_567"/>
+  <FileRuleRef RuleID="ID_DENY_D_568"/>
+  <FileRuleRef RuleID="ID_DENY_D_569"/>
+  <FileRuleRef RuleID="ID_DENY_D_570"/>
+  <FileRuleRef RuleID="ID_DENY_D_571"/>
+  <FileRuleRef RuleID="ID_DENY_D_572"/>
+  <FileRuleRef RuleID="ID_DENY_D_573"/>
+  <FileRuleRef RuleID="ID_DENY_D_574"/>
+  <FileRuleRef RuleID="ID_DENY_D_575"/>
+  <FileRuleRef RuleID="ID_DENY_D_576"/>
+  <FileRuleRef RuleID="ID_DENY_D_577"/>
+  <FileRuleRef RuleID="ID_DENY_D_578"/>
+  <FileRuleRef RuleID="ID_DENY_D_579"/>
+  <FileRuleRef RuleID="ID_DENY_D_580"/>
+  <FileRuleRef RuleID="ID_DENY_D_581"/>
+  <FileRuleRef RuleID="ID_DENY_D_582"/>
+  <FileRuleRef RuleID="ID_DENY_D_583"/>
+  <FileRuleRef RuleID="ID_DENY_D_584"/>
   </FileRulesRef>
   </ProductSigners>
   </SigningScenario>
@@ -1347,7 +1407,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
   <CiSigners /> 
   <HvciOptions>0</HvciOptions> 
   </SiPolicy>
-
+  
   ```
 <br />
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
index 0148e43cae..d973298558 100644
--- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
@@ -43,7 +43,7 @@ You might need to control a limited number of apps because they access sensitive
 |Control only Classic Windows applications, only Universal Windows apps, or both| WDAC policies control apps by creating an allowed list of apps based on code signing certificate and\or file hash information. Because Universal Windows apps are all signed by the Windows Store, Classic Windows applications and Universal Windows apps can be controlled together. WDAC policies for Universal Windows apps can be applied only to apps that are installed on PCs that support the Microsoft Store, but Classic Windows applications can be controlled with WDAC on Windows. The rules you currently have configured for Classic Windows applications can remain, and you can create new ones for Universal Windows apps.|
 | Control apps by business group | WDAC policies can be applied through a Group Policy Object (GPO) to computer objects within an organizational unit (OU). |
 | Control apps by computer, not user | WDAC is a computer-based policy implementation. If your domain or site organizational structure is not based on a logical user structure, such as an OU, you might want to set up that structure before you begin your WDAC planning. Otherwise, you will have to identify users, their computers, and their app access requirements.|
-|Understand app usage, but there is no need to control any apps yet | WDAC policies can be set to audit app usage to help you track which apps are used in your organization. You can then use teh CodeIntegrity log in Event Viewer to create WDAC policies.|
+|Understand app usage, but there is no need to control any apps yet | WDAC policies can be set to audit app usage to help you track which apps are used in your organization. You can then use the CodeIntegrity log in Event Viewer to create WDAC policies.|
 
 ### How do you currently control app usage in your organization?
 
@@ -135,4 +135,4 @@ Because the effectiveness of application control policies is dependent on the ab
  
 ## Record your findings
 
-The next step in the process is to record and analyze your answers to the preceding questions. If WDAC is the right solution for your goals, you can set your application control policy objectives and plan your WDAC rules. 
\ No newline at end of file
+The next step in the process is to record and analyze your answers to the preceding questions. If WDAC is the right solution for your goals, you can set your application control policy objectives and plan your WDAC rules. 
diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
index 97f53bee77..af72b5b90d 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
@@ -5,8 +5,8 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
-ms.author: lizross
+author: justinha
+ms.author: justinha
 ms.date: 10/19/2017
 ---
 
diff --git a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
index 07a1453d98..dcea68cace 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
@@ -5,8 +5,8 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
-ms.author: lizross
+author: justinha
+ms.author: justinha
 ms.date: 11/07/2017
 ---
 
@@ -64,3 +64,9 @@ Answering frequently asked questions about Windows Defender Application Guard (A
 |**Q:** |I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering?|
 |**A:** |This feature is currently experimental-only and is not functional without an additional regkey provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, please contact Microsoft and we’ll work with you to enable the feature.|
 <br>
+
+| | |
+|---|----------------------------|
+|**Q:** |What is the WDAGUtilityAccount local account?|
+|**A:** |This account is part of Application Guard beginning with Windows 10 version 1709 (Fall Creators Update). This account remains disabled until Application Guard is enabled on your device. This item is integrated to the OS and is not considered as a threat/virus/malware.|
+<br>
diff --git a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md
index 1d9426c339..037fb26536 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md
@@ -5,8 +5,8 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
-ms.author: lizross
+author: justinha
+ms.author: justinha
 ms.date: 10/19/2017
 ---
 
diff --git a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
index d02f615282..413a76b74a 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
@@ -5,8 +5,8 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
-ms.author: lizross
+author: justinha
+ms.author: justinha
 ms.date: 11/09/2017
 ---
 
diff --git a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
index 620d90e502..cffffca2da 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
@@ -5,8 +5,8 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
-ms.author: lizross
+author: justinha
+ms.author: justinha
 ms.date: 10/19/2017
 ---
 
diff --git a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
index 7e437ce4b1..0fb816ceab 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
@@ -5,9 +5,9 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
-ms.author: lizross
-ms.date: 10/23/2017
+author: justinha
+ms.author: justinha
+ms.date: 07/09/2018
 ---
 
 # Windows Defender Application Guard overview
@@ -15,10 +15,8 @@ ms.date: 10/23/2017
 **Applies to:**
 - Windows 10 Enterprise edition, version 1709 or higher
 - Windows 10 Professional edition, version 1803
-
-The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks.
  
-Windows Defender Application Guard (Application Guard) is designed to help prevent old, and newly emerging attacks, to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by rendering current attack methods obsolete. 
+Windows Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by rendering current attack methods obsolete. 
 
 ## What is Application Guard and how does it work?
 Designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted.
diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md
index a8defba7ee..e0acbff6f6 100644
--- a/windows/security/threat-protection/windows-defender-atp/TOC.md
+++ b/windows/security/threat-protection/windows-defender-atp/TOC.md
@@ -1,4 +1,4 @@
-# [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md)
+# [Windows Defender Security Center](windows-defender-security-center-atp.md)
 ##Get started
 ### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md)
 ### [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md)
@@ -21,7 +21,7 @@
 ### [Run simulated attacks on machines](attack-simulations-windows-defender-advanced-threat-protection.md)
 ### [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
 ### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
-## [Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md)
+## [Understand the portal](use-windows-defender-advanced-threat-protection.md)
 ### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
 ### [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
 ### [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
@@ -72,11 +72,13 @@
 ###### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
 ###### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
 
-### [Use Automated investigation to investigate and remediate threats](automated-investigations-windows-defender-advanced-threat-protection.md)
 ### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)
 #### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
 #### [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
 
+## [Use Automated investigation to investigate and remediate threats](automated-investigations-windows-defender-advanced-threat-protection.md)
+
+## [Protect data with conditional access](conditional-access-windows-defender-advanced-threat-protection.md)
 ##API and SIEM support
 ### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md)
 #### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
@@ -165,7 +167,7 @@
 ### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
 ### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
 ### [Check service health](service-status-windows-defender-advanced-threat-protection.md)
-## [Configure Windows Defender ATP Settings](preferences-setup-windows-defender-advanced-threat-protection.md)
+## [Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md)
 
 ###General
 #### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
@@ -173,7 +175,7 @@
 #### [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
 #### [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
 #### [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
-#### [Protect data with conditional access](conditional-access-windows-defender-advanced-threat-protection.md)
+
 
 ###Permissions
 #### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
@@ -193,9 +195,9 @@
 #### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md)
 #### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md)
 
-## [Configure Windows Defender ATP time zone settings](time-settings-windows-defender-advanced-threat-protection.md)
+## [Configure Windows Defender Security Center zone settings](time-settings-windows-defender-advanced-threat-protection.md)
 
 ## [Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md)
-## [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md)
+## [Troubleshoot Windows Defender ATP service issues](troubleshoot-windows-defender-advanced-threat-protection.md)
 ### [Review events and errors on machines with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
-## [Windows Defender Antivirus compatibility with Windows Defender ATP](defender-compatibility-windows-defender-advanced-threat-protection.md)
+
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
index 28dc66fbb4..b414111b05 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@@ -71,7 +71,7 @@ When you complete the integration steps on both portals, you'll be able to see r
 ## Office 365 Threat Intelligence connection
 This feature is only available if you have an active Office 365 E5 or the Threat Intelligence add-on. For more information, see the Office 365 Enterprise E5 product page.
 
-When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into the Windows Defender ATP portal to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
+When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into Windows Defender Security Center to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
 
 >[!NOTE]
 >You'll need to have the appropriate license to enable this feature. 
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md
index 2888e97c54..2ebe1dceb6 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md
@@ -40,6 +40,9 @@ To effectively build queries that span multiple tables, you need to understand t
 | AdditionalFields | string | Additional information about the event in JSON array format |
 | AlertId | string | Unique identifier for the alert |
 | ComputerName | string | Fully qualified domain name (FQDN) of the machine |
+| ConnectedNetworks | string | Networks that the adapter is connected to. Each JSON array contains the network name, category (public, private or domain), a description, and a flag indicating if it’s connected publicly to the internet. |
+| DefaultGateways | string | Default gateway addresses in JSON array format |
+| DnsServers | string | DNS server addresses in JSON array format |
