+| [TenantLockdown CSP](\tenantlockdown--csp.md) |
+Added new CSP in Windows 10, next major version.
+ |
+
| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) |
Added new settings in Windows 10, next major version.
|
@@ -1778,12 +1785,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
Browser/ConfigureKioskResetAfterIdleTimeout
Browser/ConfigureOpenMicrosoftEdgeWith
Browser/ConfigureTelemetryForMicrosoft365Analytics
-Browser/ForceEnabledExtensions
Browser/PreventCertErrorOverrides
Browser/SetHomeButtonURL
Browser/SetNewTabPageURL
Browser/UnlockHomeButton
-Experience/DoNotSyncBrowserSetting
+Experience/DoNotSyncBrowserSettings
Experience/PreventUsersFromTurningOnBrowserSyncing
Privacy/AllowCrossDeviceClipboard
Privacy/UploadUserActivities
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 5ec75dcc02..f8c256c163 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1,5090 +1,5098 @@
----
-title: Policy CSP
-description: Policy CSP
-ms.assetid: 4F3A1134-D401-44FC-A583-6EDD3070BA4F
-ms.author: maricia
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: MariciaAlforque
-ms.date: 08/08/2018
----
-
-# Policy CSP
-
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
-The Policy configuration service provider enables the enterprise to configure policies on Windows 10. Use this configuration service provider to configure any company policies.
-
-The Policy configuration service provider has the following sub-categories:
-
-- Policy/Config/*AreaName* – Handles the policy configuration request from the server.
-- Policy/Result/*AreaName* – Provides a read-only path to policies enforced on the device.
-
-
-
-> [!Important]
-> Policy scope is the level at which a policy can be configured. Some policies can only be configured at the device level, meaning the policy will take effect independent of who is logged into the device. Other policies can be configured at the user level, meaning the policy will only take effect for that user.
->
-> The allowed scope of a specific policy is represented below its table of supported Windows editions. To configure a policy under a specific scope (user vs. device), please use the following paths:
->
-> User scope:
-> - **./User/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
-> - **./User/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
->
-> Device scope:
-> - **./Device/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
-> - **./Device/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
->
-> For device wide configuration the **_Device/_** portion may be omitted from the path, deeming the following paths respectively equivalent:
->
-> - **./Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
-> - **./Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
-
-The following diagram shows the Policy configuration service provider in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
-
-
-
-
-**./Vendor/MSFT/Policy**
-The root node for the Policy configuration service provider.
-
-
Supported operation is Get.
-
-**Policy/Config**
-
Node for grouping all policies configured by one source. The configuration source can use this path to set policy values and later query any policy value that it previously set. One policy can be configured by multiple configuration sources. If a configuration source wants to query the result of conflict resolution (for example, if Exchange and MDM both attempt to set a value,) the configuration source can use the Policy/Result path to retrieve the resulting value.
-
-
Supported operation is Get.
-
-**Policy/Config/****_AreaName_**
-
The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value.
-
-
Supported operations are Add, Get, and Delete.
-
-**Policy/Config/****_AreaName/PolicyName_**
-
Specifies the name/value pair used in the policy.
-
-
The following list shows some tips to help you when configuring policies:
-
-- Separate substring values by the Unicode &\#xF000; in the XML file.
-
-> [!NOTE]
-> A query from a different caller could provide a different value as each caller could have different values for a named policy.
-
-- In SyncML, wrap this policy with the Atomic command so that the policy settings are treated as a single transaction.
-- Supported operations are Add, Get, Delete, and Replace.
-- Value type is string.
-
-**Policy/Result**
-
Groups the evaluated policies from all providers that can be configured.
-
-
Supported operation is Get.
-
-**Policy/Result/****_AreaName_**
-
The area group that can be configured by a single technology independent of the providers.
-
-
Supported operation is Get.
-
-**Policy/Result/****_AreaName/PolicyName_**
-
Specifies the name/value pair used in the policy.
-
-
Supported operation is Get.
-
-**Policy/ConfigOperations**
-
Added in Windows 10, version 1703. The root node for grouping different configuration operations.
-
-
Supported operations are Add, Get, and Delete.
-
-**Policy/ConfigOperations/ADMXInstall**
-
Added in Windows 10, version 1703. Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: `./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md).
-
-> [!NOTE]
-> The OPAX settings that are managed by the Microsoft Office Customization Tool are not supported by MDM. For more information about this tool, see [Office Customization Tool](https://technet.microsoft.com/en-us/library/cc179097.aspx).
-
-
ADMX files that have been installed by using **ConfigOperations/ADMXInstall** can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, `./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}`.
-
-
Supported operations are Add, Get, and Delete.
-
-**Policy/ConfigOperations/ADMXInstall/****_AppName_**
-
Added in Windows 10, version 1703. Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file.
-
-
Supported operations are Add, Get, and Delete.
-
-**Policy/ConfigOperations/ADMXInstall/****_AppName_/Policy**
-
Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app policy is to be imported.
-
-
Supported operations are Add, Get, and Delete.
-
-**Policy/ConfigOperations/ADMXInstall/****_AppName_/Policy/_UniqueID_**
-
Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the policy to import.
-
-
Supported operations are Add and Get. Does not support Delete.
-
-**Policy/ConfigOperations/ADMXInstall/****_AppName_/Preference**
-
Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app preference is to be imported.
-
-
Supported operations are Add, Get, and Delete.
-
-**Policy/ConfigOperations/ADMXInstall/****_AppName_/Preference/_UniqueID_**
-
Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the preference to import.
-
-
Supported operations are Add and Get. Does not support Delete.
-
-> [!Note]
-> The policies supported in Windows 10 S are the same as those supported in Windows 10 Pro with the exception of the policies under ApplicationDefaults. The ApplicationDefaults policies are not supported in Windows 10 S.
-
-## Policies
-
-### AboveLock policies
-
-
- -
- AboveLock/AllowActionCenterNotifications
-
- -
- AboveLock/AllowCortanaAboveLock
-
- -
- AboveLock/AllowToasts
-
-
-
-### Accounts policies
-
-
- -
- Accounts/AllowAddingNonMicrosoftAccountsManually
-
- -
- Accounts/AllowMicrosoftAccountConnection
-
- -
- Accounts/AllowMicrosoftAccountSignInAssistant
-
- -
- Accounts/DomainNamesForEmailSync
-
-
-
-### ActiveXControls policies
-
-
- -
- ActiveXControls/ApprovedInstallationSites
-
-
-
-### ApplicationDefaults policies
-
-
- -
- ApplicationDefaults/DefaultAssociationsConfiguration
-
- -
- ApplicationDefaults/EnableAppUriHandlers
-
-
-
-### ApplicationManagement policies
-
-
- -
- ApplicationManagement/AllowAllTrustedApps
-
- -
- ApplicationManagement/AllowAppStoreAutoUpdate
-
- -
- ApplicationManagement/AllowDeveloperUnlock
-
- -
- ApplicationManagement/AllowGameDVR
-
- -
- ApplicationManagement/AllowSharedUserAppData
-
- -
- ApplicationManagement/AllowStore
-
- -
- ApplicationManagement/ApplicationRestrictions
-
- -
- ApplicationManagement/DisableStoreOriginatedApps
-
- -
- ApplicationManagement/LaunchAppAfterLogOn
-
- -
- ApplicationManagement/MSIAllowUserControlOverInstall
-
- -
- ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
-
- -
- ApplicationManagement/RequirePrivateStoreOnly
-
- -
- ApplicationManagement/RestrictAppDataToSystemVolume
-
- -
- ApplicationManagement/RestrictAppToSystemVolume
-
- -
- ApplicationManagement/ScheduleForceRestartForUpdateFailures
-
-
-
-### AppRuntime policies
-
-
- -
- AppRuntime/AllowMicrosoftAccountsToBeOptional
-
-
-
-### AppVirtualization policies
-
-
- -
- AppVirtualization/AllowAppVClient
-
- -
- AppVirtualization/AllowDynamicVirtualization
-
- -
- AppVirtualization/AllowPackageCleanup
-
- -
- AppVirtualization/AllowPackageScripts
-
- -
- AppVirtualization/AllowPublishingRefreshUX
-
- -
- AppVirtualization/AllowReportingServer
-
- -
- AppVirtualization/AllowRoamingFileExclusions
-
- -
- AppVirtualization/AllowRoamingRegistryExclusions
-
- -
- AppVirtualization/AllowStreamingAutoload
-
- -
- AppVirtualization/ClientCoexistenceAllowMigrationmode
-
- -
- AppVirtualization/IntegrationAllowRootGlobal
-
- -
- AppVirtualization/IntegrationAllowRootUser
-
- -
- AppVirtualization/PublishingAllowServer1
-
- -
- AppVirtualization/PublishingAllowServer2
-
- -
- AppVirtualization/PublishingAllowServer3
-
- -
- AppVirtualization/PublishingAllowServer4
-
- -
- AppVirtualization/PublishingAllowServer5
-
- -
- AppVirtualization/StreamingAllowCertificateFilterForClient_SSL
-
- -
- AppVirtualization/StreamingAllowHighCostLaunch
-
- -
- AppVirtualization/StreamingAllowLocationProvider
-
- -
- AppVirtualization/StreamingAllowPackageInstallationRoot
-
- -
- AppVirtualization/StreamingAllowPackageSourceRoot
-
- -
- AppVirtualization/StreamingAllowReestablishmentInterval
-
- -
- AppVirtualization/StreamingAllowReestablishmentRetries
-
- -
- AppVirtualization/StreamingSharedContentStoreMode
-
- -
- AppVirtualization/StreamingSupportBranchCache
-
- -
- AppVirtualization/StreamingVerifyCertificateRevocationList
-
- -
- AppVirtualization/VirtualComponentsAllowList
-
-
-
-### AttachmentManager policies
-
-
- -
- AttachmentManager/DoNotPreserveZoneInformation
-
- -
- AttachmentManager/HideZoneInfoMechanism
-
- -
- AttachmentManager/NotifyAntivirusPrograms
-
-
-
-### Authentication policies
-
-
- -
- Authentication/AllowAadPasswordReset
-
- -
- Authentication/AllowEAPCertSSO
-
- -
- Authentication/AllowFastReconnect
-
- -
- Authentication/AllowFidoDeviceSignon
-
- -
- Authentication/AllowSecondaryAuthenticationDevice
-
- -
- Authentication/EnableFastFirstSignIn
-
- -
- Authentication/EnableWebSignIn
-
- -
- Authentication/PreferredAadTenantDomainName
-
-
-
-### Autoplay policies
-
-
- -
- Autoplay/DisallowAutoplayForNonVolumeDevices
-
- -
- Autoplay/SetDefaultAutoRunBehavior
-
- -
- Autoplay/TurnOffAutoPlay
-
-
-
-### Bitlocker policies
-
-
- -
- Bitlocker/EncryptionMethod
-
-
-
-### BITS policies
-
-
- -
- BITS/BandwidthThrottlingEndTime
-
- -
- BITS/BandwidthThrottlingStartTime
-
- -
- BITS/BandwidthThrottlingTransferRate
-
- -
- BITS/CostedNetworkBehaviorBackgroundPriority
-
- -
- BITS/CostedNetworkBehaviorForegroundPriority
-
- -
- BITS/JobInactivityTimeout
-
-
-
-### Bluetooth policies
-
-
- -
- Bluetooth/AllowAdvertising
-
- -
- Bluetooth/AllowDiscoverableMode
-
- -
- Bluetooth/AllowPrepairing
-
- -
- Bluetooth/AllowPromptedProximalConnections
-
- -
- Bluetooth/LocalDeviceName
-
- -
- Bluetooth/ServicesAllowedList
-
-
-
-### Browser policies
-
-
- -
- Browser/AllowAddressBarDropdown
-
- -
- Browser/AllowAutofill
-
- -
- Browser/AllowBrowser
-
- -
- Browser/AllowConfigurationUpdateForBooksLibrary
-
- -
- Browser/AllowCookies
-
- -
- Browser/AllowDeveloperTools
-
- -
- Browser/AllowDoNotTrack
-
- -
- Browser/AllowExtensions
-
- -
- Browser/AllowFlash
-
- -
- Browser/AllowFlashClickToRun
-
- -
- Browser/AllowFullScreenMode
-
- -
- Browser/AllowInPrivate
-
- -
- Browser/AllowMicrosoftCompatibilityList
-
- -
- Browser/AllowPasswordManager
-
- -
-
-
- -
- Browser/AllowPrelaunch
-
- -
- Browser/AllowPrinting
-
- -
- Browser/AllowSavingHistory
-
- -
- Browser/AllowSearchEngineCustomization
-
- -
- Browser/AllowSearchSuggestionsinAddressBar
-
- -
- Browser/AllowSideloadingOfExtensions
-
- -
- Browser/AllowSmartScreen
-
- -
- Browser/AllowTabPreloading
-
- -
- Browser/AllowWebContentOnNewTabPage
-
- -
- Browser/AlwaysEnableBooksLibrary
-
- -
- Browser/ClearBrowsingDataOnExit
-
- -
- Browser/ConfigureAdditionalSearchEngines
-
- -
- Browser/ConfigureFavoritesBar
-
- -
- Browser/ConfigureHomeButton
-
- -
- Browser/ConfigureKioskMode
-
- -
- Browser/ConfigureKioskResetAfterIdleTimeout
-
- -
- Browser/ConfigureOpenMicrosoftEdgeWith
-
- -
- Browser/ConfigureTelemetryForMicrosoft365Analytics
-
- -
- Browser/DisableLockdownOfStartPages
-
- -
- Browser/EnableExtendedBooksTelemetry
-
- -
- Browser/EnterpriseModeSiteList
-
- -
- Browser/EnterpriseSiteListServiceUrl
-
- -
- Browser/FirstRunURL
-
- -
- Browser/ForceEnabledExtensions
-
- -
- Browser/HomePages
-
- -
- Browser/LockdownFavorites
-
- -
- Browser/PreventAccessToAboutFlagsInMicrosoftEdge
-
- -
- Browser/PreventCertErrorOverrides
-
- -
- Browser/PreventFirstRunPage
-
- -
- Browser/PreventLiveTileDataCollection
-
- -
- Browser/PreventSmartScreenPromptOverride
-
- -
- Browser/PreventSmartScreenPromptOverrideForFiles
-
- -
- Browser/PreventUsingLocalHostIPAddressForWebRTC
-
- -
- Browser/ProvisionFavorites
-
- -
- Browser/SendIntranetTraffictoInternetExplorer
-
- -
- Browser/SetDefaultSearchEngine
-
- -
- Browser/SetHomeButtonURL
-
- -
- Browser/SetNewTabPageURL
-
- -
- Browser/ShowMessageWhenOpeningSitesInInternetExplorer
-
- -
- Browser/SyncFavoritesBetweenIEAndMicrosoftEdge
-
- -
- Browser/UnlockHomeButton
-
- -
- Browser/UseSharedFolderForBooks
-
-
-
-### Camera policies
-
-
- -
- Camera/AllowCamera
-
-
-
-### Cellular policies
-
-
- -
- Cellular/LetAppsAccessCellularData
-
- -
- Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
-
- -
- Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
-
- -
- Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
-
- -
- Cellular/ShowAppCellularAccessUI
-
-
-
-### Connectivity policies
-
-
- -
- Connectivity/AllowBluetooth
-
- -
- Connectivity/AllowCellularData
-
- -
- Connectivity/AllowCellularDataRoaming
-
- -
- Connectivity/AllowConnectedDevices
-
- -
- Connectivity/AllowNFC
-
- -
- Connectivity/AllowPhonePCLinking
-
- -
- Connectivity/AllowUSBConnection
-
- -
- Connectivity/AllowVPNOverCellular
-
- -
- Connectivity/AllowVPNRoamingOverCellular
-
- -
- Connectivity/DiablePrintingOverHTTP
-
- -
- Connectivity/DisableDownloadingOfPrintDriversOverHTTP
-
- -
- Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
-
- -
- Connectivity/DisallowNetworkConnectivityActiveTests
-
- -
- Connectivity/HardenedUNCPaths
-
- -
- Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge
-
-
-
-### ControlPolicyConflict policies
-
-
- -
- ControlPolicyConflict/MDMWinsOverGP
-
-
-
-### CredentialProviders policies
-
-
- -
- CredentialProviders/AllowPINLogon
-
- -
- CredentialProviders/BlockPicturePassword
-
- -
- CredentialProviders/DisableAutomaticReDeploymentCredentials
-
-
-
-### CredentialsDelegation policies
-
-
- -
- CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials
-
-
-
-### CredentialsUI policies
-
-
- -
- CredentialsUI/DisablePasswordReveal
-
- -
- CredentialsUI/EnumerateAdministrators
-
-
-
-### Cryptography policies
-
-
- -
- Cryptography/AllowFipsAlgorithmPolicy
-
- -
- Cryptography/TLSCipherSuites
-
-
-
-### DataProtection policies
-
-
- -
- DataProtection/AllowDirectMemoryAccess
-
- -
- DataProtection/LegacySelectiveWipeID
-
-
-
-### DataUsage policies
-
-
- -
- DataUsage/SetCost3G
-
- -
- DataUsage/SetCost4G
-
-
-
-### Defender policies
-
-
- -
- Defender/AllowArchiveScanning
-
- -
- Defender/AllowBehaviorMonitoring
-
- -
- Defender/AllowCloudProtection
-
- -
- Defender/AllowEmailScanning
-
- -
- Defender/AllowFullScanOnMappedNetworkDrives
-
- -
- Defender/AllowFullScanRemovableDriveScanning
-
- -
- Defender/AllowIOAVProtection
-
- -
- Defender/AllowIntrusionPreventionSystem
-
- -
- Defender/AllowOnAccessProtection
-
- -
- Defender/AllowRealtimeMonitoring
-
- -
- Defender/AllowScanningNetworkFiles
-
- -
- Defender/AllowScriptScanning
-
- -
- Defender/AllowUserUIAccess
-
- -
- Defender/AttackSurfaceReductionOnlyExclusions
-
- -
- Defender/AttackSurfaceReductionRules
-
- -
- Defender/AvgCPULoadFactor
-
- -
- Defender/CheckForSignaturesBeforeRunningScan
-
- -
- Defender/CloudBlockLevel
-
- -
- Defender/CloudExtendedTimeout
-
- -
- Defender/ControlledFolderAccessAllowedApplications
-
- -
- Defender/ControlledFolderAccessProtectedFolders
-
- -
- Defender/DaysToRetainCleanedMalware
-
- -
- Defender/DisableCatchupFullScan
-
- -
- Defender/DisableCatchupQuickScan
-
- -
- Defender/EnableControlledFolderAccess
-
- -
- Defender/EnableLowCPUPriority
-
- -
- Defender/EnableNetworkProtection
-
- -
- Defender/ExcludedExtensions
-
- -
- Defender/ExcludedPaths
-
- -
- Defender/ExcludedProcesses
-
- -
- Defender/PUAProtection
-
- -
- Defender/RealTimeScanDirection
-
- -
- Defender/ScanParameter
-
- -
- Defender/ScheduleQuickScanTime
-
- -
- Defender/ScheduleScanDay
-
- -
- Defender/ScheduleScanTime
-
- -
- Defender/SignatureUpdateFallbackOrder
-
- -
- Defender/SignatureUpdateFileSharesSources
-
- -
- Defender/SignatureUpdateInterval
-
- -
- Defender/SubmitSamplesConsent
-
- -
- Defender/ThreatSeverityDefaultAction
-
-
-
-### DeliveryOptimization policies
-
-
- -
- DeliveryOptimization/DOAbsoluteMaxCacheSize
-
- -
- DeliveryOptimization/DOAllowVPNPeerCaching
-
- -
- DeliveryOptimization/DODelayBackgroundDownloadFromHttp
-
- -
- DeliveryOptimization/DODelayForegroundDownloadFromHttp
-
- -
- DeliveryOptimization/DODownloadMode
-
- -
- DeliveryOptimization/DOGroupId
-
- -
- DeliveryOptimization/DOGroupIdSource
-
- -
- DeliveryOptimization/DOMaxCacheAge
-
- -
- DeliveryOptimization/DOMaxCacheSize
-
- -
- DeliveryOptimization/DOMaxDownloadBandwidth
-
- -
- DeliveryOptimization/DOMaxUploadBandwidth
-
- -
- DeliveryOptimization/DOMinBackgroundQos
-
- -
- DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload
-
- -
- DeliveryOptimization/DOMinDiskSizeAllowedToPeer
-
- -
- DeliveryOptimization/DOMinFileSizeToCache
-
- -
- DeliveryOptimization/DOMinRAMAllowedToPeer
-
- -
- DeliveryOptimization/DOModifyCacheDrive
-
- -
- DeliveryOptimization/DOMonthlyUploadDataCap
-
- -
- DeliveryOptimization/DOPercentageMaxBackgroundBandwidth
-
- -
- DeliveryOptimization/DOPercentageMaxDownloadBandwidth
-
- -
- DeliveryOptimization/DOPercentageMaxForegroundBandwidth
-
- -
- DeliveryOptimization/DORestrictPeerSelectionBy
-
- -
- DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
-
- -
- DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth
-
-
-
-### Desktop policies
-
-
- -
- Desktop/PreventUserRedirectionOfProfileFolders
-
-
-
-### DeviceGuard policies
-
-
- -
- DeviceGuard/EnableSystemGuard
-
- -
- DeviceGuard/EnableVirtualizationBasedSecurity
-
- -
- DeviceGuard/LsaCfgFlags
-
- -
- DeviceGuard/RequirePlatformSecurityFeatures
-
-
-
-### DeviceInstallation policies
-
-
- -
- DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
-
- -
- DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
-
- -
- DeviceInstallation/PreventDeviceMetadataFromNetwork
-
- -
- DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
-
- -
- DeviceInstallation/PreventInstallationOfMatchingDeviceIDs
-
- -
- DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses
-
-
-
-### DeviceLock policies
-
-
- -
- DeviceLock/AllowIdleReturnWithoutPassword
-
- -
- DeviceLock/AllowScreenTimeoutWhileLockedUserConfig
-
- -
- DeviceLock/AllowSimpleDevicePassword
-
- -
- DeviceLock/AlphanumericDevicePasswordRequired
-
- -
- DeviceLock/DevicePasswordEnabled
-
- -
- DeviceLock/DevicePasswordExpiration
-
- -
- DeviceLock/DevicePasswordHistory
-
- -
- DeviceLock/EnforceLockScreenAndLogonImage
-
- -
- DeviceLock/EnforceLockScreenProvider
-
- -
- DeviceLock/MaxDevicePasswordFailedAttempts
-
- -
- DeviceLock/MaxInactivityTimeDeviceLock
-
- -
- DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay
-
- -
- DeviceLock/MinDevicePasswordComplexCharacters
-
- -
- DeviceLock/MinDevicePasswordLength
-
- -
- DeviceLock/MinimumPasswordAge
-
- -
- DeviceLock/PreventEnablingLockScreenCamera
-
- -
- DeviceLock/PreventLockScreenSlideShow
-
- -
- DeviceLock/ScreenTimeoutWhileLocked
-
-
-
-### Display policies
-
-
- -
- Display/DisablePerProcessDpiForApps
-
- -
- Display/EnablePerProcessDpi
-
- -
- Display/EnablePerProcessDpiForApps
-
- -
- Display/TurnOffGdiDPIScalingForApps
-
- -
- Display/TurnOnGdiDPIScalingForApps
-
-
-
-### DmaGuard policies
-
-
- -
- DmaGuard/DeviceEnumerationPolicy
-
-
-
-### Education policies
-
-
- -
- Education/DefaultPrinterName
-
- -
- Education/PreventAddingNewPrinters
-
- -
- Education/PrinterNames
-
-
-
-### EnterpriseCloudPrint policies
-
-
- -
- EnterpriseCloudPrint/CloudPrintOAuthAuthority
-
- -
- EnterpriseCloudPrint/CloudPrintOAuthClientId
-
- -
- EnterpriseCloudPrint/CloudPrintResourceId
-
- -
- EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint
-
- -
- EnterpriseCloudPrint/DiscoveryMaxPrinterLimit
-
- -
- EnterpriseCloudPrint/MopriaDiscoveryResourceId
-
-
-
-### ErrorReporting policies
-
-
- -
- ErrorReporting/CustomizeConsentSettings
-
- -
- ErrorReporting/DisableWindowsErrorReporting
-
- -
- ErrorReporting/DisplayErrorNotification
-
- -
- ErrorReporting/DoNotSendAdditionalData
-
- -
- ErrorReporting/PreventCriticalErrorDisplay
-
-
-
-### EventLogService policies
-
-
- -
- EventLogService/ControlEventLogBehavior
-
- -
- EventLogService/SpecifyMaximumFileSizeApplicationLog
-
- -
- EventLogService/SpecifyMaximumFileSizeSecurityLog
-
- -
- EventLogService/SpecifyMaximumFileSizeSystemLog
-
-
-
-### Experience policies
-
-
- -
- Experience/AllowClipboardHistory
-
- -
- Experience/AllowCopyPaste
-
- -
- Experience/AllowCortana
-
- -
- Experience/AllowDeviceDiscovery
-
- -
- Experience/AllowFindMyDevice
-
- -
- Experience/AllowManualMDMUnenrollment
-
- -
- Experience/AllowSIMErrorDialogPromptWhenNoSIM
-
- -
- Experience/AllowSaveAsOfOfficeFiles
-
- -
- Experience/AllowScreenCapture
-
- -
- Experience/AllowSharingOfOfficeFiles
-
- -
- Experience/AllowSyncMySettings
-
- -
- Experience/AllowTailoredExperiencesWithDiagnosticData
-
- -
- Experience/AllowTaskSwitcher
-
- -
- Experience/AllowThirdPartySuggestionsInWindowsSpotlight
-
- -
- Experience/AllowVoiceRecording
-
- -
- Experience/AllowWindowsConsumerFeatures
-
- -
- Experience/AllowWindowsSpotlight
-
- -
- Experience/AllowWindowsSpotlightOnActionCenter
-
- -
- Experience/AllowWindowsSpotlightOnSettings
-
- -
- Experience/AllowWindowsSpotlightWindowsWelcomeExperience
-
- -
- Experience/AllowWindowsTips
-
- -
- Experience/ConfigureWindowsSpotlightOnLockScreen
-
- -
- Experience/DoNotShowFeedbackNotifications
-
- -
- Experience/DoNotSyncBrowserSettings
-
- -
- Experience/PreventUsersFromTurningOnBrowserSyncing
-
-
-
-### ExploitGuard policies
-
-
- -
- ExploitGuard/ExploitProtectionSettings
-
-
-
-### FileExplorer policies
-
-
- -
- FileExplorer/TurnOffDataExecutionPreventionForExplorer
-
- -
- FileExplorer/TurnOffHeapTerminationOnCorruption
-
-
-
-### Games policies
-
-
- -
- Games/AllowAdvancedGamingServices
-
-
-
-### Handwriting policies
-
-
- -
- Handwriting/PanelDefaultModeDocked
-
-
-
-### InternetExplorer policies
-
-
- -
- InternetExplorer/AddSearchProvider
-
- -
- InternetExplorer/AllowActiveXFiltering
-
- -
- InternetExplorer/AllowAddOnList
-
- -
- InternetExplorer/AllowAutoComplete
-
- -
- InternetExplorer/AllowCertificateAddressMismatchWarning
-
- -
- InternetExplorer/AllowDeletingBrowsingHistoryOnExit
-
- -
- InternetExplorer/AllowEnhancedProtectedMode
-
- -
-
-
- -
- InternetExplorer/AllowEnterpriseModeSiteList
-
- -
- InternetExplorer/AllowFallbackToSSL3
-
- -
- InternetExplorer/AllowInternetExplorer7PolicyList
-
- -
- InternetExplorer/AllowInternetExplorerStandardsMode
-
- -
- InternetExplorer/AllowInternetZoneTemplate
-
- -
- InternetExplorer/AllowIntranetZoneTemplate
-
- -
- InternetExplorer/AllowLocalMachineZoneTemplate
-
- -
- InternetExplorer/AllowLockedDownInternetZoneTemplate
-
- -
- InternetExplorer/AllowLockedDownIntranetZoneTemplate
-
- -
- InternetExplorer/AllowLockedDownLocalMachineZoneTemplate
-
- -
- InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate
-
- -
- InternetExplorer/AllowOneWordEntry
-
- -
- InternetExplorer/AllowSiteToZoneAssignmentList
-
- -
- InternetExplorer/AllowSoftwareWhenSignatureIsInvalid
-
- -
- InternetExplorer/AllowSuggestedSites
-
- -
- InternetExplorer/AllowTrustedSitesZoneTemplate
-
- -
- InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate
-
- -
- InternetExplorer/AllowsRestrictedSitesZoneTemplate
-
- -
- InternetExplorer/CheckServerCertificateRevocation
-
- -
- InternetExplorer/CheckSignaturesOnDownloadedPrograms
-
- -
- InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses
-
- -
- InternetExplorer/DisableAdobeFlash
-
- -
- InternetExplorer/DisableBypassOfSmartScreenWarnings
-
- -
- InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles
-
- -
- InternetExplorer/DisableConfiguringHistory
-
- -
- InternetExplorer/DisableCrashDetection
-
- -
- InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation
-
- -
- InternetExplorer/DisableDeletingUserVisitedWebsites
-
- -
- InternetExplorer/DisableEnclosureDownloading
-
- -
- InternetExplorer/DisableEncryptionSupport
-
- -
- InternetExplorer/DisableFirstRunWizard
-
- -
- InternetExplorer/DisableFlipAheadFeature
-
- -
- InternetExplorer/DisableHomePageChange
-
- -
- InternetExplorer/DisableIgnoringCertificateErrors
-
- -
- InternetExplorer/DisableInPrivateBrowsing
-
- -
- InternetExplorer/DisableProcessesInEnhancedProtectedMode
-
- -
- InternetExplorer/DisableProxyChange
-
- -
- InternetExplorer/DisableSearchProviderChange
-
- -
- InternetExplorer/DisableSecondaryHomePageChange
-
- -
- InternetExplorer/DisableSecuritySettingsCheck
-
- -
- InternetExplorer/DisableUpdateCheck
-
- -
- InternetExplorer/DoNotAllowActiveXControlsInProtectedMode
-
- -
- InternetExplorer/DoNotAllowUsersToAddSites
-
- -
- InternetExplorer/DoNotAllowUsersToChangePolicies
-
- -
- InternetExplorer/DoNotBlockOutdatedActiveXControls
-
- -
- InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains
-
- -
- InternetExplorer/IncludeAllLocalSites
-
- -
- InternetExplorer/IncludeAllNetworkPaths
-
- -
- InternetExplorer/InternetZoneAllowAccessToDataSources
-
- -
- InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls
-
- -
- InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads
-
- -
- InternetExplorer/InternetZoneAllowCopyPasteViaScript
-
- -
- InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles
-
- -
- InternetExplorer/InternetZoneAllowFontDownloads
-
- -
- InternetExplorer/InternetZoneAllowLessPrivilegedSites
-
- -
- InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles
-
- -
- InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents
-
- -
- InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls
-
- -
- InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
-
- -
- InternetExplorer/InternetZoneAllowScriptInitiatedWindows
-
- -
- InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls
-
- -
- InternetExplorer/InternetZoneAllowScriptlets
-
- -
- InternetExplorer/InternetZoneAllowSmartScreenIE
-
- -
- InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript
-
- -
- InternetExplorer/InternetZoneAllowUserDataPersistence
-
- -
- InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer
-
- -
- InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls
-
- -
- InternetExplorer/InternetZoneDownloadSignedActiveXControls
-
- -
- InternetExplorer/InternetZoneDownloadUnsignedActiveXControls
-
- -
- InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter
-
- -
- InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
-
- -
- InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
-
- -
- InternetExplorer/InternetZoneEnableMIMESniffing
-
- -
- InternetExplorer/InternetZoneEnableProtectedMode
-
- -
- InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer
-
- -
- InternetExplorer/InternetZoneInitializeAndScriptActiveXControls
-
- -
- InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
-
- -
- InternetExplorer/InternetZoneJavaPermissions
-
- -
- InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME
-
- -
- InternetExplorer/InternetZoneLogonOptions
-
- -
- InternetExplorer/InternetZoneNavigateWindowsAndFrames
-
- -
- InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
-
- -
- InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles
-
- -
-
-
- -
- InternetExplorer/IntranetZoneAllowAccessToDataSources
-
- -
- InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls
-
- -
- InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads
-
- -
- InternetExplorer/IntranetZoneAllowFontDownloads
-
- -
- InternetExplorer/IntranetZoneAllowLessPrivilegedSites
-
- -
- InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents
-
- -
- InternetExplorer/IntranetZoneAllowScriptlets
-
- -
- InternetExplorer/IntranetZoneAllowSmartScreenIE
-
- -
- InternetExplorer/IntranetZoneAllowUserDataPersistence
-
- -
- InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls
-
- -
- InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls
-
- -
- InternetExplorer/IntranetZoneJavaPermissions
-
- -
- InternetExplorer/IntranetZoneNavigateWindowsAndFrames
-
- -
- InternetExplorer/LocalMachineZoneAllowAccessToDataSources
-
- -
- InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls
-
- -
- InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads
-
- -
- InternetExplorer/LocalMachineZoneAllowFontDownloads
-
- -
- InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites
-
- -
- InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents
-
- -
- InternetExplorer/LocalMachineZoneAllowScriptlets
-
- -
- InternetExplorer/LocalMachineZoneAllowSmartScreenIE
-
- -
- InternetExplorer/LocalMachineZoneAllowUserDataPersistence
-
- -
- InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls
-
- -
- InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls
-
- -
- InternetExplorer/LocalMachineZoneJavaPermissions
-
- -
- InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames
-
- -
- InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources
-
- -
- InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls
-
- -
- InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads
-
- -
- InternetExplorer/LockedDownInternetZoneAllowFontDownloads
-
- -
- InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites
-
- -
- InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents
-
- -
- InternetExplorer/LockedDownInternetZoneAllowScriptlets
-
- -
- InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE
-
- -
- InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence
-
- -
- InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls
-
- -
- InternetExplorer/LockedDownInternetZoneJavaPermissions
-
- -
- InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames
-
- -
- InternetExplorer/LockedDownIntranetJavaPermissions
-
- -
- InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources
-
- -
- InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls
-
- -
- InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads
-
- -
- InternetExplorer/LockedDownIntranetZoneAllowFontDownloads
-
- -
- InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites
-
- -
- InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents
-
- -
- InternetExplorer/LockedDownIntranetZoneAllowScriptlets
-
- -
- InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE
-
- -
- InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence
-
- -
- InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls
-
- -
- InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames
-
- -
- InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources
-
- -
- InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls
-
- -
- InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads
-
- -
- InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads
-
- -
- InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites
-
- -
- InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents
-
- -
- InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets
-
- -
- InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE
-
- -
- InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence
-
- -
- InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls
-
- -
- InternetExplorer/LockedDownLocalMachineZoneJavaPermissions
-
- -
- InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames
-
- -
- InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources
-
- -
- InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
-
- -
- InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
-
- -
- InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads
-
- -
- InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites
-
- -
- InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents
-
- -
- InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets
-
- -
- InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE
-
- -
- InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence
-
- -
- InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls
-
- -
- InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions
-
- -
- InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames
-
- -
- InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources
-
- -
- InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls
-
- -
- InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads
-
- -
- InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads
-
- -
- InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites
-
- -
- InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents
-
- -
- InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets
-
- -
- InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE
-
- -
- InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence
-
- -
- InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls
-
- -
- InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions
-
- -
- InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames
-
- -
- InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses
-
- -
- InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses
-
- -
- InternetExplorer/NotificationBarInternetExplorerProcesses
-
- -
- InternetExplorer/PreventManagingSmartScreenFilter
-
- -
- InternetExplorer/PreventPerUserInstallationOfActiveXControls
-
- -
- InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses
-
- -
- InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls
-
- -
- InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses
-
- -
- InternetExplorer/RestrictFileDownloadInternetExplorerProcesses
-
- -
- InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources
-
- -
- InternetExplorer/RestrictedSitesZoneAllowActiveScripting
-
- -
- InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
-
- -
- InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
-
- -
- InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors
-
- -
- InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript
-
- -
- InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles
-
- -
- InternetExplorer/RestrictedSitesZoneAllowFileDownloads
-
- -
- InternetExplorer/RestrictedSitesZoneAllowFontDownloads
-
- -
- InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites
-
- -
- InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles
-
- -
- InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH
-
- -
- InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents
-
- -
- InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls
-
- -
- InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
-
- -
- InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows
-
- -
- InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls
-
- -
- InternetExplorer/RestrictedSitesZoneAllowScriptlets
-
- -
- InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE
-
- -
- InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript
-
- -
- InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence
-
- -
- InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer
-
- -
- InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
-
- -
- InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls
-
- -
- InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls
-
- -
- InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter
-
- -
- InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
-
- -
- InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
-
- -
- InternetExplorer/RestrictedSitesZoneEnableMIMESniffing
-
- -
- InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer
-
- -
- InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls
-
- -
- InternetExplorer/RestrictedSitesZoneJavaPermissions
-
- -
- InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME
-
- -
- InternetExplorer/RestrictedSitesZoneLogonOptions
-
- -
- InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames
-
- -
- InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins
-
- -
- InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
-
- -
- InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting
-
- -
- InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets
-
- -
- InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles
-
- -
- InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode
-
- -
-
-
- -
- InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses
-
- -
- InternetExplorer/SearchProviderList
-
- -
- InternetExplorer/SecurityZonesUseOnlyMachineSettings
-
- -
- InternetExplorer/SpecifyUseOfActiveXInstallerService
-
- -
- InternetExplorer/TrustedSitesZoneAllowAccessToDataSources
-
- -
- InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls
-
- -
- InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads
-
- -
- InternetExplorer/TrustedSitesZoneAllowFontDownloads
-
- -
- InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites
-
- -
- InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents
-
- -
- InternetExplorer/TrustedSitesZoneAllowScriptlets
-
- -
- InternetExplorer/TrustedSitesZoneAllowSmartScreenIE
-
- -
- InternetExplorer/TrustedSitesZoneAllowUserDataPersistence
-
- -
- InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
-
- -
- InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls
-
- -
- InternetExplorer/TrustedSitesZoneJavaPermissions
-
- -
- InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames
-
-
-
-### Kerberos policies
-
-
- -
- Kerberos/AllowForestSearchOrder
-
- -
- Kerberos/KerberosClientSupportsClaimsCompoundArmor
-
- -
- Kerberos/RequireKerberosArmoring
-
- -
- Kerberos/RequireStrictKDCValidation
-
- -
- Kerberos/SetMaximumContextTokenSize
-
-
-
-### KioskBrowser policies
-
-
- -
- KioskBrowser/BlockedUrlExceptions
-
- -
- KioskBrowser/BlockedUrls
-
- -
- KioskBrowser/DefaultURL
-
- -
- KioskBrowser/EnableEndSessionButton
-
- -
- KioskBrowser/EnableHomeButton
-
- -
- KioskBrowser/EnableNavigationButtons
-
- -
- KioskBrowser/RestartOnIdleTime
-
-
-
-### LanmanWorkstation policies
-
-
- -
- LanmanWorkstation/EnableInsecureGuestLogons
-
-
-
-### Licensing policies
-
-
- -
- Licensing/AllowWindowsEntitlementReactivation
-
- -
- Licensing/DisallowKMSClientOnlineAVSValidation
-
-
-
-### LocalPoliciesSecurityOptions policies
-
-
- -
- LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
-
- -
- LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus
-
- -
- LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus
-
- -
- LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
-
- -
- LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
-
- -
- LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
-
- -
- LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
-
- -
- LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
-
- -
- LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
-
- -
- LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
-
- -
- LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways
-
- -
- LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible
-
- -
- LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges
-
- -
- LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
-
- -
- LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn
-
- -
- LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn
-
- -
- LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL
-
- -
- LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
-
- -
- LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
-
- -
- LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
-
- -
- LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
-
- -
- LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways
-
- -
- LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
-
- -
- LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
-
- -
- LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession
-
- -
- LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
-
- -
- LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
-
- -
- LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
-
- -
- LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
-
- -
- LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
-
- -
- LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
-
- -
- LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM
-
- -
- LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
-
- -
- LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
-
- -
- LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
-
- -
- LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients
-
- -
- LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
-
- -
- LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication
-
- -
- LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic
-
- -
- LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic
-
- -
- LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers
-
- -
- LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon
-
- -
- LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
-
- -
- LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
-
- -
- LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems
-
- -
- LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
-
- -
- LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
-
- -
- LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
-
- -
- LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
-
- -
- LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
-
- -
- LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
-
- -
- LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
-
- -
- LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
-
- -
- LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
-
- -
- LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
-
-
-
-### Location policies
-
-
- -
- Location/EnableLocation
-
-
-
-### LockDown policies
-
-
- -
- LockDown/AllowEdgeSwipe
-
-
-
-### Maps policies
-
-
- -
- Maps/AllowOfflineMapsDownloadOverMeteredConnection
-
- -
- Maps/EnableOfflineMapsAutoUpdate
-
-
-
-### Messaging policies
-
-
- -
- Messaging/AllowMMS
-
- -
- Messaging/AllowMessageSync
-
- -
- Messaging/AllowRCS
-
-
-
-### MSSecurityGuide policies
-
-
- -
- MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon
-
- -
- MSSecurityGuide/ConfigureSMBV1ClientDriver
-
- -
- MSSecurityGuide/ConfigureSMBV1Server
-
- -
- MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection
-
- -
- MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications
-
- -
- MSSecurityGuide/WDigestAuthentication
-
-
-
-### MSSLegacy policies
-
-
- -
- MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes
-
- -
- MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers
-
- -
- MSSLegacy/IPSourceRoutingProtectionLevel
-
- -
- MSSLegacy/IPv6SourceRoutingProtectionLevel
-
-
-
-### NetworkIsolation policies
-
-
- -
- NetworkIsolation/EnterpriseCloudResources
-
- -
- NetworkIsolation/EnterpriseIPRange
-
- -
- NetworkIsolation/EnterpriseIPRangesAreAuthoritative
-
- -
- NetworkIsolation/EnterpriseInternalProxyServers
-
- -
- NetworkIsolation/EnterpriseNetworkDomainNames
-
- -
- NetworkIsolation/EnterpriseProxyServers
-
- -
- NetworkIsolation/EnterpriseProxyServersAreAuthoritative
-
- -
- NetworkIsolation/NeutralResources
-
-
-
-### Notifications policies
-
-
- -
- Notifications/DisallowCloudNotification
-
- -
- Notifications/DisallowNotificationMirroring
-
- -
- Notifications/DisallowTileNotification
-
-
-
-### Power policies
-
-
- -
- Power/AllowStandbyStatesWhenSleepingOnBattery
-
- -
- Power/AllowStandbyWhenSleepingPluggedIn
-
- -
- Power/DisplayOffTimeoutOnBattery
-
- -
- Power/DisplayOffTimeoutPluggedIn
-
- -
- Power/HibernateTimeoutOnBattery
-
- -
- Power/HibernateTimeoutPluggedIn
-
- -
- Power/RequirePasswordWhenComputerWakesOnBattery
-
- -
- Power/RequirePasswordWhenComputerWakesPluggedIn
-
- -
- Power/StandbyTimeoutOnBattery
-
- -
- Power/StandbyTimeoutPluggedIn
-
-
-
-### Printers policies
-
-
- -
- Printers/PointAndPrintRestrictions
-
- -
- Printers/PointAndPrintRestrictions_User
-
- -
- Printers/PublishPrinters
-
-
-
-### Privacy policies
-
-
- -
- Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
-
- -
- Privacy/AllowCrossDeviceClipboard
-
- -
- Privacy/AllowInputPersonalization
-
- -
- Privacy/DisableAdvertisingId
-
- -
- Privacy/EnableActivityFeed
-
- -
- Privacy/LetAppsAccessAccountInfo
-
- -
- Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessCalendar
-
- -
- Privacy/LetAppsAccessCalendar_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessCalendar_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessCallHistory
-
- -
- Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessCamera
-
- -
- Privacy/LetAppsAccessCamera_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessCamera_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessCamera_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessContacts
-
- -
- Privacy/LetAppsAccessContacts_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessContacts_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessContacts_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessEmail
-
- -
- Privacy/LetAppsAccessEmail_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessEmail_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessEmail_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessGazeInput
-
- -
- Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessLocation
-
- -
- Privacy/LetAppsAccessLocation_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessLocation_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessLocation_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessMessaging
-
- -
- Privacy/LetAppsAccessMessaging_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessMessaging_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessMicrophone
-
- -
- Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessMotion
-
- -
- Privacy/LetAppsAccessMotion_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessMotion_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessMotion_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessNotifications
-
- -
- Privacy/LetAppsAccessNotifications_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessNotifications_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessPhone
-
- -