 | EventTime | datetime | Date and time when the event was recorded |
 | EventType | string | Table where the record is stored |
 | FileName | string | Name of the file that the recorded action was applied to |
@@ -64,15 +67,22 @@ To effectively build queries that span multiple tables, you need to understand t
 | InitiatingProcessSha1 | string | SHA-1 of the process (image file) that initiated the event |
 | InitiatingProcessSha256 | string | SHA-256 of the process (image file) that initiated the event. This field is usually not populated—use the SHA1 column when available. |
 | InitiatingProcessTokenElevation | string | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the process that initiated the event |
+| IPAddresses | string | JSON array containing all the IP addresses assigned to the adapter, along with their respective subnet prefix and IP address space, such as public, private, or link-local |
+| Ipv4Dhcp | string | IPv4 address of DHCP server |
+| Ipv6Dhcp | string | IPv6 address of DHCP server |
 | IsAzureADJoined | boolean | Boolean indicator of whether machine is joined to the Azure Active Directory |
 | LocalIP | string | IP address assigned to the local machine used during communication |
 | LocalPort | int | TCP port on the local machine used during communication |
 | LogonId | string | Identifier for a logon session. This identifier is unique on the same machine only between restarts. |
 | LoggedOnUsers | string | List of all users that are logged on the machine at the time of the event in JSON array format |
 | LogonType | string | Type of logon session, specifically:<br><br> - **Interactive** - User physically interacts with the machine using the local keyboard and screen<br><br> - **Remote interactive (RDP) logons** - User interacts with the machine remotely using Remote Desktop, Terminal Services, Remote Assistance, or other RDP clients<br><br> - **Network** - Session initiated when the machine is accessed using PsExec or when shared resources on the machine, such as printers and shared folders, are accessed<br><br> - **Batch** - Session initiated by scheduled tasks<br><br> - **Service** - Session initiated by services as they start<br> 
+| MacAddress | string | MAC address of the network adapter |
 | MachineGroup | string | Machine group of the machine. This group is used by role-based access control to determine access to the machine. |
 | MachineId | string | Unique identifier for the machine in the service |
 | MD5 | string | MD5 hash of the file that the recorded action was applied to |
+| NetworkAdapterName | string | Name of the network adapter |
+| NetworkAdapterStatus | string | Operational status of the network adapter. For the possible values, refer to [this enumeration](https://docs.microsoft.com/en-us/dotnet/api/system.net.networkinformation.operationalstatus?view=netframework-4.7.2). |
+| NetworkAdapterType | string | Network adapter type. For the possible values, refer to [this enumeration](https://docs.microsoft.com/en-us/dotnet/api/system.net.networkinformation.networkinterfacetype?view=netframework-4.7.2). |
 | NetworkCardIPs | string | List of all network adapters on the machine, including their MAC addresses and assigned IP addresses, in JSON array format |
 | OSArchitecture | string | Architecture of the operating system running on the machine |
 | OSBuild | string | Build version of the operating system running on the machine |
@@ -99,6 +109,7 @@ To effectively build queries that span multiple tables, you need to understand t
 | ReportId | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the ComputerName and EventTime columns. |
 | SHA1 | string | SHA-1 of the file that the recorded action was applied to |
 | SHA256 | string | SHA-256 of the file that the recorded action was applied to. This field is usually not populated—use the SHA1 column when available. |
+| TunnelingProtocol | string | Tunneling protocol, if the interface is used for this purpose, for example: <br> - Various IPv6 to IPv4 tunneling protocols (6to4, Teredo, ISATAP) <br> - VPN (PPTP, SSTP) <br> - SSH <br> **NOTE:** This field doesn’t provide full IP tunneling specifications. |
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-belowfoldlink)        
 
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
index f86299df06..538e981c02 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
@@ -134,7 +134,7 @@ These steps guide you on modifying and overwriting an existing query.
 
 The result set has several capabilities to provide you with effective investigation, including:
 
-- Columns that return entity-related objects, such as Machine name, Machine ID, File name, SHA1, User, IP, and URL, are linked to their entity pages in the Windows Defender ATP portal.
+- Columns that return entity-related objects, such as Machine name, Machine ID, File name, SHA1, User, IP, and URL, are linked to their entity pages in Windows Defender Security Center.
 - You can right-click on a cell in the result set and add a filter to your written query. The current filtering options are **include**, **exclude** or **advanced filter**, which provides additional filtering options on the cell value. These cell values are part of the row set. 
 
 ![Image of Windows Defender ATP Advanced hunting result set](images/atp-advanced-hunting-results-filter.png)
diff --git a/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
index 8f108fac32..677b25564f 100644
--- a/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
 ---
 title: Windows Defender ATP alert API fields
-description: Understand how the alert API fields map to the values in the Windows Defender ATP portal.
+description: Understand how the alert API fields map to the values in Windows Defender Security Center
 keywords: alerts, alert fields, fields, api, fields, pull alerts, rest api, request, response
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -28,7 +28,7 @@ ms.date: 10/16/2017
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink) 
 
-Understand what data fields are exposed as part of the alerts API and how they map to the Windows Defender ATP portal.
+Understand what data fields are exposed as part of the alerts API and how they map to Windows Defender Security Center.
 
 
 ##	Alert API fields and portal mapping
diff --git a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
index 0be5072e10..e948d94905 100644
--- a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
 ---
-title: Assign user access to the Windows Defender ATP portal
+title: Assign user access to Windows Defender Security Center
 description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal.
 keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
 search.product: eADQiWindows 10XVcnh
@@ -13,7 +13,7 @@ ms.localizationpriority: medium
 ms.date: 04/24/2018
 ---
 
-# Assign user access to the Windows Defender ATP portal
+# Assign user access to Windows Defender Security Center
 **Applies to:**
 
 - Windows 10 Enterprise
diff --git a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md
index 72c39bb7dd..295192756c 100644
--- a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md
@@ -30,7 +30,7 @@ There are several spaces you can explore to learn about specific information:
 
 
 There are several ways you can access the Community Center:
-- In the Windows Defender ATP portal navigation pane, select **Community center**.  A new browser tab opens and takes you to the Windows Defender ATP Tech Community page. 
+- In the Windows Defender Security Center navigation pane, select **Community center**.  A new browser tab opens and takes you to the Windows Defender ATP Tech Community page. 
 - Access the community through the [Windows Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced) page
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md
index 1443633294..432cfcfa13 100644
--- a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md
@@ -88,13 +88,13 @@ You need to make sure that all your devices are enrolled in Intune. You can use
 
 
 
-There are steps you'll need to take in the Windows Defender ATP portal, the Intune portal, and Azure AD portal.
+There are steps you'll need to take in Windows Defender Security Center, the Intune portal, and Azure AD portal.
 
 > [!NOTE] 
 > You'll need a Microsoft Intune environment, with Intune managed and Azure AD joined Windows 10 devices.
 
 Take the following steps to enable conditional access:
-- Step 1: Turn on the Microsoft Intune connection from the Windows Defender ATP portal
+- Step 1: Turn on the Microsoft Intune connection from Windows Defender Security Center
 - Step 2: Turn on the Windows Defender ATP integration in Intune
 - Step 3: Create the compliance policy in Intune
 - Step 4: Assign the policy 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
index 6854feeff6..c4633c09c3 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
 ---
 title: Configure HP ArcSight to pull Windows Defender ATP alerts
-description: Configure HP ArcSight to receive and pull alerts from the Windows Defender ATP portal.
+description: Configure HP ArcSight to receive and pull alerts from Windows Defender Security Center
 keywords: configure hp arcsight, security information and events management tools, arcsight
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
index 755d61b729..1ebb14a664 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
@@ -9,8 +9,8 @@ ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
-ms.localizationpriority: medium
-ms.date: 06/18/2018
+ms.localizationpriority: high
+ms.date: 07/16/2018
 ---
 
 # Configure alert notifications in Windows Defender ATP
@@ -24,7 +24,6 @@ ms.date: 06/18/2018
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
-
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-emailconfig-abovefoldlink)
 
 You can configure Windows Defender ATP to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity.
@@ -50,7 +49,9 @@ You can create rules that determine the machines and alert severities to send em
 2. Click **Add notification rule**.
 
 3.	Specify the General information:
-    - **Rule name**
+    - **Rule name** - Specify a name for the notification rule.
+    - **Include organization name** - Specify the customer name that appears on the email notification.
+    - **Include tenant-specific portal link** - Adds a link with the tenant ID to allow access to a specific tenant.
     - **Machines** - Choose whether to notify recipients for alerts on all machines (Global administrator role only) or on selected machine groups. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md).
     - **Alert severity** - Choose the alert severity level
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index 4d3e7b1cbb..980252189b 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -34,7 +34,7 @@ ms.date: 04/24/2018
 > To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later.
 
 ## Onboard machines using Group Policy
-1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
  
     a.  In the navigation pane, select **Settings** > **Onboarding**.
 
@@ -64,7 +64,7 @@ ms.date: 04/24/2018
 > After onboarding the machine, you can choose to run a detection test to verify that the machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md).
 
 ## Additional Windows Defender ATP configuration settings
-For each machine, you can state whether samples can be collected from the machine when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
+For each machine, you can state whether samples can be collected from the machine when a request is made through Windows Defender Security Center to submit a file for deep analysis.
 
 You can use Group Policy (GP) to configure settings, such as settings for the sample sharing used in the deep analysis feature.
 
@@ -120,7 +120,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
 > [!NOTE]
 > Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
 
-1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1.	Get the offboarding package from [Windows Defender Security Center](https://securitycenter.windows.com/):
 
     a. In the navigation pane, select **Settings** > **Offboarding**.
 
@@ -154,7 +154,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
 With Group Policy there isn’t an option to monitor deployment of policies on the machines. Monitoring can be done directly on the portal, or by using the different deployment tools.
 
 ## Monitor machines using the portal
-1.	Go to the [Windows Defender ATP portal](https://securitycenter.windows.com/).
+1.	Go to [Windows Defender Security Center](https://securitycenter.windows.com/).
 2.	Click **Machines list**.
 3.	Verify that machines are appearing.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
index 9decf3868e..83f63e9c62 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
@@ -54,7 +54,7 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre
     - **Onboard Configuration Package**: Browse and select the **WindowsDefenderATP.onboarding** file you downloaded. This file enables a setting so devices can report to the Windows Defender ATP service.
     - **Sample sharing for all files**: Allows samples to be collected, and shared with Windows Defender ATP. For example, if you see a suspicious file, you can submit it to Windows Defender ATP for deep analysis.
     - **Expedite telemetry reporting frequency**: For devices that are at high risk, enable this setting so it reports telemetry to the Windows Defender ATP service more frequently.
-    - **Offboard Configuration Package**: If you want to remove Windows Defender ATP monitoring, you can download an offboarding package from the Windows Defender ATP portal, and add it. Otherwise, skip this property.
+    - **Offboard Configuration Package**: If you want to remove Windows Defender ATP monitoring, you can download an offboarding package from Windows Defender Security Center, and add it. Otherwise, skip this property.
    
 7. Select **OK**, and **Create** to save your changes, which creates the profile.
 
@@ -62,7 +62,7 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre
 
 ### Onboard and monitor machines using the classic Intune console
 
-1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
 
     a. In the navigation pane, select **Settings** > **Onboarding**.
 
@@ -145,7 +145,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
 > [!NOTE]
 > Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
 
-1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1.	Get the offboarding package from [Windows Defender Security Center](https://securitycenter.windows.com/):
 
    a. In the navigation pane, select **Settings** > **Offboarding**.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
index ae90065fd3..71b333c546 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
@@ -24,7 +24,7 @@ ms.date: 04/24/2018
 
 
 
-Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products’ sensor data. 
+Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network. This experience leverages on a third-party security products’ sensor data. 
 
 You'll need to know the exact Linux distros and macOS X versions that are compatible with Windows Defender ATP for the integration to work. 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
index 04552bb241..cbc1b85dda 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
@@ -47,7 +47,7 @@ You can use existing System Center Configuration Manager functionality to create
 ### Onboard machines using System Center Configuration Manager
 
 
-1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
 
     a. In the navigation pane, select **Settings** > **Onboarding**.
     
@@ -70,7 +70,7 @@ You can use existing System Center Configuration Manager functionality to create
 > After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md).
 
 ### Configure sample collection settings
-For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
+For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through Windows Defender Security Center to submit a file for deep analysis.
 
 You can set a compliance rule for configuration item in System Center Configuration Manager to change the sample share setting on a machine.
 This rule should be a *remediating* compliance rule configuration item that sets the value of a registry key on targeted machines to make sure they’re complaint.
@@ -125,7 +125,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
 > [!NOTE]
 > Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
 
-1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1.	Get the offboarding package from [Windows Defender Security Center](https://securitycenter.windows.com/):
 
     a. In the navigation pane, select **Settings** >  **Offboarding**.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
index 1ccd8fbdf2..8236a40cf4 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
@@ -34,7 +34,7 @@ You can also manually onboard individual machines to Windows Defender ATP. You m
 > The script has been optimized to be used on a limited number of machines (1-10 machines). To deploy to scale, use other deployment options. For more information on using other deployment options, see [Onboard Window 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
 
 ## Onboard machines 
-1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
 
     a.  In the navigation pane, select **Settings** > **Onboarding**.
 
@@ -66,7 +66,7 @@ For information on how you can manually validate that the machine is compliant a
 > After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
 
 ## Configure sample collection settings
-For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
+For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through Windows Defender Security Center to submit a file for deep analysis.
 
 You can manually configure the sample sharing setting on the machine by using *regedit* or creating and running a *.reg* file.  
 
@@ -92,7 +92,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
 > [!NOTE]
 > Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
 
-1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1.	Get the offboarding package from [Windows Defender Security Center](https://securitycenter.windows.com/):
 
     a.  In the navigation pane, select **Settings** > **Offboarding**.
 
@@ -126,7 +126,7 @@ You can follow the different verification steps in the [Troubleshoot onboarding
 Monitoring can also be done directly on the portal, or by using the different deployment tools.
 
 ### Monitor machines using the portal
-1.	Go to the Windows Defender ATP portal.
+1.	Go to Windows Defender Security Center.
 
 2.	Click **Machines list**.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
index c26f608d94..7f15b0fc5c 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
@@ -38,7 +38,7 @@ You can onboard VDI machines using a single entry or multiple entries for each m
 >[!WARNING]
 > For environments where there are low resource configurations, the VDI boot proceedure might slow the Windows Defender ATP sensor onboarding. 
 
-1.  Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1.  Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
 
     a.  In the navigation pane, select **Settings** > **Onboarding**.
 
@@ -78,8 +78,8 @@ You can onboard VDI machines using a single entry or multiple entries for each m
 
       d. Logon to machine with another user.
       
-      e. **For single entry for each machine**: Check only one entry in the Windows Defender ATP portal.<br>
-    **For multiple entries for each machine**: Check multiple entries in the Windows Defender ATP portal.
+      e. **For single entry for each machine**: Check only one entry in Windows Defender Security Center.<br>
+    **For multiple entries for each machine**: Check multiple entries in Windows Defender Security Center.
 
 7. Click **Machines list** on the Navigation pane.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
index 1866f253bb..c0ae298a7a 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 04/24/2018
+ms.date: 07/12/2018
 ---
 
 # Onboard Windows 10 machines
@@ -27,7 +27,7 @@ ms.date: 04/24/2018
 
 Machines in your organization must be configured so that the Windows Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the machines in your organization.
 
-Windows Defender ATP supports the following deployment tools and methods:
+The following deployment tools and methods are supported:
 
 - Group Policy
 - System Center Configuration Manager
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
index 0941965015..22fd6a1f44 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
@@ -91,9 +91,9 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec
 Service location | Microsoft.com DNS record
 :---|:---
 Common URLs for all locations | ```*.blob.core.windows.net``` <br>```crl.microsoft.com```<br> ```ctldl.windowsupdate.com``` <br>```events.data.microsoft.com```
-US | ```us.vortex-win.data.microsoft.com```<br> ```us-v20.events.data.microsoft.com```<br>```winatp-gw-cus.microsoft.com``` <br>```winatp-gw-eus.microsoft.com```
-Europe | ```eu.vortex-win.data.microsoft.com```<br>```eu-v20.events.data.microsoft.com```<br>```winatp-gw-neu.microsoft.com```<br>```winatp-gw-weu.microsoft.com```
-UK | ```uk.vortex-win.data.microsoft.com``` <br>```uk-v20.events.data.microsoft.com```<br>```winatp-gw-uks.microsoft.com```<br>```winatp-gw-ukw.microsoft.com```
+European Union | ```eu.vortex-win.data.microsoft.com```<br>```eu-v20.events.data.microsoft.com```<br>```winatp-gw-neu.microsoft.com```<br>```winatp-gw-weu.microsoft.com```
+United Kingdom | ```uk.vortex-win.data.microsoft.com``` <br>```uk-v20.events.data.microsoft.com```<br>```winatp-gw-uks.microsoft.com```<br>```winatp-gw-ukw.microsoft.com```
+United States | ```us.vortex-win.data.microsoft.com```<br> ```us-v20.events.data.microsoft.com```<br>```winatp-gw-cus.microsoft.com``` <br>```winatp-gw-eus.microsoft.com```
 
 
 If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP  sensor is connecting from system context, make sure anonymous traffic is permitted in the above listed URLs.
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
index e174b920d6..5947c3167a 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
@@ -27,7 +27,7 @@ ms.date: 05/08/2018
 
 Windows Defender ATP extends support to also include the Windows Server operating system, providing advanced attack detection and investigation capabilities, seamlessly through the Windows Defender Security Center console.
 
-Windows Defender ATP supports the onboarding of the following servers:
+The service supports the onboarding of the following servers:
 - Windows Server 2012 R2
 - Windows Server 2016
 - Windows Server, version 1803
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
index a7014a264b..f499b17917 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
@@ -57,6 +57,6 @@ Topic | Description
 [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)| Learn about enabling the SIEM integration feature in the **Settings** page in the portal so that you can use and generate the required information to configure supported SIEM tools.
 [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to pull Windows Defender ATP alerts.
 [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Windows Defender ATP alerts.
-[Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) | Understand what data fields are exposed as part of the alerts API and how they map to the Windows Defender ATP portal.
+[Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) | Understand what data fields are exposed as part of the alerts API and how they map to Windows Defender Security Center.
 [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) | Use the Client credentials OAuth 2.0 flow to pull alerts from Windows Defender ATP using REST API.
 [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) | Address issues you might encounter when using the SIEM integration feature.
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
index 922db1acba..ed37cdaedb 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
 ---
 title: Configure Splunk to pull Windows Defender ATP alerts
-description: Configure Splunk to receive and pull alerts from the Windows Defender ATP portal.
+description: Configure Splunk to receive and pull alerts from Windows Defender Security Center.
 keywords: configure splunk, security information and events management tools, splunk
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
diff --git a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
index 4274ab7f39..43933756ec 100644
--- a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
@@ -135,7 +135,7 @@ Content-Type: application/json;
 }
 ```
 