- Privacy/LetAppsAccessPhone_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessPhone_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessPhone_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessRadios
-
- -
- Privacy/LetAppsAccessRadios_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessRadios_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessRadios_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessTasks
-
- -
- Privacy/LetAppsAccessTasks_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessTasks_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessTasks_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessTrustedDevices
-
- -
- Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsGetDiagnosticInfo
-
- -
- Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps
-
- -
- Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps
-
- -
- Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsRunInBackground
-
- -
- Privacy/LetAppsRunInBackground_ForceAllowTheseApps
-
- -
- Privacy/LetAppsRunInBackground_ForceDenyTheseApps
-
- -
- Privacy/LetAppsRunInBackground_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsSyncWithDevices
-
- -
- Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps
-
- -
- Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps
-
- -
- Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps
-
- -
- Privacy/PublishUserActivities
-
- -
- Privacy/UploadUserActivities
-
-
-
-### RemoteAssistance policies
-
-
- -
- RemoteAssistance/CustomizeWarningMessages
-
- -
- RemoteAssistance/SessionLogging
-
- -
- RemoteAssistance/SolicitedRemoteAssistance
-
- -
- RemoteAssistance/UnsolicitedRemoteAssistance
-
-
-
-### RemoteDesktopServices policies
-
-
- -
- RemoteDesktopServices/AllowUsersToConnectRemotely
-
- -
- RemoteDesktopServices/ClientConnectionEncryptionLevel
-
- -
- RemoteDesktopServices/DoNotAllowDriveRedirection
-
- -
- RemoteDesktopServices/DoNotAllowPasswordSaving
-
- -
- RemoteDesktopServices/PromptForPasswordUponConnection
-
- -
- RemoteDesktopServices/RequireSecureRPCCommunication
-
-
-
-### RemoteManagement policies
-
-
- -
- RemoteManagement/AllowBasicAuthentication_Client
-
- -
- RemoteManagement/AllowBasicAuthentication_Service
-
- -
- RemoteManagement/AllowCredSSPAuthenticationClient
-
- -
- RemoteManagement/AllowCredSSPAuthenticationService
-
- -
- RemoteManagement/AllowRemoteServerManagement
-
- -
- RemoteManagement/AllowUnencryptedTraffic_Client
-
- -
- RemoteManagement/AllowUnencryptedTraffic_Service
-
- -
- RemoteManagement/DisallowDigestAuthentication
-
- -
- RemoteManagement/DisallowNegotiateAuthenticationClient
-
- -
- RemoteManagement/DisallowNegotiateAuthenticationService
-
- -
- RemoteManagement/DisallowStoringOfRunAsCredentials
-
- -
- RemoteManagement/SpecifyChannelBindingTokenHardeningLevel
-
- -
- RemoteManagement/TrustedHosts
-
- -
- RemoteManagement/TurnOnCompatibilityHTTPListener
-
- -
- RemoteManagement/TurnOnCompatibilityHTTPSListener
-
-
-
-### RemoteProcedureCall policies
-
-
- -
- RemoteProcedureCall/RPCEndpointMapperClientAuthentication
-
- -
- RemoteProcedureCall/RestrictUnauthenticatedRPCClients
-
-
-
-### RemoteShell policies
-
-
- -
- RemoteShell/AllowRemoteShellAccess
-
- -
- RemoteShell/MaxConcurrentUsers
-
- -
- RemoteShell/SpecifyIdleTimeout
-
- -
- RemoteShell/SpecifyMaxMemory
-
- -
- RemoteShell/SpecifyMaxProcesses
-
- -
- RemoteShell/SpecifyMaxRemoteShells
-
- -
- RemoteShell/SpecifyShellTimeout
-
-
-
-### RestrictedGroups policies
-
-
- -
- RestrictedGroups/ConfigureGroupMembership
-
-
-
-### Search policies
-
-
- -
- Search/AllowCloudSearch
-
- -
- Search/AllowCortanaInAAD
-
- -
- Search/AllowIndexingEncryptedStoresOrItems
-
- -
- Search/AllowSearchToUseLocation
-
- -
- Search/AllowStoringImagesFromVisionSearch
-
- -
- Search/AllowUsingDiacritics
-
- -
- Search/AllowWindowsIndexer
-
- -
- Search/AlwaysUseAutoLangDetection
-
- -
- Search/DisableBackoff
-
- -
- Search/DisableRemovableDriveIndexing
-
- -
- Search/DoNotUseWebResults
-
- -
- Search/PreventIndexingLowDiskSpaceMB
-
- -
- Search/PreventRemoteQueries
-
- -
- Search/SafeSearchPermissions
-
-
-
-### Security policies
-
-
- -
- Security/AllowAddProvisioningPackage
-
- -
- Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices
-
- -
- Security/AllowManualRootCertificateInstallation
-
- -
- Security/AllowRemoveProvisioningPackage
-
- -
- Security/AntiTheftMode
-
- -
- Security/ClearTPMIfNotReady
-
- -
- Security/ConfigureWindowsPasswords
-
- -
- Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices
-
- -
- Security/RecoveryEnvironmentAuthentication
-
- -
- Security/RequireDeviceEncryption
-
- -
- Security/RequireProvisioningPackageSignature
-
- -
- Security/RequireRetrieveHealthCertificateOnBoot
-
-
-
-### Settings policies
-
-
- -
- Settings/AllowAutoPlay
-
- -
- Settings/AllowDataSense
-
- -
- Settings/AllowDateTime
-
- -
- Settings/AllowEditDeviceName
-
- -
- Settings/AllowLanguage
-
- -
- Settings/AllowOnlineTips
-
- -
- Settings/AllowPowerSleep
-
- -
- Settings/AllowRegion
-
- -
- Settings/AllowSignInOptions
-
- -
- Settings/AllowVPN
-
- -
- Settings/AllowWorkplace
-
- -
- Settings/AllowYourAccount
-
- -
- Settings/ConfigureTaskbarCalendar
-
- -
- Settings/PageVisibilityList
-
-
-
-### SmartScreen policies
-
-
- -
- SmartScreen/EnableAppInstallControl
-
- -
- SmartScreen/EnableSmartScreenInShell
-
- -
- SmartScreen/PreventOverrideForFilesInShell
-
-
-
-### Speech policies
-
-
- -
- Speech/AllowSpeechModelUpdate
-
-
-
-### Start policies
-
-
- -
- Start/AllowPinnedFolderDocuments
-
- -
- Start/AllowPinnedFolderDownloads
-
- -
- Start/AllowPinnedFolderFileExplorer
-
- -
- Start/AllowPinnedFolderHomeGroup
-
- -
- Start/AllowPinnedFolderMusic
-
- -
- Start/AllowPinnedFolderNetwork
-
- -
- Start/AllowPinnedFolderPersonalFolder
-
- -
- Start/AllowPinnedFolderPictures
-
- -
- Start/AllowPinnedFolderSettings
-
- -
- Start/AllowPinnedFolderVideos
-
- -
- Start/ForceStartSize
-
- -
- Start/HideAppList
-
- -
- Start/HideChangeAccountSettings
-
- -
- Start/HideFrequentlyUsedApps
-
- -
- Start/HideHibernate
-
- -
- Start/HideLock
-
- -
- Start/HidePeopleBar
-
- -
- Start/HidePowerButton
-
- -
- Start/HideRecentJumplists
-
- -
- Start/HideRecentlyAddedApps
-
- -
- Start/HideRestart
-
- -
- Start/HideShutDown
-
- -
- Start/HideSignOut
-
- -
- Start/HideSleep
-
- -
- Start/HideSwitchAccount
-
- -
- Start/HideUserTile
-
- -
- Start/ImportEdgeAssets
-
- -
- Start/NoPinningToTaskbar
-
- -
- Start/StartLayout
-
-
-
-### Storage policies
-
-
- -
- Storage/AllowDiskHealthModelUpdates
-
- -
- Storage/EnhancedStorageDevices
-
-
-
-### System policies
-
-
- -
- System/AllowBuildPreview
-
- -
- System/AllowEmbeddedMode
-
- -
- System/AllowExperimentation
-
- -
- System/AllowFontProviders
-
- -
- System/AllowLocation
-
- -
- System/AllowStorageCard
-
- -
- System/AllowTelemetry
-
- -
- System/AllowUserToResetPhone
-
- -
- System/BootStartDriverInitialization
-
- -
- System/ConfigureTelemetryOptInChangeNotification
-
- -
- System/ConfigureTelemetryOptInSettingsUx
-
- -
- System/DisableEnterpriseAuthProxy
-
- -
- System/DisableOneDriveFileSync
-
- -
- System/DisableSystemRestore
-
- -
- System/FeedbackHubAlwaysSaveDiagnosticsLocally
-
- -
- System/LimitEnhancedDiagnosticDataWindowsAnalytics
-
- -
- System/TelemetryProxy
-
-
-
-### SystemServices policies
-
-
- -
- SystemServices/ConfigureHomeGroupListenerServiceStartupMode
-
- -
- SystemServices/ConfigureHomeGroupProviderServiceStartupMode
-
- -
- SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
-
- -
- SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
-
- -
- SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
-
- -
- SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
-
-
-
-### TaskManager policies
-
-
- -
- TaskManager/AllowEndTask
-
-
-
-### TaskScheduler policies
-
-
- -
- TaskScheduler/EnableXboxGameSaveTask
-
-
-
-### TextInput policies
-
-
- -
- TextInput/AllowHardwareKeyboardTextSuggestions
-
- -
- TextInput/AllowIMELogging
-
- -
- TextInput/AllowIMENetworkAccess
-
- -
- TextInput/AllowInputPanel
-
- -
- TextInput/AllowJapaneseIMESurrogatePairCharacters
-
- -
- TextInput/AllowJapaneseIVSCharacters
-
- -
- TextInput/AllowJapaneseNonPublishingStandardGlyph
-
- -
- TextInput/AllowJapaneseUserDictionary
-
- -
- TextInput/AllowKeyboardTextSuggestions
-
- -
- TextInput/AllowKoreanExtendedHanja
-
- -
- TextInput/AllowLanguageFeaturesUninstall
-
- -
- TextInput/AllowLinguisticDataCollection
-
- -
- TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
-
- -
- TextInput/ExcludeJapaneseIMEExceptJIS0208
-
- -
- TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC
-
- -
- TextInput/ExcludeJapaneseIMEExceptShiftJIS
-
- -
- TextInput/ForceTouchKeyboardDockedState
-
- -
- TextInput/TouchKeyboardDictationButtonAvailability
-
- -
- TextInput/TouchKeyboardEmojiButtonAvailability
-
- -
- TextInput/TouchKeyboardFullModeAvailability
-
- -
- TextInput/TouchKeyboardHandwritingModeAvailability
-
- -
- TextInput/TouchKeyboardNarrowModeAvailability
-
- -
- TextInput/TouchKeyboardSplitModeAvailability
-
- -
- TextInput/TouchKeyboardWideModeAvailability
-
-
-
-### TimeLanguageSettings policies
-
-
- -
- TimeLanguageSettings/AllowSet24HourClock
-
-
-
-### Update policies
-
-
- -
- Update/ActiveHoursEnd
-
- -
- Update/ActiveHoursMaxRange
-
- -
-
-
- -
- Update/AllowAutoUpdate
-
- -
- Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork
-
- -
- Update/AllowMUUpdateService
-
- -
- Update/AllowNonMicrosoftSignedUpdate
-
- -
- Update/AllowUpdateService
-
- -
- Update/AutoRestartDeadlinePeriodInDays
-
- -
- Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates
-
- -
- Update/AutoRestartNotificationSchedule
-
- -
- Update/AutoRestartRequiredNotificationDismissal
-
- -
- Update/BranchReadinessLevel
-
- -
- Update/ConfigureFeatureUpdateUninstallPeriod
-
- -
- Update/DeferFeatureUpdatesPeriodInDays
-
- -
- Update/DeferQualityUpdatesPeriodInDays
-
- -
- Update/DeferUpdatePeriod
-
- -
- Update/DeferUpgradePeriod
-
- -
- Update/DetectionFrequency
-
- -
- Update/DisableDualScan
-
- -
- Update/EngagedRestartDeadline
-
- -
- Update/EngagedRestartDeadlineForFeatureUpdates
-
- -
- Update/EngagedRestartSnoozeSchedule
-
- -
- Update/EngagedRestartSnoozeScheduleForFeatureUpdates
-
- -
- Update/EngagedRestartTransitionSchedule
-
- -
- Update/EngagedRestartTransitionScheduleForFeatureUpdates
-
- -
- Update/ExcludeWUDriversInQualityUpdate
-
- -
- Update/FillEmptyContentUrls
-
- -
- Update/IgnoreMOAppDownloadLimit
-
- -
- Update/IgnoreMOUpdateDownloadLimit
-
- -
- Update/ManagePreviewBuilds
-
- -
- Update/PauseDeferrals
-
- -
- Update/PauseFeatureUpdates
-
- -
- Update/PauseFeatureUpdatesStartTime
-
- -
- Update/PauseQualityUpdates
-
- -
- Update/PauseQualityUpdatesStartTime
-
- -
- Update/PhoneUpdateRestrictions
-
- -
- Update/RequireDeferUpgrade
-
- -
- Update/RequireUpdateApproval
-
- -
- Update/ScheduleImminentRestartWarning
-
- -
- Update/ScheduleRestartWarning
-
- -
- Update/ScheduledInstallDay
-
- -
- Update/ScheduledInstallEveryWeek
-
- -
- Update/ScheduledInstallFirstWeek
-
- -
- Update/ScheduledInstallFourthWeek
-
- -
- Update/ScheduledInstallSecondWeek
-
- -
- Update/ScheduledInstallThirdWeek
-
- -
- Update/ScheduledInstallTime
-
- -
- Update/SetAutoRestartNotificationDisable
-
- -
- Update/SetDisablePauseUXAccess
-
- -
- Update/SetDisableUXWUAccess
-
- -
- Update/SetEDURestart
-
- -
- Update/UpdateNotificationLevel
-
- -
- Update/UpdateServiceUrl
-
- -
- Update/UpdateServiceUrlAlternate
-
-
-
-### UserRights policies
-
-
- -
- UserRights/AccessCredentialManagerAsTrustedCaller
-
- -
- UserRights/AccessFromNetwork
-
- -
- UserRights/ActAsPartOfTheOperatingSystem
-
- -
- UserRights/AllowLocalLogOn
-
- -
- UserRights/BackupFilesAndDirectories
-
- -
- UserRights/ChangeSystemTime
-
- -
- UserRights/CreateGlobalObjects
-
- -
- UserRights/CreatePageFile
-
- -
- UserRights/CreatePermanentSharedObjects
-
- -
- UserRights/CreateSymbolicLinks
-
- -
- UserRights/CreateToken
-
- -
- UserRights/DebugPrograms
-
- -
- UserRights/DenyAccessFromNetwork
-
- -
- UserRights/DenyLocalLogOn
-
- -
- UserRights/DenyRemoteDesktopServicesLogOn
-
- -
- UserRights/EnableDelegation
-
- -
- UserRights/GenerateSecurityAudits
-
- -
- UserRights/ImpersonateClient
-
- -
- UserRights/IncreaseSchedulingPriority
-
- -
- UserRights/LoadUnloadDeviceDrivers
-
- -
- UserRights/LockMemory
-
- -
- UserRights/ManageAuditingAndSecurityLog
-
- -
- UserRights/ManageVolume
-
- -
- UserRights/ModifyFirmwareEnvironment
-
- -
- UserRights/ModifyObjectLabel
-
- -
- UserRights/ProfileSingleProcess
-
- -
- UserRights/RemoteShutdown
-
- -
- UserRights/RestoreFilesAndDirectories
-
- -
- UserRights/TakeOwnership
-
-
-
-### Wifi policies
-
-
- -
- WiFi/AllowWiFiHotSpotReporting
-
- -
- Wifi/AllowAutoConnectToWiFiSenseHotspots
-
- -
- Wifi/AllowInternetSharing
-
- -
- Wifi/AllowManualWiFiConfiguration
-
- -
- Wifi/AllowWiFi
-
- -
- Wifi/AllowWiFiDirect
-
- -
- Wifi/WLANScanMode
-
-
-
-### WindowsConnectionManager policies
-
-
- -
- WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork
-
-
-
-### WindowsDefenderSecurityCenter policies
-
-
- -
- WindowsDefenderSecurityCenter/CompanyName
-
- -
- WindowsDefenderSecurityCenter/DisableAccountProtectionUI
-
- -
- WindowsDefenderSecurityCenter/DisableAppBrowserUI
-
- -
- WindowsDefenderSecurityCenter/DisableClearTpmButton
-
- -
- WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
-
- -
- WindowsDefenderSecurityCenter/DisableEnhancedNotifications
-
- -
- WindowsDefenderSecurityCenter/DisableFamilyUI
-
- -
- WindowsDefenderSecurityCenter/DisableHealthUI
-
- -
- WindowsDefenderSecurityCenter/DisableNetworkUI
-
- -
- WindowsDefenderSecurityCenter/DisableNotifications
-
- -
- WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
-
- -
- WindowsDefenderSecurityCenter/DisableVirusUI
-
- -
- WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride
-
- -
- WindowsDefenderSecurityCenter/Email
-
- -
- WindowsDefenderSecurityCenter/EnableCustomizedToasts
-
- -
- WindowsDefenderSecurityCenter/EnableInAppCustomization
-
- -
- WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
-
- -
- WindowsDefenderSecurityCenter/HideSecureBoot
-
- -
- WindowsDefenderSecurityCenter/HideTPMTroubleshooting
-
- -
- WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
-
- -
- WindowsDefenderSecurityCenter/Phone
-
- -
- WindowsDefenderSecurityCenter/URL
-
-
-
-### WindowsInkWorkspace policies
-
-
- -
- WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace
-
- -
- WindowsInkWorkspace/AllowWindowsInkWorkspace
-
-
-
-### WindowsLogon policies
-
-
- -
- WindowsLogon/DisableLockScreenAppNotifications
-
- -
- WindowsLogon/DontDisplayNetworkSelectionUI
-
- -
- WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers
-
- -
- WindowsLogon/HideFastUserSwitching
-
- -
- WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart
-
-
-
-### WindowsPowerShell policies
-
-
- -
- WindowsPowerShell/TurnOnPowerShellScriptBlockLogging
-
-
-
-### WirelessDisplay policies
-
-
- -
- WirelessDisplay/AllowMdnsAdvertisement
-
- -
- WirelessDisplay/AllowMdnsDiscovery
-
- -
- WirelessDisplay/AllowProjectionFromPC
-
- -
- WirelessDisplay/AllowProjectionFromPCOverInfrastructure
-
- -
- WirelessDisplay/AllowProjectionToPC
-
- -
- WirelessDisplay/AllowProjectionToPCOverInfrastructure
-
- -
- WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver
-
- -
- WirelessDisplay/RequirePinForPairing
-
-
-
-
-## ADMX-backed policies
-
-- [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
-- [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
-- [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
-- [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)
-- [AppVirtualization/AllowPackageCleanup](./policy-csp-appvirtualization.md#appvirtualization-allowpackagecleanup)
-- [AppVirtualization/AllowPackageScripts](./policy-csp-appvirtualization.md#appvirtualization-allowpackagescripts)
-- [AppVirtualization/AllowPublishingRefreshUX](./policy-csp-appvirtualization.md#appvirtualization-allowpublishingrefreshux)
-- [AppVirtualization/AllowReportingServer](./policy-csp-appvirtualization.md#appvirtualization-allowreportingserver)
-- [AppVirtualization/AllowRoamingFileExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingfileexclusions)
-- [AppVirtualization/AllowRoamingRegistryExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingregistryexclusions)
-- [AppVirtualization/AllowStreamingAutoload](./policy-csp-appvirtualization.md#appvirtualization-allowstreamingautoload)
-- [AppVirtualization/ClientCoexistenceAllowMigrationmode](./policy-csp-appvirtualization.md#appvirtualization-clientcoexistenceallowmigrationmode)
-- [AppVirtualization/IntegrationAllowRootGlobal](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootglobal)
-- [AppVirtualization/IntegrationAllowRootUser](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootuser)
-- [AppVirtualization/PublishingAllowServer1](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver1)
-- [AppVirtualization/PublishingAllowServer2](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver2)
-- [AppVirtualization/PublishingAllowServer3](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver3)
-- [AppVirtualization/PublishingAllowServer4](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver4)
-- [AppVirtualization/PublishingAllowServer5](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver5)
-- [AppVirtualization/StreamingAllowCertificateFilterForClient_SSL](./policy-csp-appvirtualization.md#appvirtualization-streamingallowcertificatefilterforclient-ssl)
-- [AppVirtualization/StreamingAllowHighCostLaunch](./policy-csp-appvirtualization.md#appvirtualization-streamingallowhighcostlaunch)
-- [AppVirtualization/StreamingAllowLocationProvider](./policy-csp-appvirtualization.md#appvirtualization-streamingallowlocationprovider)
-- [AppVirtualization/StreamingAllowPackageInstallationRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackageinstallationroot)
-- [AppVirtualization/StreamingAllowPackageSourceRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackagesourceroot)
-- [AppVirtualization/StreamingAllowReestablishmentInterval](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentinterval)
-- [AppVirtualization/StreamingAllowReestablishmentRetries](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentretries)
-- [AppVirtualization/StreamingSharedContentStoreMode](./policy-csp-appvirtualization.md#appvirtualization-streamingsharedcontentstoremode)
-- [AppVirtualization/StreamingSupportBranchCache](./policy-csp-appvirtualization.md#appvirtualization-streamingsupportbranchcache)
-- [AppVirtualization/StreamingVerifyCertificateRevocationList](./policy-csp-appvirtualization.md#appvirtualization-streamingverifycertificaterevocationlist)
-- [AppVirtualization/VirtualComponentsAllowList](./policy-csp-appvirtualization.md#appvirtualization-virtualcomponentsallowlist)
-- [AttachmentManager/DoNotPreserveZoneInformation](./policy-csp-attachmentmanager.md#attachmentmanager-donotpreservezoneinformation)
-- [AttachmentManager/HideZoneInfoMechanism](./policy-csp-attachmentmanager.md#attachmentmanager-hidezoneinfomechanism)
-- [AttachmentManager/NotifyAntivirusPrograms](./policy-csp-attachmentmanager.md#attachmentmanager-notifyantivirusprograms)
-- [Autoplay/DisallowAutoplayForNonVolumeDevices](./policy-csp-autoplay.md#autoplay-disallowautoplayfornonvolumedevices)
-- [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior)
-- [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay)
-- [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui)
-- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp)
-- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp)
-- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards)
-- [Connectivity/HardenedUNCPaths](./policy-csp-connectivity.md#connectivity-hardeneduncpaths)
-- [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](./policy-csp-connectivity.md#connectivity-prohibitinstallationandconfigurationofnetworkbridge)
-- [CredentialProviders/AllowPINLogon](./policy-csp-credentialproviders.md#credentialproviders-allowpinlogon)
-- [CredentialProviders/BlockPicturePassword](./policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword)
-- [CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials](./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials)
-- [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
-- [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
-- [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g)
-- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
-- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
-- [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
-- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids)
-- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses)
-- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork)
-- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings)
-- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
-- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
-- [DeviceLock/PreventEnablingLockScreenCamera](./policy-csp-devicelock.md#devicelock-preventenablinglockscreencamera)
-- [DeviceLock/PreventLockScreenSlideShow](./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)
-- [ErrorReporting/CustomizeConsentSettings](./policy-csp-errorreporting.md#errorreporting-customizeconsentsettings)
-- [ErrorReporting/DisableWindowsErrorReporting](./policy-csp-errorreporting.md#errorreporting-disablewindowserrorreporting)
-- [ErrorReporting/DisplayErrorNotification](./policy-csp-errorreporting.md#errorreporting-displayerrornotification)
-- [ErrorReporting/DoNotSendAdditionalData](./policy-csp-errorreporting.md#errorreporting-donotsendadditionaldata)
-- [ErrorReporting/PreventCriticalErrorDisplay](./policy-csp-errorreporting.md#errorreporting-preventcriticalerrordisplay)
-- [EventLogService/ControlEventLogBehavior](./policy-csp-eventlogservice.md#eventlogservice-controleventlogbehavior)
-- [EventLogService/SpecifyMaximumFileSizeApplicationLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizeapplicationlog)
-- [EventLogService/SpecifyMaximumFileSizeSecurityLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesecuritylog)
-- [EventLogService/SpecifyMaximumFileSizeSystemLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesystemlog)
-- [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer)
-- [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption)
-- [InternetExplorer/AddSearchProvider](./policy-csp-internetexplorer.md#internetexplorer-addsearchprovider)
-- [InternetExplorer/AllowActiveXFiltering](./policy-csp-internetexplorer.md#internetexplorer-allowactivexfiltering)
-- [InternetExplorer/AllowAddOnList](./policy-csp-internetexplorer.md#internetexplorer-allowaddonlist)
-- [InternetExplorer/AllowAutoComplete](./policy-csp-internetexplorer.md#internetexplorer-allowautocomplete)
-- [InternetExplorer/AllowCertificateAddressMismatchWarning](./policy-csp-internetexplorer.md#internetexplorer-allowcertificateaddressmismatchwarning)
-- [InternetExplorer/AllowDeletingBrowsingHistoryOnExit](./policy-csp-internetexplorer.md#internetexplorer-allowdeletingbrowsinghistoryonexit)
-- [InternetExplorer/AllowEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedprotectedmode)
-- [InternetExplorer/AllowEnterpriseModeFromToolsMenu](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodefromtoolsmenu)
-- [InternetExplorer/AllowEnterpriseModeSiteList](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodesitelist)
-- [InternetExplorer/AllowFallbackToSSL3](./policy-csp-internetexplorer.md#internetexplorer-allowfallbacktossl3)
-- [InternetExplorer/AllowInternetExplorer7PolicyList](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorer7policylist)
-- [InternetExplorer/AllowInternetExplorerStandardsMode](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorerstandardsmode)
-- [InternetExplorer/AllowInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowinternetzonetemplate)
-- [InternetExplorer/AllowIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowintranetzonetemplate)
-- [InternetExplorer/AllowLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlocalmachinezonetemplate)
-- [InternetExplorer/AllowLockedDownInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddowninternetzonetemplate)
-- [InternetExplorer/AllowLockedDownIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownintranetzonetemplate)
-- [InternetExplorer/AllowLockedDownLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownlocalmachinezonetemplate)
-- [InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownrestrictedsiteszonetemplate)
-- [InternetExplorer/AllowOneWordEntry](./policy-csp-internetexplorer.md#internetexplorer-allowonewordentry)
-- [InternetExplorer/AllowSiteToZoneAssignmentList](./policy-csp-internetexplorer.md#internetexplorer-allowsitetozoneassignmentlist)
-- [InternetExplorer/AllowSoftwareWhenSignatureIsInvalid](./policy-csp-internetexplorer.md#internetexplorer-allowsoftwarewhensignatureisinvalid)
-- [InternetExplorer/AllowSuggestedSites](./policy-csp-internetexplorer.md#internetexplorer-allowsuggestedsites)
-- [InternetExplorer/AllowTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowtrustedsiteszonetemplate)
-- [InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowslockeddowntrustedsiteszonetemplate)
-- [InternetExplorer/AllowsRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowsrestrictedsiteszonetemplate)
-- [InternetExplorer/CheckServerCertificateRevocation](./policy-csp-internetexplorer.md#internetexplorer-checkservercertificaterevocation)
-- [InternetExplorer/CheckSignaturesOnDownloadedPrograms](./policy-csp-internetexplorer.md#internetexplorer-checksignaturesondownloadedprograms)
-- [InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-consistentmimehandlinginternetexplorerprocesses)
-- [InternetExplorer/DisableAdobeFlash](./policy-csp-internetexplorer.md#internetexplorer-disableadobeflash)
-- [InternetExplorer/DisableBypassOfSmartScreenWarnings](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarnings)
-- [InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles)
-- [InternetExplorer/DisableConfiguringHistory](./policy-csp-internetexplorer.md#internetexplorer-disableconfiguringhistory)
-- [InternetExplorer/DisableCrashDetection](./policy-csp-internetexplorer.md#internetexplorer-disablecrashdetection)
-- [InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation](./policy-csp-internetexplorer.md#internetexplorer-disablecustomerexperienceimprovementprogramparticipation)
-- [InternetExplorer/DisableDeletingUserVisitedWebsites](./policy-csp-internetexplorer.md#internetexplorer-disabledeletinguservisitedwebsites)
-- [InternetExplorer/DisableEnclosureDownloading](./policy-csp-internetexplorer.md#internetexplorer-disableenclosuredownloading)
-- [InternetExplorer/DisableEncryptionSupport](./policy-csp-internetexplorer.md#internetexplorer-disableencryptionsupport)
-- [InternetExplorer/DisableFirstRunWizard](./policy-csp-internetexplorer.md#internetexplorer-disablefirstrunwizard)
-- [InternetExplorer/DisableFlipAheadFeature](./policy-csp-internetexplorer.md#internetexplorer-disableflipaheadfeature)
-- [InternetExplorer/DisableHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablehomepagechange)
-- [InternetExplorer/DisableIgnoringCertificateErrors](./policy-csp-internetexplorer.md#internetexplorer-disableignoringcertificateerrors)
-- [InternetExplorer/DisableInPrivateBrowsing](./policy-csp-internetexplorer.md#internetexplorer-disableinprivatebrowsing)
-- [InternetExplorer/DisableProcessesInEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-disableprocessesinenhancedprotectedmode)
-- [InternetExplorer/DisableProxyChange](./policy-csp-internetexplorer.md#internetexplorer-disableproxychange)
-- [InternetExplorer/DisableSearchProviderChange](./policy-csp-internetexplorer.md#internetexplorer-disablesearchproviderchange)
-- [InternetExplorer/DisableSecondaryHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablesecondaryhomepagechange)
-- [InternetExplorer/DisableSecuritySettingsCheck](./policy-csp-internetexplorer.md#internetexplorer-disablesecuritysettingscheck)
-- [InternetExplorer/DisableUpdateCheck](./policy-csp-internetexplorer.md#internetexplorer-disableupdatecheck)
-- [InternetExplorer/DoNotAllowActiveXControlsInProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-donotallowactivexcontrolsinprotectedmode)
-- [InternetExplorer/DoNotAllowUsersToAddSites](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstoaddsites)
-- [InternetExplorer/DoNotAllowUsersToChangePolicies](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstochangepolicies)
-- [InternetExplorer/DoNotBlockOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrols)
-- [InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrolsonspecificdomains)
-- [InternetExplorer/IncludeAllLocalSites](./policy-csp-internetexplorer.md#internetexplorer-includealllocalsites)
-- [InternetExplorer/IncludeAllNetworkPaths](./policy-csp-internetexplorer.md#internetexplorer-includeallnetworkpaths)
-- [InternetExplorer/InternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowaccesstodatasources)
-- [InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/InternetZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowcopypasteviascript)
-- [InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowdraganddropcopyandpastefiles)
-- [InternetExplorer/InternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowfontdownloads)
-- [InternetExplorer/InternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowlessprivilegedsites)
-- [InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowloadingofxamlfiles)
-- [InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallownetframeworkreliantcomponents)
-- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstouseactivexcontrols)
-- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstousetdcactivexcontrol)
-- [InternetExplorer/InternetZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptinitiatedwindows)
-- [InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptingofinternetexplorerwebbrowsercontrols)
-- [InternetExplorer/InternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptlets)
-- [InternetExplorer/InternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowsmartscreenie)
-- [InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowupdatestostatusbarviascript)
-- [InternetExplorer/InternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowuserdatapersistence)
-- [InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowvbscripttorunininternetexplorer)
-- [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedonotrunantimalwareagainstactivexcontrols)
-- [InternetExplorer/InternetZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadsignedactivexcontrols)
-- [InternetExplorer/InternetZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadunsignedactivexcontrols)
-- [InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablecrosssitescriptingfilter)
-- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
-- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainswithinwindows)
-- [InternetExplorer/InternetZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablemimesniffing)
-- [InternetExplorer/InternetZoneEnableProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenableprotectedmode)
-- [InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneincludelocalpathwhenuploadingfilestoserver)
-- [InternetExplorer/InternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/InternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-internetzonejavapermissions)
-- [InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-internetzonelaunchingapplicationsandfilesiniframe)
-- [InternetExplorer/InternetZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-internetzonelogonoptions)
-- [InternetExplorer/InternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-internetzonenavigatewindowsandframes)
-- [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-internetzonerunnetframeworkreliantcomponentssignedwithauthenticode)
-- [InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneshowsecuritywarningforpotentiallyunsafefiles)
-- [InternetExplorer/InternetZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-internetzoneusepopupblocker)
-- [InternetExplorer/IntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowaccesstodatasources)
-- [InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/IntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowfontdownloads)
-- [InternetExplorer/IntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowlessprivilegedsites)
-- [InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallownetframeworkreliantcomponents)
-- [InternetExplorer/IntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowscriptlets)
-- [InternetExplorer/IntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowsmartscreenie)
-- [InternetExplorer/IntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowuserdatapersistence)
-- [InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzonedonotrunantimalwareagainstactivexcontrols)
-- [InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/IntranetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-intranetzonejavapermissions)
-- [InternetExplorer/IntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-intranetzonenavigatewindowsandframes)
-- [InternetExplorer/LocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowaccesstodatasources)
-- [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/LocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowfontdownloads)
-- [InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowlessprivilegedsites)
-- [InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallownetframeworkreliantcomponents)
-- [InternetExplorer/LocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowscriptlets)
-- [InternetExplorer/LocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowsmartscreenie)
-- [InternetExplorer/LocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowuserdatapersistence)
-- [InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonedonotrunantimalwareagainstactivexcontrols)
-- [InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/LocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonejavapermissions)
-- [InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonenavigatewindowsandframes)
-- [InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowaccesstodatasources)
-- [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/LockedDownInternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowfontdownloads)
-- [InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowlessprivilegedsites)
-- [InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallownetframeworkreliantcomponents)
-- [InternetExplorer/LockedDownInternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowscriptlets)
-- [InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowsmartscreenie)
-- [InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowuserdatapersistence)
-- [InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/LockedDownInternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonejavapermissions)
-- [InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonenavigatewindowsandframes)
-- [InternetExplorer/LockedDownIntranetJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetjavapermissions)
-- [InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowaccesstodatasources)
-- [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/LockedDownIntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowfontdownloads)
-- [InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowlessprivilegedsites)
-- [InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallownetframeworkreliantcomponents)
-- [InternetExplorer/LockedDownIntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowscriptlets)
-- [InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowsmartscreenie)
-- [InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowuserdatapersistence)
-- [InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzonenavigatewindowsandframes)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowaccesstodatasources)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowfontdownloads)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowlessprivilegedsites)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallownetframeworkreliantcomponents)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowscriptlets)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowsmartscreenie)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowuserdatapersistence)
-- [InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/LockedDownLocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonejavapermissions)
-- [InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonenavigatewindowsandframes)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowaccesstodatasources)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowfontdownloads)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowlessprivilegedsites)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallownetframeworkreliantcomponents)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowscriptlets)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowsmartscreenie)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowuserdatapersistence)
-- [InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonejavapermissions)
-- [InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonenavigatewindowsandframes)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowaccesstodatasources)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowfontdownloads)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowlessprivilegedsites)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallownetframeworkreliantcomponents)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowscriptlets)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowsmartscreenie)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowuserdatapersistence)
-- [InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonejavapermissions)
-- [InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes)
-- [InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mkprotocolsecurityrestrictioninternetexplorerprocesses)
-- [InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mimesniffingsafetyfeatureinternetexplorerprocesses)
-- [InternetExplorer/NotificationBarInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-notificationbarinternetexplorerprocesses)
-- [InternetExplorer/PreventManagingSmartScreenFilter](./policy-csp-internetexplorer.md#internetexplorer-preventmanagingsmartscreenfilter)
-- [InternetExplorer/PreventPerUserInstallationOfActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-preventperuserinstallationofactivexcontrols)
-- [InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-protectionfromzoneelevationinternetexplorerprocesses)
-- [InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-removerunthistimebuttonforoutdatedactivexcontrols)
-- [InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictactivexinstallinternetexplorerprocesses)
-- [InternetExplorer/RestrictFileDownloadInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictfiledownloadinternetexplorerprocesses)
-- [InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowaccesstodatasources)
-- [InternetExplorer/RestrictedSitesZoneAllowActiveScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowactivescripting)
-- [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowbinaryandscriptbehaviors)
-- [InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowcopypasteviascript)
-- [InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowdraganddropcopyandpastefiles)
-- [InternetExplorer/RestrictedSitesZoneAllowFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfiledownloads)
-- [InternetExplorer/RestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfontdownloads)
-- [InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowlessprivilegedsites)
-- [InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowloadingofxamlfiles)
-- [InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowmetarefresh)
-- [InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallownetframeworkreliantcomponents)
-- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstouseactivexcontrols)
-- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstousetdcactivexcontrol)
-- [InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptinitiatedwindows)
-- [InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptingofinternetexplorerwebbrowsercontrols)
-- [InternetExplorer/RestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptlets)
-- [InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowsmartscreenie)
-- [InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowupdatestostatusbarviascript)
-- [InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowuserdatapersistence)
-- [InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowvbscripttorunininternetexplorer)
-- [InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedonotrunantimalwareagainstactivexcontrols)
-- [InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadsignedactivexcontrols)
-- [InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadunsignedactivexcontrols)
-- [InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablecrosssitescriptingfilter)
-- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
-- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainswithinwindows)
-- [InternetExplorer/RestrictedSitesZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablemimesniffing)
-- [InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneincludelocalpathwhenuploadingfilestoserver)
-- [InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/RestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonejavapermissions)
-- [InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelaunchingapplicationsandfilesiniframe)
-- [InternetExplorer/RestrictedSitesZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelogonoptions)
-- [InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonenavigatewindowsandframes)
-- [InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunactivexcontrolsandplugins)
-- [InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunnetframeworkreliantcomponentssignedwithauthenticode)
-- [InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptactivexcontrolsmarkedsafeforscripting)
-- [InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptingofjavaapplets)
-- [InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneshowsecuritywarningforpotentiallyunsafefiles)
-- [InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneturnonprotectedmode)
-- [InternetExplorer/RestrictedSitesZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneusepopupblocker)
-- [InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-scriptedwindowsecurityrestrictionsinternetexplorerprocesses)
-- [InternetExplorer/SearchProviderList](./policy-csp-internetexplorer.md#internetexplorer-searchproviderlist)
-- [InternetExplorer/SecurityZonesUseOnlyMachineSettings](./policy-csp-internetexplorer.md#internetexplorer-securityzonesuseonlymachinesettings)
-- [InternetExplorer/SpecifyUseOfActiveXInstallerService](./policy-csp-internetexplorer.md#internetexplorer-specifyuseofactivexinstallerservice)
-- [InternetExplorer/TrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowaccesstodatasources)
-- [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/TrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowfontdownloads)
-- [InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowlessprivilegedsites)
-- [InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallownetframeworkreliantcomponents)
-- [InternetExplorer/TrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowscriptlets)
-- [InternetExplorer/TrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowsmartscreenie)
-- [InternetExplorer/TrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowuserdatapersistence)
-- [InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonedonotrunantimalwareagainstactivexcontrols)
-- [InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/TrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonejavapermissions)
-- [InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonenavigatewindowsandframes)
-- [Kerberos/AllowForestSearchOrder](./policy-csp-kerberos.md#kerberos-allowforestsearchorder)
-- [Kerberos/KerberosClientSupportsClaimsCompoundArmor](./policy-csp-kerberos.md#kerberos-kerberosclientsupportsclaimscompoundarmor)
-- [Kerberos/RequireKerberosArmoring](./policy-csp-kerberos.md#kerberos-requirekerberosarmoring)
-- [Kerberos/RequireStrictKDCValidation](./policy-csp-kerberos.md#kerberos-requirestrictkdcvalidation)
-- [Kerberos/SetMaximumContextTokenSize](./policy-csp-kerberos.md#kerberos-setmaximumcontexttokensize)
-- [MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes](./policy-csp-msslegacy.md#msslegacy-allowicmpredirectstooverrideospfgeneratedroutes)
-- [MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers](./policy-csp-msslegacy.md#msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers)
-- [MSSLegacy/IPSourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipsourceroutingprotectionlevel)
-- [MSSLegacy/IPv6SourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipv6sourceroutingprotectionlevel)
-- [MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon](./policy-csp-mssecurityguide.md#mssecurityguide-applyuacrestrictionstolocalaccountsonnetworklogon)
-- [MSSecurityGuide/ConfigureSMBV1ClientDriver](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1clientdriver)
-- [MSSecurityGuide/ConfigureSMBV1Server](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1server)
-- [MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection](./policy-csp-mssecurityguide.md#mssecurityguide-enablestructuredexceptionhandlingoverwriteprotection)
-- [MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications](./policy-csp-mssecurityguide.md#mssecurityguide-turnonwindowsdefenderprotectionagainstpotentiallyunwantedapplications)
-- [MSSecurityGuide/WDigestAuthentication](./policy-csp-mssecurityguide.md#mssecurityguide-wdigestauthentication)
-- [Power/AllowStandbyStatesWhenSleepingOnBattery](./policy-csp-power.md#power-allowstandbystateswhensleepingonbattery)
-- [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin)
-- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
-- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
-- [Power/HibernateTimeoutOnBattery](./policy-csp-power.md#power-hibernatetimeoutonbattery)
-- [Power/HibernateTimeoutPluggedIn](./policy-csp-power.md#power-hibernatetimeoutpluggedin)
-- [Power/RequirePasswordWhenComputerWakesOnBattery](./policy-csp-power.md#power-requirepasswordwhencomputerwakesonbattery)
-- [Power/RequirePasswordWhenComputerWakesPluggedIn](./policy-csp-power.md#power-requirepasswordwhencomputerwakespluggedin)
-- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery)
-- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin)
-- [Printers/PointAndPrintRestrictions](./policy-csp-printers.md#printers-pointandprintrestrictions)
-- [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions-user)
-- [Printers/PublishPrinters](./policy-csp-printers.md#printers-publishprinters)