-The following values correspond to the alert sections surfaced on the Windows Defender ATP portal:
+The following values correspond to the alert sections surfaced on Windows Defender Security Center:
 ![Image of alert from the portal](images/atp-custom-ti-mapping.png)
 
 Highlighted section | JSON key name
diff --git a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
index fbed5c3ef2..b4de052320 100644
--- a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 06/13/2018
+ms.date: 07/05/2018
 ---
 
 # Windows Defender ATP data storage and privacy
@@ -51,7 +51,7 @@ In all scenarios, data is encrypted using 256-bit [AES encyption](https://en.wik
 
 ## Do I have the flexibility to select where to store my data?
 
-When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in the European Union, the United Kingdom, or the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Customer data in de-identified form may also be stored in the central storage and processing systems in the United States.
+When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in the European Union, the United Kingdom, or the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Customer data in pseudonymized form may also be stored in the central storage and processing systems in the United States.
 
 ## Is my data isolated from other customer data?
 Yes, your data is isolated through access authentication and logical segregation based on customer identifier. Each customer can only access data collected from its own organization and generic data that Microsoft provides.
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
index b77656d1fc..1d1154af3b 100644
--- a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
@@ -27,7 +27,7 @@ ms.date: 04/24/2018
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablecustomti-abovefoldlink) 
 
-Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through the Windows Defender ATP portal.
+Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through Windows Defender Security Center.
 
 1. In the navigation pane, select **Settings** >  **Threat intel**.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
index 6ad34e8a8f..44e55b2b9b 100644
--- a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
@@ -27,7 +27,7 @@ ms.date: 04/24/2018
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) 
 
-Enable security information and event management (SIEM) integration so you can pull alerts from the Windows Defender ATP portal using your SIEM solution or by connecting directly to the alerts REST API.
+Enable security information and event management (SIEM) integration so you can pull alerts from Windows Defender Security Center using your SIEM solution or by connecting directly to the alerts REST API.
 
 1. In the navigation pane, select **Settings** > **SIEM**.
 
@@ -55,7 +55,7 @@ Enable security information and event management (SIEM) integration so you can p
   > [!NOTE]
   > You'll need to generate a new Refresh token every 90 days. 
 
-You can now proceed with configuring your SIEM solution or connecting to the alerts REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive alerts from the Windows Defender ATP portal.
+You can now proceed with configuring your SIEM solution or connecting to the alerts REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive alerts from Windows Defender Security Center.
 
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
index 20d32432c5..137a1b8070 100644
--- a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
@@ -139,7 +139,7 @@ This step will guide you in simulating an event in connection to a malicious IP
 ## Step 4: Explore the custom alert in the portal
 This step will guide you in exploring the custom alert in the portal.
 
-1.	Open the [Windows Defender ATP portal](http://securitycenter.windows.com/) on a browser.
+1.	Open [Windows Defender Security Center](http://securitycenter.windows.com/) on a browser.
 
 2.	Log in with your Windows Defender ATP credentials.
 
@@ -148,7 +148,7 @@ This step will guide you in exploring the custom alert in the portal.
     ![Image of sample custom ti alert in the portal](images/atp-sample-custom-ti-alert.png)
 
 > [!NOTE]
-> There is a latency time of approximately 20 minutes between the the time a custom TI is introduced and when it becomes effective.
+> There is a latency time of approximately 20 minutes between the time a custom TI is introduced and when it becomes effective.
 
 ## Related topics
 - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
index e0888ae096..8d04e19940 100644
--- a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
@@ -37,7 +37,7 @@ An inactive machine is not necessarily flagged due to an issue. The following ac
 If the machine has not been in use for more than 7 days for any reason, it will remain in an ‘Inactive’ status in the portal.
 
 **Machine was reinstalled or renamed**</br>
-A reinstalled or renamed machine will generate a new machine entity in Windows Defender ATP portal. The previous machine entity will remain with an ‘Inactive’ status in the portal. If you reinstalled a machine and deployed the Windows Defender ATP package, search for the new machine name to verify that the machine is reporting normally.
+A reinstalled or renamed machine will generate a new machine entity in Windows Defender Security Center. The previous machine entity will remain with an ‘Inactive’ status in the portal. If you reinstalled a machine and deployed the Windows Defender ATP package, search for the new machine name to verify that the machine is reporting normally.
 
 **Machine was offboarded**</br>
 If the machine was offboarded it will still appear in machines list. After 7 days, the machine health state should change to inactive.
diff --git a/windows/security/threat-protection/windows-defender-atp/images/WDATP-components.png b/windows/security/threat-protection/windows-defender-atp/images/WDATP-components.png
new file mode 100644
index 0000000000..51f4335265
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/WDATP-components.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/components.png b/windows/security/threat-protection/windows-defender-atp/images/components.png
index 04ab864727..0ddc52f5d3 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/components.png and b/windows/security/threat-protection/windows-defender-atp/images/components.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/wdatp-pillars.png b/windows/security/threat-protection/windows-defender-atp/images/wdatp-pillars.png
new file mode 100644
index 0000000000..06ad5e6ed2
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/wdatp-pillars.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/wdatp-pillars2.png b/windows/security/threat-protection/windows-defender-atp/images/wdatp-pillars2.png
new file mode 100644
index 0000000000..60725244e5
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/wdatp-pillars2.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
index ee311f4d0e..778f8d48b4 100644
--- a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
@@ -50,9 +50,9 @@ To gain access into which licenses are provisioned to your company, and to check
 
    ![Image of O365 admin portal](images\atp-O365-admin-portal-customer.png)
 
-## Access the Windows Defender ATP portal for the first time
+## Access Windows Defender Security Center for the first time
 
-When accessing the [Windows Defender ATP portal](https://SecurityCenter.Windows.com) for the first time there will be a setup wizard that will guide you through some initial steps. At the end of the setup wizard there will be a dedicated cloud instance of Windows Defender ATP created.
+When accessing [Windows Defender Security Center](https://SecurityCenter.Windows.com) for the first time there will be a setup wizard that will guide you through some initial steps. At the end of the setup wizard there will be a dedicated cloud instance of Windows Defender ATP created.
 
 1. Each time you access the portal you will need to validate that you are authorized to access the product. This **Set up your permissions** step will only be available if you are not currently authorized to access the product.
 
@@ -64,7 +64,7 @@ When accessing the [Windows Defender ATP portal](https://SecurityCenter.Windows.
 
 	![Image of Welcome screen for portal set up](images\atp-portal-welcome-screen.png)
 
-	You will need to set up your preferences for the Windows Defender ATP portal.
+	You will need to set up your preferences for Windows Defender Security Center.
 
 3. When onboarding the service for the first time, you can choose to store your data in the Microsoft Azure datacenters in the European Union, the United Kingdom, or the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation.
 
@@ -108,11 +108,11 @@ When accessing the [Windows Defender ATP portal](https://SecurityCenter.Windows.
 8. You will receive a warning notifying you that you won't be able to change some of your preferences once you click **Continue**.
 
 	> [!NOTE]
-	> Some of these options can be changed at a later time in the Windows Defender ATP portal.
+	> Some of these options can be changed at a later time in Windows Defender Security Center.
 
 	![Image of final preference set up](images\atp-final-preference-setup.png)
 
-9. A dedicated cloud instance of the Windows Defender ATP portal is being created at this time. This step will take an average of 5 minutes to complete.
+9. A dedicated cloud instance of Windows Defender Security Center portal is being created at this time. This step will take an average of 5 minutes to complete.
 
 	![Image of Windows Defender ATP cloud instance](images\atp-windows-cloud-instance-creation.png)
 
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index 7f2592ffce..4860f91956 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -57,7 +57,7 @@ Whenever a change or comment is made to an alert, it is recorded in the **Commen
 Added comments instantly appear on the pane.
 