-- [RemoteAssistance/CustomizeWarningMessages](./policy-csp-remoteassistance.md#remoteassistance-customizewarningmessages)
-- [RemoteAssistance/SessionLogging](./policy-csp-remoteassistance.md#remoteassistance-sessionlogging)
-- [RemoteAssistance/SolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-solicitedremoteassistance)
-- [RemoteAssistance/UnsolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-unsolicitedremoteassistance)
-- [RemoteDesktopServices/AllowUsersToConnectRemotely](./policy-csp-remotedesktopservices.md#remotedesktopservices-allowuserstoconnectremotely)
-- [RemoteDesktopServices/ClientConnectionEncryptionLevel](./policy-csp-remotedesktopservices.md#remotedesktopservices-clientconnectionencryptionlevel)
-- [RemoteDesktopServices/DoNotAllowDriveRedirection](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowdriveredirection)
-- [RemoteDesktopServices/DoNotAllowPasswordSaving](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowpasswordsaving)
-- [RemoteDesktopServices/PromptForPasswordUponConnection](./policy-csp-remotedesktopservices.md#remotedesktopservices-promptforpassworduponconnection)
-- [RemoteDesktopServices/RequireSecureRPCCommunication](./policy-csp-remotedesktopservices.md#remotedesktopservices-requiresecurerpccommunication)
-- [RemoteManagement/AllowBasicAuthentication_Client](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-client)
-- [RemoteManagement/AllowBasicAuthentication_Service](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-service)
-- [RemoteManagement/AllowCredSSPAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationclient)
-- [RemoteManagement/AllowCredSSPAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationservice)
-- [RemoteManagement/AllowRemoteServerManagement](./policy-csp-remotemanagement.md#remotemanagement-allowremoteservermanagement)
-- [RemoteManagement/AllowUnencryptedTraffic_Client](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-client)
-- [RemoteManagement/AllowUnencryptedTraffic_Service](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-service)
-- [RemoteManagement/DisallowDigestAuthentication](./policy-csp-remotemanagement.md#remotemanagement-disallowdigestauthentication)
-- [RemoteManagement/DisallowNegotiateAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationclient)
-- [RemoteManagement/DisallowNegotiateAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationservice)
-- [RemoteManagement/DisallowStoringOfRunAsCredentials](./policy-csp-remotemanagement.md#remotemanagement-disallowstoringofrunascredentials)
-- [RemoteManagement/SpecifyChannelBindingTokenHardeningLevel](./policy-csp-remotemanagement.md#remotemanagement-specifychannelbindingtokenhardeninglevel)
-- [RemoteManagement/TrustedHosts](./policy-csp-remotemanagement.md#remotemanagement-trustedhosts)
-- [RemoteManagement/TurnOnCompatibilityHTTPListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttplistener)
-- [RemoteManagement/TurnOnCompatibilityHTTPSListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttpslistener)
-- [RemoteProcedureCall/RPCEndpointMapperClientAuthentication](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-rpcendpointmapperclientauthentication)
-- [RemoteProcedureCall/RestrictUnauthenticatedRPCClients](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-restrictunauthenticatedrpcclients)
-- [RemoteShell/AllowRemoteShellAccess](./policy-csp-remoteshell.md#remoteshell-allowremoteshellaccess)
-- [RemoteShell/MaxConcurrentUsers](./policy-csp-remoteshell.md#remoteshell-maxconcurrentusers)
-- [RemoteShell/SpecifyIdleTimeout](./policy-csp-remoteshell.md#remoteshell-specifyidletimeout)
-- [RemoteShell/SpecifyMaxMemory](./policy-csp-remoteshell.md#remoteshell-specifymaxmemory)
-- [RemoteShell/SpecifyMaxProcesses](./policy-csp-remoteshell.md#remoteshell-specifymaxprocesses)
-- [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#remoteshell-specifymaxremoteshells)
-- [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout)
-- [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices)
-- [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization)
-- [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)
-- [WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork](./policy-csp-windowsconnectionmanager.md#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork)
-- [WindowsLogon/DisableLockScreenAppNotifications](./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications)
-- [WindowsLogon/DontDisplayNetworkSelectionUI](./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui)
-- [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers](./policy-csp-windowslogon.md#windowslogon-enumeratelocalusersondomainjoinedcomputers)
-- [WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart](./policy-csp-windowslogon.md#windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart)
-- [WindowsPowerShell/TurnOnPowerShellScriptBlockLogging](./policy-csp-windowspowershell.md#windowspowershell-turnonpowershellscriptblocklogging)
-
-
-## Policies supported by GP
-
-- [AboveLock/AllowCortanaAboveLock](./policy-csp-abovelock.md#abovelock-allowcortanaabovelock)
-- [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
-- [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
-- [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
-- [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)
-- [AppVirtualization/AllowPackageCleanup](./policy-csp-appvirtualization.md#appvirtualization-allowpackagecleanup)
-- [AppVirtualization/AllowPackageScripts](./policy-csp-appvirtualization.md#appvirtualization-allowpackagescripts)
-- [AppVirtualization/AllowPublishingRefreshUX](./policy-csp-appvirtualization.md#appvirtualization-allowpublishingrefreshux)
-- [AppVirtualization/AllowReportingServer](./policy-csp-appvirtualization.md#appvirtualization-allowreportingserver)
-- [AppVirtualization/AllowRoamingFileExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingfileexclusions)
-- [AppVirtualization/AllowRoamingRegistryExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingregistryexclusions)
-- [AppVirtualization/AllowStreamingAutoload](./policy-csp-appvirtualization.md#appvirtualization-allowstreamingautoload)
-- [AppVirtualization/ClientCoexistenceAllowMigrationmode](./policy-csp-appvirtualization.md#appvirtualization-clientcoexistenceallowmigrationmode)
-- [AppVirtualization/IntegrationAllowRootGlobal](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootglobal)
-- [AppVirtualization/IntegrationAllowRootUser](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootuser)
-- [AppVirtualization/PublishingAllowServer1](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver1)
-- [AppVirtualization/PublishingAllowServer2](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver2)
-- [AppVirtualization/PublishingAllowServer3](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver3)
-- [AppVirtualization/PublishingAllowServer4](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver4)
-- [AppVirtualization/PublishingAllowServer5](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver5)
-- [AppVirtualization/StreamingAllowCertificateFilterForClient_SSL](./policy-csp-appvirtualization.md#appvirtualization-streamingallowcertificatefilterforclient-ssl)
-- [AppVirtualization/StreamingAllowHighCostLaunch](./policy-csp-appvirtualization.md#appvirtualization-streamingallowhighcostlaunch)
-- [AppVirtualization/StreamingAllowLocationProvider](./policy-csp-appvirtualization.md#appvirtualization-streamingallowlocationprovider)
-- [AppVirtualization/StreamingAllowPackageInstallationRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackageinstallationroot)
-- [AppVirtualization/StreamingAllowPackageSourceRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackagesourceroot)
-- [AppVirtualization/StreamingAllowReestablishmentInterval](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentinterval)
-- [AppVirtualization/StreamingAllowReestablishmentRetries](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentretries)
-- [AppVirtualization/StreamingSharedContentStoreMode](./policy-csp-appvirtualization.md#appvirtualization-streamingsharedcontentstoremode)
-- [AppVirtualization/StreamingSupportBranchCache](./policy-csp-appvirtualization.md#appvirtualization-streamingsupportbranchcache)
-- [AppVirtualization/StreamingVerifyCertificateRevocationList](./policy-csp-appvirtualization.md#appvirtualization-streamingverifycertificaterevocationlist)
-- [AppVirtualization/VirtualComponentsAllowList](./policy-csp-appvirtualization.md#appvirtualization-virtualcomponentsallowlist)
-- [ApplicationDefaults/DefaultAssociationsConfiguration](./policy-csp-applicationdefaults.md#applicationdefaults-defaultassociationsconfiguration)
-- [ApplicationDefaults/EnableAppUriHandlers](./policy-csp-applicationdefaults.md#applicationdefaults-enableappurihandlers)
-- [ApplicationManagement/AllowAllTrustedApps](./policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps)
-- [ApplicationManagement/AllowAppStoreAutoUpdate](./policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
-- [ApplicationManagement/AllowDeveloperUnlock](./policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock)
-- [ApplicationManagement/AllowGameDVR](./policy-csp-applicationmanagement.md#applicationmanagement-allowgamedvr)
-- [ApplicationManagement/AllowSharedUserAppData](./policy-csp-applicationmanagement.md#applicationmanagement-allowshareduserappdata)
-- [ApplicationManagement/DisableStoreOriginatedApps](./policy-csp-applicationmanagement.md#applicationmanagement-disablestoreoriginatedapps)
-- [ApplicationManagement/MSIAllowUserControlOverInstall](./policy-csp-applicationmanagement.md#applicationmanagement-msiallowusercontroloverinstall)
-- [ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges](./policy-csp-applicationmanagement.md#applicationmanagement-msialwaysinstallwithelevatedprivileges)
-- [ApplicationManagement/RequirePrivateStoreOnly](./policy-csp-applicationmanagement.md#applicationmanagement-requireprivatestoreonly)
-- [ApplicationManagement/RestrictAppDataToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictappdatatosystemvolume)
-- [ApplicationManagement/RestrictAppToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictapptosystemvolume)
-- [AttachmentManager/DoNotPreserveZoneInformation](./policy-csp-attachmentmanager.md#attachmentmanager-donotpreservezoneinformation)
-- [AttachmentManager/HideZoneInfoMechanism](./policy-csp-attachmentmanager.md#attachmentmanager-hidezoneinfomechanism)
-- [AttachmentManager/NotifyAntivirusPrograms](./policy-csp-attachmentmanager.md#attachmentmanager-notifyantivirusprograms)
-- [Authentication/AllowSecondaryAuthenticationDevice](./policy-csp-authentication.md#authentication-allowsecondaryauthenticationdevice)
-- [Autoplay/DisallowAutoplayForNonVolumeDevices](./policy-csp-autoplay.md#autoplay-disallowautoplayfornonvolumedevices)
-- [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior)
-- [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay)
-- [BITS/BandwidthThrottlingEndTime](./policy-csp-bits.md#bits-bandwidththrottlingendtime)
-- [BITS/BandwidthThrottlingStartTime](./policy-csp-bits.md#bits-bandwidththrottlingstarttime)
-- [BITS/BandwidthThrottlingTransferRate](./policy-csp-bits.md#bits-bandwidththrottlingtransferrate)
-- [BITS/CostedNetworkBehaviorBackgroundPriority](./policy-csp-bits.md#bits-costednetworkbehaviorbackgroundpriority)
-- [BITS/CostedNetworkBehaviorForegroundPriority](./policy-csp-bits.md#bits-costednetworkbehaviorforegroundpriority)
-- [BITS/JobInactivityTimeout](./policy-csp-bits.md#bits-jobinactivitytimeout)
-- [Browser/AllowAddressBarDropdown](./policy-csp-browser.md#browser-allowaddressbardropdown)
-- [Browser/AllowAutofill](./policy-csp-browser.md#browser-allowautofill)
-- [Browser/AllowCookies](./policy-csp-browser.md#browser-allowcookies)
-- [Browser/AllowDeveloperTools](./policy-csp-browser.md#browser-allowdevelopertools)
-- [Browser/AllowDoNotTrack](./policy-csp-browser.md#browser-allowdonottrack)
-- [Browser/AllowExtensions](./policy-csp-browser.md#browser-allowextensions)
-- [Browser/AllowFlash](./policy-csp-browser.md#browser-allowflash)
-- [Browser/AllowFlashClickToRun](./policy-csp-browser.md#browser-allowflashclicktorun)
-- [Browser/AllowFullScreenMode](./policy-csp-browser.md#browser-allowfullscreenmode)
-- [Browser/AllowInPrivate](./policy-csp-browser.md#browser-allowinprivate)
-- [Browser/AllowMicrosoftCompatibilityList](./policy-csp-browser.md#browser-allowmicrosoftcompatibilitylist)
-- [Browser/AllowPasswordManager](./policy-csp-browser.md#browser-allowpasswordmanager)
-- [Browser/AllowPopups](./policy-csp-browser.md#browser-allowpopups)
-- [Browser/AllowPrelaunch](./policy-csp-browser.md#browser-allowprelaunch)
-- [Browser/AllowPrinting](./policy-csp-browser.md#browser-allowprinting)
-- [Browser/AllowSavingHistory](./policy-csp-browser.md#browser-allowsavinghistory)
-- [Browser/AllowSearchEngineCustomization](./policy-csp-browser.md#browser-allowsearchenginecustomization)
-- [Browser/AllowSearchSuggestionsinAddressBar](./policy-csp-browser.md#browser-allowsearchsuggestionsinaddressbar)
-- [Browser/AllowSideloadingOfExtensions](./policy-csp-browser.md#browser-allowsideloadingofextensions)
-- [Browser/AllowSmartScreen](./policy-csp-browser.md#browser-allowsmartscreen)
-- [Browser/AllowTabPreloading](./policy-csp-browser.md#browser-allowtabpreloading)
-- [Browser/AllowWebContentOnNewTabPage](./policy-csp-browser.md#browser-allowwebcontentonnewtabpage)
-- [Browser/AlwaysEnableBooksLibrary](./policy-csp-browser.md#browser-alwaysenablebookslibrary)
-- [Browser/ClearBrowsingDataOnExit](./policy-csp-browser.md#browser-clearbrowsingdataonexit)
-- [Browser/ConfigureAdditionalSearchEngines](./policy-csp-browser.md#browser-configureadditionalsearchengines)
-- [Browser/ConfigureFavoritesBar](./policy-csp-browser.md#browser-configurefavoritesbar)
-- [Browser/ConfigureHomeButton](./policy-csp-browser.md#browser-configurehomebutton)
-- [Browser/ConfigureKioskMode](./policy-csp-browser.md#browser-configurekioskmode)
-- [Browser/ConfigureKioskResetAfterIdleTimeout](./policy-csp-browser.md#browser-configurekioskresetafteridletimeout)
-- [Browser/ConfigureOpenMicrosoftEdgeWith](./policy-csp-browser.md#browser-configureopenmicrosoftedgewith)
-- [Browser/ConfigureTelemetryForMicrosoft365Analytics](./policy-csp-browser.md#browser-configuretelemetryformicrosoft365analytics)
-- [Browser/DisableLockdownOfStartPages](./policy-csp-browser.md#browser-disablelockdownofstartpages)
-- [Browser/EnableExtendedBooksTelemetry](./policy-csp-browser.md#browser-enableextendedbookstelemetry)
-- [Browser/EnterpriseModeSiteList](./policy-csp-browser.md#browser-enterprisemodesitelist)
-- [Browser/ForceEnabledExtensions](./policy-csp-browser.md#browser-forceenabledextensions)
-- [Browser/HomePages](./policy-csp-browser.md#browser-homepages)
-- [Browser/LockdownFavorites](./policy-csp-browser.md#browser-lockdownfavorites)
-- [Browser/PreventAccessToAboutFlagsInMicrosoftEdge](./policy-csp-browser.md#browser-preventaccesstoaboutflagsinmicrosoftedge)
-- [Browser/PreventCertErrorOverrides](./policy-csp-browser.md#browser-preventcerterroroverrides)
-- [Browser/PreventFirstRunPage](./policy-csp-browser.md#browser-preventfirstrunpage)
-- [Browser/PreventLiveTileDataCollection](./policy-csp-browser.md#browser-preventlivetiledatacollection)
-- [Browser/PreventSmartScreenPromptOverride](./policy-csp-browser.md#browser-preventsmartscreenpromptoverride)
-- [Browser/PreventSmartScreenPromptOverrideForFiles](./policy-csp-browser.md#browser-preventsmartscreenpromptoverrideforfiles)
-- [Browser/PreventUsingLocalHostIPAddressForWebRTC](./policy-csp-browser.md#browser-preventusinglocalhostipaddressforwebrtc)
-- [Browser/ProvisionFavorites](./policy-csp-browser.md#browser-provisionfavorites)
-- [Browser/SendIntranetTraffictoInternetExplorer](./policy-csp-browser.md#browser-sendintranettraffictointernetexplorer)
-- [Browser/SetDefaultSearchEngine](./policy-csp-browser.md#browser-setdefaultsearchengine)
-- [Browser/SetHomeButtonURL](./policy-csp-browser.md#browser-sethomebuttonurl)
-- [Browser/SetNewTabPageURL](./policy-csp-browser.md#browser-setnewtabpageurl)
-- [Browser/ShowMessageWhenOpeningSitesInInternetExplorer](./policy-csp-browser.md#browser-showmessagewhenopeningsitesininternetexplorer)
-- [Browser/SyncFavoritesBetweenIEAndMicrosoftEdge](./policy-csp-browser.md#browser-syncfavoritesbetweenieandmicrosoftedge)
-- [Browser/UnlockHomeButton](./policy-csp-browser.md#browser-unlockhomebutton)
-- [Browser/UseSharedFolderForBooks](./policy-csp-browser.md#browser-usesharedfolderforbooks)
-- [Camera/AllowCamera](./policy-csp-camera.md#camera-allowcamera)
-- [Cellular/LetAppsAccessCellularData](./policy-csp-cellular.md#cellular-letappsaccesscellulardata)
-- [Cellular/LetAppsAccessCellularData_ForceAllowTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-forceallowtheseapps)
-- [Cellular/LetAppsAccessCellularData_ForceDenyTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-forcedenytheseapps)
-- [Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-userincontroloftheseapps)
-- [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui)
-- [Connectivity/AllowCellularDataRoaming](./policy-csp-connectivity.md#connectivity-allowcellulardataroaming)
-- [Connectivity/AllowPhonePCLinking](./policy-csp-connectivity.md#connectivity-allowphonepclinking)
-- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp)
-- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp)
-- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards)
-- [Connectivity/DisallowNetworkConnectivityActiveTests](./policy-csp-connectivity.md#connectivity-disallownetworkconnectivityactivetests)
-- [Connectivity/HardenedUNCPaths](./policy-csp-connectivity.md#connectivity-hardeneduncpaths)
-- [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](./policy-csp-connectivity.md#connectivity-prohibitinstallationandconfigurationofnetworkbridge)
-- [CredentialProviders/AllowPINLogon](./policy-csp-credentialproviders.md#credentialproviders-allowpinlogon)
-- [CredentialProviders/BlockPicturePassword](./policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword)
-- [CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials](./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials)
-- [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
-- [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
-- [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy)
-- [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g)
-- [Defender/AllowArchiveScanning](./policy-csp-defender.md#defender-allowarchivescanning)
-- [Defender/AllowBehaviorMonitoring](./policy-csp-defender.md#defender-allowbehaviormonitoring)
-- [Defender/AllowCloudProtection](./policy-csp-defender.md#defender-allowcloudprotection)
-- [Defender/AllowEmailScanning](./policy-csp-defender.md#defender-allowemailscanning)
-- [Defender/AllowFullScanOnMappedNetworkDrives](./policy-csp-defender.md#defender-allowfullscanonmappednetworkdrives)
-- [Defender/AllowFullScanRemovableDriveScanning](./policy-csp-defender.md#defender-allowfullscanremovabledrivescanning)
-- [Defender/AllowIOAVProtection](./policy-csp-defender.md#defender-allowioavprotection)
-- [Defender/AllowOnAccessProtection](./policy-csp-defender.md#defender-allowonaccessprotection)
-- [Defender/AllowRealtimeMonitoring](./policy-csp-defender.md#defender-allowrealtimemonitoring)
-- [Defender/AllowScanningNetworkFiles](./policy-csp-defender.md#defender-allowscanningnetworkfiles)
-- [Defender/AllowUserUIAccess](./policy-csp-defender.md#defender-allowuseruiaccess)
-- [Defender/AttackSurfaceReductionOnlyExclusions](./policy-csp-defender.md#defender-attacksurfacereductiononlyexclusions)
-- [Defender/AttackSurfaceReductionRules](./policy-csp-defender.md#defender-attacksurfacereductionrules)
-- [Defender/AvgCPULoadFactor](./policy-csp-defender.md#defender-avgcpuloadfactor)
-- [Defender/CheckForSignaturesBeforeRunningScan](./policy-csp-defender.md#defender-checkforsignaturesbeforerunningscan)
-- [Defender/CloudBlockLevel](./policy-csp-defender.md#defender-cloudblocklevel)
-- [Defender/CloudExtendedTimeout](./policy-csp-defender.md#defender-cloudextendedtimeout)
-- [Defender/ControlledFolderAccessAllowedApplications](./policy-csp-defender.md#defender-controlledfolderaccessallowedapplications)
-- [Defender/ControlledFolderAccessProtectedFolders](./policy-csp-defender.md#defender-controlledfolderaccessprotectedfolders)
-- [Defender/DaysToRetainCleanedMalware](./policy-csp-defender.md#defender-daystoretaincleanedmalware)
-- [Defender/DisableCatchupFullScan](./policy-csp-defender.md#defender-disablecatchupfullscan)
-- [Defender/DisableCatchupQuickScan](./policy-csp-defender.md#defender-disablecatchupquickscan)
-- [Defender/EnableControlledFolderAccess](./policy-csp-defender.md#defender-enablecontrolledfolderaccess)
-- [Defender/EnableLowCPUPriority](./policy-csp-defender.md#defender-enablelowcpupriority)
-- [Defender/EnableNetworkProtection](./policy-csp-defender.md#defender-enablenetworkprotection)
-- [Defender/ExcludedExtensions](./policy-csp-defender.md#defender-excludedextensions)
-- [Defender/ExcludedPaths](./policy-csp-defender.md#defender-excludedpaths)
-- [Defender/ExcludedProcesses](./policy-csp-defender.md#defender-excludedprocesses)
-- [Defender/RealTimeScanDirection](./policy-csp-defender.md#defender-realtimescandirection)
-- [Defender/ScanParameter](./policy-csp-defender.md#defender-scanparameter)
-- [Defender/ScheduleQuickScanTime](./policy-csp-defender.md#defender-schedulequickscantime)
-- [Defender/ScheduleScanDay](./policy-csp-defender.md#defender-schedulescanday)
-- [Defender/ScheduleScanTime](./policy-csp-defender.md#defender-schedulescantime)
-- [Defender/SignatureUpdateFallbackOrder](./policy-csp-defender.md#defender-signatureupdatefallbackorder)
-- [Defender/SignatureUpdateFileSharesSources](./policy-csp-defender.md#defender-signatureupdatefilesharessources)
-- [Defender/SignatureUpdateInterval](./policy-csp-defender.md#defender-signatureupdateinterval)
-- [Defender/SubmitSamplesConsent](./policy-csp-defender.md#defender-submitsamplesconsent)
-- [Defender/ThreatSeverityDefaultAction](./policy-csp-defender.md#defender-threatseveritydefaultaction)
-- [DeliveryOptimization/DOAbsoluteMaxCacheSize](./policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
-- [DeliveryOptimization/DOAllowVPNPeerCaching](./policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching)
-- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
-- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelayforegrounddownloadfromhttp)
-- [DeliveryOptimization/DODownloadMode](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode)
-- [DeliveryOptimization/DOGroupId](./policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupid)
-- [DeliveryOptimization/DOGroupIdSource](./policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupidsource)
-- [DeliveryOptimization/DOMaxCacheAge](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcacheage)
-- [DeliveryOptimization/DOMaxCacheSize](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcachesize)
-- [DeliveryOptimization/DOMaxDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
-- [DeliveryOptimization/DOMaxUploadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
-- [DeliveryOptimization/DOMinBackgroundQos](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominbackgroundqos)
-- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominbatterypercentageallowedtoupload)
-- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](./policy-csp-deliveryoptimization.md#deliveryoptimization-domindisksizeallowedtopeer)
-- [DeliveryOptimization/DOMinFileSizeToCache](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominfilesizetocache)
-- [DeliveryOptimization/DOMinRAMAllowedToPeer](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominramallowedtopeer)
-- [DeliveryOptimization/DOModifyCacheDrive](./policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive)
-- [DeliveryOptimization/DOMonthlyUploadDataCap](./policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
-- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
-- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxforegroundbandwidth)
-- [DeliveryOptimization/DORestrictPeerSelectionBy](./policy-csp-deliveryoptimization.md#deliveryoptimization-dorestrictpeerselectionby)
-- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
-- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
-- [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
-- [DeviceGuard/EnableSystemGuard](./policy-csp-deviceguard.md#deviceguard-enablesystemguard)
-- [DeviceGuard/EnableVirtualizationBasedSecurity](./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity)
-- [DeviceGuard/LsaCfgFlags](./policy-csp-deviceguard.md#deviceguard-lsacfgflags)
-- [DeviceGuard/RequirePlatformSecurityFeatures](./policy-csp-deviceguard.md#deviceguard-requireplatformsecurityfeatures)
-- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids)
-- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses)
-- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork)
-- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings)
-- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
-- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
-- [DeviceLock/MinimumPasswordAge](./policy-csp-devicelock.md#devicelock-minimumpasswordage)
-- [DeviceLock/PreventEnablingLockScreenCamera](./policy-csp-devicelock.md#devicelock-preventenablinglockscreencamera)
-- [DeviceLock/PreventLockScreenSlideShow](./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)
-- [Display/DisablePerProcessDpiForApps](./policy-csp-display.md#display-disableperprocessdpiforapps)
-- [Display/EnablePerProcessDpi](./policy-csp-display.md#display-enableperprocessdpi)
-- [Display/EnablePerProcessDpiForApps](./policy-csp-display.md#display-enableperprocessdpiforapps)
-- [Display/TurnOffGdiDPIScalingForApps](./policy-csp-display.md#display-turnoffgdidpiscalingforapps)
-- [Display/TurnOnGdiDPIScalingForApps](./policy-csp-display.md#display-turnongdidpiscalingforapps)
-- [DmaGuard/DeviceEnumerationPolicy](./policy-csp-dmaguard.md#dmaguard-deviceenumerationpolicy)
-- [Education/PreventAddingNewPrinters](./policy-csp-education.md#education-preventaddingnewprinters)
-- [ErrorReporting/CustomizeConsentSettings](./policy-csp-errorreporting.md#errorreporting-customizeconsentsettings)
-- [ErrorReporting/DisableWindowsErrorReporting](./policy-csp-errorreporting.md#errorreporting-disablewindowserrorreporting)
-- [ErrorReporting/DisplayErrorNotification](./policy-csp-errorreporting.md#errorreporting-displayerrornotification)
-- [ErrorReporting/DoNotSendAdditionalData](./policy-csp-errorreporting.md#errorreporting-donotsendadditionaldata)
-- [ErrorReporting/PreventCriticalErrorDisplay](./policy-csp-errorreporting.md#errorreporting-preventcriticalerrordisplay)
-- [EventLogService/ControlEventLogBehavior](./policy-csp-eventlogservice.md#eventlogservice-controleventlogbehavior)
-- [EventLogService/SpecifyMaximumFileSizeApplicationLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizeapplicationlog)
-- [EventLogService/SpecifyMaximumFileSizeSecurityLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesecuritylog)
-- [EventLogService/SpecifyMaximumFileSizeSystemLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesystemlog)
-- [Experience/AllowClipboardHistory](./policy-csp-experience.md#experience-allowclipboardhistory)
-- [Experience/AllowCortana](./policy-csp-experience.md#experience-allowcortana)
-- [Experience/AllowFindMyDevice](./policy-csp-experience.md#experience-allowfindmydevice)
-- [Experience/AllowTailoredExperiencesWithDiagnosticData](./policy-csp-experience.md#experience-allowtailoredexperienceswithdiagnosticdata)
-- [Experience/AllowThirdPartySuggestionsInWindowsSpotlight](./policy-csp-experience.md#experience-allowthirdpartysuggestionsinwindowsspotlight)
-- [Experience/AllowWindowsConsumerFeatures](./policy-csp-experience.md#experience-allowwindowsconsumerfeatures)
-- [Experience/AllowWindowsSpotlight](./policy-csp-experience.md#experience-allowwindowsspotlight)
-- [Experience/AllowWindowsSpotlightOnActionCenter](./policy-csp-experience.md#experience-allowwindowsspotlightonactioncenter)
-- [Experience/AllowWindowsSpotlightOnSettings](./policy-csp-experience.md#experience-allowwindowsspotlightonsettings)
-- [Experience/AllowWindowsSpotlightWindowsWelcomeExperience](./policy-csp-experience.md#experience-allowwindowsspotlightwindowswelcomeexperience)
-- [Experience/AllowWindowsTips](./policy-csp-experience.md#experience-allowwindowstips)
-- [Experience/ConfigureWindowsSpotlightOnLockScreen](./policy-csp-experience.md#experience-configurewindowsspotlightonlockscreen)
-- [Experience/DoNotShowFeedbackNotifications](./policy-csp-experience.md#experience-donotshowfeedbacknotifications)
-- [Experience/DoNotSyncBrowserSettings](./policy-csp-experience.md#experience-donotsyncbrowsersetting)
-- [Experience/PreventUsersFromTurningOnBrowserSyncing](./policy-csp-experience.md#experience-preventusersfromturningonbrowsersyncing)
-- [ExploitGuard/ExploitProtectionSettings](./policy-csp-exploitguard.md#exploitguard-exploitprotectionsettings)
-- [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer)
-- [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption)
-- [Handwriting/PanelDefaultModeDocked](./policy-csp-handwriting.md#handwriting-paneldefaultmodedocked)
-- [InternetExplorer/AddSearchProvider](./policy-csp-internetexplorer.md#internetexplorer-addsearchprovider)
-- [InternetExplorer/AllowActiveXFiltering](./policy-csp-internetexplorer.md#internetexplorer-allowactivexfiltering)
-- [InternetExplorer/AllowAddOnList](./policy-csp-internetexplorer.md#internetexplorer-allowaddonlist)
-- [InternetExplorer/AllowAutoComplete](./policy-csp-internetexplorer.md#internetexplorer-allowautocomplete)
-- [InternetExplorer/AllowCertificateAddressMismatchWarning](./policy-csp-internetexplorer.md#internetexplorer-allowcertificateaddressmismatchwarning)
-- [InternetExplorer/AllowDeletingBrowsingHistoryOnExit](./policy-csp-internetexplorer.md#internetexplorer-allowdeletingbrowsinghistoryonexit)
-- [InternetExplorer/AllowEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedprotectedmode)
-- [InternetExplorer/AllowEnterpriseModeFromToolsMenu](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodefromtoolsmenu)
-- [InternetExplorer/AllowEnterpriseModeSiteList](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodesitelist)
-- [InternetExplorer/AllowFallbackToSSL3](./policy-csp-internetexplorer.md#internetexplorer-allowfallbacktossl3)
-- [InternetExplorer/AllowInternetExplorer7PolicyList](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorer7policylist)
-- [InternetExplorer/AllowInternetExplorerStandardsMode](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorerstandardsmode)
-- [InternetExplorer/AllowInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowinternetzonetemplate)
-- [InternetExplorer/AllowIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowintranetzonetemplate)
-- [InternetExplorer/AllowLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlocalmachinezonetemplate)
-- [InternetExplorer/AllowLockedDownInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddowninternetzonetemplate)
-- [InternetExplorer/AllowLockedDownIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownintranetzonetemplate)
-- [InternetExplorer/AllowLockedDownLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownlocalmachinezonetemplate)
-- [InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownrestrictedsiteszonetemplate)
-- [InternetExplorer/AllowOneWordEntry](./policy-csp-internetexplorer.md#internetexplorer-allowonewordentry)
-- [InternetExplorer/AllowSiteToZoneAssignmentList](./policy-csp-internetexplorer.md#internetexplorer-allowsitetozoneassignmentlist)
-- [InternetExplorer/AllowSoftwareWhenSignatureIsInvalid](./policy-csp-internetexplorer.md#internetexplorer-allowsoftwarewhensignatureisinvalid)
-- [InternetExplorer/AllowSuggestedSites](./policy-csp-internetexplorer.md#internetexplorer-allowsuggestedsites)
-- [InternetExplorer/AllowTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowtrustedsiteszonetemplate)
-- [InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowslockeddowntrustedsiteszonetemplate)
-- [InternetExplorer/AllowsRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowsrestrictedsiteszonetemplate)
-- [InternetExplorer/CheckServerCertificateRevocation](./policy-csp-internetexplorer.md#internetexplorer-checkservercertificaterevocation)
-- [InternetExplorer/CheckSignaturesOnDownloadedPrograms](./policy-csp-internetexplorer.md#internetexplorer-checksignaturesondownloadedprograms)
-- [InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-consistentmimehandlinginternetexplorerprocesses)
-- [InternetExplorer/DisableAdobeFlash](./policy-csp-internetexplorer.md#internetexplorer-disableadobeflash)
-- [InternetExplorer/DisableBypassOfSmartScreenWarnings](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarnings)
-- [InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles)
-- [InternetExplorer/DisableConfiguringHistory](./policy-csp-internetexplorer.md#internetexplorer-disableconfiguringhistory)
-- [InternetExplorer/DisableCrashDetection](./policy-csp-internetexplorer.md#internetexplorer-disablecrashdetection)
-- [InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation](./policy-csp-internetexplorer.md#internetexplorer-disablecustomerexperienceimprovementprogramparticipation)
-- [InternetExplorer/DisableDeletingUserVisitedWebsites](./policy-csp-internetexplorer.md#internetexplorer-disabledeletinguservisitedwebsites)
-- [InternetExplorer/DisableEnclosureDownloading](./policy-csp-internetexplorer.md#internetexplorer-disableenclosuredownloading)
-- [InternetExplorer/DisableEncryptionSupport](./policy-csp-internetexplorer.md#internetexplorer-disableencryptionsupport)
-- [InternetExplorer/DisableFirstRunWizard](./policy-csp-internetexplorer.md#internetexplorer-disablefirstrunwizard)
-- [InternetExplorer/DisableFlipAheadFeature](./policy-csp-internetexplorer.md#internetexplorer-disableflipaheadfeature)
-- [InternetExplorer/DisableHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablehomepagechange)
-- [InternetExplorer/DisableIgnoringCertificateErrors](./policy-csp-internetexplorer.md#internetexplorer-disableignoringcertificateerrors)
-- [InternetExplorer/DisableInPrivateBrowsing](./policy-csp-internetexplorer.md#internetexplorer-disableinprivatebrowsing)
-- [InternetExplorer/DisableProcessesInEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-disableprocessesinenhancedprotectedmode)
-- [InternetExplorer/DisableProxyChange](./policy-csp-internetexplorer.md#internetexplorer-disableproxychange)
-- [InternetExplorer/DisableSearchProviderChange](./policy-csp-internetexplorer.md#internetexplorer-disablesearchproviderchange)
-- [InternetExplorer/DisableSecondaryHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablesecondaryhomepagechange)
-- [InternetExplorer/DisableSecuritySettingsCheck](./policy-csp-internetexplorer.md#internetexplorer-disablesecuritysettingscheck)
-- [InternetExplorer/DisableUpdateCheck](./policy-csp-internetexplorer.md#internetexplorer-disableupdatecheck)
-- [InternetExplorer/DoNotAllowActiveXControlsInProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-donotallowactivexcontrolsinprotectedmode)
-- [InternetExplorer/DoNotAllowUsersToAddSites](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstoaddsites)
-- [InternetExplorer/DoNotAllowUsersToChangePolicies](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstochangepolicies)
-- [InternetExplorer/DoNotBlockOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrols)
-- [InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrolsonspecificdomains)
-- [InternetExplorer/IncludeAllLocalSites](./policy-csp-internetexplorer.md#internetexplorer-includealllocalsites)
-- [InternetExplorer/IncludeAllNetworkPaths](./policy-csp-internetexplorer.md#internetexplorer-includeallnetworkpaths)
-- [InternetExplorer/InternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowaccesstodatasources)
-- [InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/InternetZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowcopypasteviascript)
-- [InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowdraganddropcopyandpastefiles)
-- [InternetExplorer/InternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowfontdownloads)
-- [InternetExplorer/InternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowlessprivilegedsites)
-- [InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowloadingofxamlfiles)
-- [InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallownetframeworkreliantcomponents)
-- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstouseactivexcontrols)
-- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstousetdcactivexcontrol)
-- [InternetExplorer/InternetZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptinitiatedwindows)
-- [InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptingofinternetexplorerwebbrowsercontrols)
-- [InternetExplorer/InternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptlets)
-- [InternetExplorer/InternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowsmartscreenie)
-- [InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowupdatestostatusbarviascript)
-- [InternetExplorer/InternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowuserdatapersistence)
-- [InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowvbscripttorunininternetexplorer)
-- [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedonotrunantimalwareagainstactivexcontrols)
-- [InternetExplorer/InternetZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadsignedactivexcontrols)
-- [InternetExplorer/InternetZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadunsignedactivexcontrols)
-- [InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablecrosssitescriptingfilter)
-- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
-- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainswithinwindows)
-- [InternetExplorer/InternetZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablemimesniffing)
-- [InternetExplorer/InternetZoneEnableProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenableprotectedmode)
-- [InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneincludelocalpathwhenuploadingfilestoserver)
-- [InternetExplorer/InternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/InternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-internetzonejavapermissions)
-- [InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-internetzonelaunchingapplicationsandfilesiniframe)
-- [InternetExplorer/InternetZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-internetzonelogonoptions)
-- [InternetExplorer/InternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-internetzonenavigatewindowsandframes)
-- [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-internetzonerunnetframeworkreliantcomponentssignedwithauthenticode)
-- [InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneshowsecuritywarningforpotentiallyunsafefiles)
-- [InternetExplorer/InternetZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-internetzoneusepopupblocker)
-- [InternetExplorer/IntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowaccesstodatasources)
-- [InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/IntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowfontdownloads)
-- [InternetExplorer/IntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowlessprivilegedsites)
-- [InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallownetframeworkreliantcomponents)
-- [InternetExplorer/IntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowscriptlets)
-- [InternetExplorer/IntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowsmartscreenie)
-- [InternetExplorer/IntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowuserdatapersistence)
-- [InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzonedonotrunantimalwareagainstactivexcontrols)
-- [InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/IntranetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-intranetzonejavapermissions)
-- [InternetExplorer/IntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-intranetzonenavigatewindowsandframes)
-- [InternetExplorer/LocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowaccesstodatasources)
-- [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/LocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowfontdownloads)
-- [InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowlessprivilegedsites)
-- [InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallownetframeworkreliantcomponents)
-- [InternetExplorer/LocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowscriptlets)
-- [InternetExplorer/LocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowsmartscreenie)
-- [InternetExplorer/LocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowuserdatapersistence)
-- [InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonedonotrunantimalwareagainstactivexcontrols)
-- [InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/LocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonejavapermissions)
-- [InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonenavigatewindowsandframes)
-- [InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowaccesstodatasources)
-- [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/LockedDownInternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowfontdownloads)
-- [InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowlessprivilegedsites)
-- [InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallownetframeworkreliantcomponents)
-- [InternetExplorer/LockedDownInternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowscriptlets)
-- [InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowsmartscreenie)
-- [InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowuserdatapersistence)
-- [InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/LockedDownInternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonejavapermissions)
-- [InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonenavigatewindowsandframes)
-- [InternetExplorer/LockedDownIntranetJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetjavapermissions)
-- [InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowaccesstodatasources)
-- [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/LockedDownIntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowfontdownloads)
-- [InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowlessprivilegedsites)
-- [InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallownetframeworkreliantcomponents)
-- [InternetExplorer/LockedDownIntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowscriptlets)
-- [InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowsmartscreenie)
-- [InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowuserdatapersistence)
-- [InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzonenavigatewindowsandframes)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowaccesstodatasources)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowfontdownloads)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowlessprivilegedsites)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallownetframeworkreliantcomponents)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowscriptlets)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowsmartscreenie)
-- [InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowuserdatapersistence)
-- [InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/LockedDownLocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonejavapermissions)
-- [InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonenavigatewindowsandframes)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowaccesstodatasources)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowfontdownloads)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowlessprivilegedsites)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallownetframeworkreliantcomponents)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowscriptlets)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowsmartscreenie)
-- [InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowuserdatapersistence)
-- [InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonejavapermissions)
-- [InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonenavigatewindowsandframes)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowaccesstodatasources)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowfontdownloads)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowlessprivilegedsites)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallownetframeworkreliantcomponents)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowscriptlets)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowsmartscreenie)
-- [InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowuserdatapersistence)
-- [InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonejavapermissions)
-- [InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes)
-- [InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mkprotocolsecurityrestrictioninternetexplorerprocesses)
-- [InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mimesniffingsafetyfeatureinternetexplorerprocesses)
-- [InternetExplorer/NotificationBarInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-notificationbarinternetexplorerprocesses)
-- [InternetExplorer/PreventManagingSmartScreenFilter](./policy-csp-internetexplorer.md#internetexplorer-preventmanagingsmartscreenfilter)
-- [InternetExplorer/PreventPerUserInstallationOfActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-preventperuserinstallationofactivexcontrols)
-- [InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-protectionfromzoneelevationinternetexplorerprocesses)
-- [InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-removerunthistimebuttonforoutdatedactivexcontrols)
-- [InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictactivexinstallinternetexplorerprocesses)
-- [InternetExplorer/RestrictFileDownloadInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictfiledownloadinternetexplorerprocesses)
-- [InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowaccesstodatasources)
-- [InternetExplorer/RestrictedSitesZoneAllowActiveScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowactivescripting)
-- [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowbinaryandscriptbehaviors)
-- [InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowcopypasteviascript)
-- [InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowdraganddropcopyandpastefiles)
-- [InternetExplorer/RestrictedSitesZoneAllowFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfiledownloads)
-- [InternetExplorer/RestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfontdownloads)
-- [InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowlessprivilegedsites)
-- [InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowloadingofxamlfiles)
-- [InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowmetarefresh)