 ## Suppress alerts
-There might be scenarios where you need to suppress alerts from appearing in the Windows Defender ATP portal. Windows Defender ATP lets you create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization. 
+There might be scenarios where you need to suppress alerts from appearing in Windows Defender Security Center. Windows Defender ATP lets you create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization. 
 
 Suppression rules can be created from an existing alert. They can be disabled and reenabled if needed.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
index 0316cfd397..2c3da444dd 100644
--- a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -9,8 +9,8 @@ ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
-ms.localizationpriority: medium
-ms.date: 06/15/2018
+ms.localizationpriority: high
+ms.date: 07/01/2018
 ---
 
 # Minimum requirements for Windows Defender ATP
@@ -23,17 +23,11 @@ ms.date: 06/15/2018
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
-
 There are some minimum requirements for onboarding machines to the service.
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-minreqs-abovefoldlink)
 
-## Minimum requirements
-You must be on Windows 10, version 1607 at a minimum.
-For more information, see [Windows 10 Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/buy).
-
-### Licensing requirements
+## Licensing requirements
 Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
 
 - Windows 10 Enterprise E5
@@ -42,105 +36,7 @@ Windows Defender Advanced Threat Protection requires one of the following Micros
 
 For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2).
 
-### Browser requirements
-Internet Explorer and Microsoft Edge are supported. Any HTML5 compliant browsers are also supported. 
-
-### Network and data storage and configuration requirements
-When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.
-
-> [!NOTE]
-> -   You cannot change your data storage location after the first-time setup.
-> -   Review the [Windows Defender ATP data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) for more information on where and how Microsoft stores your data.
-
-### Hardware and software requirements
-
-The Windows Defender ATP agent only supports the following editions of Windows 10:
-
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
-
-Machines on your network must be running one of these editions.
-
-The hardware requirements for Windows Defender ATP on machines is the same as those for the supported editions.
-
-> [!NOTE]
-> Machines that are running mobile versions of Windows are not supported.
-
-#### Internet connectivity
-Internet connectivity on machines is required either directly or through proxy.
-
-The Windows Defender ATP sensor can utilize a daily average bandwidth of 5MB to communicate with the Windows Defender ATP cloud service and report cyber data.
-
-For more information on additional proxy configuration settings see, [Configure machine proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) .
-
-Before you onboard machines, the diagnostic data service must be enabled. The service is enabled by default in Windows 10.
-
-<span id="telemetry-and-diagnostics-settings" />
-### Diagnostic data settings
-You must ensure that the diagnostic data service is enabled on all the machines in your organization.
-By default, this service is enabled, but it's good practice to check to ensure that you'll get sensor data from them.
-
-**Use the command line to check the Windows 10 diagnostic data service startup type**:
-
-1.  Open an elevated command-line prompt on the machine:
-
-  a.  Go to **Start** and type **cmd**.
-
-  b.  Right-click **Command prompt** and select **Run as administrator**.
-
-2.  Enter the following command, and press **Enter**:
-
-    ```text
-    sc qc diagtrack
-    ```
-
-If the service is enabled, then the result should look like the following screenshot:
-
-![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png)
-
-If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the service to automatically start.
-
-
-
-**Use the command line to set the Windows 10 diagnostic data service to automatically start:**
-
-1.  Open an elevated command-line prompt on the endpoint:
-
-	  a. Go to **Start** and type **cmd**.
-
-    b. Right-click **Command prompt** and select **Run as administrator**.
-
-2.  Enter the following command, and press **Enter**:
-
-    ```text
-    sc config diagtrack start=auto
-    ```
-
-3.  A success message is displayed. Verify the change by entering the following command, and press **Enter**:
-
-    ```text
-    sc qc diagtrack
-    ```
-
-## Windows Defender Antivirus signature updates are configured
-The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. 
-
-You must configure the signature updates on the Windows Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
-
-When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy.
-
-Depending on the server version you're onboarding, you might need to configure a Group Policy setting to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md).
-
-For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
-
-## Windows Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
-If you're running Windows Defender Antivirus as the primary antimalware product on your machines, the Windows Defender ATP agent will successfully onboard.
-
-If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy).
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=technet-wd-atp-minreq-belowfoldlink1)
 
 ## Related topic
 - [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md)
+- [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
index 1c84acc786..97d408e645 100644
--- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
@@ -9,8 +9,8 @@ ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
-ms.localizationpriority: medium
-ms.date: 06/19/2018
+ms.localizationpriority: high
+ms.date: 07/01/2018
 ---
 
 # Onboard machines to the Windows Defender ATP service
@@ -18,14 +18,14 @@ ms.date: 06/19/2018
 **Applies to:**
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
-
 You need to onboard machines to Windows Defender ATP before you can use the service.
 
 For more information, see [Onboard your Windows 10 machines to Windows Defender ATP](https://www.youtube.com/watch?v=JT7VGYfeRlA&feature=youtu.be).
 
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
+
 ## Licensing requirements
 Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
 
@@ -60,11 +60,77 @@ The hardware requirements for Windows Defender ATP on machines is the same as th
 
 
 ### Other supported operating systems
+-  macOSX
+-  Linux
+
 >[!NOTE]
 >You'll need to know the exact Linux distros and macOS X versions that are compatible with Windows Defender ATP for the integration to work. 
 
--  macOS X
--  Linux
+
+### Network and data storage and configuration requirements
+When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.
+
+> [!NOTE]
+> -   You cannot change your data storage location after the first-time setup.
+> -   Review the [Windows Defender ATP data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) for more information on where and how Microsoft stores your data.
+
+<span id="telemetry-and-diagnostics-settings" />
+### Diagnostic data settings
+You must ensure that the diagnostic data service is enabled on all the machines in your organization.
+By default, this service is enabled, but it's good practice to check to ensure that you'll get sensor data from them.
+
+**Use the command line to check the Windows 10 diagnostic data service startup type**:
+
+1.  Open an elevated command-line prompt on the machine:
+
+  a.  Go to **Start** and type **cmd**.
+
+  b.  Right-click **Command prompt** and select **Run as administrator**.
+
+2.  Enter the following command, and press **Enter**:
+
+    ```text
+    sc qc diagtrack
+    ```
+
+If the service is enabled, then the result should look like the following screenshot:
+
+![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png)
+
+If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the service to automatically start.
+
+
+
+**Use the command line to set the Windows 10 diagnostic data service to automatically start:**
+
+1.  Open an elevated command-line prompt on the endpoint:
+
+	  a. Go to **Start** and type **cmd**.
+
+    b. Right-click **Command prompt** and select **Run as administrator**.
+
+2.  Enter the following command, and press **Enter**:
+
+    ```text
+    sc config diagtrack start=auto
+    ```
+
+3.  A success message is displayed. Verify the change by entering the following command, and press **Enter**:
+
+    ```text
+    sc qc diagtrack
+    ```
+
+
+
+#### Internet connectivity
+Internet connectivity on machines is required either directly or through proxy.
+
+The Windows Defender ATP sensor can utilize a daily average bandwidth of 5MB to communicate with the Windows Defender ATP cloud service and report cyber data.
+
+For more information on additional proxy configuration settings see, [Configure machine proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) .
+
+Before you onboard machines, the diagnostic data service must be enabled. The service is enabled by default in Windows 10.
 
 
 ## Windows Defender Antivirus configuration requirement
@@ -79,14 +145,19 @@ If you are onboarding servers and Windows Defender Antivirus is not the active a
 
 For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
 
+## Windows Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
+If you're running Windows Defender Antivirus as the primary antimalware product on your machines, the Windows Defender ATP agent will successfully onboard.
+
+If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy).
+
 
 ## In this section
 Topic | Description
 :---|:---
-[Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to onboard machines for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure machines in your enterprise.
 [Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md)| Onboard Windows 7 and Windows 8.1 machines to Windows Defender ATP. 
-[Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) |  Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP. 
-[Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data. 
+[Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to onboard machines for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure machines in your enterprise.
+[Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) |  Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP 
+[Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network. This experience leverages on a third-party security products' sensor data. 
 [Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) | Run a script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service.
 [Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings.
 [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) | Learn about resolving issues that might arise during onboarding.
diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
index f663a3e628..46f931e363 100644
--- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
@@ -60,7 +60,7 @@ Review the following details to verify minimum system requirements:
   >[!NOTE]
   >Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
 
-- Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in you environment with Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-concept-hybrid#prerequisites)
+- Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in your environment with Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-concept-hybrid#prerequisites)
 
 1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604).
 
diff --git a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
index ebbbabf5d5..bbee7b2a62 100644
--- a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Defender Advanced Threat Protection portal overview
-description: Use the Windows Defender ATP portal to monitor your enterprise network and assist in responding to alerts to potential advanced persistent threat (APT) activity or data breaches.
-keywords: Windows Defender ATP portal, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines list, settings, machine management, advanced attacks
+description: Use Windows Defender Security Center to monitor your enterprise network and assist in responding to alerts to potential advanced persistent threat (APT) activity or data breaches.
+keywords: Windows Defender Security Center, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines list, settings, machine management, advanced attacks
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -27,14 +27,14 @@ ms.date: 04/24/2018
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) 
 
-Enterprise security teams can use the Windows Defender ATP portal to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches.
+Enterprise security teams can use Windows Defender Security Center to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches.
 