-- [InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallownetframeworkreliantcomponents)
-- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstouseactivexcontrols)
-- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstousetdcactivexcontrol)
-- [InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptinitiatedwindows)
-- [InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptingofinternetexplorerwebbrowsercontrols)
-- [InternetExplorer/RestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptlets)
-- [InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowsmartscreenie)
-- [InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowupdatestostatusbarviascript)
-- [InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowuserdatapersistence)
-- [InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowvbscripttorunininternetexplorer)
-- [InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedonotrunantimalwareagainstactivexcontrols)
-- [InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadsignedactivexcontrols)
-- [InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadunsignedactivexcontrols)
-- [InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablecrosssitescriptingfilter)
-- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
-- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainswithinwindows)
-- [InternetExplorer/RestrictedSitesZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablemimesniffing)
-- [InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneincludelocalpathwhenuploadingfilestoserver)
-- [InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/RestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonejavapermissions)
-- [InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelaunchingapplicationsandfilesiniframe)
-- [InternetExplorer/RestrictedSitesZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelogonoptions)
-- [InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonenavigatewindowsandframes)
-- [InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunactivexcontrolsandplugins)
-- [InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunnetframeworkreliantcomponentssignedwithauthenticode)
-- [InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptactivexcontrolsmarkedsafeforscripting)
-- [InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptingofjavaapplets)
-- [InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneshowsecuritywarningforpotentiallyunsafefiles)
-- [InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneturnonprotectedmode)
-- [InternetExplorer/RestrictedSitesZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneusepopupblocker)
-- [InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-scriptedwindowsecurityrestrictionsinternetexplorerprocesses)
-- [InternetExplorer/SearchProviderList](./policy-csp-internetexplorer.md#internetexplorer-searchproviderlist)
-- [InternetExplorer/SecurityZonesUseOnlyMachineSettings](./policy-csp-internetexplorer.md#internetexplorer-securityzonesuseonlymachinesettings)
-- [InternetExplorer/SpecifyUseOfActiveXInstallerService](./policy-csp-internetexplorer.md#internetexplorer-specifyuseofactivexinstallerservice)
-- [InternetExplorer/TrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowaccesstodatasources)
-- [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforactivexcontrols)
-- [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforfiledownloads)
-- [InternetExplorer/TrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowfontdownloads)
-- [InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowlessprivilegedsites)
-- [InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallownetframeworkreliantcomponents)
-- [InternetExplorer/TrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowscriptlets)
-- [InternetExplorer/TrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowsmartscreenie)
-- [InternetExplorer/TrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowuserdatapersistence)
-- [InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonedonotrunantimalwareagainstactivexcontrols)
-- [InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrols)
-- [InternetExplorer/TrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonejavapermissions)
-- [InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonenavigatewindowsandframes)
-- [Kerberos/AllowForestSearchOrder](./policy-csp-kerberos.md#kerberos-allowforestsearchorder)
-- [Kerberos/KerberosClientSupportsClaimsCompoundArmor](./policy-csp-kerberos.md#kerberos-kerberosclientsupportsclaimscompoundarmor)
-- [Kerberos/RequireKerberosArmoring](./policy-csp-kerberos.md#kerberos-requirekerberosarmoring)
-- [Kerberos/RequireStrictKDCValidation](./policy-csp-kerberos.md#kerberos-requirestrictkdcvalidation)
-- [Kerberos/SetMaximumContextTokenSize](./policy-csp-kerberos.md#kerberos-setmaximumcontexttokensize)
-- [LanmanWorkstation/EnableInsecureGuestLogons](./policy-csp-lanmanworkstation.md#lanmanworkstation-enableinsecureguestlogons)
-- [Licensing/AllowWindowsEntitlementReactivation](./policy-csp-licensing.md#licensing-allowwindowsentitlementreactivation)
-- [Licensing/DisallowKMSClientOnlineAVSValidation](./policy-csp-licensing.md#licensing-disallowkmsclientonlineavsvalidation)
-- [LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-blockmicrosoftaccounts)
-- [LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-enableadministratoraccountstatus)
-- [LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-enableguestaccountstatus)
-- [LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly)
-- [LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-renameadministratoraccount)
-- [LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-renameguestaccount)
-- [LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowundockwithouthavingtologon)
-- [LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowedtoformatandejectremovablemedia)
-- [LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-preventusersfrominstallingprinterdriverswhenconnectingtosharedprinters)
-- [LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly)
-- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways)
-- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible)
-- [LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges)
-- [LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked)
-- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin)
-- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplayusernameatsignin)
-- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotrequirectrlaltdel)
-- [LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-machineinactivitylimit)
-- [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetextforusersattemptingtologon)
-- [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetitleforusersattemptingtologon)
-- [LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior)
-- [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsalways)
-- [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees)
-- [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers)
-- [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession)
-- [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways)
-- [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsifclientagrees)
-- [LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccounts)
-- [LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccountsandshares)
-- [LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictanonymousaccesstonamedpipesandshares)
-- [LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam)
-- [LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowlocalsystemtousecomputeridentityforntlm)
-- [LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests)
-- [LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-donotstorelanmanagerhashvalueonnextpasswordchange)
-- [LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel)
-- [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedclients)
-- [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers)
-- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-addremoteserverexceptionsforntlmauthentication)
-- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-auditincomingntlmtraffic)
-- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-incomingntlmtraffic)
-- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers)
-- [LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon)
-- [LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile)
-- [LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation)
-- [LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforadministrators)
-- [LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers)
-- [LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-detectapplicationinstallationsandpromptforelevation)
-- [LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-onlyelevateexecutablefilesthataresignedandvalidated)
-- [LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-onlyelevateuiaccessapplicationsthatareinstalledinsecurelocations)
-- [LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-runalladministratorsinadminapprovalmode)
-- [LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-switchtothesecuredesktopwhenpromptingforelevation)
-- [LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-useadminapprovalmode)
-- [LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-virtualizefileandregistrywritefailurestoperuserlocations)
-- [Location/EnableLocation](./policy-csp-location.md#location-enablelocation)
-- [LockDown/AllowEdgeSwipe](./policy-csp-lockdown.md#lockdown-allowedgeswipe)
-- [MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes](./policy-csp-msslegacy.md#msslegacy-allowicmpredirectstooverrideospfgeneratedroutes)
-- [MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers](./policy-csp-msslegacy.md#msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers)
-- [MSSLegacy/IPSourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipsourceroutingprotectionlevel)
-- [MSSLegacy/IPv6SourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipv6sourceroutingprotectionlevel)
-- [MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon](./policy-csp-mssecurityguide.md#mssecurityguide-applyuacrestrictionstolocalaccountsonnetworklogon)
-- [MSSecurityGuide/ConfigureSMBV1ClientDriver](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1clientdriver)
-- [MSSecurityGuide/ConfigureSMBV1Server](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1server)
-- [MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection](./policy-csp-mssecurityguide.md#mssecurityguide-enablestructuredexceptionhandlingoverwriteprotection)
-- [MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications](./policy-csp-mssecurityguide.md#mssecurityguide-turnonwindowsdefenderprotectionagainstpotentiallyunwantedapplications)
-- [MSSecurityGuide/WDigestAuthentication](./policy-csp-mssecurityguide.md#mssecurityguide-wdigestauthentication)
-- [Maps/EnableOfflineMapsAutoUpdate](./policy-csp-maps.md#maps-enableofflinemapsautoupdate)
-- [Messaging/AllowMessageSync](./policy-csp-messaging.md#messaging-allowmessagesync)
-- [NetworkIsolation/EnterpriseCloudResources](./policy-csp-networkisolation.md#networkisolation-enterprisecloudresources)
-- [NetworkIsolation/EnterpriseIPRange](./policy-csp-networkisolation.md#networkisolation-enterpriseiprange)
-- [NetworkIsolation/EnterpriseIPRangesAreAuthoritative](./policy-csp-networkisolation.md#networkisolation-enterpriseiprangesareauthoritative)
-- [NetworkIsolation/EnterpriseInternalProxyServers](./policy-csp-networkisolation.md#networkisolation-enterpriseinternalproxyservers)
-- [NetworkIsolation/EnterpriseProxyServers](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyservers)
-- [NetworkIsolation/EnterpriseProxyServersAreAuthoritative](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyserversareauthoritative)
-- [NetworkIsolation/NeutralResources](./policy-csp-networkisolation.md#networkisolation-neutralresources)
-- [Notifications/DisallowCloudNotification](./policy-csp-notifications.md#notifications-disallowcloudnotification)
-- [Notifications/DisallowNotificationMirroring](./policy-csp-notifications.md#notifications-disallownotificationmirroring)
-- [Notifications/DisallowTileNotification](./policy-csp-notifications.md#notifications-disallowtilenotification)
-- [Power/AllowStandbyStatesWhenSleepingOnBattery](./policy-csp-power.md#power-allowstandbystateswhensleepingonbattery)
-- [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin)
-- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
-- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
-- [Power/HibernateTimeoutOnBattery](./policy-csp-power.md#power-hibernatetimeoutonbattery)
-- [Power/HibernateTimeoutPluggedIn](./policy-csp-power.md#power-hibernatetimeoutpluggedin)
-- [Power/RequirePasswordWhenComputerWakesOnBattery](./policy-csp-power.md#power-requirepasswordwhencomputerwakesonbattery)
-- [Power/RequirePasswordWhenComputerWakesPluggedIn](./policy-csp-power.md#power-requirepasswordwhencomputerwakespluggedin)
-- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery)
-- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin)
-- [Printers/PointAndPrintRestrictions](./policy-csp-printers.md#printers-pointandprintrestrictions)
-- [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions-user)
-- [Printers/PublishPrinters](./policy-csp-printers.md#printers-publishprinters)
-- [Privacy/AllowCrossDeviceClipboard](./policy-csp-privacy.md#privacy-allowcrossdeviceclipboard)
-- [Privacy/AllowInputPersonalization](./policy-csp-privacy.md#privacy-allowinputpersonalization)
-- [Privacy/DisableAdvertisingId](./policy-csp-privacy.md#privacy-disableadvertisingid)
-- [Privacy/EnableActivityFeed](./policy-csp-privacy.md#privacy-enableactivityfeed)
-- [Privacy/LetAppsAccessAccountInfo](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo)
-- [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps)
-- [Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forcedenytheseapps)
-- [Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-userincontroloftheseapps)
-- [Privacy/LetAppsAccessCalendar](./policy-csp-privacy.md#privacy-letappsaccesscalendar)
-- [Privacy/LetAppsAccessCalendar_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscalendar-forceallowtheseapps)
-- [Privacy/LetAppsAccessCalendar_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscalendar-forcedenytheseapps)
-- [Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscalendar-userincontroloftheseapps)
-- [Privacy/LetAppsAccessCallHistory](./policy-csp-privacy.md#privacy-letappsaccesscallhistory)
-- [Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscallhistory-forceallowtheseapps)
-- [Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscallhistory-forcedenytheseapps)
-- [Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscallhistory-userincontroloftheseapps)
-- [Privacy/LetAppsAccessCamera](./policy-csp-privacy.md#privacy-letappsaccesscamera)
-- [Privacy/LetAppsAccessCamera_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscamera-forceallowtheseapps)
-- [Privacy/LetAppsAccessCamera_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscamera-forcedenytheseapps)
-- [Privacy/LetAppsAccessCamera_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscamera-userincontroloftheseapps)
-- [Privacy/LetAppsAccessContacts](./policy-csp-privacy.md#privacy-letappsaccesscontacts)
-- [Privacy/LetAppsAccessContacts_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscontacts-forceallowtheseapps)
-- [Privacy/LetAppsAccessContacts_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscontacts-forcedenytheseapps)
-- [Privacy/LetAppsAccessContacts_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscontacts-userincontroloftheseapps)
-- [Privacy/LetAppsAccessEmail](./policy-csp-privacy.md#privacy-letappsaccessemail)
-- [Privacy/LetAppsAccessEmail_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessemail-forceallowtheseapps)
-- [Privacy/LetAppsAccessEmail_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessemail-forcedenytheseapps)
-- [Privacy/LetAppsAccessEmail_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessemail-userincontroloftheseapps)
-- [Privacy/LetAppsAccessLocation](./policy-csp-privacy.md#privacy-letappsaccesslocation)
-- [Privacy/LetAppsAccessLocation_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesslocation-forceallowtheseapps)
-- [Privacy/LetAppsAccessLocation_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesslocation-forcedenytheseapps)
-- [Privacy/LetAppsAccessLocation_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesslocation-userincontroloftheseapps)
-- [Privacy/LetAppsAccessMessaging](./policy-csp-privacy.md#privacy-letappsaccessmessaging)
-- [Privacy/LetAppsAccessMessaging_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmessaging-forceallowtheseapps)
-- [Privacy/LetAppsAccessMessaging_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmessaging-forcedenytheseapps)
-- [Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmessaging-userincontroloftheseapps)
-- [Privacy/LetAppsAccessMicrophone](./policy-csp-privacy.md#privacy-letappsaccessmicrophone)
-- [Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmicrophone-forceallowtheseapps)
-- [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmicrophone-forcedenytheseapps)
-- [Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmicrophone-userincontroloftheseapps)
-- [Privacy/LetAppsAccessMotion](./policy-csp-privacy.md#privacy-letappsaccessmotion)
-- [Privacy/LetAppsAccessMotion_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmotion-forceallowtheseapps)
-- [Privacy/LetAppsAccessMotion_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmotion-forcedenytheseapps)
-- [Privacy/LetAppsAccessMotion_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmotion-userincontroloftheseapps)
-- [Privacy/LetAppsAccessNotifications](./policy-csp-privacy.md#privacy-letappsaccessnotifications)
-- [Privacy/LetAppsAccessNotifications_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessnotifications-forceallowtheseapps)
-- [Privacy/LetAppsAccessNotifications_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessnotifications-forcedenytheseapps)
-- [Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessnotifications-userincontroloftheseapps)
-- [Privacy/LetAppsAccessPhone](./policy-csp-privacy.md#privacy-letappsaccessphone)
-- [Privacy/LetAppsAccessPhone_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessphone-forceallowtheseapps)
-- [Privacy/LetAppsAccessPhone_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessphone-forcedenytheseapps)
-- [Privacy/LetAppsAccessPhone_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessphone-userincontroloftheseapps)
-- [Privacy/LetAppsAccessRadios](./policy-csp-privacy.md#privacy-letappsaccessradios)
-- [Privacy/LetAppsAccessRadios_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessradios-forceallowtheseapps)
-- [Privacy/LetAppsAccessRadios_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessradios-forcedenytheseapps)
-- [Privacy/LetAppsAccessRadios_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessradios-userincontroloftheseapps)
-- [Privacy/LetAppsAccessTasks](./policy-csp-privacy.md#privacy-letappsaccesstasks)
-- [Privacy/LetAppsAccessTasks_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstasks-forceallowtheseapps)
-- [Privacy/LetAppsAccessTasks_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstasks-forcedenytheseapps)
-- [Privacy/LetAppsAccessTasks_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstasks-userincontroloftheseapps)
-- [Privacy/LetAppsAccessTrustedDevices](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices)
-- [Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-forceallowtheseapps)
-- [Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-forcedenytheseapps)
-- [Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-userincontroloftheseapps)
-- [Privacy/LetAppsGetDiagnosticInfo](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo)
-- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)
-- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)
-- [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps)
-- [Privacy/LetAppsRunInBackground](./policy-csp-privacy.md#privacy-letappsruninbackground)
-- [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsruninbackground-forceallowtheseapps)
-- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsruninbackground-forcedenytheseapps)
-- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsruninbackground-userincontroloftheseapps)
-- [Privacy/LetAppsSyncWithDevices](./policy-csp-privacy.md#privacy-letappssyncwithdevices)
-- [Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-forceallowtheseapps)
-- [Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-forcedenytheseapps)
-- [Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-userincontroloftheseapps)
-- [Privacy/PublishUserActivities](./policy-csp-privacy.md#privacy-publishuseractivities)
-- [Privacy/UploadUserActivities](./policy-csp-privacy.md#privacy-uploaduseractivities)
-- [RemoteAssistance/CustomizeWarningMessages](./policy-csp-remoteassistance.md#remoteassistance-customizewarningmessages)
-- [RemoteAssistance/SessionLogging](./policy-csp-remoteassistance.md#remoteassistance-sessionlogging)
-- [RemoteAssistance/SolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-solicitedremoteassistance)
-- [RemoteAssistance/UnsolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-unsolicitedremoteassistance)
-- [RemoteDesktopServices/AllowUsersToConnectRemotely](./policy-csp-remotedesktopservices.md#remotedesktopservices-allowuserstoconnectremotely)
-- [RemoteDesktopServices/ClientConnectionEncryptionLevel](./policy-csp-remotedesktopservices.md#remotedesktopservices-clientconnectionencryptionlevel)
-- [RemoteDesktopServices/DoNotAllowDriveRedirection](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowdriveredirection)
-- [RemoteDesktopServices/DoNotAllowPasswordSaving](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowpasswordsaving)
-- [RemoteDesktopServices/PromptForPasswordUponConnection](./policy-csp-remotedesktopservices.md#remotedesktopservices-promptforpassworduponconnection)
-- [RemoteDesktopServices/RequireSecureRPCCommunication](./policy-csp-remotedesktopservices.md#remotedesktopservices-requiresecurerpccommunication)
-- [RemoteManagement/AllowBasicAuthentication_Client](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-client)
-- [RemoteManagement/AllowBasicAuthentication_Service](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-service)
-- [RemoteManagement/AllowCredSSPAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationclient)
-- [RemoteManagement/AllowCredSSPAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationservice)
-- [RemoteManagement/AllowRemoteServerManagement](./policy-csp-remotemanagement.md#remotemanagement-allowremoteservermanagement)
-- [RemoteManagement/AllowUnencryptedTraffic_Client](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-client)
-- [RemoteManagement/AllowUnencryptedTraffic_Service](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-service)
-- [RemoteManagement/DisallowDigestAuthentication](./policy-csp-remotemanagement.md#remotemanagement-disallowdigestauthentication)
-- [RemoteManagement/DisallowNegotiateAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationclient)
-- [RemoteManagement/DisallowNegotiateAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationservice)
-- [RemoteManagement/DisallowStoringOfRunAsCredentials](./policy-csp-remotemanagement.md#remotemanagement-disallowstoringofrunascredentials)
-- [RemoteManagement/SpecifyChannelBindingTokenHardeningLevel](./policy-csp-remotemanagement.md#remotemanagement-specifychannelbindingtokenhardeninglevel)
-- [RemoteManagement/TrustedHosts](./policy-csp-remotemanagement.md#remotemanagement-trustedhosts)
-- [RemoteManagement/TurnOnCompatibilityHTTPListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttplistener)
-- [RemoteManagement/TurnOnCompatibilityHTTPSListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttpslistener)
-- [RemoteProcedureCall/RPCEndpointMapperClientAuthentication](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-rpcendpointmapperclientauthentication)
-- [RemoteProcedureCall/RestrictUnauthenticatedRPCClients](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-restrictunauthenticatedrpcclients)
-- [RemoteShell/AllowRemoteShellAccess](./policy-csp-remoteshell.md#remoteshell-allowremoteshellaccess)
-- [RemoteShell/MaxConcurrentUsers](./policy-csp-remoteshell.md#remoteshell-maxconcurrentusers)
-- [RemoteShell/SpecifyIdleTimeout](./policy-csp-remoteshell.md#remoteshell-specifyidletimeout)
-- [RemoteShell/SpecifyMaxMemory](./policy-csp-remoteshell.md#remoteshell-specifymaxmemory)
-- [RemoteShell/SpecifyMaxProcesses](./policy-csp-remoteshell.md#remoteshell-specifymaxprocesses)
-- [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#remoteshell-specifymaxremoteshells)
-- [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout)
-- [Search/AllowCloudSearch](./policy-csp-search.md#search-allowcloudsearch)
-- [Search/AllowCortanaInAAD](./policy-csp-search.md#search-allowcortanainaad)
-- [Search/AllowIndexingEncryptedStoresOrItems](./policy-csp-search.md#search-allowindexingencryptedstoresoritems)
-- [Search/AllowSearchToUseLocation](./policy-csp-search.md#search-allowsearchtouselocation)
-- [Search/AllowUsingDiacritics](./policy-csp-search.md#search-allowusingdiacritics)
-- [Search/AlwaysUseAutoLangDetection](./policy-csp-search.md#search-alwaysuseautolangdetection)
-- [Search/DisableBackoff](./policy-csp-search.md#search-disablebackoff)
-- [Search/DisableRemovableDriveIndexing](./policy-csp-search.md#search-disableremovabledriveindexing)
-- [Search/DoNotUseWebResults](./policy-csp-search.md#search-donotusewebresults)
-- [Search/PreventIndexingLowDiskSpaceMB](./policy-csp-search.md#search-preventindexinglowdiskspacemb)
-- [Search/PreventRemoteQueries](./policy-csp-search.md#search-preventremotequeries)
-- [Security/ClearTPMIfNotReady](./policy-csp-security.md#security-cleartpmifnotready)
-- [Settings/AllowOnlineTips](./policy-csp-settings.md#settings-allowonlinetips)
-- [Settings/ConfigureTaskbarCalendar](./policy-csp-settings.md#settings-configuretaskbarcalendar)
-- [Settings/PageVisibilityList](./policy-csp-settings.md#settings-pagevisibilitylist)
-- [SmartScreen/EnableAppInstallControl](./policy-csp-smartscreen.md#smartscreen-enableappinstallcontrol)
-- [SmartScreen/EnableSmartScreenInShell](./policy-csp-smartscreen.md#smartscreen-enablesmartscreeninshell)
-- [SmartScreen/PreventOverrideForFilesInShell](./policy-csp-smartscreen.md#smartscreen-preventoverrideforfilesinshell)
-- [Speech/AllowSpeechModelUpdate](./policy-csp-speech.md#speech-allowspeechmodelupdate)
-- [Start/HidePeopleBar](./policy-csp-start.md#start-hidepeoplebar)
-- [Start/HideRecentlyAddedApps](./policy-csp-start.md#start-hiderecentlyaddedapps)
-- [Start/StartLayout](./policy-csp-start.md#start-startlayout)
-- [Storage/AllowDiskHealthModelUpdates](./policy-csp-storage.md#storage-allowdiskhealthmodelupdates)
-- [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices)
-- [System/AllowBuildPreview](./policy-csp-system.md#system-allowbuildpreview)
-- [System/AllowFontProviders](./policy-csp-system.md#system-allowfontproviders)
-- [System/AllowLocation](./policy-csp-system.md#system-allowlocation)
-- [System/AllowTelemetry](./policy-csp-system.md#system-allowtelemetry)
-- [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization)
-- [System/ConfigureTelemetryOptInChangeNotification](./policy-csp-system.md#system-configuretelemetryoptinchangenotification)
-- [System/ConfigureTelemetryOptInSettingsUx](./policy-csp-system.md#system-configuretelemetryoptinsettingsux)
-- [System/DisableEnterpriseAuthProxy](./policy-csp-system.md#system-disableenterpriseauthproxy)
-- [System/DisableOneDriveFileSync](./policy-csp-system.md#system-disableonedrivefilesync)
-- [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)
-- [System/LimitEnhancedDiagnosticDataWindowsAnalytics](./policy-csp-system.md#system-limitenhanceddiagnosticdatawindowsanalytics)
-- [System/TelemetryProxy](./policy-csp-system.md#system-telemetryproxy)
-- [SystemServices/ConfigureHomeGroupListenerServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurehomegrouplistenerservicestartupmode)
-- [SystemServices/ConfigureHomeGroupProviderServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurehomegroupproviderservicestartupmode)
-- [SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxaccessorymanagementservicestartupmode)
-- [SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxliveauthmanagerservicestartupmode)
-- [SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivegamesaveservicestartupmode)
-- [SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivenetworkingservicestartupmode)
-- [TextInput/AllowLanguageFeaturesUninstall](./policy-csp-textinput.md#textinput-allowlanguagefeaturesuninstall)
-- [TextInput/AllowLinguisticDataCollection](./policy-csp-textinput.md#textinput-allowlinguisticdatacollection)
-- [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend)
-- [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange)
-- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart)
-- [Update/AllowAutoUpdate](./policy-csp-update.md#update-allowautoupdate)
-- [Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork](./policy-csp-update.md#update-allowautowindowsupdatedownloadovermeterednetwork)
-- [Update/AllowMUUpdateService](./policy-csp-update.md#update-allowmuupdateservice)
-- [Update/AllowUpdateService](./policy-csp-update.md#update-allowupdateservice)
-- [Update/AutoRestartDeadlinePeriodInDays](./policy-csp-update.md#update-autorestartdeadlineperiodindays)
-- [Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates](./policy-csp-update.md#update-autorestartdeadlineperiodindaysforfeatureupdates)
-- [Update/AutoRestartNotificationSchedule](./policy-csp-update.md#update-autorestartnotificationschedule)
-- [Update/AutoRestartRequiredNotificationDismissal](./policy-csp-update.md#update-autorestartrequirednotificationdismissal)
-- [Update/BranchReadinessLevel](./policy-csp-update.md#update-branchreadinesslevel)
-- [Update/DeferFeatureUpdatesPeriodInDays](./policy-csp-update.md#update-deferfeatureupdatesperiodindays)
-- [Update/DeferQualityUpdatesPeriodInDays](./policy-csp-update.md#update-deferqualityupdatesperiodindays)
-- [Update/DeferUpdatePeriod](./policy-csp-update.md#update-deferupdateperiod)
-- [Update/DeferUpgradePeriod](./policy-csp-update.md#update-deferupgradeperiod)
-- [Update/DetectionFrequency](./policy-csp-update.md#update-detectionfrequency)
-- [Update/DisableDualScan](./policy-csp-update.md#update-disabledualscan)
-- [Update/EngagedRestartDeadline](./policy-csp-update.md#update-engagedrestartdeadline)
-- [Update/EngagedRestartDeadlineForFeatureUpdates](./policy-csp-update.md#update-engagedrestartdeadlineforfeatureupdates)
-- [Update/EngagedRestartSnoozeSchedule](./policy-csp-update.md#update-engagedrestartsnoozeschedule)
-- [Update/EngagedRestartSnoozeScheduleForFeatureUpdates](./policy-csp-update.md#update-engagedrestartsnoozescheduleforfeatureupdates)
-- [Update/EngagedRestartTransitionSchedule](./policy-csp-update.md#update-engagedrestarttransitionschedule)
-- [Update/EngagedRestartTransitionScheduleForFeatureUpdates](./policy-csp-update.md#update-engagedrestarttransitionscheduleforfeatureupdates)
-- [Update/ExcludeWUDriversInQualityUpdate](./policy-csp-update.md#update-excludewudriversinqualityupdate)
-- [Update/FillEmptyContentUrls](./policy-csp-update.md#update-fillemptycontenturls)
-- [Update/ManagePreviewBuilds](./policy-csp-update.md#update-managepreviewbuilds)
-- [Update/PauseDeferrals](./policy-csp-update.md#update-pausedeferrals)
-- [Update/PauseFeatureUpdates](./policy-csp-update.md#update-pausefeatureupdates)
-- [Update/PauseFeatureUpdatesStartTime](./policy-csp-update.md#update-pausefeatureupdatesstarttime)
-- [Update/PauseQualityUpdates](./policy-csp-update.md#update-pausequalityupdates)
-- [Update/PauseQualityUpdatesStartTime](./policy-csp-update.md#update-pausequalityupdatesstarttime)
-- [Update/RequireDeferUpgrade](./policy-csp-update.md#update-requiredeferupgrade)
-- [Update/ScheduleImminentRestartWarning](./policy-csp-update.md#update-scheduleimminentrestartwarning)
-- [Update/ScheduleRestartWarning](./policy-csp-update.md#update-schedulerestartwarning)
-- [Update/ScheduledInstallDay](./policy-csp-update.md#update-scheduledinstallday)
-- [Update/ScheduledInstallEveryWeek](./policy-csp-update.md#update-scheduledinstalleveryweek)
-- [Update/ScheduledInstallFirstWeek](./policy-csp-update.md#update-scheduledinstallfirstweek)
-- [Update/ScheduledInstallFourthWeek](./policy-csp-update.md#update-scheduledinstallfourthweek)
-- [Update/ScheduledInstallSecondWeek](./policy-csp-update.md#update-scheduledinstallsecondweek)
-- [Update/ScheduledInstallThirdWeek](./policy-csp-update.md#update-scheduledinstallthirdweek)
-- [Update/ScheduledInstallTime](./policy-csp-update.md#update-scheduledinstalltime)
-- [Update/SetAutoRestartNotificationDisable](./policy-csp-update.md#update-setautorestartnotificationdisable)
-- [Update/SetDisablePauseUXAccess](./policy-csp-update.md#update-setdisablepauseuxaccess)
-- [Update/SetDisableUXWUAccess](./policy-csp-update.md#update-setdisableuxwuaccess)
-- [Update/SetEDURestart](./policy-csp-update.md#update-setedurestart)
-- [Update/UpdateNotificationLevel](./policy-csp-update.md#update-updatenotificationlevel)
-- [Update/UpdateServiceUrl](./policy-csp-update.md#update-updateserviceurl)
-- [Update/UpdateServiceUrlAlternate](./policy-csp-update.md#update-updateserviceurlalternate)
-- [UserRights/AccessCredentialManagerAsTrustedCaller](./policy-csp-userrights.md#userrights-accesscredentialmanagerastrustedcaller)
-- [UserRights/AccessFromNetwork](./policy-csp-userrights.md#userrights-accessfromnetwork)
-- [UserRights/ActAsPartOfTheOperatingSystem](./policy-csp-userrights.md#userrights-actaspartoftheoperatingsystem)
-- [UserRights/AllowLocalLogOn](./policy-csp-userrights.md#userrights-allowlocallogon)
-- [UserRights/BackupFilesAndDirectories](./policy-csp-userrights.md#userrights-backupfilesanddirectories)
-- [UserRights/ChangeSystemTime](./policy-csp-userrights.md#userrights-changesystemtime)
-- [UserRights/CreateGlobalObjects](./policy-csp-userrights.md#userrights-createglobalobjects)
-- [UserRights/CreatePageFile](./policy-csp-userrights.md#userrights-createpagefile)
-- [UserRights/CreatePermanentSharedObjects](./policy-csp-userrights.md#userrights-createpermanentsharedobjects)
-- [UserRights/CreateSymbolicLinks](./policy-csp-userrights.md#userrights-createsymboliclinks)
-- [UserRights/CreateToken](./policy-csp-userrights.md#userrights-createtoken)
-- [UserRights/DebugPrograms](./policy-csp-userrights.md#userrights-debugprograms)
-- [UserRights/DenyAccessFromNetwork](./policy-csp-userrights.md#userrights-denyaccessfromnetwork)
-- [UserRights/DenyLocalLogOn](./policy-csp-userrights.md#userrights-denylocallogon)
-- [UserRights/DenyRemoteDesktopServicesLogOn](./policy-csp-userrights.md#userrights-denyremotedesktopserviceslogon)
-- [UserRights/EnableDelegation](./policy-csp-userrights.md#userrights-enabledelegation)
-- [UserRights/GenerateSecurityAudits](./policy-csp-userrights.md#userrights-generatesecurityaudits)
-- [UserRights/ImpersonateClient](./policy-csp-userrights.md#userrights-impersonateclient)
-- [UserRights/IncreaseSchedulingPriority](./policy-csp-userrights.md#userrights-increaseschedulingpriority)
-- [UserRights/LoadUnloadDeviceDrivers](./policy-csp-userrights.md#userrights-loadunloaddevicedrivers)
-- [UserRights/LockMemory](./policy-csp-userrights.md#userrights-lockmemory)
-- [UserRights/ManageAuditingAndSecurityLog](./policy-csp-userrights.md#userrights-manageauditingandsecuritylog)
-- [UserRights/ManageVolume](./policy-csp-userrights.md#userrights-managevolume)
-- [UserRights/ModifyFirmwareEnvironment](./policy-csp-userrights.md#userrights-modifyfirmwareenvironment)
-- [UserRights/ModifyObjectLabel](./policy-csp-userrights.md#userrights-modifyobjectlabel)
-- [UserRights/ProfileSingleProcess](./policy-csp-userrights.md#userrights-profilesingleprocess)
-- [UserRights/RemoteShutdown](./policy-csp-userrights.md#userrights-remoteshutdown)
-- [UserRights/RestoreFilesAndDirectories](./policy-csp-userrights.md#userrights-restorefilesanddirectories)
-- [UserRights/TakeOwnership](./policy-csp-userrights.md#userrights-takeownership)
-- [Wifi/AllowAutoConnectToWiFiSenseHotspots](./policy-csp-wifi.md#wifi-allowautoconnecttowifisensehotspots)
-- [Wifi/AllowInternetSharing](./policy-csp-wifi.md#wifi-allowinternetsharing)
-- [WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork](./policy-csp-windowsconnectionmanager.md#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork)
-- [WindowsDefenderSecurityCenter/CompanyName](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-companyname)
-- [WindowsDefenderSecurityCenter/DisableAccountProtectionUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableaccountprotectionui)
-- [WindowsDefenderSecurityCenter/DisableAppBrowserUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableappbrowserui)
-- [WindowsDefenderSecurityCenter/DisableClearTpmButton](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablecleartpmbutton)
-- [WindowsDefenderSecurityCenter/DisableDeviceSecurityUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disabledevicesecurityui)
-- [WindowsDefenderSecurityCenter/DisableEnhancedNotifications](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableenhancednotifications)
-- [WindowsDefenderSecurityCenter/DisableFamilyUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablefamilyui)
-- [WindowsDefenderSecurityCenter/DisableHealthUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablehealthui)
-- [WindowsDefenderSecurityCenter/DisableNetworkUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablenetworkui)
-- [WindowsDefenderSecurityCenter/DisableNotifications](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablenotifications)
-- [WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disabletpmfirmwareupdatewarning)
-- [WindowsDefenderSecurityCenter/DisableVirusUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablevirusui)
-- [WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disallowexploitprotectionoverride)
-- [WindowsDefenderSecurityCenter/Email](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-email)
-- [WindowsDefenderSecurityCenter/EnableCustomizedToasts](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-enablecustomizedtoasts)
-- [WindowsDefenderSecurityCenter/EnableInAppCustomization](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-enableinappcustomization)
-- [WindowsDefenderSecurityCenter/HideRansomwareDataRecovery](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hideransomwaredatarecovery)
-- [WindowsDefenderSecurityCenter/HideSecureBoot](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidesecureboot)
-- [WindowsDefenderSecurityCenter/HideTPMTroubleshooting](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidetpmtroubleshooting)
-- [WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidewindowssecuritynotificationareacontrol)
-- [WindowsDefenderSecurityCenter/Phone](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-phone)
-- [WindowsDefenderSecurityCenter/URL](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-url)
-- [WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace](./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace)
-- [WindowsInkWorkspace/AllowWindowsInkWorkspace](./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowwindowsinkworkspace)
-- [WindowsLogon/DisableLockScreenAppNotifications](./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications)
-- [WindowsLogon/DontDisplayNetworkSelectionUI](./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui)
-- [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers](./policy-csp-windowslogon.md#windowslogon-enumeratelocalusersondomainjoinedcomputers)
-- [WindowsLogon/HideFastUserSwitching](./policy-csp-windowslogon.md#windowslogon-hidefastuserswitching)
-- [WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart](./policy-csp-windowslogon.md#windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart)
-- [WindowsPowerShell/TurnOnPowerShellScriptBlockLogging](./policy-csp-windowspowershell.md#windowspowershell-turnonpowershellscriptblocklogging)
-- [WirelessDisplay/AllowProjectionToPC](./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectiontopc)
-- [WirelessDisplay/RequirePinForPairing](./policy-csp-wirelessdisplay.md#wirelessdisplay-requirepinforpairing)
-
-
-## Policies supported by Windows Holographic for Business
-
-- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection)
-- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)
-- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate)
-- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)
-- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)
-- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)
-- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)
-- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)
-- [Browser/AllowCookies](#browser-allowcookies)
-- [Browser/AllowDoNotTrack](#browser-allowdonottrack)
-- [Browser/AllowPasswordManager](#browser-allowpasswordmanager)
-- [Browser/AllowPopups](#browser-allowpopups)
-- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)
-- [Browser/AllowSmartScreen](#browser-allowsmartscreen)
-- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)
-- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)
-- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword)
-- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)
-- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
-- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)
-- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)
-- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)
-- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters)
-- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)
-- [Experience/AllowCortana](#experience-allowcortana)
-- [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment)
-- [Privacy/AllowCrossDeviceClipboard](#privacy-allowcrossdeviceclipboard)
-- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)
-- [Privacy/LetAppsAccessGazeInput](#privacy-letappsaccessgazeinput)
-- [Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps](#privacy-letappsaccessgazeinput-forceallowtheseapps)
-- [Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps](#privacy-letappsaccessgazeinput-forcedenytheseapps)
-- [Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps](#privacy-letappsaccessgazeinput-userincontroloftheseapps)
-- [Privacy/UploadUserActivities](#privacy-uploaduseractivities)
-- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)
-- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
-- [Settings/AllowDateTime](#settings-allowdatetime)
-- [Settings/AllowVPN](#settings-allowvpn)
-- [System/AllowLocation](#system-allowlocation)
-- [System/AllowTelemetry](#system-allowtelemetry)
-- [Update/AllowAutoUpdate](#update-allowautoupdate)
-- [Update/AllowUpdateService](#update-allowupdateservice)
-- [Update/RequireDeferUpgrade](#update-requiredeferupgrade)
-- [Update/RequireUpdateApproval](#update-requireupdateapproval)
-- [Update/UpdateServiceUrl](#update-updateserviceurl)
-
-
-
-## Policies that can be set using Exchange Active Sync (EAS)
-
-- [Browser/AllowBrowser](#browser-allowbrowser)
-- [Camera/AllowCamera](#camera-allowcamera)
-- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui)
-- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)
-- [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming)
-- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection)
-- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword)
-- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)
-- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
-- [DeviceLock/DevicePasswordExpiration](#devicelock-devicepasswordexpiration)
-- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)
-- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)
-- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)
-- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters)
-- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)
-- [DeviceLock/PreventLockScreenSlideShow](#devicelock-preventlockscreenslideshow)
-- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)
-- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
-- [System/AllowStorageCard](#system-allowstoragecard)
-- [System/TelemetryProxy](#system-telemetryproxy)
-- [Wifi/AllowInternetSharing](#wifi-allowinternetsharing)
-- [Wifi/AllowWiFi](#wifi-allowwifi)
-
-
-## Examples
-
-Set the minimum password length to 4 characters.
-
-``` syntax
-
-
-
- $CmdID$
- -
-
- ./Vendor/MSFT/Policy/Config/DeviceLock/MinDevicePasswordLength
-
-
- int
-
- 4
-
-
-
-
-
-```
-
-Do not allow NFC.
-
-``` syntax
-
-
-
- $CmdID$
- -
-
- ./Vendor/MSFT/Policy/Config/Connectivity/AllowNFC
-
-
- int
-
- 0
-
-
-
-
-
-```
-
-## Related topics
-
+---
+title: Policy CSP
+description: Policy CSP
+ms.assetid: 4F3A1134-D401-44FC-A583-6EDD3070BA4F
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MariciaAlforque
+ms.date: 08/14/2018
+---
+
+# Policy CSP
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+The Policy configuration service provider enables the enterprise to configure policies on Windows 10. Use this configuration service provider to configure any company policies.
+
+The Policy configuration service provider has the following sub-categories:
+
+- Policy/Config/*AreaName* – Handles the policy configuration request from the server.
+- Policy/Result/*AreaName* – Provides a read-only path to policies enforced on the device.
+
+
+
+> [!Important]
+> Policy scope is the level at which a policy can be configured. Some policies can only be configured at the device level, meaning the policy will take effect independent of who is logged into the device. Other policies can be configured at the user level, meaning the policy will only take effect for that user.
+>
+> The allowed scope of a specific policy is represented below its table of supported Windows editions. To configure a policy under a specific scope (user vs. device), please use the following paths:
+>
+> User scope:
+> - **./User/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
+> - **./User/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
+>
+> Device scope:
+> - **./Device/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
+> - **./Device/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
+>
+> For device wide configuration the **_Device/_** portion may be omitted from the path, deeming the following paths respectively equivalent:
+>
+> - **./Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
+> - **./Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
+
+The following diagram shows the Policy configuration service provider in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
+
+
+
+
+**./Vendor/MSFT/Policy**
+The root node for the Policy configuration service provider.
+
+
Supported operation is Get.