-You can use the [Windows Defender ATP portal](https://securitycenter.windows.com/) to:
+You can use [Windows Defender Security Center](https://securitycenter.windows.com/) to:
 - View, sort, and triage alerts from your endpoints
 - Search for more information on observed indicators such as files and IP Addresses
 - Change Windows Defender ATP settings, including time zone and review licensing information.
 
-## Windows Defender ATP portal
+## Windows Defender Security Center
 When you open the portal, you’ll see the main areas of the application:
 
  ![Windows Defender Advanced Threat Protection portal](images/dashboard.png)
diff --git a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
index c31724c417..ee949dfc75 100644
--- a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
@@ -35,7 +35,7 @@ You can easily get started by:
 - Creating a dashboard on the Power BI service 
 - Building a custom dashboard on Power BI Desktop and tweaking it to fit the visual analytics and reporting requirements of your organization 
 
-You can access these options from the Windows Defender ATP portal. Both the Power BI service and Power BI Desktop are supported. 
+You can access these options from Windows Defender Security Center. Both the Power BI service and Power BI Desktop are supported. 
 
 ## Create a Windows Defender ATP dashboard on Power BI service
 Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. 
diff --git a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
index a9f374c00d..769e84dfb8 100644
--- a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
 ---
-title: Configure Windows Defender ATP settings
+title: Configure Windows Defender Security Center settings
 description: Use the settings page to configure general settings, permissions, apis, and rules.
 keywords: settings, general settings, permissions, apis, rules
 search.product: eADQiWindows 10XVcnh
@@ -12,7 +12,7 @@ author: mjcaparas
 ms.localizationpriority: medium
 ms.date: 04/24/2018
 ---
-# Configure Windows Defender ATP settings
+# Configure Windows Defender Security Center settings
 
 **Applies to:**
 
diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
index e3ead52979..aab70fb694 100644
--- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
 ---
 title: Pull Windows Defender ATP alerts using REST API
-description: Pull alerts from the Windows Defender ATP portal REST API.
+description: Pull alerts from Windows Defender ATP REST API.
 keywords: alerts, pull alerts, rest api, request, response
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
diff --git a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md
index 0fc53246c7..6c6e1ced73 100644
--- a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
 ---
-title: Use role-based access control to grant fine-grained access to the Windows Defender ATP portal
+title: Use role-based access control to grant fine-grained access to Windows Defender Security Center
 description: Create roles and groups within your security operations to grant access to the portal.
 keywords: rbac, role, based, access, control, groups, control, tier, aad
 search.product: eADQiWindows 10XVcnh
@@ -57,12 +57,12 @@ Before using RBAC, it's important that you understand the roles that can grant p
 > [!WARNING]
 > Before enabling the feature, it's important that you have a Global Administrator role or Security Administrator role in Azure AD and that you have your Azure AD groups ready to reduce the risk of being locked out of the portal. 
 
-When you first log in to the Windows Defender ATP portal, you're granted either full access or read only access. Full access rights are granted to users with Security Administrator or Global Administrator roles in Azure AD. Read only access is granted to users with a Security Reader role in Azure AD. 
+When you first log in to Windows Defender Security Center, you're granted either full access or read only access. Full access rights are granted to users with Security Administrator or Global Administrator roles in Azure AD. Read only access is granted to users with a Security Reader role in Azure AD. 
 
 Someone with a Windows Defender ATP Global administrator role has unrestricted access to all machines, regardless of their machine group association and the Azure AD user groups assignments
 
 > [!WARNING]
-> Initially, only those with Azure AD Global Administrator or Security Administrator rights will be able to create and assign roles in the Windows Defender ATP portal, therefore, having the right groups ready in Azure AD is important.
+> Initially, only those with Azure AD Global Administrator or Security Administrator rights will be able to create and assign roles in Windows Defender Security Center, therefore, having the right groups ready in Azure AD is important.
 >
 > **Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Azure AD Security reader role) to lose access until they are assigned to a role.** 
 >
diff --git a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md
index c3aaebae19..47815df570 100644
--- a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md
@@ -326,7 +326,7 @@ For a machine to be considered "well configured", it must comply to a minimum ba
 Machines are considered "well configured" for Windows Defender Credential Guard if the following requirements are met:
 
 - Hardware and software prerequisites are met
-- Windows Defender Credential Guard is turned on on compatible machines
+- Windows Defender Credential Guard is turned on compatible machines
 
 
 ##### Recommended actions:
diff --git a/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md
index 36a1a0a80b..e9cb11bc67 100644
--- a/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: Windows Defender Advanced Threat Protection time zone settings
+title: Windows Defender Security Center time zone settings
 description: Use the menu to configure the time zone and view license information.
-keywords: Windows Defender ATP settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license
+keywords: settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -13,7 +13,7 @@ ms.localizationpriority: medium
 ms.date: 02/13/2018
 ---
 
-# Windows Defender Advanced Threat Protection time zone settings
+# Windows Defender Security Center time zone settings
 
 **Applies to:**
 
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
index 7bc886f9c7..ef5f861a65 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
@@ -29,11 +29,11 @@ ms.date: 11/28/2017
 
 This page provides detailed steps to troubleshoot issues that might occur when setting up your Windows Defender ATP service.
 
-If you receive an error message, the Windows Defender ATP portal will provide a detailed explanation on what the issue is and relevant links will be supplied.
+If you receive an error message, Windows Defender Security Center will provide a detailed explanation on what the issue is and relevant links will be supplied.
 
 ## No subscriptions found
 
-If while accessing the Windows Defender ATP portal you get a **No subscriptions found** message, it means the Azure Active Directory (AAD) used to login the user to the portal, does not have a Windows Defender ATP license.
+If while accessing Windows Defender Security Center you get a **No subscriptions found** message, it means the Azure Active Directory (AAD) used to login the user to the portal, does not have a Windows Defender ATP license.
 
 Potential reasons:
 - The Windows E5 and Office E5 licenses are separate licenses.
@@ -48,7 +48,7 @@ For both cases you should contact Microsoft support at [General Windows Defender
 
 ## Your subscription has expired
 
-If while accessing the Windows Defender ATP portal you get a **Your subscription has expired** message, your online service subscription has expired. Windows Defender ATP subscription, like any other online service subscription, has an expiration date. 
+If while accessing Windows Defender Security Center you get a **Your subscription has expired** message, your online service subscription has expired. Windows Defender ATP subscription, like any other online service subscription, has an expiration date. 
 
 You can choose to renew or extend the license at any point in time. When accessing the portal after the expiration date a **Your subscription has expired** message will be presented with an option to download the machine offboarding package, should you choose to not renew the license.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
index 6a78b01173..37aca9ce88 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
 ---
-title: Troubleshoot Windows Defender Advanced Threat Protection
+title: Troubleshoot Windows Defender Advanced Threat Protection service issues
 description: Find solutions and work arounds to known issues such as server errors when trying to access the service.
 keywords: troubleshoot Windows Defender Advanced Threat Protection, troubleshoot Windows ATP, server error, access denied, invalid credentials, no data, dashboard portal, whitelist, event viewer
 search.product: eADQiWindows 10XVcnh
@@ -10,17 +10,12 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 10/23/2017
+ms.date: 07/12/2017
 ---
 
-# Troubleshoot Windows Defender Advanced Threat Protection
+# Troubleshoot service issues
 
 **Applies to:**
-
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
@@ -32,7 +27,7 @@ If you encounter a server error when trying to access the service, you’ll need
 Configure your browser to allow cookies.
 
 ### Elements or data missing on the portal
-If some UI elements or data is missing on the Windows Defender ATP portal it’s possible that proxy settings are blocking it.
+If some UI elements or data is missing on Windows Defender Security Center it’s possible that proxy settings are blocking it.
 
 Make sure that `*.securitycenter.windows.com` is included the proxy whitelist.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
index f394f62b34..b8fed131a5 100644
--- a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
@@ -36,7 +36,7 @@ You can use the code examples to guide you in creating calls to the custom threa
 Topic | Description
 :---|:---
 [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) |  Understand the concepts around threat intelligence so that you can effectively create custom intelligence for your organization.
-[Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) | Set up the custom threat intelligence application through the Windows Defender ATP portal so that you can create custom threat intelligence (TI) using REST API.
+[Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) | Set up the custom threat intelligence application through Windows Defender Security Center so that you can create custom threat intelligence (TI) using REST API.
 [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) | Create custom threat intelligence alerts so that you can generate specific alerts that are applicable to your organization.
 [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) | Use the PowerShell code examples to guide you in using the custom threat intelligence API.
 [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) | Use the Python code examples to guide you in using the custom threat intelligence API.
diff --git a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
index e875c22f43..07cec03da7 100644
--- a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
 ---
 title: Use the Windows Defender Advanced Threat Protection portal
-description: Learn about the features on Windows Defender ATP portal, including how alerts work, and suggestions on how to investigate possible breaches and attacks.
+description: Learn about the features on Windows Defender Security Center, including how alerts work, and suggestions on how to investigate possible breaches and attacks.
 keywords: dashboard, alerts queue, manage alerts, investigation, investigate alerts, investigate machines, submit files, deep analysis, high, medium, low, severity, ioc, ioa
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -27,7 +27,7 @@ ms.date: 03/12/2018
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-usewdatp-abovefoldlink) 
 
-You can use the Windows Defender ATP portal to carry out an end-to-end security breach investigation through the dashboards.
+You can use Windows Defender Security Center to carry out an end-to-end security breach investigation through the dashboards.
 