+
+**Policy/Config**
+
Node for grouping all policies configured by one source. The configuration source can use this path to set policy values and later query any policy value that it previously set. One policy can be configured by multiple configuration sources. If a configuration source wants to query the result of conflict resolution (for example, if Exchange and MDM both attempt to set a value,) the configuration source can use the Policy/Result path to retrieve the resulting value.
+
+
Supported operation is Get.
+
+**Policy/Config/****_AreaName_**
+
The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value.
+
+
Supported operations are Add, Get, and Delete.
+
+**Policy/Config/****_AreaName/PolicyName_**
+
Specifies the name/value pair used in the policy.
+
+
The following list shows some tips to help you when configuring policies:
+
+- Separate substring values by the Unicode &\#xF000; in the XML file.
+
+> [!NOTE]
+> A query from a different caller could provide a different value as each caller could have different values for a named policy.
+
+- In SyncML, wrap this policy with the Atomic command so that the policy settings are treated as a single transaction.
+- Supported operations are Add, Get, Delete, and Replace.
+- Value type is string.
+
+**Policy/Result**
+
Groups the evaluated policies from all providers that can be configured.
+
+
Supported operation is Get.
+
+**Policy/Result/****_AreaName_**
+
The area group that can be configured by a single technology independent of the providers.
+
+
Supported operation is Get.
+
+**Policy/Result/****_AreaName/PolicyName_**
+
Specifies the name/value pair used in the policy.
+
+
Supported operation is Get.
+
+**Policy/ConfigOperations**
+
Added in Windows 10, version 1703. The root node for grouping different configuration operations.
+
+
Supported operations are Add, Get, and Delete.
+
+**Policy/ConfigOperations/ADMXInstall**
+
Added in Windows 10, version 1703. Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: `./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md).
+
+> [!NOTE]
+> The OPAX settings that are managed by the Microsoft Office Customization Tool are not supported by MDM. For more information about this tool, see [Office Customization Tool](https://technet.microsoft.com/en-us/library/cc179097.aspx).
+
+
ADMX files that have been installed by using **ConfigOperations/ADMXInstall** can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, `./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}`.
+
+
Supported operations are Add, Get, and Delete.
+
+**Policy/ConfigOperations/ADMXInstall/****_AppName_**
+
Added in Windows 10, version 1703. Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file.
+
+
Supported operations are Add, Get, and Delete.
+
+**Policy/ConfigOperations/ADMXInstall/****_AppName_/Policy**
+
Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app policy is to be imported.
+
+
Supported operations are Add, Get, and Delete.
+
+**Policy/ConfigOperations/ADMXInstall/****_AppName_/Policy/_UniqueID_**
+
Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the policy to import.
+
+
Supported operations are Add and Get. Does not support Delete.
+
+**Policy/ConfigOperations/ADMXInstall/****_AppName_/Preference**
+
Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app preference is to be imported.
+
+
Supported operations are Add, Get, and Delete.
+
+**Policy/ConfigOperations/ADMXInstall/****_AppName_/Preference/_UniqueID_**
+
Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the preference to import.
+
+
Supported operations are Add and Get. Does not support Delete.
+
+> [!Note]
+> The policies supported in Windows 10 S are the same as those supported in Windows 10 Pro with the exception of the policies under ApplicationDefaults. The ApplicationDefaults policies are not supported in Windows 10 S.
+
+## Policies
+
+### AboveLock policies
+
+
+ -
+ AboveLock/AllowActionCenterNotifications
+
+ -
+ AboveLock/AllowCortanaAboveLock
+
+ -
+ AboveLock/AllowToasts
+
+
+
+### Accounts policies
+
+
+ -
+ Accounts/AllowAddingNonMicrosoftAccountsManually
+
+ -
+ Accounts/AllowMicrosoftAccountConnection
+
+ -
+ Accounts/AllowMicrosoftAccountSignInAssistant
+
+ -
+ Accounts/DomainNamesForEmailSync
+
+
+
+### ActiveXControls policies
+
+
+ -
+ ActiveXControls/ApprovedInstallationSites
+
+
+
+### ApplicationDefaults policies
+
+
+ -
+ ApplicationDefaults/DefaultAssociationsConfiguration
+
+ -
+ ApplicationDefaults/EnableAppUriHandlers
+
+
+
+### ApplicationManagement policies
+
+
+ -
+ ApplicationManagement/AllowAllTrustedApps
+
+ -
+ ApplicationManagement/AllowAppStoreAutoUpdate
+
+ -
+ ApplicationManagement/AllowDeveloperUnlock
+
+ -
+ ApplicationManagement/AllowGameDVR
+
+ -
+ ApplicationManagement/AllowSharedUserAppData
+
+ -
+ ApplicationManagement/AllowStore
+
+ -
+ ApplicationManagement/ApplicationRestrictions
+
+ -
+ ApplicationManagement/DisableStoreOriginatedApps
+
+ -
+ ApplicationManagement/LaunchAppAfterLogOn
+
+ -
+ ApplicationManagement/MSIAllowUserControlOverInstall
+
+ -
+ ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
+
+ -
+ ApplicationManagement/RequirePrivateStoreOnly
+
+ -
+ ApplicationManagement/RestrictAppDataToSystemVolume
+
+ -
+ ApplicationManagement/RestrictAppToSystemVolume
+
+ -
+ ApplicationManagement/ScheduleForceRestartForUpdateFailures
+
+
+
+### AppRuntime policies
+
+
+ -
+ AppRuntime/AllowMicrosoftAccountsToBeOptional
+
+
+
+### AppVirtualization policies
+
+
+ -
+ AppVirtualization/AllowAppVClient
+
+ -
+ AppVirtualization/AllowDynamicVirtualization
+
+ -
+ AppVirtualization/AllowPackageCleanup
+
+ -
+ AppVirtualization/AllowPackageScripts
+
+ -
+ AppVirtualization/AllowPublishingRefreshUX
+
+ -
+ AppVirtualization/AllowReportingServer
+
+ -
+ AppVirtualization/AllowRoamingFileExclusions
+
+ -
+ AppVirtualization/AllowRoamingRegistryExclusions
+
+ -
+ AppVirtualization/AllowStreamingAutoload
+
+ -
+ AppVirtualization/ClientCoexistenceAllowMigrationmode
+
+ -
+ AppVirtualization/IntegrationAllowRootGlobal
+
+ -
+ AppVirtualization/IntegrationAllowRootUser
+
+ -
+ AppVirtualization/PublishingAllowServer1
+
+ -
+ AppVirtualization/PublishingAllowServer2
+
+ -
+ AppVirtualization/PublishingAllowServer3
+
+ -
+ AppVirtualization/PublishingAllowServer4
+
+ -
+ AppVirtualization/PublishingAllowServer5
+
+ -
+ AppVirtualization/StreamingAllowCertificateFilterForClient_SSL
+
+ -
+ AppVirtualization/StreamingAllowHighCostLaunch
+
+ -
+ AppVirtualization/StreamingAllowLocationProvider
+
+ -
+ AppVirtualization/StreamingAllowPackageInstallationRoot
+
+ -
+ AppVirtualization/StreamingAllowPackageSourceRoot
+
+ -
+ AppVirtualization/StreamingAllowReestablishmentInterval
+
+ -
+ AppVirtualization/StreamingAllowReestablishmentRetries
+
+ -
+ AppVirtualization/StreamingSharedContentStoreMode
+
+ -
+ AppVirtualization/StreamingSupportBranchCache
+
+ -
+ AppVirtualization/StreamingVerifyCertificateRevocationList
+
+ -
+ AppVirtualization/VirtualComponentsAllowList
+
+
+
+### AttachmentManager policies
+
+
+ -
+ AttachmentManager/DoNotPreserveZoneInformation
+
+ -
+ AttachmentManager/HideZoneInfoMechanism
+
+ -
+ AttachmentManager/NotifyAntivirusPrograms
+
+
+
+### Authentication policies
+
+
+ -
+ Authentication/AllowAadPasswordReset
+
+ -
+ Authentication/AllowEAPCertSSO
+
+ -
+ Authentication/AllowFastReconnect
+
+ -
+ Authentication/AllowFidoDeviceSignon
+
+ -
+ Authentication/AllowSecondaryAuthenticationDevice
+
+ -
+ Authentication/EnableFastFirstSignIn
+
+ -
+ Authentication/EnableWebSignIn
+
+ -
+ Authentication/PreferredAadTenantDomainName
+
+
+
+### Autoplay policies
+
+
+ -
+ Autoplay/DisallowAutoplayForNonVolumeDevices
+
+ -
+ Autoplay/SetDefaultAutoRunBehavior
+
+ -
+ Autoplay/TurnOffAutoPlay
+
+
+
+### Bitlocker policies
+
+
+ -
+ Bitlocker/EncryptionMethod
+
+
+
+### BITS policies
+
+
+ -
+ BITS/BandwidthThrottlingEndTime
+
+ -
+ BITS/BandwidthThrottlingStartTime
+
+ -
+ BITS/BandwidthThrottlingTransferRate
+
+ -
+ BITS/CostedNetworkBehaviorBackgroundPriority
+
+ -
+ BITS/CostedNetworkBehaviorForegroundPriority
+
+ -
+ BITS/JobInactivityTimeout
+
+
+
+### Bluetooth policies
+
+
+ -
+ Bluetooth/AllowAdvertising
+
+ -
+ Bluetooth/AllowDiscoverableMode
+
+ -
+ Bluetooth/AllowPrepairing
+
+ -
+ Bluetooth/AllowPromptedProximalConnections
+
+ -
+ Bluetooth/LocalDeviceName
+
+ -
+ Bluetooth/ServicesAllowedList
+
+
+
+### Browser policies
+
+
+ -
+ Browser/AllowAddressBarDropdown
+
+ -
+ Browser/AllowAutofill
+
+ -
+ Browser/AllowBrowser
+
+ -
+ Browser/AllowConfigurationUpdateForBooksLibrary
+
+ -
+ Browser/AllowCookies
+
+ -
+ Browser/AllowDeveloperTools
+
+ -
+ Browser/AllowDoNotTrack
+
+ -
+ Browser/AllowExtensions
+
+ -
+ Browser/AllowFlash
+
+ -
+ Browser/AllowFlashClickToRun
+
+ -
+ Browser/AllowFullScreenMode
+
+ -
+ Browser/AllowInPrivate
+
+ -
+ Browser/AllowMicrosoftCompatibilityList
+
+ -
+ Browser/AllowPasswordManager
+
+ -
+
+
+ -
+ Browser/AllowPrelaunch
+
+ -
+ Browser/AllowPrinting
+
+ -
+ Browser/AllowSavingHistory
+
+ -
+ Browser/AllowSearchEngineCustomization
+
+ -
+ Browser/AllowSearchSuggestionsinAddressBar
+
+ -
+ Browser/AllowSideloadingOfExtensions
+
+ -
+ Browser/AllowSmartScreen
+
+ -
+ Browser/AllowTabPreloading
+
+ -
+ Browser/AllowWebContentOnNewTabPage
+
+ -
+ Browser/AlwaysEnableBooksLibrary
+
+ -
+ Browser/ClearBrowsingDataOnExit
+
+ -
+ Browser/ConfigureAdditionalSearchEngines
+
+ -
+ Browser/ConfigureFavoritesBar
+
+ -
+ Browser/ConfigureHomeButton
+
+ -
+ Browser/ConfigureKioskMode
+
+ -
+ Browser/ConfigureKioskResetAfterIdleTimeout
+
+ -
+ Browser/ConfigureOpenMicrosoftEdgeWith
+
+ -
+ Browser/ConfigureTelemetryForMicrosoft365Analytics
+
+ -
+ Browser/DisableLockdownOfStartPages
+
+ -
+ Browser/EnableExtendedBooksTelemetry
+
+ -
+ Browser/EnterpriseModeSiteList
+
+ -
+ Browser/EnterpriseSiteListServiceUrl
+
+ -
+ Browser/FirstRunURL
+
+ -
+ Browser/HomePages
+
+ -
+ Browser/LockdownFavorites
+
+ -
+ Browser/PreventAccessToAboutFlagsInMicrosoftEdge
+
+ -
+ Browser/PreventCertErrorOverrides
+
+ -
+ Browser/PreventFirstRunPage
+
+ -
+ Browser/PreventLiveTileDataCollection
+
+ -
+ Browser/PreventSmartScreenPromptOverride
+
+ -
+ Browser/PreventSmartScreenPromptOverrideForFiles
+
+ -
+ Browser/PreventUsingLocalHostIPAddressForWebRTC
+
+ -
+ Browser/ProvisionFavorites
+
+ -
+ Browser/SendIntranetTraffictoInternetExplorer
+
+ -
+ Browser/SetDefaultSearchEngine
+
+ -
+ Browser/SetHomeButtonURL
+
+ -
+ Browser/SetNewTabPageURL
+
+ -
+ Browser/ShowMessageWhenOpeningSitesInInternetExplorer
+
+ -
+ Browser/SyncFavoritesBetweenIEAndMicrosoftEdge
+
+ -
+ Browser/UnlockHomeButton
+
+ -
+ Browser/UseSharedFolderForBooks
+
+
+
+### Camera policies
+
+
+ -
+ Camera/AllowCamera
+
+
+
+### Cellular policies
+
+
+ -
+ Cellular/LetAppsAccessCellularData
+
+ -
+ Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
+
+ -
+ Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
+
+ -
+ Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
+
+ -
+ Cellular/ShowAppCellularAccessUI
+
+
+
+### Connectivity policies
+
+
+ -
+ Connectivity/AllowBluetooth
+
+ -
+ Connectivity/AllowCellularData
+
+ -
+ Connectivity/AllowCellularDataRoaming
+
+ -
+ Connectivity/AllowConnectedDevices
+
+ -
+ Connectivity/AllowNFC
+
+ -
+ Connectivity/AllowPhonePCLinking
+
+ -
+ Connectivity/AllowUSBConnection
+
+ -
+ Connectivity/AllowVPNOverCellular
+
+ -
+ Connectivity/AllowVPNRoamingOverCellular
+
+ -
+ Connectivity/DiablePrintingOverHTTP
+
+ -
+ Connectivity/DisableDownloadingOfPrintDriversOverHTTP
+
+ -
+ Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
+
+ -
+ Connectivity/DisallowNetworkConnectivityActiveTests
+
+ -
+ Connectivity/HardenedUNCPaths
+
+ -
+ Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge
+
+
+
+### ControlPolicyConflict policies
+
+
+ -
+ ControlPolicyConflict/MDMWinsOverGP
+
+
+
+### CredentialProviders policies
+
+
+ -
+ CredentialProviders/AllowPINLogon
+
+ -
+ CredentialProviders/BlockPicturePassword
+
+ -
+ CredentialProviders/DisableAutomaticReDeploymentCredentials
+
+
+
+### CredentialsDelegation policies
+
+
+ -
+ CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials
+
+
+
+### CredentialsUI policies
+
+
+ -
+ CredentialsUI/DisablePasswordReveal
+
+ -
+ CredentialsUI/EnumerateAdministrators
+
+
+
+### Cryptography policies
+
+
+ -
+ Cryptography/AllowFipsAlgorithmPolicy
+
+ -
+ Cryptography/TLSCipherSuites
+
+
+
+### DataProtection policies
+
+
+ -
+ DataProtection/AllowDirectMemoryAccess
+
+ -
+ DataProtection/LegacySelectiveWipeID
+
+
+
+### DataUsage policies
+
+
+ -
+ DataUsage/SetCost3G
+
+ -
+ DataUsage/SetCost4G
+
+
+
+### Defender policies
+
+
+ -
+ Defender/AllowArchiveScanning
+
+ -
+ Defender/AllowBehaviorMonitoring
+
+ -
+ Defender/AllowCloudProtection
+
+ -
+ Defender/AllowEmailScanning
+
+ -
+ Defender/AllowFullScanOnMappedNetworkDrives
+
+ -
+ Defender/AllowFullScanRemovableDriveScanning
+
+ -
+ Defender/AllowIOAVProtection
+
+ -
+ Defender/AllowIntrusionPreventionSystem
+
+ -
+ Defender/AllowOnAccessProtection
+
+ -
+ Defender/AllowRealtimeMonitoring
+
+ -
+ Defender/AllowScanningNetworkFiles
+
+ -
+ Defender/AllowScriptScanning
+
+ -
+ Defender/AllowUserUIAccess
+
+ -
+ Defender/AttackSurfaceReductionOnlyExclusions
+
+ -
+ Defender/AttackSurfaceReductionRules
+
+ -
+ Defender/AvgCPULoadFactor
+
+ -
+ Defender/CheckForSignaturesBeforeRunningScan
+
+ -
+ Defender/CloudBlockLevel
+
+ -
+ Defender/CloudExtendedTimeout
+
+ -
+ Defender/ControlledFolderAccessAllowedApplications
+
+ -
+ Defender/ControlledFolderAccessProtectedFolders
+
+ -
+ Defender/DaysToRetainCleanedMalware
+
+ -
+ Defender/DisableCatchupFullScan
+
+ -
+ Defender/DisableCatchupQuickScan
+
+ -
+ Defender/EnableControlledFolderAccess
+
+ -
+ Defender/EnableLowCPUPriority
+
+ -
+ Defender/EnableNetworkProtection
+
+ -
+ Defender/ExcludedExtensions
+
+ -
+ Defender/ExcludedPaths
+
+ -
+ Defender/ExcludedProcesses
+
+ -
+ Defender/PUAProtection
+
+ -
+ Defender/RealTimeScanDirection
+
+ -
+ Defender/ScanParameter
+
+ -
+ Defender/ScheduleQuickScanTime
+
+ -
+ Defender/ScheduleScanDay
+
+ -
+ Defender/ScheduleScanTime
+
+ -
+ Defender/SignatureUpdateFallbackOrder
+
+ -
+ Defender/SignatureUpdateFileSharesSources
+
+ -
+ Defender/SignatureUpdateInterval
+
+ -
+ Defender/SubmitSamplesConsent
+
+ -
+ Defender/ThreatSeverityDefaultAction
+
+
+
+### DeliveryOptimization policies
+
+
+ -
+ DeliveryOptimization/DOAbsoluteMaxCacheSize
+
+ -
+ DeliveryOptimization/DOAllowVPNPeerCaching
+
+ -
+ DeliveryOptimization/DOCacheHost
+
+ -
+ DeliveryOptimization/DODelayBackgroundDownloadFromHttp
+
+ -
+ DeliveryOptimization/DODelayForegroundDownloadFromHttp
+
+ -
+ DeliveryOptimization/DODownloadMode
+
+ -
+ DeliveryOptimization/DOGroupId
+
+ -
+ DeliveryOptimization/DOGroupIdSource
+
+ -
+ DeliveryOptimization/DOMaxCacheAge
+
+ -
+ DeliveryOptimization/DOMaxCacheSize
+
+ -
+ DeliveryOptimization/DOMaxDownloadBandwidth
+
+ -
+ DeliveryOptimization/DOMaxUploadBandwidth
+
+ -
+ DeliveryOptimization/DOMinBackgroundQos
+
+ -
+ DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload
+
+ -
+ DeliveryOptimization/DOMinDiskSizeAllowedToPeer
+
+ -
+ DeliveryOptimization/DOMinFileSizeToCache
+
+ -
+ DeliveryOptimization/DOMinRAMAllowedToPeer
+
+ -
+ DeliveryOptimization/DOModifyCacheDrive
+
+ -
+ DeliveryOptimization/DOMonthlyUploadDataCap
+
+ -
+ DeliveryOptimization/DOPercentageMaxBackgroundBandwidth
+
+ -
+ DeliveryOptimization/DOPercentageMaxDownloadBandwidth
+
+ -
+ DeliveryOptimization/DOPercentageMaxForegroundBandwidth
+
+ -
+ DeliveryOptimization/DORestrictPeerSelectionBy
+
+ -
+ DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
+
+ -
+ DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth
+
+
+
+### Desktop policies
+
+
+ -
+ Desktop/PreventUserRedirectionOfProfileFolders
+
+
+
+### DeviceGuard policies
+
+
+ -
+ DeviceGuard/EnableSystemGuard
+
+ -
+ DeviceGuard/EnableVirtualizationBasedSecurity
+
+ -
+ DeviceGuard/LsaCfgFlags
+
+ -
+ DeviceGuard/RequirePlatformSecurityFeatures
+
+
+
+### DeviceInstallation policies
+
+
+ -
+ DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
+
+ -
+ DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
+
+ -
+ DeviceInstallation/PreventDeviceMetadataFromNetwork
+
+ -
+ DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
+
+ -
+ DeviceInstallation/PreventInstallationOfMatchingDeviceIDs
+
+ -
+ DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses
+
+
+
+### DeviceLock policies
+
+
+ -
+ DeviceLock/AllowIdleReturnWithoutPassword
+
+ -
+ DeviceLock/AllowScreenTimeoutWhileLockedUserConfig
+
+ -
+ DeviceLock/AllowSimpleDevicePassword
+
+ -
+ DeviceLock/AlphanumericDevicePasswordRequired
+
+ -
+ DeviceLock/DevicePasswordEnabled
+
+ -
+ DeviceLock/DevicePasswordExpiration
+
+ -
+ DeviceLock/DevicePasswordHistory
+
+ -
+ DeviceLock/EnforceLockScreenAndLogonImage
+
+ -
+ DeviceLock/EnforceLockScreenProvider
+
+ -
+ DeviceLock/MaxDevicePasswordFailedAttempts
+
+ -
+ DeviceLock/MaxInactivityTimeDeviceLock
+
+ -
+ DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay
+
+ -
+ DeviceLock/MinDevicePasswordComplexCharacters
+
+ -
+ DeviceLock/MinDevicePasswordLength
+
+ -
+ DeviceLock/MinimumPasswordAge
+
+ -
+ DeviceLock/PreventEnablingLockScreenCamera
+
+ -
+ DeviceLock/PreventLockScreenSlideShow
+
+ -
+ DeviceLock/ScreenTimeoutWhileLocked
+
+
+
+### Display policies
+
+
+ -
+ Display/DisablePerProcessDpiForApps
+
+ -
+ Display/EnablePerProcessDpi
+
+ -
+ Display/EnablePerProcessDpiForApps
+
+ -
+ Display/TurnOffGdiDPIScalingForApps
+
+ -
+ Display/TurnOnGdiDPIScalingForApps
+
+
+
+### DmaGuard policies
+
+
+ -
+ DmaGuard/DeviceEnumerationPolicy
+
+
+
+### Education policies
+
+
+ -
+ Education/DefaultPrinterName
+
+ -
+ Education/PreventAddingNewPrinters
+
+ -
+ Education/PrinterNames
+
+
+
+### EnterpriseCloudPrint policies
+
+
+ -
+ EnterpriseCloudPrint/CloudPrintOAuthAuthority
+
+ -
+ EnterpriseCloudPrint/CloudPrintOAuthClientId
+
+ -
+ EnterpriseCloudPrint/CloudPrintResourceId
+
+ -
+ EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint
+
+ -
+ EnterpriseCloudPrint/DiscoveryMaxPrinterLimit
+
+ -
+ EnterpriseCloudPrint/MopriaDiscoveryResourceId
+
+
+
+### ErrorReporting policies
+
+
+ -
+ ErrorReporting/CustomizeConsentSettings
+
+ -
+ ErrorReporting/DisableWindowsErrorReporting
+
+ -
+ ErrorReporting/DisplayErrorNotification
+
+ -
+ ErrorReporting/DoNotSendAdditionalData
+
+ -
+ ErrorReporting/PreventCriticalErrorDisplay
+
+
+
+### EventLogService policies
+
+
+ -
+ EventLogService/ControlEventLogBehavior
+
+ -
+ EventLogService/SpecifyMaximumFileSizeApplicationLog
+
+ -
+ EventLogService/SpecifyMaximumFileSizeSecurityLog
+
+ -
+ EventLogService/SpecifyMaximumFileSizeSystemLog
+
+
+
+### Experience policies
+
+
+ -
+ Experience/AllowClipboardHistory
+
+ -
+ Experience/AllowCopyPaste
+
+ -
+ Experience/AllowCortana
+
+ -
+ Experience/AllowDeviceDiscovery
+
+ -
+ Experience/AllowFindMyDevice
+
+ -
+ Experience/AllowManualMDMUnenrollment
+
+ -
+ Experience/AllowSIMErrorDialogPromptWhenNoSIM
+
+ -
+ Experience/AllowSaveAsOfOfficeFiles
+
+ -
+ Experience/AllowScreenCapture
+
+ -
+ Experience/AllowSharingOfOfficeFiles
+
+ -
+ Experience/AllowSyncMySettings
+
+ -
+ Experience/AllowTailoredExperiencesWithDiagnosticData
+
+ -
+ Experience/AllowTaskSwitcher
+
+ -
+ Experience/AllowThirdPartySuggestionsInWindowsSpotlight
+
+ -
+ Experience/AllowVoiceRecording
+
+ -
+ Experience/AllowWindowsConsumerFeatures
+
+ -
+ Experience/AllowWindowsSpotlight
+
+ -
+ Experience/AllowWindowsSpotlightOnActionCenter
+
+ -
+ Experience/AllowWindowsSpotlightOnSettings
+
+ -
+ Experience/AllowWindowsSpotlightWindowsWelcomeExperience
+
+ -
+ Experience/AllowWindowsTips
+
+ -
+ Experience/ConfigureWindowsSpotlightOnLockScreen
+
+ -
+ Experience/DoNotShowFeedbackNotifications
+
+ -
+ Experience/DoNotSyncBrowserSettings
+
+ -
+ Experience/PreventUsersFromTurningOnBrowserSyncing
+
+
+
+### ExploitGuard policies
+
+
+ -
+ ExploitGuard/ExploitProtectionSettings
+
+
+
+### FileExplorer policies
+
+
+ -
+ FileExplorer/TurnOffDataExecutionPreventionForExplorer
+
+ -
+ FileExplorer/TurnOffHeapTerminationOnCorruption
+
+
+
+### Games policies
+
+
+ -
+ Games/AllowAdvancedGamingServices
+
+
+
+### Handwriting policies
+
+
+ -
+ Handwriting/PanelDefaultModeDocked
+
+
+
+### InternetExplorer policies
+
+
+ -
+ InternetExplorer/AddSearchProvider
+
+ -
+ InternetExplorer/AllowActiveXFiltering
+
+ -
+ InternetExplorer/AllowAddOnList
+
+ -
+ InternetExplorer/AllowAutoComplete
+
+ -
+ InternetExplorer/AllowCertificateAddressMismatchWarning
+
+ -
+ InternetExplorer/AllowDeletingBrowsingHistoryOnExit
+
+ -
+ InternetExplorer/AllowEnhancedProtectedMode
+
+ -
+
+
+ -
+ InternetExplorer/AllowEnterpriseModeSiteList
+
+ -
+ InternetExplorer/AllowFallbackToSSL3
+
+ -
+ InternetExplorer/AllowInternetExplorer7PolicyList
+
+ -
+ InternetExplorer/AllowInternetExplorerStandardsMode
+
+ -
+ InternetExplorer/AllowInternetZoneTemplate
+
+ -
+ InternetExplorer/AllowIntranetZoneTemplate
+
+ -
+ InternetExplorer/AllowLocalMachineZoneTemplate
+
+ -
+ InternetExplorer/AllowLockedDownInternetZoneTemplate
+
+ -
+ InternetExplorer/AllowLockedDownIntranetZoneTemplate
+
+ -
+ InternetExplorer/AllowLockedDownLocalMachineZoneTemplate
+
+ -
+ InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate
+
+ -
+ InternetExplorer/AllowOneWordEntry
+
+ -
+ InternetExplorer/AllowSiteToZoneAssignmentList
+
+ -
+ InternetExplorer/AllowSoftwareWhenSignatureIsInvalid
+
+ -
+ InternetExplorer/AllowSuggestedSites
+
+ -
+ InternetExplorer/AllowTrustedSitesZoneTemplate
+
+ -
+ InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate
+
+ -
+ InternetExplorer/AllowsRestrictedSitesZoneTemplate
+
+ -
+ InternetExplorer/CheckServerCertificateRevocation
+
+ -
+ InternetExplorer/CheckSignaturesOnDownloadedPrograms
+
+ -
+ InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses
+
+ -
+ InternetExplorer/DisableAdobeFlash
+
+ -
+ InternetExplorer/DisableBypassOfSmartScreenWarnings
+
+ -
+ InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles
+
+ -
+ InternetExplorer/DisableConfiguringHistory
+
+ -
+ InternetExplorer/DisableCrashDetection
+
+ -
+ InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation
+
+ -
+ InternetExplorer/DisableDeletingUserVisitedWebsites
+
+ -
+ InternetExplorer/DisableEnclosureDownloading
+
+ -
+ InternetExplorer/DisableEncryptionSupport
+
+ -
+ InternetExplorer/DisableFirstRunWizard
+
+ -
+ InternetExplorer/DisableFlipAheadFeature
+
+ -
+ InternetExplorer/DisableHomePageChange
+
+ -
+ InternetExplorer/DisableIgnoringCertificateErrors
+
+ -
+ InternetExplorer/DisableInPrivateBrowsing
+
+ -
+ InternetExplorer/DisableProcessesInEnhancedProtectedMode
+
+ -
+ InternetExplorer/DisableProxyChange
+
+ -
+ InternetExplorer/DisableSearchProviderChange
+
+ -
+ InternetExplorer/DisableSecondaryHomePageChange
+
+ -
+ InternetExplorer/DisableSecuritySettingsCheck
+
+ -
+ InternetExplorer/DisableUpdateCheck
+
+ -
+ InternetExplorer/DoNotAllowActiveXControlsInProtectedMode
+
+ -
+ InternetExplorer/DoNotAllowUsersToAddSites
+
+ -
+ InternetExplorer/DoNotAllowUsersToChangePolicies
+
+ -
+ InternetExplorer/DoNotBlockOutdatedActiveXControls
+
+ -
+ InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains
+
+ -
+ InternetExplorer/IncludeAllLocalSites
+
+ -
+ InternetExplorer/IncludeAllNetworkPaths
+
+ -
+ InternetExplorer/InternetZoneAllowAccessToDataSources
+
+ -
+ InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls
+
+ -
+ InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads
+
+ -
+ InternetExplorer/InternetZoneAllowCopyPasteViaScript
+
+ -
+ InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles
+
+ -
+ InternetExplorer/InternetZoneAllowFontDownloads
+
+ -
+ InternetExplorer/InternetZoneAllowLessPrivilegedSites
+
+ -
+ InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles
+
+ -
+ InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents
+
+ -
+ InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls
+
+ -
+ InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
+
+ -
+ InternetExplorer/InternetZoneAllowScriptInitiatedWindows
+
+ -
+ InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls
+
+ -
+ InternetExplorer/InternetZoneAllowScriptlets
+
+ -
+ InternetExplorer/InternetZoneAllowSmartScreenIE
+
+ -
+ InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript
+
+ -
+ InternetExplorer/InternetZoneAllowUserDataPersistence
+
+ -
+ InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer
+
+ -
+ InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls
+
+ -
+ InternetExplorer/InternetZoneDownloadSignedActiveXControls
+
+ -
+ InternetExplorer/InternetZoneDownloadUnsignedActiveXControls
+
+ -
+ InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter
+
+ -
+ InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
+
+ -
+ InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
+
+ -
+ InternetExplorer/InternetZoneEnableMIMESniffing
+
+ -
+ InternetExplorer/InternetZoneEnableProtectedMode
+
+ -
+ InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer
+
+ -
+ InternetExplorer/InternetZoneInitializeAndScriptActiveXControls
+
+ -
+ InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
+
+ -
+ InternetExplorer/InternetZoneJavaPermissions
+
+ -
+ InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME
+
+ -
+ InternetExplorer/InternetZoneLogonOptions
+
+ -
+ InternetExplorer/InternetZoneNavigateWindowsAndFrames
+
+ -
+ InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
+
+ -
+ InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles
+
+ -
+
+
+ -
+ InternetExplorer/IntranetZoneAllowAccessToDataSources
+
+ -
+ InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls
+
+ -
+ InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads
+
+ -
+ InternetExplorer/IntranetZoneAllowFontDownloads
+
+ -
+ InternetExplorer/IntranetZoneAllowLessPrivilegedSites
+
+ -
+ InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents
+
+ -
+ InternetExplorer/IntranetZoneAllowScriptlets
+
+ -
+ InternetExplorer/IntranetZoneAllowSmartScreenIE
+
+ -
+ InternetExplorer/IntranetZoneAllowUserDataPersistence
+
+ -
+ InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls
+
+ -
+ InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls
+
+ -
+ InternetExplorer/IntranetZoneJavaPermissions
+
+ -
+ InternetExplorer/IntranetZoneNavigateWindowsAndFrames
+
+ -
+ InternetExplorer/LocalMachineZoneAllowAccessToDataSources
+
+ -
+ InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls
+
+ -
+ InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads
+
+ -
+ InternetExplorer/LocalMachineZoneAllowFontDownloads
+
+ -
+ InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites
+
+ -
+ InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents
+
+ -
+ InternetExplorer/LocalMachineZoneAllowScriptlets
+
+ -
+ InternetExplorer/LocalMachineZoneAllowSmartScreenIE
+
+ -
+ InternetExplorer/LocalMachineZoneAllowUserDataPersistence
+
+ -
+ InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls
+
+ -
+ InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls
+
+ -
+ InternetExplorer/LocalMachineZoneJavaPermissions
+
+ -
+ InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames
+
+ -
+ InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources
+
+ -
+ InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls
+
+ -
+ InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads
+
+ -
+ InternetExplorer/LockedDownInternetZoneAllowFontDownloads
+
+ -
+ InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites
+
+ -
+ InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents
+
+ -
+ InternetExplorer/LockedDownInternetZoneAllowScriptlets
+
+ -
+ InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE
+
+ -
+ InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence
+
+ -
+ InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls
+
+ -
+ InternetExplorer/LockedDownInternetZoneJavaPermissions
+
+ -
+ InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames
+
+ -
+ InternetExplorer/LockedDownIntranetJavaPermissions
+
+ -
+ InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources
+
+ -
+ InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls
+
+ -
+ InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads
+
+ -
+ InternetExplorer/LockedDownIntranetZoneAllowFontDownloads
+
+ -
+ InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites
+
+ -
+ InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents
+
+ -
+ InternetExplorer/LockedDownIntranetZoneAllowScriptlets
+
+ -
+ InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE
+
+ -
+ InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence
+
+ -
+ InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls
+
+ -
+ InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames
+
+ -
+ InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources
+
+ -
+ InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls
+
+ -
+ InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads
+
+ -
+ InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads
+
+ -
+ InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites
+
+ -
+ InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents
+
+ -
+ InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets
+
+ -
+ InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE
+
+ -
+ InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence
+
+ -
+ InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls
+
+ -
+ InternetExplorer/LockedDownLocalMachineZoneJavaPermissions
+
+ -
+ InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames
+
+ -
+ InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources
+
+ -
+ InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
+
+ -
+ InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
+
+ -
+ InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads
+
+ -
+ InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites
+
+ -
+ InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents
+
+ -
+ InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets
+
+ -
+ InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE
+
+ -
+ InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence
+
+ -
+ InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls
+
+ -
+ InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions
+
+ -
+ InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames
+
+ -
+ InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources
+
+ -
+ InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls
+
+ -
+ InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads
+
+ -
+ InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads
+
+ -
+ InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites
+
+ -
+ InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents
+
+ -
+ InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets
+
+ -
+ InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE
+
+ -
+ InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence
+
+ -
+ InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls
+
+ -
+ InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions
+
+ -
+ InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames
+
+ -
+ InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses
+
+ -
+ InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses
+
+ -
+ InternetExplorer/NotificationBarInternetExplorerProcesses
+
+ -
+ InternetExplorer/PreventManagingSmartScreenFilter
+
+ -
+ InternetExplorer/PreventPerUserInstallationOfActiveXControls
+
+ -
+ InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses
+
+ -
+ InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls
+
+ -
+ InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses
+
+ -
+ InternetExplorer/RestrictFileDownloadInternetExplorerProcesses
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowActiveScripting
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowFileDownloads
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowFontDownloads
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowScriptlets
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence
+
+ -
+ InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer
+
+ -
+ InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
+
+ -
+ InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls
+
+ -
+ InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls
+
+ -
+ InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter
+
+ -
+ InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
+
+ -
+ InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
+
+ -
+ InternetExplorer/RestrictedSitesZoneEnableMIMESniffing
+
+ -
+ InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer
+
+ -
+ InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls
+
+ -
+ InternetExplorer/RestrictedSitesZoneJavaPermissions
+
+ -
+ InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME
+
+ -
+ InternetExplorer/RestrictedSitesZoneLogonOptions
+
+ -
+ InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames
+
+ -
+ InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins
+
+ -
+ InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
+
+ -
+ InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting
+
+ -
+ InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets
+
+ -
+ InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles
+
+ -
+ InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode
+
+ -
+
+
+ -
+ InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses
+
+ -
+ InternetExplorer/SearchProviderList
+
+ -
+ InternetExplorer/SecurityZonesUseOnlyMachineSettings
+
+ -
+ InternetExplorer/SpecifyUseOfActiveXInstallerService
+
+ -
+ InternetExplorer/TrustedSitesZoneAllowAccessToDataSources
+
+ -
+ InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls
+
+ -
+ InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads
+
+ -
+ InternetExplorer/TrustedSitesZoneAllowFontDownloads
+
+ -
+ InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites
+
+ -
+ InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents
+
+ -
+ InternetExplorer/TrustedSitesZoneAllowScriptlets
+
+ -
+ InternetExplorer/TrustedSitesZoneAllowSmartScreenIE
+
+ -
+ InternetExplorer/TrustedSitesZoneAllowUserDataPersistence
+
+ -
+ InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
+
+ -
+ InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls
+
+ -
+ InternetExplorer/TrustedSitesZoneJavaPermissions
+
+ -
+ InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames
+
+
+
+### Kerberos policies
+
+
+ -
+ Kerberos/AllowForestSearchOrder
+
+ -
+ Kerberos/KerberosClientSupportsClaimsCompoundArmor
+
+ -
+ Kerberos/RequireKerberosArmoring
+
+ -
+ Kerberos/RequireStrictKDCValidation
+
+ -
+ Kerberos/SetMaximumContextTokenSize
+
+
+
+### KioskBrowser policies
+
+
+ -
+ KioskBrowser/BlockedUrlExceptions
+
+ -
+ KioskBrowser/BlockedUrls
+
+ -
+ KioskBrowser/DefaultURL
+
+ -
+ KioskBrowser/EnableEndSessionButton
+
+ -
+ KioskBrowser/EnableHomeButton
+
+ -
+ KioskBrowser/EnableNavigationButtons
+
+ -
+ KioskBrowser/RestartOnIdleTime
+
+
+
+### LanmanWorkstation policies
+
+
+ -
+ LanmanWorkstation/EnableInsecureGuestLogons
+
+
+
+### Licensing policies
+
+
+ -
+ Licensing/AllowWindowsEntitlementReactivation
+
+ -
+ Licensing/DisallowKMSClientOnlineAVSValidation
+
+
+
+### LocalPoliciesSecurityOptions policies
+
+
+ -
+ LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
+
+ -
+ LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus
+
+ -
+ LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus
+
+ -
+ LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
+
+ -
+ LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
+
+ -
+ LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
+
+ -
+ LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
+
+ -
+ LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
+
+ -
+ LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
+
+ -
+ LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
+
+ -
+ LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways
+
+ -
+ LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible
+
+ -
+ LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges
+
+ -
+ LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
+
+ -
+ LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn
+
+ -
+ LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn
+
+ -
+ LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL
+
+ -
+ LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
+
+ -
+ LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
+
+ -
+ LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
+
+ -
+ LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
+
+ -
+ LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways
+
+ -
+ LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
+
+ -
+ LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
+
+ -
+ LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession
+
+ -
+ LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
+
+ -
+ LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
+
+ -
+ LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
+
+ -
+ LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
+
+ -
+ LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
+
+ -
+ LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
+
+ -
+ LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM
+
+ -
+ LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
+
+ -
+ LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
+
+ -
+ LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
+
+ -
+ LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients
+
+ -
+ LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
+
+ -
+ LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication
+
+ -
+ LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic
+
+ -
+ LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic
+
+ -
+ LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers
+
+ -
+ LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon
+
+ -
+ LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
+
+ -
+ LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
+
+ -
+ LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems
+
+ -
+ LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
+
+ -
+ LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
+
+ -
+ LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
+
+ -
+ LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
+
+ -
+ LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
+
+ -
+ LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
+
+ -
+ LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
+
+ -
+ LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
+
+ -
+ LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
+
+ -
+ LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
+
+
+
+### Location policies
+
+
+ -
+ Location/EnableLocation
+
+
+
+### LockDown policies
+
+
+ -
+ LockDown/AllowEdgeSwipe
+
+
+
+### Maps policies
+
+
+ -
+ Maps/AllowOfflineMapsDownloadOverMeteredConnection
+
+ -
+ Maps/EnableOfflineMapsAutoUpdate
+
+
+
+### Messaging policies
+
+
+ -
+ Messaging/AllowMMS
+
+ -
+ Messaging/AllowMessageSync
+
+ -
+ Messaging/AllowRCS
+
+
+
+### MSSecurityGuide policies
+
+
+ -
+ MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon
+
+ -
+ MSSecurityGuide/ConfigureSMBV1ClientDriver
+
+ -
+ MSSecurityGuide/ConfigureSMBV1Server
+
+ -
+ MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection
+
+ -
+ MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications
+
+ -
+ MSSecurityGuide/WDigestAuthentication
+
+
+
+### MSSLegacy policies
+
+
+ -
+ MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes
+
+ -
+ MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers
+
+ -
+ MSSLegacy/IPSourceRoutingProtectionLevel
+
+ -
+ MSSLegacy/IPv6SourceRoutingProtectionLevel
+
+
+
+### NetworkIsolation policies
+
+
+ -
+ NetworkIsolation/EnterpriseCloudResources
+
+ -
+ NetworkIsolation/EnterpriseIPRange
+
+ -
+ NetworkIsolation/EnterpriseIPRangesAreAuthoritative
+
+ -
+ NetworkIsolation/EnterpriseInternalProxyServers
+
+ -
+ NetworkIsolation/EnterpriseNetworkDomainNames
+
+ -
+ NetworkIsolation/EnterpriseProxyServers
+
+ -
+ NetworkIsolation/EnterpriseProxyServersAreAuthoritative
+
+ -
+ NetworkIsolation/NeutralResources
+
+
+
+### Notifications policies
+
+
+ -
+ Notifications/DisallowCloudNotification
+
+ -
+ Notifications/DisallowNotificationMirroring
+
+ -
+ Notifications/DisallowTileNotification
+
+
+
+### Power policies
+
+
+ -
+ Power/AllowStandbyStatesWhenSleepingOnBattery
+
+ -
+ Power/AllowStandbyWhenSleepingPluggedIn
+
+ -
+ Power/DisplayOffTimeoutOnBattery
+
+ -
+ Power/DisplayOffTimeoutPluggedIn
+
+ -
+ Power/HibernateTimeoutOnBattery
+
+ -
+ Power/HibernateTimeoutPluggedIn
+
+ -
+ Power/RequirePasswordWhenComputerWakesOnBattery
+
+ -
+ Power/RequirePasswordWhenComputerWakesPluggedIn
+
+ -
+ Power/StandbyTimeoutOnBattery
+
+ -
+ Power/StandbyTimeoutPluggedIn
+
+
+
+### Printers policies
+
+
+ -
+ Printers/PointAndPrintRestrictions
+
+ -
+ Printers/PointAndPrintRestrictions_User
+
+ -
+ Printers/PublishPrinters
+
+
+
+### Privacy policies
+
+
+ -
+ Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
+
+ -
+ Privacy/AllowCrossDeviceClipboard
+
+ -
+ Privacy/AllowInputPersonalization
+
+ -
+ Privacy/DisableAdvertisingId
+
+ -
+ Privacy/DisablePrivacyExperience
+
+ -
+ Privacy/EnableActivityFeed
+
+ -
+ Privacy/LetAppsAccessAccountInfo
+
+ -
+ Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessCalendar
+
+ -
+ Privacy/LetAppsAccessCalendar_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessCalendar_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessCallHistory
+
+ -
+ Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessCamera
+
+ -
+ Privacy/LetAppsAccessCamera_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessCamera_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessCamera_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessContacts
+
+ -
+ Privacy/LetAppsAccessContacts_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessContacts_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessContacts_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessEmail
+
+ -
+ Privacy/LetAppsAccessEmail_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessEmail_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessEmail_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessGazeInput
+
+ -
+ Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessLocation
+
+ -
+ Privacy/LetAppsAccessLocation_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessLocation_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessLocation_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessMessaging
+
+ -
+ Privacy/LetAppsAccessMessaging_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessMessaging_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessMicrophone
+
+ -
+ Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessMotion
+
+ -
+ Privacy/LetAppsAccessMotion_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessMotion_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessMotion_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessNotifications
+
+ -
+ Privacy/LetAppsAccessNotifications_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessNotifications_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessPhone
+
+ -
+ Privacy/LetAppsAccessPhone_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessPhone_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessPhone_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessRadios
+
+ -
+ Privacy/LetAppsAccessRadios_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessRadios_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessRadios_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessTasks
+
+ -
+ Privacy/LetAppsAccessTasks_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessTasks_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessTasks_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessTrustedDevices
+
+ -
+ Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsGetDiagnosticInfo
+
+ -
+ Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsRunInBackground
+
+ -
+ Privacy/LetAppsRunInBackground_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsRunInBackground_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsRunInBackground_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsSyncWithDevices
+
+ -
+ Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps
+
+ -
+ Privacy/PublishUserActivities
+
+ -
+ Privacy/UploadUserActivities
+
+
+
+### RemoteAssistance policies
+
+
+ -
+ RemoteAssistance/CustomizeWarningMessages
+
+ -
+ RemoteAssistance/SessionLogging
+
+ -
+ RemoteAssistance/SolicitedRemoteAssistance
+
+ -
+ RemoteAssistance/UnsolicitedRemoteAssistance
+
+
+
+### RemoteDesktopServices policies
+
+
+ -
+ RemoteDesktopServices/AllowUsersToConnectRemotely
+
+ -
+ RemoteDesktopServices/ClientConnectionEncryptionLevel
+
+ -
+ RemoteDesktopServices/DoNotAllowDriveRedirection
+
+ -
+ RemoteDesktopServices/DoNotAllowPasswordSaving
+
+ -
+ RemoteDesktopServices/PromptForPasswordUponConnection
+
+ -
+ RemoteDesktopServices/RequireSecureRPCCommunication
+
+
+
+### RemoteManagement policies
+
+
+ -
+ RemoteManagement/AllowBasicAuthentication_Client
+
+ -
+ RemoteManagement/AllowBasicAuthentication_Service
+
+ -
+ RemoteManagement/AllowCredSSPAuthenticationClient
+
+ -
+ RemoteManagement/AllowCredSSPAuthenticationService
+
+ -
+ RemoteManagement/AllowRemoteServerManagement
+
+ -
+ RemoteManagement/AllowUnencryptedTraffic_Client
+
+ -
+ RemoteManagement/AllowUnencryptedTraffic_Service
+
+ -
+ RemoteManagement/DisallowDigestAuthentication
+
+ -
+ RemoteManagement/DisallowNegotiateAuthenticationClient
+
+ -
+ RemoteManagement/DisallowNegotiateAuthenticationService
+
+ -
+ RemoteManagement/DisallowStoringOfRunAsCredentials
+
+ -
+ RemoteManagement/SpecifyChannelBindingTokenHardeningLevel
+
+ -
+ RemoteManagement/TrustedHosts
+
+ -
+ RemoteManagement/TurnOnCompatibilityHTTPListener
+
+ -
+ RemoteManagement/TurnOnCompatibilityHTTPSListener
+
+
+
+### RemoteProcedureCall policies
+
+
+ -
+ RemoteProcedureCall/RPCEndpointMapperClientAuthentication
+
+ -
+ RemoteProcedureCall/RestrictUnauthenticatedRPCClients
+
+
+
+### RemoteShell policies
+
+
+ -
+ RemoteShell/AllowRemoteShellAccess
+
+ -
+ RemoteShell/MaxConcurrentUsers
+
+ -
+ RemoteShell/SpecifyIdleTimeout
+
+ -
+ RemoteShell/SpecifyMaxMemory
+
+ -
+ RemoteShell/SpecifyMaxProcesses
+
+ -
+ RemoteShell/SpecifyMaxRemoteShells
+
+ -
+ RemoteShell/SpecifyShellTimeout
+
+
+
+### RestrictedGroups policies
+
+
+ -
+ RestrictedGroups/ConfigureGroupMembership
+
+
+
+### Search policies
+
+
+ -
+ Search/AllowCloudSearch
+
+ -
+ Search/AllowCortanaInAAD
+
+ -
+ Search/AllowIndexingEncryptedStoresOrItems
+
+ -
+ Search/AllowSearchToUseLocation
+
+ -
+ Search/AllowStoringImagesFromVisionSearch
+
+ -
+ Search/AllowUsingDiacritics
+
+ -
+ Search/AllowWindowsIndexer
+
+ -
+ Search/AlwaysUseAutoLangDetection
+
+ -
+ Search/DisableBackoff
+
+ -
+ Search/DisableRemovableDriveIndexing
+
+ -
+ Search/DoNotUseWebResults
+
+ -
+ Search/PreventIndexingLowDiskSpaceMB
+
+ -
+ Search/PreventRemoteQueries
+
+ -
+ Search/SafeSearchPermissions
+
+
+
+### Security policies
+
+
+ -
+ Security/AllowAddProvisioningPackage
+
+ -
+ Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices
+
+ -
+ Security/AllowManualRootCertificateInstallation
+
+ -
+ Security/AllowRemoveProvisioningPackage
+
+ -
+ Security/AntiTheftMode
+
+ -
+ Security/ClearTPMIfNotReady
+
+ -
+ Security/ConfigureWindowsPasswords
+
+ -
+ Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices
+
+ -
+ Security/RecoveryEnvironmentAuthentication
+
+ -
+ Security/RequireDeviceEncryption
+
+ -
+ Security/RequireProvisioningPackageSignature
+
+ -
+ Security/RequireRetrieveHealthCertificateOnBoot
+
+
+
+### Settings policies
+
+
+ -
+ Settings/AllowAutoPlay
+
+ -
+ Settings/AllowDataSense
+
+ -
+ Settings/AllowDateTime
+
+ -
+ Settings/AllowEditDeviceName
+
+ -
+ Settings/AllowLanguage
+
+ -
+ Settings/AllowOnlineTips
+
+ -
+ Settings/AllowPowerSleep
+
+ -
+ Settings/AllowRegion
+
+ -
+ Settings/AllowSignInOptions
+
+ -
+ Settings/AllowVPN
+
+ -
+ Settings/AllowWorkplace
+
+ -
+ Settings/AllowYourAccount
+
+ -
+ Settings/ConfigureTaskbarCalendar
+
+ -
+ Settings/PageVisibilityList
+
+
+
+### SmartScreen policies
+
+
+ -
+ SmartScreen/EnableAppInstallControl
+
+ -
+ SmartScreen/EnableSmartScreenInShell
+
+ -
+ SmartScreen/PreventOverrideForFilesInShell
+
+
+
+### Speech policies
+
+
+ -
+ Speech/AllowSpeechModelUpdate
+
+
+
+### Start policies
+
+
+ -
+ Start/AllowPinnedFolderDocuments
+
+ -
+ Start/AllowPinnedFolderDownloads
+
+ -
+ Start/AllowPinnedFolderFileExplorer
+
+ -
+ Start/AllowPinnedFolderHomeGroup
+
+ -
+ Start/AllowPinnedFolderMusic
+
+ -
+ Start/AllowPinnedFolderNetwork
+
+ -
+ Start/AllowPinnedFolderPersonalFolder
+
+ -
+ Start/AllowPinnedFolderPictures
+
+ -
+ Start/AllowPinnedFolderSettings
+
+ -
+ Start/AllowPinnedFolderVideos
+
+ -
+
+
+ -
+ Start/ForceStartSize
+
+ -
+ Start/HideAppList
+
+ -
+ Start/HideChangeAccountSettings
+
+ -
+ Start/HideFrequentlyUsedApps
+
+ -
+ Start/HideHibernate
+
+ -
+ Start/HideLock
+
+ -
+ Start/HidePeopleBar
+
+ -
+ Start/HidePowerButton
+
+ -
+ Start/HideRecentJumplists
+
+ -
+ Start/HideRecentlyAddedApps
+
+ -
+ Start/HideRestart
+
+ -
+ Start/HideShutDown
+
+ -
+ Start/HideSignOut
+
+ -
+ Start/HideSleep
+
+ -
+ Start/HideSwitchAccount
+
+ -
+ Start/HideUserTile
+
+ -
+ Start/ImportEdgeAssets
+
+ -
+ Start/NoPinningToTaskbar
+
+ -
+ Start/StartLayout
+
+
+
+### Storage policies
+
+
+ -
+ Storage/AllowDiskHealthModelUpdates
+
+ -
+ Storage/EnhancedStorageDevices
+
+
+
+### System policies
+
+
+ -
+ System/AllowBuildPreview
+
+ -
+ System/AllowEmbeddedMode
+
+ -
+ System/AllowExperimentation
+
+ -
+ System/AllowFontProviders
+
+ -
+ System/AllowLocation
+
+ -
+ System/AllowStorageCard
+
+ -
+ System/AllowTelemetry
+
+ -
+ System/AllowUserToResetPhone
+
+ -
+ System/BootStartDriverInitialization
+
+ -
+ System/ConfigureTelemetryOptInChangeNotification
+
+ -
+ System/ConfigureTelemetryOptInSettingsUx
+
+ -
+ System/DisableEnterpriseAuthProxy
+
+ -
+ System/DisableOneDriveFileSync
+
+ -
+ System/DisableSystemRestore
+
+ -
+ System/FeedbackHubAlwaysSaveDiagnosticsLocally
+
+ -
+ System/LimitEnhancedDiagnosticDataWindowsAnalytics
+
+ -
+ System/TelemetryProxy
+
+
+
+### SystemServices policies
+
+
+ -
+ SystemServices/ConfigureHomeGroupListenerServiceStartupMode
+
+ -
+ SystemServices/ConfigureHomeGroupProviderServiceStartupMode
+
+ -
+ SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
+
+ -
+ SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
+
+ -
+ SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
+
+ -
+ SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
+
+
+
+### TaskManager policies
+
+
+ -
+ TaskManager/AllowEndTask
+
+
+
+### TaskScheduler policies
+
+
+ -
+ TaskScheduler/EnableXboxGameSaveTask
+
+
+
+### TextInput policies
+
+
+ -
+ TextInput/AllowHardwareKeyboardTextSuggestions
+
+ -
+ TextInput/AllowIMELogging
+
+ -
+ TextInput/AllowIMENetworkAccess
+
+ -
+ TextInput/AllowInputPanel
+
+ -
+ TextInput/AllowJapaneseIMESurrogatePairCharacters
+
+ -
+ TextInput/AllowJapaneseIVSCharacters
+
+ -
+ TextInput/AllowJapaneseNonPublishingStandardGlyph
+
+ -
+ TextInput/AllowJapaneseUserDictionary
+
+ -
+ TextInput/AllowKeyboardTextSuggestions
+
+ -
+ TextInput/AllowKoreanExtendedHanja
+
+ -
+ TextInput/AllowLanguageFeaturesUninstall
+
+ -
+ TextInput/AllowLinguisticDataCollection
+
+ -
+ TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
+
+ -
+ TextInput/ExcludeJapaneseIMEExceptJIS0208
+
+ -
+ TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC
+
+ -
+ TextInput/ExcludeJapaneseIMEExceptShiftJIS
+
+ -
+ TextInput/ForceTouchKeyboardDockedState
+
+ -
+ TextInput/TouchKeyboardDictationButtonAvailability
+
+ -
+ TextInput/TouchKeyboardEmojiButtonAvailability
+
+ -
+ TextInput/TouchKeyboardFullModeAvailability
+
+ -
+ TextInput/TouchKeyboardHandwritingModeAvailability
+
+ -
+ TextInput/TouchKeyboardNarrowModeAvailability
+
+ -
+ TextInput/TouchKeyboardSplitModeAvailability
+
+ -
+ TextInput/TouchKeyboardWideModeAvailability
+
+
+
+### TimeLanguageSettings policies
+
+
+ -
+ TimeLanguageSettings/AllowSet24HourClock
+
+
+
+### Update policies
+
+
+ -
+ Update/ActiveHoursEnd
+
+ -
+ Update/ActiveHoursMaxRange
+
+ -
+
+
+ -
+ Update/AllowAutoUpdate
+
+ -
+ Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork
+
+ -
+ Update/AllowMUUpdateService
+
+ -
+ Update/AllowNonMicrosoftSignedUpdate
+
+ -
+ Update/AllowUpdateService
+
+ -
+ Update/AutoRestartDeadlinePeriodInDays
+
+ -
+ Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates
+
+ -
+ Update/AutoRestartNotificationSchedule
+
+ -
+ Update/AutoRestartRequiredNotificationDismissal
+
+ -
+ Update/BranchReadinessLevel
+
+ -
+ Update/ConfigureFeatureUpdateUninstallPeriod
+
+ -
+ Update/DeferFeatureUpdatesPeriodInDays
+
+ -
+ Update/DeferQualityUpdatesPeriodInDays
+
+ -
+ Update/DeferUpdatePeriod
+
+ -
+ Update/DeferUpgradePeriod
+
+ -
+ Update/DetectionFrequency
+
+ -
+ Update/DisableDualScan
+
+ -
+ Update/EngagedRestartDeadline
+
+ -
+ Update/EngagedRestartDeadlineForFeatureUpdates
+
+ -
+ Update/EngagedRestartSnoozeSchedule
+
+ -
+ Update/EngagedRestartSnoozeScheduleForFeatureUpdates
+
+ -
+ Update/EngagedRestartTransitionSchedule
+
+ -
+ Update/EngagedRestartTransitionScheduleForFeatureUpdates
+
+ -
+ Update/ExcludeWUDriversInQualityUpdate
+
+ -
+ Update/FillEmptyContentUrls
+
+ -
+ Update/IgnoreMOAppDownloadLimit
+
+ -
+ Update/IgnoreMOUpdateDownloadLimit
+
+ -
+ Update/ManagePreviewBuilds
+
+ -
+ Update/PauseDeferrals
+
+ -
+ Update/PauseFeatureUpdates
+
+ -
+ Update/PauseFeatureUpdatesStartTime
+
+ -
+ Update/PauseQualityUpdates
+
+ -
+ Update/PauseQualityUpdatesStartTime
+
+ -
+ Update/PhoneUpdateRestrictions
+
+ -
+ Update/RequireDeferUpgrade
+
+ -
+ Update/RequireUpdateApproval
+
+ -
+ Update/ScheduleImminentRestartWarning
+
+ -
+ Update/ScheduleRestartWarning
+
+ -
+ Update/ScheduledInstallDay
+
+ -
+ Update/ScheduledInstallEveryWeek
+
+ -
+ Update/ScheduledInstallFirstWeek
+
+ -
+ Update/ScheduledInstallFourthWeek
+
+ -
+ Update/ScheduledInstallSecondWeek
+
+ -
+ Update/ScheduledInstallThirdWeek
+
+ -
+ Update/ScheduledInstallTime
+
+ -
+ Update/SetAutoRestartNotificationDisable
+
+ -
+ Update/SetDisablePauseUXAccess
+
+ -
+ Update/SetDisableUXWUAccess
+
+ -
+ Update/SetEDURestart
+
+ -
+ Update/UpdateNotificationLevel
+
+ -
+ Update/UpdateServiceUrl
+
+ -
+ Update/UpdateServiceUrlAlternate
+
+
+
+### UserRights policies
+
+
+ -
+ UserRights/AccessCredentialManagerAsTrustedCaller
+
+ -
+ UserRights/AccessFromNetwork
+
+ -
+ UserRights/ActAsPartOfTheOperatingSystem
+
+ -
+ UserRights/AllowLocalLogOn
+
+ -
+ UserRights/BackupFilesAndDirectories
+
+ -
+ UserRights/ChangeSystemTime
+
+ -
+ UserRights/CreateGlobalObjects
+
+ -
+ UserRights/CreatePageFile
+
+ -
+ UserRights/CreatePermanentSharedObjects
+
+ -
+ UserRights/CreateSymbolicLinks
+
+ -
+ UserRights/CreateToken
+
+ -
+ UserRights/DebugPrograms
+
+ -
+ UserRights/DenyAccessFromNetwork
+
+ -
+ UserRights/DenyLocalLogOn
+
+ -
+ UserRights/DenyRemoteDesktopServicesLogOn
+
+ -
+ UserRights/EnableDelegation
+
+ -
+ UserRights/GenerateSecurityAudits
+
+ -
+ UserRights/ImpersonateClient
+
+ -
+ UserRights/IncreaseSchedulingPriority
+
+ -
+ UserRights/LoadUnloadDeviceDrivers
+
+ -
+ UserRights/LockMemory
+
+ -
+ UserRights/ManageAuditingAndSecurityLog
+
+ -
+ UserRights/ManageVolume
+
+ -
+ UserRights/ModifyFirmwareEnvironment
+
+ -
+ UserRights/ModifyObjectLabel
+
+ -
+ UserRights/ProfileSingleProcess
+
+ -
+ UserRights/RemoteShutdown
+
+ -
+ UserRights/RestoreFilesAndDirectories
+
+ -
+ UserRights/TakeOwnership
+
+
+
+### Wifi policies
+
+
+ -
+ WiFi/AllowWiFiHotSpotReporting
+
+ -
+ Wifi/AllowAutoConnectToWiFiSenseHotspots
+
+ -
+ Wifi/AllowInternetSharing
+
+ -
+ Wifi/AllowManualWiFiConfiguration
+
+ -
+ Wifi/AllowWiFi
+
+ -
+ Wifi/AllowWiFiDirect
+
+ -
+ Wifi/WLANScanMode
+
+
+
+### WindowsConnectionManager policies
+
+
+ -
+ WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork
+
+
+
+### WindowsDefenderSecurityCenter policies
+
+
+ -
+ WindowsDefenderSecurityCenter/CompanyName
+
+ -
+ WindowsDefenderSecurityCenter/DisableAccountProtectionUI
+
+ -
+ WindowsDefenderSecurityCenter/DisableAppBrowserUI
+
+ -
+ WindowsDefenderSecurityCenter/DisableClearTpmButton
+
+ -
+ WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
+
+ -
+ WindowsDefenderSecurityCenter/DisableEnhancedNotifications
+
+ -
+ WindowsDefenderSecurityCenter/DisableFamilyUI
+
+ -
+ WindowsDefenderSecurityCenter/DisableHealthUI
+
+ -
+ WindowsDefenderSecurityCenter/DisableNetworkUI
+
+ -
+ WindowsDefenderSecurityCenter/DisableNotifications
+
+ -
+ WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
+
+ -
+ WindowsDefenderSecurityCenter/DisableVirusUI
+
+ -
+ WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride
+
+ -
+ WindowsDefenderSecurityCenter/Email
+
+ -
+ WindowsDefenderSecurityCenter/EnableCustomizedToasts
+
+ -
+ WindowsDefenderSecurityCenter/EnableInAppCustomization
+
+ -
+ WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
+
+ -
+ WindowsDefenderSecurityCenter/HideSecureBoot
+
+ -
+ WindowsDefenderSecurityCenter/HideTPMTroubleshooting
+
+ -
+ WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
+
+ -
+ WindowsDefenderSecurityCenter/Phone
+
+ -
+ WindowsDefenderSecurityCenter/URL
+
+
+
+### WindowsInkWorkspace policies
+
+
+ -
+ WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace
+
+ -
+ WindowsInkWorkspace/AllowWindowsInkWorkspace
+
+
+
+### WindowsLogon policies
+
+
+ -
+ WindowsLogon/DisableLockScreenAppNotifications
+
+ -
+ WindowsLogon/DontDisplayNetworkSelectionUI
+
+ -
+ WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers
+
+ -
+ WindowsLogon/HideFastUserSwitching
+
+ -
+ WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart
+
+
+
+### WindowsPowerShell policies
+
+
+ -
+ WindowsPowerShell/TurnOnPowerShellScriptBlockLogging
+
+
+
+### WirelessDisplay policies
+
+
+ -
+ WirelessDisplay/AllowMdnsAdvertisement
+
+ -
+ WirelessDisplay/AllowMdnsDiscovery
+
+ -
+ WirelessDisplay/AllowProjectionFromPC
+
+ -
+ WirelessDisplay/AllowProjectionFromPCOverInfrastructure
+
+ -
+ WirelessDisplay/AllowProjectionToPC
+
+ -
+ WirelessDisplay/AllowProjectionToPCOverInfrastructure
+
+ -
+ WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver
+
+ -
+ WirelessDisplay/RequirePinForPairing
+
+
+
+
+## ADMX-backed policies
+
+- [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
+- [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
+- [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
+- [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)
+- [AppVirtualization/AllowPackageCleanup](./policy-csp-appvirtualization.md#appvirtualization-allowpackagecleanup)
+- [AppVirtualization/AllowPackageScripts](./policy-csp-appvirtualization.md#appvirtualization-allowpackagescripts)
+- [AppVirtualization/AllowPublishingRefreshUX](./policy-csp-appvirtualization.md#appvirtualization-allowpublishingrefreshux)
+- [AppVirtualization/AllowReportingServer](./policy-csp-appvirtualization.md#appvirtualization-allowreportingserver)
+- [AppVirtualization/AllowRoamingFileExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingfileexclusions)
+- [AppVirtualization/AllowRoamingRegistryExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingregistryexclusions)
+- [AppVirtualization/AllowStreamingAutoload](./policy-csp-appvirtualization.md#appvirtualization-allowstreamingautoload)
+- [AppVirtualization/ClientCoexistenceAllowMigrationmode](./policy-csp-appvirtualization.md#appvirtualization-clientcoexistenceallowmigrationmode)
+- [AppVirtualization/IntegrationAllowRootGlobal](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootglobal)
+- [AppVirtualization/IntegrationAllowRootUser](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootuser)
+- [AppVirtualization/PublishingAllowServer1](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver1)
+- [AppVirtualization/PublishingAllowServer2](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver2)
+- [AppVirtualization/PublishingAllowServer3](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver3)
+- [AppVirtualization/PublishingAllowServer4](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver4)
+- [AppVirtualization/PublishingAllowServer5](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver5)
+- [AppVirtualization/StreamingAllowCertificateFilterForClient_SSL](./policy-csp-appvirtualization.md#appvirtualization-streamingallowcertificatefilterforclient-ssl)
+- [AppVirtualization/StreamingAllowHighCostLaunch](./policy-csp-appvirtualization.md#appvirtualization-streamingallowhighcostlaunch)
+- [AppVirtualization/StreamingAllowLocationProvider](./policy-csp-appvirtualization.md#appvirtualization-streamingallowlocationprovider)
+- [AppVirtualization/StreamingAllowPackageInstallationRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackageinstallationroot)
+- [AppVirtualization/StreamingAllowPackageSourceRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackagesourceroot)
+- [AppVirtualization/StreamingAllowReestablishmentInterval](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentinterval)
+- [AppVirtualization/StreamingAllowReestablishmentRetries](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentretries)
+- [AppVirtualization/StreamingSharedContentStoreMode](./policy-csp-appvirtualization.md#appvirtualization-streamingsharedcontentstoremode)
+- [AppVirtualization/StreamingSupportBranchCache](./policy-csp-appvirtualization.md#appvirtualization-streamingsupportbranchcache)
+- [AppVirtualization/StreamingVerifyCertificateRevocationList](./policy-csp-appvirtualization.md#appvirtualization-streamingverifycertificaterevocationlist)
+- [AppVirtualization/VirtualComponentsAllowList](./policy-csp-appvirtualization.md#appvirtualization-virtualcomponentsallowlist)
+- [AttachmentManager/DoNotPreserveZoneInformation](./policy-csp-attachmentmanager.md#attachmentmanager-donotpreservezoneinformation)
+- [AttachmentManager/HideZoneInfoMechanism](./policy-csp-attachmentmanager.md#attachmentmanager-hidezoneinfomechanism)
+- [AttachmentManager/NotifyAntivirusPrograms](./policy-csp-attachmentmanager.md#attachmentmanager-notifyantivirusprograms)
+- [Autoplay/DisallowAutoplayForNonVolumeDevices](./policy-csp-autoplay.md#autoplay-disallowautoplayfornonvolumedevices)
+- [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior)
+- [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay)
+- [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui)
+- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp)
+- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp)
+- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards)
+- [Connectivity/HardenedUNCPaths](./policy-csp-connectivity.md#connectivity-hardeneduncpaths)
+- [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](./policy-csp-connectivity.md#connectivity-prohibitinstallationandconfigurationofnetworkbridge)
+- [CredentialProviders/AllowPINLogon](./policy-csp-credentialproviders.md#credentialproviders-allowpinlogon)
+- [CredentialProviders/BlockPicturePassword](./policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword)
+- [CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials](./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials)
+- [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
+- [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
+- [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g)
+- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
+- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
+- [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
+- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids)
+- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses)
+- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork)
+- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings)
+- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
+- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
+- [DeviceLock/PreventEnablingLockScreenCamera](./policy-csp-devicelock.md#devicelock-preventenablinglockscreencamera)
+- [DeviceLock/PreventLockScreenSlideShow](./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)
+- [ErrorReporting/CustomizeConsentSettings](./policy-csp-errorreporting.md#errorreporting-customizeconsentsettings)
+- [ErrorReporting/DisableWindowsErrorReporting](./policy-csp-errorreporting.md#errorreporting-disablewindowserrorreporting)
+- [ErrorReporting/DisplayErrorNotification](./policy-csp-errorreporting.md#errorreporting-displayerrornotification)
+- [ErrorReporting/DoNotSendAdditionalData](./policy-csp-errorreporting.md#errorreporting-donotsendadditionaldata)
+- [ErrorReporting/PreventCriticalErrorDisplay](./policy-csp-errorreporting.md#errorreporting-preventcriticalerrordisplay)
+- [EventLogService/ControlEventLogBehavior](./policy-csp-eventlogservice.md#eventlogservice-controleventlogbehavior)
+- [EventLogService/SpecifyMaximumFileSizeApplicationLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizeapplicationlog)
+- [EventLogService/SpecifyMaximumFileSizeSecurityLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesecuritylog)
+- [EventLogService/SpecifyMaximumFileSizeSystemLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesystemlog)
+- [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer)
+- [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption)
+- [InternetExplorer/AddSearchProvider](./policy-csp-internetexplorer.md#internetexplorer-addsearchprovider)
+- [InternetExplorer/AllowActiveXFiltering](./policy-csp-internetexplorer.md#internetexplorer-allowactivexfiltering)
+- [InternetExplorer/AllowAddOnList](./policy-csp-internetexplorer.md#internetexplorer-allowaddonlist)
+- [InternetExplorer/AllowAutoComplete](./policy-csp-internetexplorer.md#internetexplorer-allowautocomplete)
+- [InternetExplorer/AllowCertificateAddressMismatchWarning](./policy-csp-internetexplorer.md#internetexplorer-allowcertificateaddressmismatchwarning)
+- [InternetExplorer/AllowDeletingBrowsingHistoryOnExit](./policy-csp-internetexplorer.md#internetexplorer-allowdeletingbrowsinghistoryonexit)
+- [InternetExplorer/AllowEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedprotectedmode)
+- [InternetExplorer/AllowEnterpriseModeFromToolsMenu](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodefromtoolsmenu)
+- [InternetExplorer/AllowEnterpriseModeSiteList](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodesitelist)
+- [InternetExplorer/AllowFallbackToSSL3](./policy-csp-internetexplorer.md#internetexplorer-allowfallbacktossl3)
+- [InternetExplorer/AllowInternetExplorer7PolicyList](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorer7policylist)
+- [InternetExplorer/AllowInternetExplorerStandardsMode](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorerstandardsmode)
+- [InternetExplorer/AllowInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowinternetzonetemplate)
+- [InternetExplorer/AllowIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowintranetzonetemplate)
+- [InternetExplorer/AllowLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlocalmachinezonetemplate)
+- [InternetExplorer/AllowLockedDownInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddowninternetzonetemplate)
+- [InternetExplorer/AllowLockedDownIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownintranetzonetemplate)
+- [InternetExplorer/AllowLockedDownLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownlocalmachinezonetemplate)
+- [InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownrestrictedsiteszonetemplate)
+- [InternetExplorer/AllowOneWordEntry](./policy-csp-internetexplorer.md#internetexplorer-allowonewordentry)
+- [InternetExplorer/AllowSiteToZoneAssignmentList](./policy-csp-internetexplorer.md#internetexplorer-allowsitetozoneassignmentlist)
+- [InternetExplorer/AllowSoftwareWhenSignatureIsInvalid](./policy-csp-internetexplorer.md#internetexplorer-allowsoftwarewhensignatureisinvalid)
+- [InternetExplorer/AllowSuggestedSites](./policy-csp-internetexplorer.md#internetexplorer-allowsuggestedsites)
+- [InternetExplorer/AllowTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowtrustedsiteszonetemplate)
+- [InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowslockeddowntrustedsiteszonetemplate)
+- [InternetExplorer/AllowsRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowsrestrictedsiteszonetemplate)
+- [InternetExplorer/CheckServerCertificateRevocation](./policy-csp-internetexplorer.md#internetexplorer-checkservercertificaterevocation)
+- [InternetExplorer/CheckSignaturesOnDownloadedPrograms](./policy-csp-internetexplorer.md#internetexplorer-checksignaturesondownloadedprograms)
+- [InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-consistentmimehandlinginternetexplorerprocesses)
+- [InternetExplorer/DisableAdobeFlash](./policy-csp-internetexplorer.md#internetexplorer-disableadobeflash)
+- [InternetExplorer/DisableBypassOfSmartScreenWarnings](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarnings)
+- [InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles)
+- [InternetExplorer/DisableConfiguringHistory](./policy-csp-internetexplorer.md#internetexplorer-disableconfiguringhistory)
+- [InternetExplorer/DisableCrashDetection](./policy-csp-internetexplorer.md#internetexplorer-disablecrashdetection)
+- [InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation](./policy-csp-internetexplorer.md#internetexplorer-disablecustomerexperienceimprovementprogramparticipation)
+- [InternetExplorer/DisableDeletingUserVisitedWebsites](./policy-csp-internetexplorer.md#internetexplorer-disabledeletinguservisitedwebsites)
+- [InternetExplorer/DisableEnclosureDownloading](./policy-csp-internetexplorer.md#internetexplorer-disableenclosuredownloading)
+- [InternetExplorer/DisableEncryptionSupport](./policy-csp-internetexplorer.md#internetexplorer-disableencryptionsupport)
+- [InternetExplorer/DisableFirstRunWizard](./policy-csp-internetexplorer.md#internetexplorer-disablefirstrunwizard)
+- [InternetExplorer/DisableFlipAheadFeature](./policy-csp-internetexplorer.md#internetexplorer-disableflipaheadfeature)
+- [InternetExplorer/DisableHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablehomepagechange)
+- [InternetExplorer/DisableIgnoringCertificateErrors](./policy-csp-internetexplorer.md#internetexplorer-disableignoringcertificateerrors)
+- [InternetExplorer/DisableInPrivateBrowsing](./policy-csp-internetexplorer.md#internetexplorer-disableinprivatebrowsing)
+- [InternetExplorer/DisableProcessesInEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-disableprocessesinenhancedprotectedmode)
+- [InternetExplorer/DisableProxyChange](./policy-csp-internetexplorer.md#internetexplorer-disableproxychange)
+- [InternetExplorer/DisableSearchProviderChange](./policy-csp-internetexplorer.md#internetexplorer-disablesearchproviderchange)
+- [InternetExplorer/DisableSecondaryHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablesecondaryhomepagechange)
+- [InternetExplorer/DisableSecuritySettingsCheck](./policy-csp-internetexplorer.md#internetexplorer-disablesecuritysettingscheck)
+- [InternetExplorer/DisableUpdateCheck](./policy-csp-internetexplorer.md#internetexplorer-disableupdatecheck)
+- [InternetExplorer/DoNotAllowActiveXControlsInProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-donotallowactivexcontrolsinprotectedmode)
+- [InternetExplorer/DoNotAllowUsersToAddSites](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstoaddsites)
+- [InternetExplorer/DoNotAllowUsersToChangePolicies](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstochangepolicies)
+- [InternetExplorer/DoNotBlockOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrols)
+- [InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrolsonspecificdomains)
+- [InternetExplorer/IncludeAllLocalSites](./policy-csp-internetexplorer.md#internetexplorer-includealllocalsites)
+- [InternetExplorer/IncludeAllNetworkPaths](./policy-csp-internetexplorer.md#internetexplorer-includeallnetworkpaths)
+- [InternetExplorer/InternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowaccesstodatasources)
+- [InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/InternetZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowcopypasteviascript)
+- [InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowdraganddropcopyandpastefiles)
+- [InternetExplorer/InternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowfontdownloads)
+- [InternetExplorer/InternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowlessprivilegedsites)
+- [InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowloadingofxamlfiles)
+- [InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallownetframeworkreliantcomponents)
+- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstouseactivexcontrols)
+- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstousetdcactivexcontrol)
+- [InternetExplorer/InternetZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptinitiatedwindows)
+- [InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptingofinternetexplorerwebbrowsercontrols)
+- [InternetExplorer/InternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptlets)
+- [InternetExplorer/InternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowsmartscreenie)
+- [InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowupdatestostatusbarviascript)
+- [InternetExplorer/InternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowuserdatapersistence)
+- [InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowvbscripttorunininternetexplorer)
+- [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedonotrunantimalwareagainstactivexcontrols)
+- [InternetExplorer/InternetZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadsignedactivexcontrols)
+- [InternetExplorer/InternetZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadunsignedactivexcontrols)
+- [InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablecrosssitescriptingfilter)
+- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
+- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainswithinwindows)
+- [InternetExplorer/InternetZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablemimesniffing)
+- [InternetExplorer/InternetZoneEnableProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenableprotectedmode)
+- [InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneincludelocalpathwhenuploadingfilestoserver)
+- [InternetExplorer/InternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/InternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-internetzonejavapermissions)
+- [InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-internetzonelaunchingapplicationsandfilesiniframe)
+- [InternetExplorer/InternetZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-internetzonelogonoptions)
+- [InternetExplorer/InternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-internetzonenavigatewindowsandframes)
+- [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-internetzonerunnetframeworkreliantcomponentssignedwithauthenticode)
+- [InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneshowsecuritywarningforpotentiallyunsafefiles)
+- [InternetExplorer/InternetZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-internetzoneusepopupblocker)
+- [InternetExplorer/IntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowaccesstodatasources)
+- [InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/IntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowfontdownloads)
+- [InternetExplorer/IntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowlessprivilegedsites)
+- [InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallownetframeworkreliantcomponents)
+- [InternetExplorer/IntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowscriptlets)
+- [InternetExplorer/IntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowsmartscreenie)
+- [InternetExplorer/IntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowuserdatapersistence)
+- [InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzonedonotrunantimalwareagainstactivexcontrols)
+- [InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/IntranetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-intranetzonejavapermissions)
+- [InternetExplorer/IntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-intranetzonenavigatewindowsandframes)
+- [InternetExplorer/LocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowaccesstodatasources)
+- [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/LocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowfontdownloads)
+- [InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowlessprivilegedsites)
+- [InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallownetframeworkreliantcomponents)
+- [InternetExplorer/LocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowscriptlets)
+- [InternetExplorer/LocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowsmartscreenie)
+- [InternetExplorer/LocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowuserdatapersistence)
+- [InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonedonotrunantimalwareagainstactivexcontrols)
+- [InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/LocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonejavapermissions)
+- [InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonenavigatewindowsandframes)
+- [InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowaccesstodatasources)
+- [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/LockedDownInternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowfontdownloads)
+- [InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowlessprivilegedsites)
+- [InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallownetframeworkreliantcomponents)
+- [InternetExplorer/LockedDownInternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowscriptlets)
+- [InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowsmartscreenie)
+- [InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowuserdatapersistence)
+- [InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/LockedDownInternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonejavapermissions)
+- [InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonenavigatewindowsandframes)
+- [InternetExplorer/LockedDownIntranetJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetjavapermissions)
+- [InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowaccesstodatasources)
+- [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/LockedDownIntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowfontdownloads)
+- [InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowlessprivilegedsites)
+- [InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallownetframeworkreliantcomponents)
+- [InternetExplorer/LockedDownIntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowscriptlets)
+- [InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowsmartscreenie)
+- [InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowuserdatapersistence)
+- [InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzonenavigatewindowsandframes)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowaccesstodatasources)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowfontdownloads)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowlessprivilegedsites)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallownetframeworkreliantcomponents)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowscriptlets)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowsmartscreenie)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowuserdatapersistence)
+- [InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/LockedDownLocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonejavapermissions)
+- [InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonenavigatewindowsandframes)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowaccesstodatasources)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowfontdownloads)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowlessprivilegedsites)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallownetframeworkreliantcomponents)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowscriptlets)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowsmartscreenie)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowuserdatapersistence)
+- [InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonejavapermissions)
+- [InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonenavigatewindowsandframes)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowaccesstodatasources)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowfontdownloads)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowlessprivilegedsites)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallownetframeworkreliantcomponents)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowscriptlets)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowsmartscreenie)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowuserdatapersistence)
+- [InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonejavapermissions)
+- [InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes)
+- [InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mkprotocolsecurityrestrictioninternetexplorerprocesses)
+- [InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mimesniffingsafetyfeatureinternetexplorerprocesses)
+- [InternetExplorer/NotificationBarInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-notificationbarinternetexplorerprocesses)
+- [InternetExplorer/PreventManagingSmartScreenFilter](./policy-csp-internetexplorer.md#internetexplorer-preventmanagingsmartscreenfilter)
+- [InternetExplorer/PreventPerUserInstallationOfActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-preventperuserinstallationofactivexcontrols)
+- [InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-protectionfromzoneelevationinternetexplorerprocesses)
+- [InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-removerunthistimebuttonforoutdatedactivexcontrols)
+- [InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictactivexinstallinternetexplorerprocesses)
+- [InternetExplorer/RestrictFileDownloadInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictfiledownloadinternetexplorerprocesses)
+- [InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowaccesstodatasources)
+- [InternetExplorer/RestrictedSitesZoneAllowActiveScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowactivescripting)
+- [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowbinaryandscriptbehaviors)
+- [InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowcopypasteviascript)
+- [InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowdraganddropcopyandpastefiles)
+- [InternetExplorer/RestrictedSitesZoneAllowFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfiledownloads)
+- [InternetExplorer/RestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfontdownloads)
+- [InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowlessprivilegedsites)
+- [InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowloadingofxamlfiles)
+- [InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowmetarefresh)
+- [InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallownetframeworkreliantcomponents)
+- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstouseactivexcontrols)
+- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstousetdcactivexcontrol)
+- [InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptinitiatedwindows)
+- [InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptingofinternetexplorerwebbrowsercontrols)
+- [InternetExplorer/RestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptlets)
+- [InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowsmartscreenie)
+- [InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowupdatestostatusbarviascript)
+- [InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowuserdatapersistence)
+- [InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowvbscripttorunininternetexplorer)
+- [InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedonotrunantimalwareagainstactivexcontrols)
+- [InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadsignedactivexcontrols)
+- [InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadunsignedactivexcontrols)
+- [InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablecrosssitescriptingfilter)
+- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
+- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainswithinwindows)
+- [InternetExplorer/RestrictedSitesZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablemimesniffing)
+- [InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneincludelocalpathwhenuploadingfilestoserver)
+- [InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/RestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonejavapermissions)
+- [InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelaunchingapplicationsandfilesiniframe)
+- [InternetExplorer/RestrictedSitesZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelogonoptions)
+- [InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonenavigatewindowsandframes)
+- [InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunactivexcontrolsandplugins)
+- [InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunnetframeworkreliantcomponentssignedwithauthenticode)
+- [InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptactivexcontrolsmarkedsafeforscripting)
+- [InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptingofjavaapplets)
+- [InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneshowsecuritywarningforpotentiallyunsafefiles)
+- [InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneturnonprotectedmode)
+- [InternetExplorer/RestrictedSitesZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneusepopupblocker)
+- [InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-scriptedwindowsecurityrestrictionsinternetexplorerprocesses)
+- [InternetExplorer/SearchProviderList](./policy-csp-internetexplorer.md#internetexplorer-searchproviderlist)
+- [InternetExplorer/SecurityZonesUseOnlyMachineSettings](./policy-csp-internetexplorer.md#internetexplorer-securityzonesuseonlymachinesettings)
+- [InternetExplorer/SpecifyUseOfActiveXInstallerService](./policy-csp-internetexplorer.md#internetexplorer-specifyuseofactivexinstallerservice)
+- [InternetExplorer/TrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowaccesstodatasources)
+- [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/TrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowfontdownloads)
+- [InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowlessprivilegedsites)
+- [InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallownetframeworkreliantcomponents)
+- [InternetExplorer/TrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowscriptlets)
+- [InternetExplorer/TrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowsmartscreenie)
+- [InternetExplorer/TrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowuserdatapersistence)
+- [InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonedonotrunantimalwareagainstactivexcontrols)
+- [InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/TrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonejavapermissions)
+- [InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonenavigatewindowsandframes)
+- [Kerberos/AllowForestSearchOrder](./policy-csp-kerberos.md#kerberos-allowforestsearchorder)
+- [Kerberos/KerberosClientSupportsClaimsCompoundArmor](./policy-csp-kerberos.md#kerberos-kerberosclientsupportsclaimscompoundarmor)
+- [Kerberos/RequireKerberosArmoring](./policy-csp-kerberos.md#kerberos-requirekerberosarmoring)
+- [Kerberos/RequireStrictKDCValidation](./policy-csp-kerberos.md#kerberos-requirestrictkdcvalidation)
+- [Kerberos/SetMaximumContextTokenSize](./policy-csp-kerberos.md#kerberos-setmaximumcontexttokensize)
+- [MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes](./policy-csp-msslegacy.md#msslegacy-allowicmpredirectstooverrideospfgeneratedroutes)
+- [MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers](./policy-csp-msslegacy.md#msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers)
+- [MSSLegacy/IPSourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipsourceroutingprotectionlevel)
+- [MSSLegacy/IPv6SourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipv6sourceroutingprotectionlevel)
+- [MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon](./policy-csp-mssecurityguide.md#mssecurityguide-applyuacrestrictionstolocalaccountsonnetworklogon)
+- [MSSecurityGuide/ConfigureSMBV1ClientDriver](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1clientdriver)
+- [MSSecurityGuide/ConfigureSMBV1Server](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1server)
+- [MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection](./policy-csp-mssecurityguide.md#mssecurityguide-enablestructuredexceptionhandlingoverwriteprotection)
+- [MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications](./policy-csp-mssecurityguide.md#mssecurityguide-turnonwindowsdefenderprotectionagainstpotentiallyunwantedapplications)
+- [MSSecurityGuide/WDigestAuthentication](./policy-csp-mssecurityguide.md#mssecurityguide-wdigestauthentication)
+- [Power/AllowStandbyStatesWhenSleepingOnBattery](./policy-csp-power.md#power-allowstandbystateswhensleepingonbattery)
+- [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin)
+- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
+- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
+- [Power/HibernateTimeoutOnBattery](./policy-csp-power.md#power-hibernatetimeoutonbattery)
+- [Power/HibernateTimeoutPluggedIn](./policy-csp-power.md#power-hibernatetimeoutpluggedin)
+- [Power/RequirePasswordWhenComputerWakesOnBattery](./policy-csp-power.md#power-requirepasswordwhencomputerwakesonbattery)
+- [Power/RequirePasswordWhenComputerWakesPluggedIn](./policy-csp-power.md#power-requirepasswordwhencomputerwakespluggedin)
+- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery)
+- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin)
+- [Printers/PointAndPrintRestrictions](./policy-csp-printers.md#printers-pointandprintrestrictions)
+- [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions-user)
+- [Printers/PublishPrinters](./policy-csp-printers.md#printers-publishprinters)
+- [RemoteAssistance/CustomizeWarningMessages](./policy-csp-remoteassistance.md#remoteassistance-customizewarningmessages)
+- [RemoteAssistance/SessionLogging](./policy-csp-remoteassistance.md#remoteassistance-sessionlogging)
+- [RemoteAssistance/SolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-solicitedremoteassistance)
+- [RemoteAssistance/UnsolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-unsolicitedremoteassistance)
+- [RemoteDesktopServices/AllowUsersToConnectRemotely](./policy-csp-remotedesktopservices.md#remotedesktopservices-allowuserstoconnectremotely)
+- [RemoteDesktopServices/ClientConnectionEncryptionLevel](./policy-csp-remotedesktopservices.md#remotedesktopservices-clientconnectionencryptionlevel)
+- [RemoteDesktopServices/DoNotAllowDriveRedirection](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowdriveredirection)
+- [RemoteDesktopServices/DoNotAllowPasswordSaving](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowpasswordsaving)
+- [RemoteDesktopServices/PromptForPasswordUponConnection](./policy-csp-remotedesktopservices.md#remotedesktopservices-promptforpassworduponconnection)