 Use the **Security operations** dashboard to gain insight on the various alerts on machines and users in your network.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
index ee4cd6878f..07eee21200 100644
--- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
 ---
-title: Windows Defender Advanced Threat Protection 
-description: Windows Defender Advanced Threat Protection is an enterprise security service that helps detect and respond to possible cybersecurity threats related to advanced persistent threats.
+title: Windows Defender Advanced Threat Protection
+description: Windows Defender Advanced Threat Protection is an enterprise security platform that helps secops to prevent, detect, investigate, and respond to possible cybersecurity threats related to advanced persistent threats.
 keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -9,18 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
-ms.localizationpriority: medium
-ms.date: 04/24/2018
+ms.localizationpriority: high
+ms.date: 07/12/2018
 ---
 
 # Windows Defender Advanced Threat Protection
 
 **Applies to:**
-
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
@@ -29,78 +24,22 @@ ms.date: 04/24/2018
 >
 >For more info about Windows 10 Enterprise Edition features and functionality, see [Windows 10 Enterprise edition](https://www.microsoft.com/WindowsForBusiness/buy).
 
-Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks.
+Windows Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
 
-Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see [Windows Defender ATP for Windows 10 Creators Update](https://technet.microsoft.com/en-au/windows/mt782787).
+To help you maximize the effectiveness of the security platform, you can configure individual capabilities that surface in Windows Defender Security Center. 
 
-Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
-
--   **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors
-    collect and process behavioral signals from the operating system
-    (for example, process, registry, file, and network communications)
-    and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP.
-
-
--   **Cloud security analytics**: Leveraging big-data, machine-learning, and
-    unique Microsoft optics across the Windows ecosystem (such as the
-    [Microsoft Malicious Software Removal Tool](https://www.microsoft.com/en-au/download/malicious-software-removal-tool-details.aspx),
-    enterprise cloud products (such as Office 365), and online assets
-    (such as Bing and SmartScreen URL reputation), behavioral signals
-    are translated into insights, detections, and recommended responses
-    to advanced threats.
-
--   **Threat intelligence**: Generated by Microsoft hunters, security teams,
-    and augmented by threat intelligence provided by partners, threat
-    intelligence enables Windows Defender ATP to identify attacker
-    tools, techniques, and procedures, and generate alerts when these
-    are observed in collected sensor data.
-
-    ![Windows Defender ATP service component](images/components.png)
-
-Machine investigation capabilities in this service let you drill down
-into security alerts and understand the scope and nature of a potential
-breach. You can submit files for deep analysis and receive the results
-without leaving the [Windows Defender ATP portal](https://securitycenter.windows.com). The automated investigation and remediation capability reduces the volume of alerts by leveraging various inspection algorithms to resolve breaches.
-
-Windows Defender ATP works with existing Windows security technologies
-on machines, such as Windows Defender Antivirus, AppLocker, and Windows Defender Device Guard. It
-can also work side-by-side with third-party security solutions and
-antimalware products.
-
-Windows Defender ATP leverages Microsoft technology and expertise to
-detect sophisticated cyber-attacks, providing:
-
-- Behavior-based, cloud-powered, advanced attack detection
-
-    Finds the attacks that made it past all other defenses (post breach detection), provides actionable, correlated alerts for known and unknown adversaries trying to hide their activities on machines.
-
-- Rich timeline for forensic investigation and mitigation
-
-    Easily investigate the scope of breach or suspected behaviours on any machine through a rich machine timeline. File, URLs, and network connection inventory across the network. Gain additional insight using deep collection and analysis (“detonation”) for any file or URLs.
-
-- Built in unique threat intelligence knowledge base
-
-    Unparalleled threat optics provides actor details and intent context for every threat intel-based detection – combining first and third-party intelligence sources.
-
-- Automated investigation and remediation
-
-    Significantly reduces alert volume by leveraging inspection algorithms used by analysts to examine alerts and take remediation action. 
+The Windows Defender ATP platform is where all the capabilities that are available across multiple products come together to give security operations teams the ability to effectively manage their organization's network.
 
 ## In this section
 
 Topic | Description
 :---|:---
-Get started  |  Learn about the minimum requirements, validate licensing and complete setup, know about preview features, understand data storage and privacy, and how to assign user access to the portal.
-[Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) | Learn about onboarding client, server, and non-Windows machines. Learn how to run a detection test, configure proxy and Internet connectivity settings, and how to troubleshoot potential onboarding issues.
-[Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md) | Understand the Security operations, Secure Score, and Threat analytics dashboards as well as how to navigate the portal.
-Investigate and remediate threats | Investigate alerts, machines, and take response actions to remediate threats.
-API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from the Windows Defender ATP portal.
-Reporting | Create and build Power BI reports using Windows Defender ATP data.
-Check service health and sensor state | Verify that the service is running and check the sensor state on machines.
-[Configure Windows Defender settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Configure general settings, turn on the preview experience, notifications, and enable other features.
-[Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md) | Access the Windows Defender ATP Community Center to learn, collaborate, and share experiences about the product.
-[Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md) | This section addresses issues that might arise as you use the Windows Defender Advanced Threat service.
-[Windows Defender Antivirus compatibility with Windows Defender ATP](defender-compatibility-windows-defender-advanced-threat-protection.md) | Understand how Windows Defender Antivirus integrates with Windows Defender ATP. 
+[Windows Defender Security Center](windows-defender-security-center-atp.md) | Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.
+[Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Windows Defender Antivirus is a built-in antimalware solution that provides security and antimalware management for desktops, portable computers, and servers.
+[Windows Defender Exploit Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard) | Windows Defender Exploit Guard (Windows Defender EG) is a new set of host intrusion prevention capabilities for Windows 10, allowing you to manage and reduce the attack surface of apps used by your employees.
+[Windows Defender Application Control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) | Windows Defender Application Control (WDAC) can help mitigate security threats by restricting the applications that users are allowed to run and the code that runs in the System Core (kernel). 
+[Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) | Windows Defender Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. 
+
 
 
 ## Related topic
diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md
new file mode 100644
index 0000000000..244a14ea0d
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md
@@ -0,0 +1,38 @@
+---
+title: Windows Defender Security Center
+description: Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection.
+keywords: windows, defender, security, center, defender, advanced, threat, protection
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 07/01/2018
+---
+
+# Windows Defender Security Center
+
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.
+
+## In this section
+
+Topic | Description
+:---|:---
+Get started  |  Learn about the minimum requirements, validate licensing and complete setup, know about preview features, understand data storage and privacy, and how to assign user access to the portal.
+[Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) | Learn about onboarding client, server, and non-Windows machines. Learn how to run a detection test, configure proxy and Internet connectivity settings, and how to troubleshoot potential onboarding issues.
+[Understand the portal](use-windows-defender-advanced-threat-protection.md) | Understand the Security operations, Secure Score, and Threat analytics dashboards as well as how to navigate the portal.
+Investigate and remediate threats | Investigate alerts, machines, and take response actions to remediate threats.
+API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from Windows Defender Security Center.
+Reporting | Create and build Power BI reports using Windows Defender ATP data.
+Check service health and sensor state | Verify that the service is running and check the sensor state on machines.
+[Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Configure general settings, turn on the preview experience, notifications, and enable other features.
+[Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md) | Access the Windows Defender ATP Community Center to learn, collaborate, and share experiences about the product.
+[Troubleshoot service issues](troubleshoot-windows-defender-advanced-threat-protection.md) | This section addresses issues that might arise as you use the Windows Defender Advanced Threat service.
+
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
index 3cc13b3320..8cecfe7be5 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 06/13/2018
+ms.date: 06/29/2018
 ---
 
 
@@ -82,6 +82,10 @@ Windows 10, version 1803 has five new Attack surface reduction rules:
 - Block process creations originating from PSExec and WMI commands 
 - Block untrusted and unsigned processes that run from USB 
 
+In addition, the following rule is available for beta testing:
+
+- Block Office communication applications from creating child processes
+
 The following sections describe what each rule does. Each rule is identified by a rule GUID, as in the following table:
 
 Rule name | GUID
@@ -98,6 +102,7 @@ Use advanced protection against ransomware | c1db55ab-c21a-4637-bb3f-a12568109d3
 Block credential stealing from the Windows local security authority subsystem (lsass.exe) | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
 Block process creations originating from PSExec and WMI commands | d1e49aac-8f56-4280-b9ba-993a6d77406c
 Block untrusted and unsigned processes that run from USB | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
+Block Office communication applications from creating child processes (available for beta testing) | 26190899-1602-49e8-8b27-eb1d0a1ce869
 
 The rules apply to the following Office apps running on Windows 10, version 1709. See the **Applies to** section at the start of this topic for a list of supported Office version.
 
@@ -123,7 +128,7 @@ This rule blocks the following file types from being run or launched from an ema
 
 ### Rule: Block Office applications from creating child processes
 
-Office apps will not be allowed to create child processes. This includes Word, Excel, PowerPoint, OneNote, Outlook, and Access.
+Office apps will not be allowed to create child processes. This includes Word, Excel, PowerPoint, OneNote, and Access.
 
 This is a typical malware behavior, especially for macro-based attacks that attempt to use Office apps to launch or download malicious executables.
 
@@ -174,10 +179,16 @@ This rule attempts to block Office files that contain macro code that is capable
 This rule blocks the following file types from being run or launched unless they meet prevalence or age criteria set by admins, or they are in a trusted list or exclusion list:
  
 - Executable files (such as .exe, .dll, or .scr) 
+
+>[!NOTE]
+>You must [enable cloud-delivered protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus) to use this rule.
  
 ### Rule: Use advanced protection against ransomware
  
 This rule provides an extra layer of protection against ransomware. Executable files that enter the system will be scanned to determine whether they are trustworthy. If the files exhibit characteristics that closely resemble ransomware, they are blocked from being run or launched, provided they are not already in the trusted list or exception list.
+
+>[!NOTE]
+>You must [enable cloud-delivered protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus) to use this rule.
  
 ### Rule: Block credential stealing from the Windows local security authority subsystem (lsass.exe)
  
@@ -203,6 +214,12 @@ With this rule, admins can prevent unsigned or untrusted executable files from r
 - Executable files (such as .exe, .dll, or .scr) 
 - Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file)
 
+### Rule: Block Office communication applications from creating child processes
+
+Office communication apps will not be allowed to create child processes. This includes Outlook.
+
+This is a typical malware behavior, especially for macro-based attacks that attempt to use Office apps to launch or download malicious executables.
+
 ## Review Attack surface reduction events in Windows Event Viewer
 
 You can review the Windows event log to see events that are created when an Attack surface reduction rule is triggered (or audited):
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
index 7260ed4758..0732ac1826 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 06/15/2018
+ms.date: 06/29/2018
 ---
 
 # Customize Attack surface reduction
@@ -76,6 +76,8 @@ Use advanced protection against ransomware | [!include[Check mark yes](images/sv
 Block credential stealing from the Windows local security authority subsystem (lsass.exe) | [!include[Check mark no](images/svg/check-no.svg)] | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
 Block process creations originating from PSExec and WMI commands | [!include[Check mark yes](images/svg/check-yes.svg)] | d1e49aac-8f56-4280-b9ba-993a6d77406c
 Block untrusted and unsigned processes that run from USB | [!include[Check mark yes](images/svg/check-yes.svg)] | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
+Block Office communication applications from creating child processes (available for beta testing) | [!include[Check mark no](images/svg/check-yes.svg)] | 26190899-1602-49e8-8b27-eb1d0a1ce869
+
 
 See the [Attack surface reduction](attack-surface-reduction-exploit-guard.md) topic for details on each rule.
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
index 8541457872..de3f852b51 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 05/30/2018
+ms.date: 06/29/2018
 ---
 
 
@@ -64,6 +64,7 @@ Use advanced protection against ransomware | c1db55ab-c21a-4637-bb3f-a12568109d3
 Block credential stealing from the Windows local security authority subsystem (lsass.exe) | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
 Block process creations originating from PSExec and WMI commands | d1e49aac-8f56-4280-b9ba-993a6d77406c
 Block untrusted and unsigned processes that run from USB | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
+Block Office communication applications from creating child processes (available for beta testing) | 26190899-1602-49e8-8b27-eb1d0a1ce869
 
 See the [Attack surface reduction](attack-surface-reduction-exploit-guard.md) topic for details on each rule.
 
diff --git a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md
index a63a9adb0a..bc843023a7 100644
--- a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md
+++ b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md
@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
+author: justinha
 ms.localizationpriority: medium
 ms.date: 07/27/2017
 ---
diff --git a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md
index 81483abf81..11e79cb879 100644
--- a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md
+++ b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md
@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: eross-msft
+author: justinha
 ms.localizationpriority: medium
 ms.date: 10/13/2017
 ---
diff --git a/windows/security/wdatp/images/WDATP-components.png b/windows/security/wdatp/images/WDATP-components.png
new file mode 100644
index 0000000000..51f4335265
Binary files /dev/null and b/windows/security/wdatp/images/WDATP-components.png differ
diff --git a/windows/security/wdatp/images/wdatp-pillars.png b/windows/security/wdatp/images/wdatp-pillars.png
new file mode 100644
index 0000000000..06ad5e6ed2
Binary files /dev/null and b/windows/security/wdatp/images/wdatp-pillars.png differ
diff --git a/windows/security/wdatp/images/wdatp-pillars2.png b/windows/security/wdatp/images/wdatp-pillars2.png
new file mode 100644
index 0000000000..bbe88f3638
Binary files /dev/null and b/windows/security/wdatp/images/wdatp-pillars2.png differ
diff --git a/windows/security/wdatp/index.md b/windows/security/wdatp/index.md
new file mode 100644
index 0000000000..cb401fa3e4
--- /dev/null
+++ b/windows/security/wdatp/index.md
@@ -0,0 +1,48 @@
+---
+title: Windows Defender Advanced Threat Protection
+description: Windows Defender Advanced Threat Protection is an enterprise security service that helps detect and respond to possible cybersecurity threats related to advanced persistent threats.
+keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.date: 06/04/2018
+---
+
+# Windows Defender Advanced Threat Protection
+
+Windows Defender Advanced Threat Protection (Windows Defender ATP)is a unified platform for preventative protection, post-breach detection, automated investigation and response, employing intelligent protection to protect endpoints from cyber threats.
+
+
+![Windows Defender ATP components](images/wdatp-pillars2.png)
+
+**Attack surface reduction**<br>
+The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 
+
+**Next generation protection**<br>
+To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats.
+
+**Endpoint detection and response**<br>
+Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. 
+
+**Auto investigation and remediation**<br>
+In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
+
+**Security posture**<br>
+Windows Defender ATP also provides a security posture capability to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security state of your network.
+
+**Management and APIs**<br>
+Windows Defender ATP provides integrated configuration management in the cloud. The service also supports third-party mobile device management (MDM) tools, cross-platform support, and APIs that allow customers to create custom threat intelligence and  automate workflows.
+
+Understand how capabilities align within the Windows Defender ATP suite offering:
+
+
+ Attack surface reduction | Next generation protection | Endpoint detection and response | Auto investigation and remediation | Security posture 
+:---|:---|:---|:---|:---
+ [Hardware based isolation](https://docs.microsoft.com/en-us/windows/security/hardware-protection/)<br><br> [Application control](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)<br><br> [Exploit protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard)<br><br> [Network protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)<br><br> [Controlled folder access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard) | [Machine learning](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus) <br><br>  [Antivirus](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) <br><br> [Threat intelligence](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection)<br><br>  [Sandbox service](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection#deep-analysis) |  [Response containment](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection) <br><br> [Realtime and historical threat hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection) <br><br> [Threat intelligence and custom detections](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection) | [Forensic collection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection#collect-investigation-package-from-machines) <br><br> [Response orchestration](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection) <br><br> [Historical endpoint data](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection#machine-timeline) <br><br> [Artificial intelligence response playbooks](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | [Asset inventory](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection) <br> [Operating system baseline compliance](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection) <br><br> [Recommended improvement actions](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection#improvement-opportunities)<br> <br> [Secure score](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection) <br><br> [Threat analytics](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection) <br><br> [Reporting and trends](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection)
+
+These capabilities are available across multiple products that make up the Windows Defender ATP platform. For more information on how to leverage all the Windows Defender ATP capabilities, see [Threat protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/index).
+
+
diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md
index 8107213fac..7db90dbaca 100644
--- a/windows/whats-new/whats-new-windows-10-version-1803.md
+++ b/windows/whats-new/whats-new-windows-10-version-1803.md
@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: greg-lindsay
-ms.date: 06/08/2018
+ms.date: 07/07/2018
 ms.localizationpriority: high
 ---
 
@@ -159,7 +159,7 @@ For more information, see: [Windows Hello and FIDO2 Security Keys enable secure
 
 ### Accessibility
 
-"Out of box" accessibility is enhanced with auto-generated picture descriptions. For more information about accessibility, see [Accessibility information for IT Professionals](https://docs.microsoft.com/windows/configuration/windows-10-accessibility-for-itpros).
+"Out of box" accessibility is enhanced with auto-generated picture descriptions. For more information about accessibility, see [Accessibility information for IT Professionals](https://docs.microsoft.com/windows/configuration/windows-10-accessibility-for-itpros). Also see the accessibility section in the [What’s new in the Windows 10 April 2018 Update](https://blogs.windows.com/windowsexperience/2018/04/30/whats-new-in-the-windows-10-april-2018-update/) blog post.
 
 ### Privacy