+- [RemoteDesktopServices/RequireSecureRPCCommunication](./policy-csp-remotedesktopservices.md#remotedesktopservices-requiresecurerpccommunication)
+- [RemoteManagement/AllowBasicAuthentication_Client](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-client)
+- [RemoteManagement/AllowBasicAuthentication_Service](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-service)
+- [RemoteManagement/AllowCredSSPAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationclient)
+- [RemoteManagement/AllowCredSSPAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationservice)
+- [RemoteManagement/AllowRemoteServerManagement](./policy-csp-remotemanagement.md#remotemanagement-allowremoteservermanagement)
+- [RemoteManagement/AllowUnencryptedTraffic_Client](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-client)
+- [RemoteManagement/AllowUnencryptedTraffic_Service](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-service)
+- [RemoteManagement/DisallowDigestAuthentication](./policy-csp-remotemanagement.md#remotemanagement-disallowdigestauthentication)
+- [RemoteManagement/DisallowNegotiateAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationclient)
+- [RemoteManagement/DisallowNegotiateAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationservice)
+- [RemoteManagement/DisallowStoringOfRunAsCredentials](./policy-csp-remotemanagement.md#remotemanagement-disallowstoringofrunascredentials)
+- [RemoteManagement/SpecifyChannelBindingTokenHardeningLevel](./policy-csp-remotemanagement.md#remotemanagement-specifychannelbindingtokenhardeninglevel)
+- [RemoteManagement/TrustedHosts](./policy-csp-remotemanagement.md#remotemanagement-trustedhosts)
+- [RemoteManagement/TurnOnCompatibilityHTTPListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttplistener)
+- [RemoteManagement/TurnOnCompatibilityHTTPSListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttpslistener)
+- [RemoteProcedureCall/RPCEndpointMapperClientAuthentication](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-rpcendpointmapperclientauthentication)
+- [RemoteProcedureCall/RestrictUnauthenticatedRPCClients](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-restrictunauthenticatedrpcclients)
+- [RemoteShell/AllowRemoteShellAccess](./policy-csp-remoteshell.md#remoteshell-allowremoteshellaccess)
+- [RemoteShell/MaxConcurrentUsers](./policy-csp-remoteshell.md#remoteshell-maxconcurrentusers)
+- [RemoteShell/SpecifyIdleTimeout](./policy-csp-remoteshell.md#remoteshell-specifyidletimeout)
+- [RemoteShell/SpecifyMaxMemory](./policy-csp-remoteshell.md#remoteshell-specifymaxmemory)
+- [RemoteShell/SpecifyMaxProcesses](./policy-csp-remoteshell.md#remoteshell-specifymaxprocesses)
+- [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#remoteshell-specifymaxremoteshells)
+- [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout)
+- [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices)
+- [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization)
+- [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)
+- [WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork](./policy-csp-windowsconnectionmanager.md#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork)
+- [WindowsLogon/DisableLockScreenAppNotifications](./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications)
+- [WindowsLogon/DontDisplayNetworkSelectionUI](./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui)
+- [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers](./policy-csp-windowslogon.md#windowslogon-enumeratelocalusersondomainjoinedcomputers)
+- [WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart](./policy-csp-windowslogon.md#windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart)
+- [WindowsPowerShell/TurnOnPowerShellScriptBlockLogging](./policy-csp-windowspowershell.md#windowspowershell-turnonpowershellscriptblocklogging)
+
+
+## Policies supported by GP
+
+- [AboveLock/AllowCortanaAboveLock](./policy-csp-abovelock.md#abovelock-allowcortanaabovelock)
+- [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
+- [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
+- [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
+- [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)
+- [AppVirtualization/AllowPackageCleanup](./policy-csp-appvirtualization.md#appvirtualization-allowpackagecleanup)
+- [AppVirtualization/AllowPackageScripts](./policy-csp-appvirtualization.md#appvirtualization-allowpackagescripts)
+- [AppVirtualization/AllowPublishingRefreshUX](./policy-csp-appvirtualization.md#appvirtualization-allowpublishingrefreshux)
+- [AppVirtualization/AllowReportingServer](./policy-csp-appvirtualization.md#appvirtualization-allowreportingserver)
+- [AppVirtualization/AllowRoamingFileExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingfileexclusions)
+- [AppVirtualization/AllowRoamingRegistryExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingregistryexclusions)
+- [AppVirtualization/AllowStreamingAutoload](./policy-csp-appvirtualization.md#appvirtualization-allowstreamingautoload)
+- [AppVirtualization/ClientCoexistenceAllowMigrationmode](./policy-csp-appvirtualization.md#appvirtualization-clientcoexistenceallowmigrationmode)
+- [AppVirtualization/IntegrationAllowRootGlobal](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootglobal)
+- [AppVirtualization/IntegrationAllowRootUser](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootuser)
+- [AppVirtualization/PublishingAllowServer1](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver1)
+- [AppVirtualization/PublishingAllowServer2](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver2)
+- [AppVirtualization/PublishingAllowServer3](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver3)
+- [AppVirtualization/PublishingAllowServer4](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver4)
+- [AppVirtualization/PublishingAllowServer5](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver5)
+- [AppVirtualization/StreamingAllowCertificateFilterForClient_SSL](./policy-csp-appvirtualization.md#appvirtualization-streamingallowcertificatefilterforclient-ssl)
+- [AppVirtualization/StreamingAllowHighCostLaunch](./policy-csp-appvirtualization.md#appvirtualization-streamingallowhighcostlaunch)
+- [AppVirtualization/StreamingAllowLocationProvider](./policy-csp-appvirtualization.md#appvirtualization-streamingallowlocationprovider)
+- [AppVirtualization/StreamingAllowPackageInstallationRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackageinstallationroot)
+- [AppVirtualization/StreamingAllowPackageSourceRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackagesourceroot)
+- [AppVirtualization/StreamingAllowReestablishmentInterval](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentinterval)
+- [AppVirtualization/StreamingAllowReestablishmentRetries](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentretries)
+- [AppVirtualization/StreamingSharedContentStoreMode](./policy-csp-appvirtualization.md#appvirtualization-streamingsharedcontentstoremode)
+- [AppVirtualization/StreamingSupportBranchCache](./policy-csp-appvirtualization.md#appvirtualization-streamingsupportbranchcache)
+- [AppVirtualization/StreamingVerifyCertificateRevocationList](./policy-csp-appvirtualization.md#appvirtualization-streamingverifycertificaterevocationlist)
+- [AppVirtualization/VirtualComponentsAllowList](./policy-csp-appvirtualization.md#appvirtualization-virtualcomponentsallowlist)
+- [ApplicationDefaults/DefaultAssociationsConfiguration](./policy-csp-applicationdefaults.md#applicationdefaults-defaultassociationsconfiguration)
+- [ApplicationDefaults/EnableAppUriHandlers](./policy-csp-applicationdefaults.md#applicationdefaults-enableappurihandlers)
+- [ApplicationManagement/AllowAllTrustedApps](./policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps)
+- [ApplicationManagement/AllowAppStoreAutoUpdate](./policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
+- [ApplicationManagement/AllowDeveloperUnlock](./policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock)
+- [ApplicationManagement/AllowGameDVR](./policy-csp-applicationmanagement.md#applicationmanagement-allowgamedvr)
+- [ApplicationManagement/AllowSharedUserAppData](./policy-csp-applicationmanagement.md#applicationmanagement-allowshareduserappdata)
+- [ApplicationManagement/DisableStoreOriginatedApps](./policy-csp-applicationmanagement.md#applicationmanagement-disablestoreoriginatedapps)
+- [ApplicationManagement/MSIAllowUserControlOverInstall](./policy-csp-applicationmanagement.md#applicationmanagement-msiallowusercontroloverinstall)
+- [ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges](./policy-csp-applicationmanagement.md#applicationmanagement-msialwaysinstallwithelevatedprivileges)
+- [ApplicationManagement/RequirePrivateStoreOnly](./policy-csp-applicationmanagement.md#applicationmanagement-requireprivatestoreonly)
+- [ApplicationManagement/RestrictAppDataToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictappdatatosystemvolume)
+- [ApplicationManagement/RestrictAppToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictapptosystemvolume)
+- [AttachmentManager/DoNotPreserveZoneInformation](./policy-csp-attachmentmanager.md#attachmentmanager-donotpreservezoneinformation)
+- [AttachmentManager/HideZoneInfoMechanism](./policy-csp-attachmentmanager.md#attachmentmanager-hidezoneinfomechanism)
+- [AttachmentManager/NotifyAntivirusPrograms](./policy-csp-attachmentmanager.md#attachmentmanager-notifyantivirusprograms)
+- [Authentication/AllowSecondaryAuthenticationDevice](./policy-csp-authentication.md#authentication-allowsecondaryauthenticationdevice)
+- [Autoplay/DisallowAutoplayForNonVolumeDevices](./policy-csp-autoplay.md#autoplay-disallowautoplayfornonvolumedevices)
+- [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior)
+- [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay)
+- [BITS/BandwidthThrottlingEndTime](./policy-csp-bits.md#bits-bandwidththrottlingendtime)
+- [BITS/BandwidthThrottlingStartTime](./policy-csp-bits.md#bits-bandwidththrottlingstarttime)
+- [BITS/BandwidthThrottlingTransferRate](./policy-csp-bits.md#bits-bandwidththrottlingtransferrate)
+- [BITS/CostedNetworkBehaviorBackgroundPriority](./policy-csp-bits.md#bits-costednetworkbehaviorbackgroundpriority)
+- [BITS/CostedNetworkBehaviorForegroundPriority](./policy-csp-bits.md#bits-costednetworkbehaviorforegroundpriority)
+- [BITS/JobInactivityTimeout](./policy-csp-bits.md#bits-jobinactivitytimeout)
+- [Browser/AllowAddressBarDropdown](./policy-csp-browser.md#browser-allowaddressbardropdown)
+- [Browser/AllowAutofill](./policy-csp-browser.md#browser-allowautofill)
+- [Browser/AllowCookies](./policy-csp-browser.md#browser-allowcookies)
+- [Browser/AllowDeveloperTools](./policy-csp-browser.md#browser-allowdevelopertools)
+- [Browser/AllowDoNotTrack](./policy-csp-browser.md#browser-allowdonottrack)
+- [Browser/AllowExtensions](./policy-csp-browser.md#browser-allowextensions)
+- [Browser/AllowFlash](./policy-csp-browser.md#browser-allowflash)
+- [Browser/AllowFlashClickToRun](./policy-csp-browser.md#browser-allowflashclicktorun)
+- [Browser/AllowFullScreenMode](./policy-csp-browser.md#browser-allowfullscreenmode)
+- [Browser/AllowInPrivate](./policy-csp-browser.md#browser-allowinprivate)
+- [Browser/AllowMicrosoftCompatibilityList](./policy-csp-browser.md#browser-allowmicrosoftcompatibilitylist)
+- [Browser/AllowPasswordManager](./policy-csp-browser.md#browser-allowpasswordmanager)
+- [Browser/AllowPopups](./policy-csp-browser.md#browser-allowpopups)
+- [Browser/AllowPrelaunch](./policy-csp-browser.md#browser-allowprelaunch)
+- [Browser/AllowPrinting](./policy-csp-browser.md#browser-allowprinting)
+- [Browser/AllowSavingHistory](./policy-csp-browser.md#browser-allowsavinghistory)
+- [Browser/AllowSearchEngineCustomization](./policy-csp-browser.md#browser-allowsearchenginecustomization)
+- [Browser/AllowSearchSuggestionsinAddressBar](./policy-csp-browser.md#browser-allowsearchsuggestionsinaddressbar)
+- [Browser/AllowSideloadingOfExtensions](./policy-csp-browser.md#browser-allowsideloadingofextensions)
+- [Browser/AllowSmartScreen](./policy-csp-browser.md#browser-allowsmartscreen)
+- [Browser/AllowTabPreloading](./policy-csp-browser.md#browser-allowtabpreloading)
+- [Browser/AllowWebContentOnNewTabPage](./policy-csp-browser.md#browser-allowwebcontentonnewtabpage)
+- [Browser/AlwaysEnableBooksLibrary](./policy-csp-browser.md#browser-alwaysenablebookslibrary)
+- [Browser/ClearBrowsingDataOnExit](./policy-csp-browser.md#browser-clearbrowsingdataonexit)
+- [Browser/ConfigureAdditionalSearchEngines](./policy-csp-browser.md#browser-configureadditionalsearchengines)
+- [Browser/ConfigureFavoritesBar](./policy-csp-browser.md#browser-configurefavoritesbar)
+- [Browser/ConfigureHomeButton](./policy-csp-browser.md#browser-configurehomebutton)
+- [Browser/ConfigureKioskMode](./policy-csp-browser.md#browser-configurekioskmode)
+- [Browser/ConfigureKioskResetAfterIdleTimeout](./policy-csp-browser.md#browser-configurekioskresetafteridletimeout)
+- [Browser/ConfigureOpenMicrosoftEdgeWith](./policy-csp-browser.md#browser-configureopenmicrosoftedgewith)
+- [Browser/ConfigureTelemetryForMicrosoft365Analytics](./policy-csp-browser.md#browser-configuretelemetryformicrosoft365analytics)
+- [Browser/DisableLockdownOfStartPages](./policy-csp-browser.md#browser-disablelockdownofstartpages)
+- [Browser/EnableExtendedBooksTelemetry](./policy-csp-browser.md#browser-enableextendedbookstelemetry)
+- [Browser/EnterpriseModeSiteList](./policy-csp-browser.md#browser-enterprisemodesitelist)
+- [Browser/HomePages](./policy-csp-browser.md#browser-homepages)
+- [Browser/LockdownFavorites](./policy-csp-browser.md#browser-lockdownfavorites)
+- [Browser/PreventAccessToAboutFlagsInMicrosoftEdge](./policy-csp-browser.md#browser-preventaccesstoaboutflagsinmicrosoftedge)
+- [Browser/PreventCertErrorOverrides](./policy-csp-browser.md#browser-preventcerterroroverrides)
+- [Browser/PreventFirstRunPage](./policy-csp-browser.md#browser-preventfirstrunpage)
+- [Browser/PreventLiveTileDataCollection](./policy-csp-browser.md#browser-preventlivetiledatacollection)
+- [Browser/PreventSmartScreenPromptOverride](./policy-csp-browser.md#browser-preventsmartscreenpromptoverride)
+- [Browser/PreventSmartScreenPromptOverrideForFiles](./policy-csp-browser.md#browser-preventsmartscreenpromptoverrideforfiles)
+- [Browser/PreventUsingLocalHostIPAddressForWebRTC](./policy-csp-browser.md#browser-preventusinglocalhostipaddressforwebrtc)
+- [Browser/ProvisionFavorites](./policy-csp-browser.md#browser-provisionfavorites)
+- [Browser/SendIntranetTraffictoInternetExplorer](./policy-csp-browser.md#browser-sendintranettraffictointernetexplorer)
+- [Browser/SetDefaultSearchEngine](./policy-csp-browser.md#browser-setdefaultsearchengine)
+- [Browser/SetHomeButtonURL](./policy-csp-browser.md#browser-sethomebuttonurl)
+- [Browser/SetNewTabPageURL](./policy-csp-browser.md#browser-setnewtabpageurl)
+- [Browser/ShowMessageWhenOpeningSitesInInternetExplorer](./policy-csp-browser.md#browser-showmessagewhenopeningsitesininternetexplorer)
+- [Browser/SyncFavoritesBetweenIEAndMicrosoftEdge](./policy-csp-browser.md#browser-syncfavoritesbetweenieandmicrosoftedge)
+- [Browser/UnlockHomeButton](./policy-csp-browser.md#browser-unlockhomebutton)
+- [Browser/UseSharedFolderForBooks](./policy-csp-browser.md#browser-usesharedfolderforbooks)
+- [Camera/AllowCamera](./policy-csp-camera.md#camera-allowcamera)
+- [Cellular/LetAppsAccessCellularData](./policy-csp-cellular.md#cellular-letappsaccesscellulardata)
+- [Cellular/LetAppsAccessCellularData_ForceAllowTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-forceallowtheseapps)
+- [Cellular/LetAppsAccessCellularData_ForceDenyTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-forcedenytheseapps)
+- [Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-userincontroloftheseapps)
+- [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui)
+- [Connectivity/AllowCellularDataRoaming](./policy-csp-connectivity.md#connectivity-allowcellulardataroaming)
+- [Connectivity/AllowPhonePCLinking](./policy-csp-connectivity.md#connectivity-allowphonepclinking)
+- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp)
+- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp)
+- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards)
+- [Connectivity/DisallowNetworkConnectivityActiveTests](./policy-csp-connectivity.md#connectivity-disallownetworkconnectivityactivetests)
+- [Connectivity/HardenedUNCPaths](./policy-csp-connectivity.md#connectivity-hardeneduncpaths)
+- [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](./policy-csp-connectivity.md#connectivity-prohibitinstallationandconfigurationofnetworkbridge)
+- [CredentialProviders/AllowPINLogon](./policy-csp-credentialproviders.md#credentialproviders-allowpinlogon)
+- [CredentialProviders/BlockPicturePassword](./policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword)
+- [CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials](./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials)
+- [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
+- [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
+- [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy)
+- [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g)
+- [Defender/AllowArchiveScanning](./policy-csp-defender.md#defender-allowarchivescanning)
+- [Defender/AllowBehaviorMonitoring](./policy-csp-defender.md#defender-allowbehaviormonitoring)
+- [Defender/AllowCloudProtection](./policy-csp-defender.md#defender-allowcloudprotection)
+- [Defender/AllowEmailScanning](./policy-csp-defender.md#defender-allowemailscanning)
+- [Defender/AllowFullScanOnMappedNetworkDrives](./policy-csp-defender.md#defender-allowfullscanonmappednetworkdrives)
+- [Defender/AllowFullScanRemovableDriveScanning](./policy-csp-defender.md#defender-allowfullscanremovabledrivescanning)
+- [Defender/AllowIOAVProtection](./policy-csp-defender.md#defender-allowioavprotection)
+- [Defender/AllowOnAccessProtection](./policy-csp-defender.md#defender-allowonaccessprotection)
+- [Defender/AllowRealtimeMonitoring](./policy-csp-defender.md#defender-allowrealtimemonitoring)
+- [Defender/AllowScanningNetworkFiles](./policy-csp-defender.md#defender-allowscanningnetworkfiles)
+- [Defender/AllowUserUIAccess](./policy-csp-defender.md#defender-allowuseruiaccess)
+- [Defender/AttackSurfaceReductionOnlyExclusions](./policy-csp-defender.md#defender-attacksurfacereductiononlyexclusions)
+- [Defender/AttackSurfaceReductionRules](./policy-csp-defender.md#defender-attacksurfacereductionrules)
+- [Defender/AvgCPULoadFactor](./policy-csp-defender.md#defender-avgcpuloadfactor)
+- [Defender/CheckForSignaturesBeforeRunningScan](./policy-csp-defender.md#defender-checkforsignaturesbeforerunningscan)
+- [Defender/CloudBlockLevel](./policy-csp-defender.md#defender-cloudblocklevel)
+- [Defender/CloudExtendedTimeout](./policy-csp-defender.md#defender-cloudextendedtimeout)
+- [Defender/ControlledFolderAccessAllowedApplications](./policy-csp-defender.md#defender-controlledfolderaccessallowedapplications)
+- [Defender/ControlledFolderAccessProtectedFolders](./policy-csp-defender.md#defender-controlledfolderaccessprotectedfolders)
+- [Defender/DaysToRetainCleanedMalware](./policy-csp-defender.md#defender-daystoretaincleanedmalware)
+- [Defender/DisableCatchupFullScan](./policy-csp-defender.md#defender-disablecatchupfullscan)
+- [Defender/DisableCatchupQuickScan](./policy-csp-defender.md#defender-disablecatchupquickscan)
+- [Defender/EnableControlledFolderAccess](./policy-csp-defender.md#defender-enablecontrolledfolderaccess)
+- [Defender/EnableLowCPUPriority](./policy-csp-defender.md#defender-enablelowcpupriority)
+- [Defender/EnableNetworkProtection](./policy-csp-defender.md#defender-enablenetworkprotection)
+- [Defender/ExcludedExtensions](./policy-csp-defender.md#defender-excludedextensions)
+- [Defender/ExcludedPaths](./policy-csp-defender.md#defender-excludedpaths)
+- [Defender/ExcludedProcesses](./policy-csp-defender.md#defender-excludedprocesses)
+- [Defender/RealTimeScanDirection](./policy-csp-defender.md#defender-realtimescandirection)
+- [Defender/ScanParameter](./policy-csp-defender.md#defender-scanparameter)
+- [Defender/ScheduleQuickScanTime](./policy-csp-defender.md#defender-schedulequickscantime)
+- [Defender/ScheduleScanDay](./policy-csp-defender.md#defender-schedulescanday)
+- [Defender/ScheduleScanTime](./policy-csp-defender.md#defender-schedulescantime)
+- [Defender/SignatureUpdateFallbackOrder](./policy-csp-defender.md#defender-signatureupdatefallbackorder)
+- [Defender/SignatureUpdateFileSharesSources](./policy-csp-defender.md#defender-signatureupdatefilesharessources)
+- [Defender/SignatureUpdateInterval](./policy-csp-defender.md#defender-signatureupdateinterval)
+- [Defender/SubmitSamplesConsent](./policy-csp-defender.md#defender-submitsamplesconsent)
+- [Defender/ThreatSeverityDefaultAction](./policy-csp-defender.md#defender-threatseveritydefaultaction)
+- [DeliveryOptimization/DOAbsoluteMaxCacheSize](./policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
+- [DeliveryOptimization/DOAllowVPNPeerCaching](./policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching)
+- [DeliveryOptimization/DOCacheHost](./policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)
+- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
+- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelayforegrounddownloadfromhttp)
+- [DeliveryOptimization/DODownloadMode](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode)
+- [DeliveryOptimization/DOGroupId](./policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupid)
+- [DeliveryOptimization/DOGroupIdSource](./policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupidsource)
+- [DeliveryOptimization/DOMaxCacheAge](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcacheage)
+- [DeliveryOptimization/DOMaxCacheSize](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcachesize)
+- [DeliveryOptimization/DOMaxDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
+- [DeliveryOptimization/DOMaxUploadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
+- [DeliveryOptimization/DOMinBackgroundQos](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominbackgroundqos)
+- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominbatterypercentageallowedtoupload)
+- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](./policy-csp-deliveryoptimization.md#deliveryoptimization-domindisksizeallowedtopeer)
+- [DeliveryOptimization/DOMinFileSizeToCache](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominfilesizetocache)
+- [DeliveryOptimization/DOMinRAMAllowedToPeer](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominramallowedtopeer)
+- [DeliveryOptimization/DOModifyCacheDrive](./policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive)
+- [DeliveryOptimization/DOMonthlyUploadDataCap](./policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
+- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
+- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxforegroundbandwidth)
+- [DeliveryOptimization/DORestrictPeerSelectionBy](./policy-csp-deliveryoptimization.md#deliveryoptimization-dorestrictpeerselectionby)
+- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
+- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
+- [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
+- [DeviceGuard/EnableSystemGuard](./policy-csp-deviceguard.md#deviceguard-enablesystemguard)
+- [DeviceGuard/EnableVirtualizationBasedSecurity](./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity)
+- [DeviceGuard/LsaCfgFlags](./policy-csp-deviceguard.md#deviceguard-lsacfgflags)
+- [DeviceGuard/RequirePlatformSecurityFeatures](./policy-csp-deviceguard.md#deviceguard-requireplatformsecurityfeatures)
+- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids)
+- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses)
+- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork)
+- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings)
+- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
+- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
+- [DeviceLock/MinimumPasswordAge](./policy-csp-devicelock.md#devicelock-minimumpasswordage)
+- [DeviceLock/PreventEnablingLockScreenCamera](./policy-csp-devicelock.md#devicelock-preventenablinglockscreencamera)
+- [DeviceLock/PreventLockScreenSlideShow](./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)
+- [Display/DisablePerProcessDpiForApps](./policy-csp-display.md#display-disableperprocessdpiforapps)
+- [Display/EnablePerProcessDpi](./policy-csp-display.md#display-enableperprocessdpi)
+- [Display/EnablePerProcessDpiForApps](./policy-csp-display.md#display-enableperprocessdpiforapps)
+- [Display/TurnOffGdiDPIScalingForApps](./policy-csp-display.md#display-turnoffgdidpiscalingforapps)
+- [Display/TurnOnGdiDPIScalingForApps](./policy-csp-display.md#display-turnongdidpiscalingforapps)
+- [DmaGuard/DeviceEnumerationPolicy](./policy-csp-dmaguard.md#dmaguard-deviceenumerationpolicy)
+- [Education/PreventAddingNewPrinters](./policy-csp-education.md#education-preventaddingnewprinters)
+- [ErrorReporting/CustomizeConsentSettings](./policy-csp-errorreporting.md#errorreporting-customizeconsentsettings)
+- [ErrorReporting/DisableWindowsErrorReporting](./policy-csp-errorreporting.md#errorreporting-disablewindowserrorreporting)
+- [ErrorReporting/DisplayErrorNotification](./policy-csp-errorreporting.md#errorreporting-displayerrornotification)
+- [ErrorReporting/DoNotSendAdditionalData](./policy-csp-errorreporting.md#errorreporting-donotsendadditionaldata)
+- [ErrorReporting/PreventCriticalErrorDisplay](./policy-csp-errorreporting.md#errorreporting-preventcriticalerrordisplay)
+- [EventLogService/ControlEventLogBehavior](./policy-csp-eventlogservice.md#eventlogservice-controleventlogbehavior)
+- [EventLogService/SpecifyMaximumFileSizeApplicationLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizeapplicationlog)
+- [EventLogService/SpecifyMaximumFileSizeSecurityLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesecuritylog)
+- [EventLogService/SpecifyMaximumFileSizeSystemLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesystemlog)
+- [Experience/AllowClipboardHistory](./policy-csp-experience.md#experience-allowclipboardhistory)
+- [Experience/AllowCortana](./policy-csp-experience.md#experience-allowcortana)
+- [Experience/AllowFindMyDevice](./policy-csp-experience.md#experience-allowfindmydevice)
+- [Experience/AllowTailoredExperiencesWithDiagnosticData](./policy-csp-experience.md#experience-allowtailoredexperienceswithdiagnosticdata)
+- [Experience/AllowThirdPartySuggestionsInWindowsSpotlight](./policy-csp-experience.md#experience-allowthirdpartysuggestionsinwindowsspotlight)
+- [Experience/AllowWindowsConsumerFeatures](./policy-csp-experience.md#experience-allowwindowsconsumerfeatures)
+- [Experience/AllowWindowsSpotlight](./policy-csp-experience.md#experience-allowwindowsspotlight)
+- [Experience/AllowWindowsSpotlightOnActionCenter](./policy-csp-experience.md#experience-allowwindowsspotlightonactioncenter)
+- [Experience/AllowWindowsSpotlightOnSettings](./policy-csp-experience.md#experience-allowwindowsspotlightonsettings)
+- [Experience/AllowWindowsSpotlightWindowsWelcomeExperience](./policy-csp-experience.md#experience-allowwindowsspotlightwindowswelcomeexperience)
+- [Experience/AllowWindowsTips](./policy-csp-experience.md#experience-allowwindowstips)
+- [Experience/ConfigureWindowsSpotlightOnLockScreen](./policy-csp-experience.md#experience-configurewindowsspotlightonlockscreen)
+- [Experience/DoNotShowFeedbackNotifications](./policy-csp-experience.md#experience-donotshowfeedbacknotifications)
+- [Experience/DoNotSyncBrowserSettings](./policy-csp-experience.md#experience-donotsyncbrowsersetting)
+- [Experience/PreventUsersFromTurningOnBrowserSyncing](./policy-csp-experience.md#experience-preventusersfromturningonbrowsersyncing)
+- [ExploitGuard/ExploitProtectionSettings](./policy-csp-exploitguard.md#exploitguard-exploitprotectionsettings)
+- [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer)
+- [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption)
+- [Handwriting/PanelDefaultModeDocked](./policy-csp-handwriting.md#handwriting-paneldefaultmodedocked)
+- [InternetExplorer/AddSearchProvider](./policy-csp-internetexplorer.md#internetexplorer-addsearchprovider)
+- [InternetExplorer/AllowActiveXFiltering](./policy-csp-internetexplorer.md#internetexplorer-allowactivexfiltering)
+- [InternetExplorer/AllowAddOnList](./policy-csp-internetexplorer.md#internetexplorer-allowaddonlist)
+- [InternetExplorer/AllowAutoComplete](./policy-csp-internetexplorer.md#internetexplorer-allowautocomplete)
+- [InternetExplorer/AllowCertificateAddressMismatchWarning](./policy-csp-internetexplorer.md#internetexplorer-allowcertificateaddressmismatchwarning)
+- [InternetExplorer/AllowDeletingBrowsingHistoryOnExit](./policy-csp-internetexplorer.md#internetexplorer-allowdeletingbrowsinghistoryonexit)
+- [InternetExplorer/AllowEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedprotectedmode)
+- [InternetExplorer/AllowEnterpriseModeFromToolsMenu](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodefromtoolsmenu)
+- [InternetExplorer/AllowEnterpriseModeSiteList](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodesitelist)
+- [InternetExplorer/AllowFallbackToSSL3](./policy-csp-internetexplorer.md#internetexplorer-allowfallbacktossl3)
+- [InternetExplorer/AllowInternetExplorer7PolicyList](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorer7policylist)
+- [InternetExplorer/AllowInternetExplorerStandardsMode](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorerstandardsmode)
+- [InternetExplorer/AllowInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowinternetzonetemplate)
+- [InternetExplorer/AllowIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowintranetzonetemplate)
+- [InternetExplorer/AllowLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlocalmachinezonetemplate)
+- [InternetExplorer/AllowLockedDownInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddowninternetzonetemplate)
+- [InternetExplorer/AllowLockedDownIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownintranetzonetemplate)
+- [InternetExplorer/AllowLockedDownLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownlocalmachinezonetemplate)
+- [InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownrestrictedsiteszonetemplate)
+- [InternetExplorer/AllowOneWordEntry](./policy-csp-internetexplorer.md#internetexplorer-allowonewordentry)
+- [InternetExplorer/AllowSiteToZoneAssignmentList](./policy-csp-internetexplorer.md#internetexplorer-allowsitetozoneassignmentlist)
+- [InternetExplorer/AllowSoftwareWhenSignatureIsInvalid](./policy-csp-internetexplorer.md#internetexplorer-allowsoftwarewhensignatureisinvalid)
+- [InternetExplorer/AllowSuggestedSites](./policy-csp-internetexplorer.md#internetexplorer-allowsuggestedsites)
+- [InternetExplorer/AllowTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowtrustedsiteszonetemplate)
+- [InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowslockeddowntrustedsiteszonetemplate)
+- [InternetExplorer/AllowsRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowsrestrictedsiteszonetemplate)
+- [InternetExplorer/CheckServerCertificateRevocation](./policy-csp-internetexplorer.md#internetexplorer-checkservercertificaterevocation)
+- [InternetExplorer/CheckSignaturesOnDownloadedPrograms](./policy-csp-internetexplorer.md#internetexplorer-checksignaturesondownloadedprograms)
+- [InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-consistentmimehandlinginternetexplorerprocesses)
+- [InternetExplorer/DisableAdobeFlash](./policy-csp-internetexplorer.md#internetexplorer-disableadobeflash)
+- [InternetExplorer/DisableBypassOfSmartScreenWarnings](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarnings)
+- [InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles)
+- [InternetExplorer/DisableConfiguringHistory](./policy-csp-internetexplorer.md#internetexplorer-disableconfiguringhistory)
+- [InternetExplorer/DisableCrashDetection](./policy-csp-internetexplorer.md#internetexplorer-disablecrashdetection)
+- [InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation](./policy-csp-internetexplorer.md#internetexplorer-disablecustomerexperienceimprovementprogramparticipation)
+- [InternetExplorer/DisableDeletingUserVisitedWebsites](./policy-csp-internetexplorer.md#internetexplorer-disabledeletinguservisitedwebsites)
+- [InternetExplorer/DisableEnclosureDownloading](./policy-csp-internetexplorer.md#internetexplorer-disableenclosuredownloading)
+- [InternetExplorer/DisableEncryptionSupport](./policy-csp-internetexplorer.md#internetexplorer-disableencryptionsupport)
+- [InternetExplorer/DisableFirstRunWizard](./policy-csp-internetexplorer.md#internetexplorer-disablefirstrunwizard)
+- [InternetExplorer/DisableFlipAheadFeature](./policy-csp-internetexplorer.md#internetexplorer-disableflipaheadfeature)
+- [InternetExplorer/DisableHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablehomepagechange)
+- [InternetExplorer/DisableIgnoringCertificateErrors](./policy-csp-internetexplorer.md#internetexplorer-disableignoringcertificateerrors)
+- [InternetExplorer/DisableInPrivateBrowsing](./policy-csp-internetexplorer.md#internetexplorer-disableinprivatebrowsing)
+- [InternetExplorer/DisableProcessesInEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-disableprocessesinenhancedprotectedmode)
+- [InternetExplorer/DisableProxyChange](./policy-csp-internetexplorer.md#internetexplorer-disableproxychange)
+- [InternetExplorer/DisableSearchProviderChange](./policy-csp-internetexplorer.md#internetexplorer-disablesearchproviderchange)
+- [InternetExplorer/DisableSecondaryHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablesecondaryhomepagechange)
+- [InternetExplorer/DisableSecuritySettingsCheck](./policy-csp-internetexplorer.md#internetexplorer-disablesecuritysettingscheck)
+- [InternetExplorer/DisableUpdateCheck](./policy-csp-internetexplorer.md#internetexplorer-disableupdatecheck)
+- [InternetExplorer/DoNotAllowActiveXControlsInProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-donotallowactivexcontrolsinprotectedmode)
+- [InternetExplorer/DoNotAllowUsersToAddSites](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstoaddsites)
+- [InternetExplorer/DoNotAllowUsersToChangePolicies](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstochangepolicies)
+- [InternetExplorer/DoNotBlockOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrols)
+- [InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrolsonspecificdomains)
+- [InternetExplorer/IncludeAllLocalSites](./policy-csp-internetexplorer.md#internetexplorer-includealllocalsites)
+- [InternetExplorer/IncludeAllNetworkPaths](./policy-csp-internetexplorer.md#internetexplorer-includeallnetworkpaths)
+- [InternetExplorer/InternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowaccesstodatasources)
+- [InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/InternetZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowcopypasteviascript)
+- [InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowdraganddropcopyandpastefiles)
+- [InternetExplorer/InternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowfontdownloads)
+- [InternetExplorer/InternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowlessprivilegedsites)
+- [InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowloadingofxamlfiles)
+- [InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallownetframeworkreliantcomponents)
+- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstouseactivexcontrols)
+- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstousetdcactivexcontrol)
+- [InternetExplorer/InternetZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptinitiatedwindows)
+- [InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptingofinternetexplorerwebbrowsercontrols)
+- [InternetExplorer/InternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptlets)
+- [InternetExplorer/InternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowsmartscreenie)
+- [InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowupdatestostatusbarviascript)
+- [InternetExplorer/InternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowuserdatapersistence)
+- [InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowvbscripttorunininternetexplorer)
+- [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedonotrunantimalwareagainstactivexcontrols)
+- [InternetExplorer/InternetZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadsignedactivexcontrols)
+- [InternetExplorer/InternetZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadunsignedactivexcontrols)
+- [InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablecrosssitescriptingfilter)
+- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
+- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainswithinwindows)
+- [InternetExplorer/InternetZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablemimesniffing)
+- [InternetExplorer/InternetZoneEnableProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenableprotectedmode)
+- [InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneincludelocalpathwhenuploadingfilestoserver)
+- [InternetExplorer/InternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/InternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-internetzonejavapermissions)
+- [InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-internetzonelaunchingapplicationsandfilesiniframe)
+- [InternetExplorer/InternetZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-internetzonelogonoptions)
+- [InternetExplorer/InternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-internetzonenavigatewindowsandframes)
+- [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-internetzonerunnetframeworkreliantcomponentssignedwithauthenticode)
+- [InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneshowsecuritywarningforpotentiallyunsafefiles)
+- [InternetExplorer/InternetZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-internetzoneusepopupblocker)
+- [InternetExplorer/IntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowaccesstodatasources)
+- [InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/IntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowfontdownloads)
+- [InternetExplorer/IntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowlessprivilegedsites)
+- [InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallownetframeworkreliantcomponents)
+- [InternetExplorer/IntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowscriptlets)
+- [InternetExplorer/IntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowsmartscreenie)
+- [InternetExplorer/IntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowuserdatapersistence)
+- [InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzonedonotrunantimalwareagainstactivexcontrols)
+- [InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/IntranetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-intranetzonejavapermissions)
+- [InternetExplorer/IntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-intranetzonenavigatewindowsandframes)
+- [InternetExplorer/LocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowaccesstodatasources)
+- [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/LocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowfontdownloads)
+- [InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowlessprivilegedsites)
+- [InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallownetframeworkreliantcomponents)
+- [InternetExplorer/LocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowscriptlets)
+- [InternetExplorer/LocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowsmartscreenie)
+- [InternetExplorer/LocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowuserdatapersistence)
+- [InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonedonotrunantimalwareagainstactivexcontrols)
+- [InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/LocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonejavapermissions)
+- [InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonenavigatewindowsandframes)
+- [InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowaccesstodatasources)
+- [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/LockedDownInternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowfontdownloads)
+- [InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowlessprivilegedsites)
+- [InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallownetframeworkreliantcomponents)
+- [InternetExplorer/LockedDownInternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowscriptlets)
+- [InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowsmartscreenie)
+- [InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowuserdatapersistence)
+- [InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/LockedDownInternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonejavapermissions)
+- [InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonenavigatewindowsandframes)
+- [InternetExplorer/LockedDownIntranetJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetjavapermissions)
+- [InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowaccesstodatasources)
+- [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/LockedDownIntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowfontdownloads)
+- [InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowlessprivilegedsites)
+- [InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallownetframeworkreliantcomponents)
+- [InternetExplorer/LockedDownIntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowscriptlets)
+- [InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowsmartscreenie)
+- [InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowuserdatapersistence)
+- [InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzonenavigatewindowsandframes)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowaccesstodatasources)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowfontdownloads)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowlessprivilegedsites)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallownetframeworkreliantcomponents)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowscriptlets)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowsmartscreenie)
+- [InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowuserdatapersistence)
+- [InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/LockedDownLocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonejavapermissions)
+- [InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonenavigatewindowsandframes)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowaccesstodatasources)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowfontdownloads)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowlessprivilegedsites)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallownetframeworkreliantcomponents)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowscriptlets)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowsmartscreenie)
+- [InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowuserdatapersistence)
+- [InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonejavapermissions)
+- [InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonenavigatewindowsandframes)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowaccesstodatasources)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowfontdownloads)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowlessprivilegedsites)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallownetframeworkreliantcomponents)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowscriptlets)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowsmartscreenie)
+- [InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowuserdatapersistence)
+- [InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonejavapermissions)
+- [InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes)
+- [InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mkprotocolsecurityrestrictioninternetexplorerprocesses)
+- [InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mimesniffingsafetyfeatureinternetexplorerprocesses)
+- [InternetExplorer/NotificationBarInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-notificationbarinternetexplorerprocesses)
+- [InternetExplorer/PreventManagingSmartScreenFilter](./policy-csp-internetexplorer.md#internetexplorer-preventmanagingsmartscreenfilter)
+- [InternetExplorer/PreventPerUserInstallationOfActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-preventperuserinstallationofactivexcontrols)
+- [InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-protectionfromzoneelevationinternetexplorerprocesses)
+- [InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-removerunthistimebuttonforoutdatedactivexcontrols)
+- [InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictactivexinstallinternetexplorerprocesses)
+- [InternetExplorer/RestrictFileDownloadInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictfiledownloadinternetexplorerprocesses)
+- [InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowaccesstodatasources)
+- [InternetExplorer/RestrictedSitesZoneAllowActiveScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowactivescripting)
+- [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowbinaryandscriptbehaviors)
+- [InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowcopypasteviascript)
+- [InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowdraganddropcopyandpastefiles)
+- [InternetExplorer/RestrictedSitesZoneAllowFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfiledownloads)
+- [InternetExplorer/RestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfontdownloads)
+- [InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowlessprivilegedsites)
+- [InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowloadingofxamlfiles)
+- [InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowmetarefresh)
+- [InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallownetframeworkreliantcomponents)
+- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstouseactivexcontrols)
+- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstousetdcactivexcontrol)
+- [InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptinitiatedwindows)
+- [InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptingofinternetexplorerwebbrowsercontrols)
+- [InternetExplorer/RestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptlets)
+- [InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowsmartscreenie)
+- [InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowupdatestostatusbarviascript)
+- [InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowuserdatapersistence)
+- [InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowvbscripttorunininternetexplorer)
+- [InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedonotrunantimalwareagainstactivexcontrols)
+- [InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadsignedactivexcontrols)
+- [InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadunsignedactivexcontrols)
+- [InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablecrosssitescriptingfilter)
+- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
+- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainswithinwindows)
+- [InternetExplorer/RestrictedSitesZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablemimesniffing)
+- [InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneincludelocalpathwhenuploadingfilestoserver)
+- [InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/RestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonejavapermissions)
+- [InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelaunchingapplicationsandfilesiniframe)
+- [InternetExplorer/RestrictedSitesZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelogonoptions)
+- [InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonenavigatewindowsandframes)
+- [InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunactivexcontrolsandplugins)
+- [InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunnetframeworkreliantcomponentssignedwithauthenticode)
+- [InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptactivexcontrolsmarkedsafeforscripting)
+- [InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptingofjavaapplets)
+- [InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneshowsecuritywarningforpotentiallyunsafefiles)
+- [InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneturnonprotectedmode)
+- [InternetExplorer/RestrictedSitesZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneusepopupblocker)
+- [InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-scriptedwindowsecurityrestrictionsinternetexplorerprocesses)
+- [InternetExplorer/SearchProviderList](./policy-csp-internetexplorer.md#internetexplorer-searchproviderlist)
+- [InternetExplorer/SecurityZonesUseOnlyMachineSettings](./policy-csp-internetexplorer.md#internetexplorer-securityzonesuseonlymachinesettings)
+- [InternetExplorer/SpecifyUseOfActiveXInstallerService](./policy-csp-internetexplorer.md#internetexplorer-specifyuseofactivexinstallerservice)
+- [InternetExplorer/TrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowaccesstodatasources)
+- [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforactivexcontrols)
+- [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforfiledownloads)
+- [InternetExplorer/TrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowfontdownloads)
+- [InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowlessprivilegedsites)
+- [InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallownetframeworkreliantcomponents)
+- [InternetExplorer/TrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowscriptlets)
+- [InternetExplorer/TrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowsmartscreenie)
+- [InternetExplorer/TrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowuserdatapersistence)
+- [InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonedonotrunantimalwareagainstactivexcontrols)
+- [InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrols)
+- [InternetExplorer/TrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonejavapermissions)
+- [InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonenavigatewindowsandframes)
+- [Kerberos/AllowForestSearchOrder](./policy-csp-kerberos.md#kerberos-allowforestsearchorder)
+- [Kerberos/KerberosClientSupportsClaimsCompoundArmor](./policy-csp-kerberos.md#kerberos-kerberosclientsupportsclaimscompoundarmor)
+- [Kerberos/RequireKerberosArmoring](./policy-csp-kerberos.md#kerberos-requirekerberosarmoring)
+- [Kerberos/RequireStrictKDCValidation](./policy-csp-kerberos.md#kerberos-requirestrictkdcvalidation)
+- [Kerberos/SetMaximumContextTokenSize](./policy-csp-kerberos.md#kerberos-setmaximumcontexttokensize)
+- [LanmanWorkstation/EnableInsecureGuestLogons](./policy-csp-lanmanworkstation.md#lanmanworkstation-enableinsecureguestlogons)
+- [Licensing/AllowWindowsEntitlementReactivation](./policy-csp-licensing.md#licensing-allowwindowsentitlementreactivation)
+- [Licensing/DisallowKMSClientOnlineAVSValidation](./policy-csp-licensing.md#licensing-disallowkmsclientonlineavsvalidation)
+- [LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-blockmicrosoftaccounts)
+- [LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-enableadministratoraccountstatus)
+- [LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-enableguestaccountstatus)
+- [LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly)
+- [LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-renameadministratoraccount)
+- [LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-renameguestaccount)
+- [LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowundockwithouthavingtologon)
+- [LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowedtoformatandejectremovablemedia)
+- [LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-preventusersfrominstallingprinterdriverswhenconnectingtosharedprinters)
+- [LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly)
+- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways)
+- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible)
+- [LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges)
+- [LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked)
+- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin)
+- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplayusernameatsignin)
+- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotrequirectrlaltdel)
+- [LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-machineinactivitylimit)
+- [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetextforusersattemptingtologon)
+- [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetitleforusersattemptingtologon)
+- [LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior)
+- [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsalways)
+- [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees)
+- [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers)
+- [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession)
+- [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways)
+- [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsifclientagrees)
+- [LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccounts)
+- [LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccountsandshares)
+- [LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictanonymousaccesstonamedpipesandshares)
+- [LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam)
+- [LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowlocalsystemtousecomputeridentityforntlm)
+- [LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests)
+- [LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-donotstorelanmanagerhashvalueonnextpasswordchange)
+- [LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel)
+- [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedclients)
+- [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers)
+- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-addremoteserverexceptionsforntlmauthentication)
+- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-auditincomingntlmtraffic)
+- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-incomingntlmtraffic)
+- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers)
+- [LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon)
+- [LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile)
+- [LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation)
+- [LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforadministrators)
+- [LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers)
+- [LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-detectapplicationinstallationsandpromptforelevation)
+- [LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-onlyelevateexecutablefilesthataresignedandvalidated)
+- [LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-onlyelevateuiaccessapplicationsthatareinstalledinsecurelocations)
+- [LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-runalladministratorsinadminapprovalmode)
+- [LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-switchtothesecuredesktopwhenpromptingforelevation)
+- [LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-useadminapprovalmode)
+- [LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-virtualizefileandregistrywritefailurestoperuserlocations)
+- [Location/EnableLocation](./policy-csp-location.md#location-enablelocation)
+- [LockDown/AllowEdgeSwipe](./policy-csp-lockdown.md#lockdown-allowedgeswipe)
+- [MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes](./policy-csp-msslegacy.md#msslegacy-allowicmpredirectstooverrideospfgeneratedroutes)
+- [MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers](./policy-csp-msslegacy.md#msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers)
+- [MSSLegacy/IPSourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipsourceroutingprotectionlevel)
+- [MSSLegacy/IPv6SourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipv6sourceroutingprotectionlevel)
+- [MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon](./policy-csp-mssecurityguide.md#mssecurityguide-applyuacrestrictionstolocalaccountsonnetworklogon)
+- [MSSecurityGuide/ConfigureSMBV1ClientDriver](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1clientdriver)
+- [MSSecurityGuide/ConfigureSMBV1Server](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1server)
+- [MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection](./policy-csp-mssecurityguide.md#mssecurityguide-enablestructuredexceptionhandlingoverwriteprotection)
+- [MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications](./policy-csp-mssecurityguide.md#mssecurityguide-turnonwindowsdefenderprotectionagainstpotentiallyunwantedapplications)
+- [MSSecurityGuide/WDigestAuthentication](./policy-csp-mssecurityguide.md#mssecurityguide-wdigestauthentication)
+- [Maps/EnableOfflineMapsAutoUpdate](./policy-csp-maps.md#maps-enableofflinemapsautoupdate)
+- [Messaging/AllowMessageSync](./policy-csp-messaging.md#messaging-allowmessagesync)
+- [NetworkIsolation/EnterpriseCloudResources](./policy-csp-networkisolation.md#networkisolation-enterprisecloudresources)
+- [NetworkIsolation/EnterpriseIPRange](./policy-csp-networkisolation.md#networkisolation-enterpriseiprange)
+- [NetworkIsolation/EnterpriseIPRangesAreAuthoritative](./policy-csp-networkisolation.md#networkisolation-enterpriseiprangesareauthoritative)
+- [NetworkIsolation/EnterpriseInternalProxyServers](./policy-csp-networkisolation.md#networkisolation-enterpriseinternalproxyservers)
+- [NetworkIsolation/EnterpriseProxyServers](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyservers)
+- [NetworkIsolation/EnterpriseProxyServersAreAuthoritative](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyserversareauthoritative)
+- [NetworkIsolation/NeutralResources](./policy-csp-networkisolation.md#networkisolation-neutralresources)
+- [Notifications/DisallowCloudNotification](./policy-csp-notifications.md#notifications-disallowcloudnotification)
+- [Notifications/DisallowNotificationMirroring](./policy-csp-notifications.md#notifications-disallownotificationmirroring)
+- [Notifications/DisallowTileNotification](./policy-csp-notifications.md#notifications-disallowtilenotification)
+- [Power/AllowStandbyStatesWhenSleepingOnBattery](./policy-csp-power.md#power-allowstandbystateswhensleepingonbattery)
+- [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin)
+- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
+- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
+- [Power/HibernateTimeoutOnBattery](./policy-csp-power.md#power-hibernatetimeoutonbattery)
+- [Power/HibernateTimeoutPluggedIn](./policy-csp-power.md#power-hibernatetimeoutpluggedin)
+- [Power/RequirePasswordWhenComputerWakesOnBattery](./policy-csp-power.md#power-requirepasswordwhencomputerwakesonbattery)
+- [Power/RequirePasswordWhenComputerWakesPluggedIn](./policy-csp-power.md#power-requirepasswordwhencomputerwakespluggedin)
+- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery)
+- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin)
+- [Printers/PointAndPrintRestrictions](./policy-csp-printers.md#printers-pointandprintrestrictions)
+- [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions-user)
+- [Printers/PublishPrinters](./policy-csp-printers.md#printers-publishprinters)
+- [Privacy/AllowCrossDeviceClipboard](./policy-csp-privacy.md#privacy-allowcrossdeviceclipboard)
+- [Privacy/AllowInputPersonalization](./policy-csp-privacy.md#privacy-allowinputpersonalization)
+- [Privacy/DisableAdvertisingId](./policy-csp-privacy.md#privacy-disableadvertisingid)
+- [Privacy/DisablePrivacyExperience](./policy-csp-privacy.md#privacy-disableprivacyexperience)
+- [Privacy/EnableActivityFeed](./policy-csp-privacy.md#privacy-enableactivityfeed)
+- [Privacy/LetAppsAccessAccountInfo](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo)
+- [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps)
+- [Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forcedenytheseapps)
+- [Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-userincontroloftheseapps)
+- [Privacy/LetAppsAccessCalendar](./policy-csp-privacy.md#privacy-letappsaccesscalendar)
+- [Privacy/LetAppsAccessCalendar_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscalendar-forceallowtheseapps)
+- [Privacy/LetAppsAccessCalendar_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscalendar-forcedenytheseapps)
+- [Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscalendar-userincontroloftheseapps)
+- [Privacy/LetAppsAccessCallHistory](./policy-csp-privacy.md#privacy-letappsaccesscallhistory)
+- [Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscallhistory-forceallowtheseapps)
+- [Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscallhistory-forcedenytheseapps)
+- [Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscallhistory-userincontroloftheseapps)
+- [Privacy/LetAppsAccessCamera](./policy-csp-privacy.md#privacy-letappsaccesscamera)
+- [Privacy/LetAppsAccessCamera_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscamera-forceallowtheseapps)
+- [Privacy/LetAppsAccessCamera_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscamera-forcedenytheseapps)
+- [Privacy/LetAppsAccessCamera_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscamera-userincontroloftheseapps)
+- [Privacy/LetAppsAccessContacts](./policy-csp-privacy.md#privacy-letappsaccesscontacts)
+- [Privacy/LetAppsAccessContacts_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscontacts-forceallowtheseapps)
+- [Privacy/LetAppsAccessContacts_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscontacts-forcedenytheseapps)
+- [Privacy/LetAppsAccessContacts_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscontacts-userincontroloftheseapps)
+- [Privacy/LetAppsAccessEmail](./policy-csp-privacy.md#privacy-letappsaccessemail)
+- [Privacy/LetAppsAccessEmail_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessemail-forceallowtheseapps)
+- [Privacy/LetAppsAccessEmail_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessemail-forcedenytheseapps)
+- [Privacy/LetAppsAccessEmail_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessemail-userincontroloftheseapps)
+- [Privacy/LetAppsAccessLocation](./policy-csp-privacy.md#privacy-letappsaccesslocation)
+- [Privacy/LetAppsAccessLocation_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesslocation-forceallowtheseapps)
+- [Privacy/LetAppsAccessLocation_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesslocation-forcedenytheseapps)
+- [Privacy/LetAppsAccessLocation_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesslocation-userincontroloftheseapps)
+- [Privacy/LetAppsAccessMessaging](./policy-csp-privacy.md#privacy-letappsaccessmessaging)
+- [Privacy/LetAppsAccessMessaging_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmessaging-forceallowtheseapps)
+- [Privacy/LetAppsAccessMessaging_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmessaging-forcedenytheseapps)
+- [Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmessaging-userincontroloftheseapps)
+- [Privacy/LetAppsAccessMicrophone](./policy-csp-privacy.md#privacy-letappsaccessmicrophone)
+- [Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmicrophone-forceallowtheseapps)
+- [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmicrophone-forcedenytheseapps)
+- [Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmicrophone-userincontroloftheseapps)
+- [Privacy/LetAppsAccessMotion](./policy-csp-privacy.md#privacy-letappsaccessmotion)
+- [Privacy/LetAppsAccessMotion_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmotion-forceallowtheseapps)
+- [Privacy/LetAppsAccessMotion_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmotion-forcedenytheseapps)
+- [Privacy/LetAppsAccessMotion_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmotion-userincontroloftheseapps)
+- [Privacy/LetAppsAccessNotifications](./policy-csp-privacy.md#privacy-letappsaccessnotifications)
+- [Privacy/LetAppsAccessNotifications_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessnotifications-forceallowtheseapps)
+- [Privacy/LetAppsAccessNotifications_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessnotifications-forcedenytheseapps)
+- [Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessnotifications-userincontroloftheseapps)
+- [Privacy/LetAppsAccessPhone](./policy-csp-privacy.md#privacy-letappsaccessphone)
+- [Privacy/LetAppsAccessPhone_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessphone-forceallowtheseapps)
+- [Privacy/LetAppsAccessPhone_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessphone-forcedenytheseapps)
+- [Privacy/LetAppsAccessPhone_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessphone-userincontroloftheseapps)
+- [Privacy/LetAppsAccessRadios](./policy-csp-privacy.md#privacy-letappsaccessradios)
+- [Privacy/LetAppsAccessRadios_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessradios-forceallowtheseapps)
+- [Privacy/LetAppsAccessRadios_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessradios-forcedenytheseapps)
+- [Privacy/LetAppsAccessRadios_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessradios-userincontroloftheseapps)
+- [Privacy/LetAppsAccessTasks](./policy-csp-privacy.md#privacy-letappsaccesstasks)
+- [Privacy/LetAppsAccessTasks_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstasks-forceallowtheseapps)
+- [Privacy/LetAppsAccessTasks_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstasks-forcedenytheseapps)
+- [Privacy/LetAppsAccessTasks_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstasks-userincontroloftheseapps)
+- [Privacy/LetAppsAccessTrustedDevices](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices)
+- [Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-forceallowtheseapps)
+- [Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-forcedenytheseapps)
+- [Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-userincontroloftheseapps)
+- [Privacy/LetAppsGetDiagnosticInfo](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo)
+- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)
+- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)
+- [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps)
+- [Privacy/LetAppsRunInBackground](./policy-csp-privacy.md#privacy-letappsruninbackground)
+- [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsruninbackground-forceallowtheseapps)
+- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsruninbackground-forcedenytheseapps)
+- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsruninbackground-userincontroloftheseapps)
+- [Privacy/LetAppsSyncWithDevices](./policy-csp-privacy.md#privacy-letappssyncwithdevices)
+- [Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-forceallowtheseapps)
+- [Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-forcedenytheseapps)
+- [Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-userincontroloftheseapps)
+- [Privacy/PublishUserActivities](./policy-csp-privacy.md#privacy-publishuseractivities)
+- [Privacy/UploadUserActivities](./policy-csp-privacy.md#privacy-uploaduseractivities)
+- [RemoteAssistance/CustomizeWarningMessages](./policy-csp-remoteassistance.md#remoteassistance-customizewarningmessages)
+- [RemoteAssistance/SessionLogging](./policy-csp-remoteassistance.md#remoteassistance-sessionlogging)
+- [RemoteAssistance/SolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-solicitedremoteassistance)
+- [RemoteAssistance/UnsolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-unsolicitedremoteassistance)
+- [RemoteDesktopServices/AllowUsersToConnectRemotely](./policy-csp-remotedesktopservices.md#remotedesktopservices-allowuserstoconnectremotely)
+- [RemoteDesktopServices/ClientConnectionEncryptionLevel](./policy-csp-remotedesktopservices.md#remotedesktopservices-clientconnectionencryptionlevel)
+- [RemoteDesktopServices/DoNotAllowDriveRedirection](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowdriveredirection)
+- [RemoteDesktopServices/DoNotAllowPasswordSaving](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowpasswordsaving)
+- [RemoteDesktopServices/PromptForPasswordUponConnection](./policy-csp-remotedesktopservices.md#remotedesktopservices-promptforpassworduponconnection)
+- [RemoteDesktopServices/RequireSecureRPCCommunication](./policy-csp-remotedesktopservices.md#remotedesktopservices-requiresecurerpccommunication)
+- [RemoteManagement/AllowBasicAuthentication_Client](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-client)
+- [RemoteManagement/AllowBasicAuthentication_Service](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-service)
+- [RemoteManagement/AllowCredSSPAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationclient)
+- [RemoteManagement/AllowCredSSPAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationservice)
+- [RemoteManagement/AllowRemoteServerManagement](./policy-csp-remotemanagement.md#remotemanagement-allowremoteservermanagement)
+- [RemoteManagement/AllowUnencryptedTraffic_Client](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-client)
+- [RemoteManagement/AllowUnencryptedTraffic_Service](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-service)
+- [RemoteManagement/DisallowDigestAuthentication](./policy-csp-remotemanagement.md#remotemanagement-disallowdigestauthentication)
+- [RemoteManagement/DisallowNegotiateAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationclient)
+- [RemoteManagement/DisallowNegotiateAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationservice)
+- [RemoteManagement/DisallowStoringOfRunAsCredentials](./policy-csp-remotemanagement.md#remotemanagement-disallowstoringofrunascredentials)
+- [RemoteManagement/SpecifyChannelBindingTokenHardeningLevel](./policy-csp-remotemanagement.md#remotemanagement-specifychannelbindingtokenhardeninglevel)
+- [RemoteManagement/TrustedHosts](./policy-csp-remotemanagement.md#remotemanagement-trustedhosts)
+- [RemoteManagement/TurnOnCompatibilityHTTPListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttplistener)
+- [RemoteManagement/TurnOnCompatibilityHTTPSListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttpslistener)
+- [RemoteProcedureCall/RPCEndpointMapperClientAuthentication](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-rpcendpointmapperclientauthentication)
+- [RemoteProcedureCall/RestrictUnauthenticatedRPCClients](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-restrictunauthenticatedrpcclients)
+- [RemoteShell/AllowRemoteShellAccess](./policy-csp-remoteshell.md#remoteshell-allowremoteshellaccess)
+- [RemoteShell/MaxConcurrentUsers](./policy-csp-remoteshell.md#remoteshell-maxconcurrentusers)
+- [RemoteShell/SpecifyIdleTimeout](./policy-csp-remoteshell.md#remoteshell-specifyidletimeout)
+- [RemoteShell/SpecifyMaxMemory](./policy-csp-remoteshell.md#remoteshell-specifymaxmemory)
+- [RemoteShell/SpecifyMaxProcesses](./policy-csp-remoteshell.md#remoteshell-specifymaxprocesses)
+- [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#remoteshell-specifymaxremoteshells)
+- [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout)
+- [Search/AllowCloudSearch](./policy-csp-search.md#search-allowcloudsearch)
+- [Search/AllowCortanaInAAD](./policy-csp-search.md#search-allowcortanainaad)
+- [Search/AllowIndexingEncryptedStoresOrItems](./policy-csp-search.md#search-allowindexingencryptedstoresoritems)
+- [Search/AllowSearchToUseLocation](./policy-csp-search.md#search-allowsearchtouselocation)
+- [Search/AllowUsingDiacritics](./policy-csp-search.md#search-allowusingdiacritics)
+- [Search/AlwaysUseAutoLangDetection](./policy-csp-search.md#search-alwaysuseautolangdetection)
+- [Search/DisableBackoff](./policy-csp-search.md#search-disablebackoff)
+- [Search/DisableRemovableDriveIndexing](./policy-csp-search.md#search-disableremovabledriveindexing)
+- [Search/DoNotUseWebResults](./policy-csp-search.md#search-donotusewebresults)
+- [Search/PreventIndexingLowDiskSpaceMB](./policy-csp-search.md#search-preventindexinglowdiskspacemb)
+- [Search/PreventRemoteQueries](./policy-csp-search.md#search-preventremotequeries)
+- [Security/ClearTPMIfNotReady](./policy-csp-security.md#security-cleartpmifnotready)
+- [Settings/AllowOnlineTips](./policy-csp-settings.md#settings-allowonlinetips)
+- [Settings/ConfigureTaskbarCalendar](./policy-csp-settings.md#settings-configuretaskbarcalendar)
+- [Settings/PageVisibilityList](./policy-csp-settings.md#settings-pagevisibilitylist)
+- [SmartScreen/EnableAppInstallControl](./policy-csp-smartscreen.md#smartscreen-enableappinstallcontrol)
+- [SmartScreen/EnableSmartScreenInShell](./policy-csp-smartscreen.md#smartscreen-enablesmartscreeninshell)
+- [SmartScreen/PreventOverrideForFilesInShell](./policy-csp-smartscreen.md#smartscreen-preventoverrideforfilesinshell)
+- [Speech/AllowSpeechModelUpdate](./policy-csp-speech.md#speech-allowspeechmodelupdate)
+- [Start/DisableContextMenus](./policy-csp-start.md#start-disablecontextmenus)
+- [Start/HidePeopleBar](./policy-csp-start.md#start-hidepeoplebar)
+- [Start/HideRecentlyAddedApps](./policy-csp-start.md#start-hiderecentlyaddedapps)
+- [Start/StartLayout](./policy-csp-start.md#start-startlayout)
+- [Storage/AllowDiskHealthModelUpdates](./policy-csp-storage.md#storage-allowdiskhealthmodelupdates)
+- [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices)
+- [System/AllowBuildPreview](./policy-csp-system.md#system-allowbuildpreview)
+- [System/AllowFontProviders](./policy-csp-system.md#system-allowfontproviders)
+- [System/AllowLocation](./policy-csp-system.md#system-allowlocation)
+- [System/AllowTelemetry](./policy-csp-system.md#system-allowtelemetry)
+- [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization)
+- [System/ConfigureTelemetryOptInChangeNotification](./policy-csp-system.md#system-configuretelemetryoptinchangenotification)
+- [System/ConfigureTelemetryOptInSettingsUx](./policy-csp-system.md#system-configuretelemetryoptinsettingsux)
+- [System/DisableEnterpriseAuthProxy](./policy-csp-system.md#system-disableenterpriseauthproxy)
+- [System/DisableOneDriveFileSync](./policy-csp-system.md#system-disableonedrivefilesync)
+- [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)
+- [System/LimitEnhancedDiagnosticDataWindowsAnalytics](./policy-csp-system.md#system-limitenhanceddiagnosticdatawindowsanalytics)
+- [System/TelemetryProxy](./policy-csp-system.md#system-telemetryproxy)
+- [SystemServices/ConfigureHomeGroupListenerServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurehomegrouplistenerservicestartupmode)
+- [SystemServices/ConfigureHomeGroupProviderServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurehomegroupproviderservicestartupmode)
+- [SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxaccessorymanagementservicestartupmode)
+- [SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxliveauthmanagerservicestartupmode)
+- [SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivegamesaveservicestartupmode)
+- [SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivenetworkingservicestartupmode)
+- [TextInput/AllowLanguageFeaturesUninstall](./policy-csp-textinput.md#textinput-allowlanguagefeaturesuninstall)
+- [TextInput/AllowLinguisticDataCollection](./policy-csp-textinput.md#textinput-allowlinguisticdatacollection)
+- [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend)
+- [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange)
+- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart)
+- [Update/AllowAutoUpdate](./policy-csp-update.md#update-allowautoupdate)
+- [Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork](./policy-csp-update.md#update-allowautowindowsupdatedownloadovermeterednetwork)
+- [Update/AllowMUUpdateService](./policy-csp-update.md#update-allowmuupdateservice)
+- [Update/AllowUpdateService](./policy-csp-update.md#update-allowupdateservice)
+- [Update/AutoRestartDeadlinePeriodInDays](./policy-csp-update.md#update-autorestartdeadlineperiodindays)
+- [Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates](./policy-csp-update.md#update-autorestartdeadlineperiodindaysforfeatureupdates)
+- [Update/AutoRestartNotificationSchedule](./policy-csp-update.md#update-autorestartnotificationschedule)
+- [Update/AutoRestartRequiredNotificationDismissal](./policy-csp-update.md#update-autorestartrequirednotificationdismissal)
+- [Update/BranchReadinessLevel](./policy-csp-update.md#update-branchreadinesslevel)
+- [Update/DeferFeatureUpdatesPeriodInDays](./policy-csp-update.md#update-deferfeatureupdatesperiodindays)
+- [Update/DeferQualityUpdatesPeriodInDays](./policy-csp-update.md#update-deferqualityupdatesperiodindays)
+- [Update/DeferUpdatePeriod](./policy-csp-update.md#update-deferupdateperiod)
+- [Update/DeferUpgradePeriod](./policy-csp-update.md#update-deferupgradeperiod)
+- [Update/DetectionFrequency](./policy-csp-update.md#update-detectionfrequency)
+- [Update/DisableDualScan](./policy-csp-update.md#update-disabledualscan)
+- [Update/EngagedRestartDeadline](./policy-csp-update.md#update-engagedrestartdeadline)
+- [Update/EngagedRestartDeadlineForFeatureUpdates](./policy-csp-update.md#update-engagedrestartdeadlineforfeatureupdates)
+- [Update/EngagedRestartSnoozeSchedule](./policy-csp-update.md#update-engagedrestartsnoozeschedule)
+- [Update/EngagedRestartSnoozeScheduleForFeatureUpdates](./policy-csp-update.md#update-engagedrestartsnoozescheduleforfeatureupdates)
+- [Update/EngagedRestartTransitionSchedule](./policy-csp-update.md#update-engagedrestarttransitionschedule)
+- [Update/EngagedRestartTransitionScheduleForFeatureUpdates](./policy-csp-update.md#update-engagedrestarttransitionscheduleforfeatureupdates)
+- [Update/ExcludeWUDriversInQualityUpdate](./policy-csp-update.md#update-excludewudriversinqualityupdate)
+- [Update/FillEmptyContentUrls](./policy-csp-update.md#update-fillemptycontenturls)
+- [Update/ManagePreviewBuilds](./policy-csp-update.md#update-managepreviewbuilds)
+- [Update/PauseDeferrals](./policy-csp-update.md#update-pausedeferrals)
+- [Update/PauseFeatureUpdates](./policy-csp-update.md#update-pausefeatureupdates)
+- [Update/PauseFeatureUpdatesStartTime](./policy-csp-update.md#update-pausefeatureupdatesstarttime)
+- [Update/PauseQualityUpdates](./policy-csp-update.md#update-pausequalityupdates)
+- [Update/PauseQualityUpdatesStartTime](./policy-csp-update.md#update-pausequalityupdatesstarttime)
+- [Update/RequireDeferUpgrade](./policy-csp-update.md#update-requiredeferupgrade)
+- [Update/ScheduleImminentRestartWarning](./policy-csp-update.md#update-scheduleimminentrestartwarning)
+- [Update/ScheduleRestartWarning](./policy-csp-update.md#update-schedulerestartwarning)
+- [Update/ScheduledInstallDay](./policy-csp-update.md#update-scheduledinstallday)
+- [Update/ScheduledInstallEveryWeek](./policy-csp-update.md#update-scheduledinstalleveryweek)
+- [Update/ScheduledInstallFirstWeek](./policy-csp-update.md#update-scheduledinstallfirstweek)
+- [Update/ScheduledInstallFourthWeek](./policy-csp-update.md#update-scheduledinstallfourthweek)
+- [Update/ScheduledInstallSecondWeek](./policy-csp-update.md#update-scheduledinstallsecondweek)
+- [Update/ScheduledInstallThirdWeek](./policy-csp-update.md#update-scheduledinstallthirdweek)
+- [Update/ScheduledInstallTime](./policy-csp-update.md#update-scheduledinstalltime)
+- [Update/SetAutoRestartNotificationDisable](./policy-csp-update.md#update-setautorestartnotificationdisable)
+- [Update/SetDisablePauseUXAccess](./policy-csp-update.md#update-setdisablepauseuxaccess)
+- [Update/SetDisableUXWUAccess](./policy-csp-update.md#update-setdisableuxwuaccess)
+- [Update/SetEDURestart](./policy-csp-update.md#update-setedurestart)
+- [Update/UpdateNotificationLevel](./policy-csp-update.md#update-updatenotificationlevel)
+- [Update/UpdateServiceUrl](./policy-csp-update.md#update-updateserviceurl)
+- [Update/UpdateServiceUrlAlternate](./policy-csp-update.md#update-updateserviceurlalternate)
+- [UserRights/AccessCredentialManagerAsTrustedCaller](./policy-csp-userrights.md#userrights-accesscredentialmanagerastrustedcaller)
+- [UserRights/AccessFromNetwork](./policy-csp-userrights.md#userrights-accessfromnetwork)
+- [UserRights/ActAsPartOfTheOperatingSystem](./policy-csp-userrights.md#userrights-actaspartoftheoperatingsystem)
+- [UserRights/AllowLocalLogOn](./policy-csp-userrights.md#userrights-allowlocallogon)
+- [UserRights/BackupFilesAndDirectories](./policy-csp-userrights.md#userrights-backupfilesanddirectories)
+- [UserRights/ChangeSystemTime](./policy-csp-userrights.md#userrights-changesystemtime)
+- [UserRights/CreateGlobalObjects](./policy-csp-userrights.md#userrights-createglobalobjects)
+- [UserRights/CreatePageFile](./policy-csp-userrights.md#userrights-createpagefile)
+- [UserRights/CreatePermanentSharedObjects](./policy-csp-userrights.md#userrights-createpermanentsharedobjects)
+- [UserRights/CreateSymbolicLinks](./policy-csp-userrights.md#userrights-createsymboliclinks)
+- [UserRights/CreateToken](./policy-csp-userrights.md#userrights-createtoken)
+- [UserRights/DebugPrograms](./policy-csp-userrights.md#userrights-debugprograms)
+- [UserRights/DenyAccessFromNetwork](./policy-csp-userrights.md#userrights-denyaccessfromnetwork)
+- [UserRights/DenyLocalLogOn](./policy-csp-userrights.md#userrights-denylocallogon)
+- [UserRights/DenyRemoteDesktopServicesLogOn](./policy-csp-userrights.md#userrights-denyremotedesktopserviceslogon)
+- [UserRights/EnableDelegation](./policy-csp-userrights.md#userrights-enabledelegation)
+- [UserRights/GenerateSecurityAudits](./policy-csp-userrights.md#userrights-generatesecurityaudits)
+- [UserRights/ImpersonateClient](./policy-csp-userrights.md#userrights-impersonateclient)
+- [UserRights/IncreaseSchedulingPriority](./policy-csp-userrights.md#userrights-increaseschedulingpriority)
+- [UserRights/LoadUnloadDeviceDrivers](./policy-csp-userrights.md#userrights-loadunloaddevicedrivers)
+- [UserRights/LockMemory](./policy-csp-userrights.md#userrights-lockmemory)
+- [UserRights/ManageAuditingAndSecurityLog](./policy-csp-userrights.md#userrights-manageauditingandsecuritylog)
+- [UserRights/ManageVolume](./policy-csp-userrights.md#userrights-managevolume)
+- [UserRights/ModifyFirmwareEnvironment](./policy-csp-userrights.md#userrights-modifyfirmwareenvironment)
+- [UserRights/ModifyObjectLabel](./policy-csp-userrights.md#userrights-modifyobjectlabel)
+- [UserRights/ProfileSingleProcess](./policy-csp-userrights.md#userrights-profilesingleprocess)
+- [UserRights/RemoteShutdown](./policy-csp-userrights.md#userrights-remoteshutdown)
+- [UserRights/RestoreFilesAndDirectories](./policy-csp-userrights.md#userrights-restorefilesanddirectories)
+- [UserRights/TakeOwnership](./policy-csp-userrights.md#userrights-takeownership)
+- [Wifi/AllowAutoConnectToWiFiSenseHotspots](./policy-csp-wifi.md#wifi-allowautoconnecttowifisensehotspots)
+- [Wifi/AllowInternetSharing](./policy-csp-wifi.md#wifi-allowinternetsharing)
+- [WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork](./policy-csp-windowsconnectionmanager.md#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork)
+- [WindowsDefenderSecurityCenter/CompanyName](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-companyname)
+- [WindowsDefenderSecurityCenter/DisableAccountProtectionUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableaccountprotectionui)
+- [WindowsDefenderSecurityCenter/DisableAppBrowserUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableappbrowserui)
+- [WindowsDefenderSecurityCenter/DisableClearTpmButton](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablecleartpmbutton)
+- [WindowsDefenderSecurityCenter/DisableDeviceSecurityUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disabledevicesecurityui)
+- [WindowsDefenderSecurityCenter/DisableEnhancedNotifications](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableenhancednotifications)
+- [WindowsDefenderSecurityCenter/DisableFamilyUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablefamilyui)
+- [WindowsDefenderSecurityCenter/DisableHealthUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablehealthui)
+- [WindowsDefenderSecurityCenter/DisableNetworkUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablenetworkui)
+- [WindowsDefenderSecurityCenter/DisableNotifications](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablenotifications)
+- [WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disabletpmfirmwareupdatewarning)
+- [WindowsDefenderSecurityCenter/DisableVirusUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablevirusui)
+- [WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disallowexploitprotectionoverride)
+- [WindowsDefenderSecurityCenter/Email](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-email)
+- [WindowsDefenderSecurityCenter/EnableCustomizedToasts](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-enablecustomizedtoasts)
+- [WindowsDefenderSecurityCenter/EnableInAppCustomization](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-enableinappcustomization)
+- [WindowsDefenderSecurityCenter/HideRansomwareDataRecovery](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hideransomwaredatarecovery)
+- [WindowsDefenderSecurityCenter/HideSecureBoot](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidesecureboot)
+- [WindowsDefenderSecurityCenter/HideTPMTroubleshooting](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidetpmtroubleshooting)
+- [WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidewindowssecuritynotificationareacontrol)
+- [WindowsDefenderSecurityCenter/Phone](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-phone)
+- [WindowsDefenderSecurityCenter/URL](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-url)
+- [WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace](./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace)
+- [WindowsInkWorkspace/AllowWindowsInkWorkspace](./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowwindowsinkworkspace)
+- [WindowsLogon/DisableLockScreenAppNotifications](./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications)
+- [WindowsLogon/DontDisplayNetworkSelectionUI](./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui)
+- [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers](./policy-csp-windowslogon.md#windowslogon-enumeratelocalusersondomainjoinedcomputers)
+- [WindowsLogon/HideFastUserSwitching](./policy-csp-windowslogon.md#windowslogon-hidefastuserswitching)
+- [WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart](./policy-csp-windowslogon.md#windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart)
+- [WindowsPowerShell/TurnOnPowerShellScriptBlockLogging](./policy-csp-windowspowershell.md#windowspowershell-turnonpowershellscriptblocklogging)
+- [WirelessDisplay/AllowProjectionToPC](./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectiontopc)
+- [WirelessDisplay/RequirePinForPairing](./policy-csp-wirelessdisplay.md#wirelessdisplay-requirepinforpairing)
+
+
+## Policies supported by Windows Holographic for Business
+
+- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection)
+- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)
+- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate)
+- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)
+- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)
+- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)
+- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)
+- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)
+- [Browser/AllowCookies](#browser-allowcookies)
+- [Browser/AllowDoNotTrack](#browser-allowdonottrack)
+- [Browser/AllowPasswordManager](#browser-allowpasswordmanager)
+- [Browser/AllowPopups](#browser-allowpopups)
+- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)
+- [Browser/AllowSmartScreen](#browser-allowsmartscreen)
+- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)
+- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)
+- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword)
+- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)
+- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
+- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)
+- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)
+- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)
+- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters)
+- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)
+- [Experience/AllowCortana](#experience-allowcortana)
+- [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment)
+- [Privacy/AllowCrossDeviceClipboard](#privacy-allowcrossdeviceclipboard)
+- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)
+- [Privacy/LetAppsAccessGazeInput](#privacy-letappsaccessgazeinput)
+- [Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps](#privacy-letappsaccessgazeinput-forceallowtheseapps)
+- [Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps](#privacy-letappsaccessgazeinput-forcedenytheseapps)
+- [Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps](#privacy-letappsaccessgazeinput-userincontroloftheseapps)
+- [Privacy/UploadUserActivities](#privacy-uploaduseractivities)
+- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)
+- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
+- [Settings/AllowDateTime](#settings-allowdatetime)
+- [Settings/AllowVPN](#settings-allowvpn)
+- [System/AllowLocation](#system-allowlocation)
+- [System/AllowTelemetry](#system-allowtelemetry)
+- [Update/AllowAutoUpdate](#update-allowautoupdate)
+- [Update/AllowUpdateService](#update-allowupdateservice)
+- [Update/RequireDeferUpgrade](#update-requiredeferupgrade)
+- [Update/RequireUpdateApproval](#update-requireupdateapproval)
+- [Update/UpdateServiceUrl](#update-updateserviceurl)
+
+
+
+## Policies that can be set using Exchange Active Sync (EAS)
+
+- [Browser/AllowBrowser](#browser-allowbrowser)
+- [Camera/AllowCamera](#camera-allowcamera)
+- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui)
+- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)
+- [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming)
+- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection)
+- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword)
+- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)
+- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
+- [DeviceLock/DevicePasswordExpiration](#devicelock-devicepasswordexpiration)
+- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)
+- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)
+- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)
+- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters)
+- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)
+- [DeviceLock/PreventLockScreenSlideShow](#devicelock-preventlockscreenslideshow)
+- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)
+- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
+- [System/AllowStorageCard](#system-allowstoragecard)
+- [System/TelemetryProxy](#system-telemetryproxy)
+- [Wifi/AllowInternetSharing](#wifi-allowinternetsharing)
+- [Wifi/AllowWiFi](#wifi-allowwifi)
+
+
+## Examples
+
+Set the minimum password length to 4 characters.
+
+``` syntax
+
+
+
+ $CmdID$
+ -
+
+ ./Vendor/MSFT/Policy/Config/DeviceLock/MinDevicePasswordLength
+
+
+ int
+
+ 4
+
+
+
+
+
+```
+
+Do not allow NFC.
+
+``` syntax
+
+
+
+ $CmdID$
+ -
+
+ ./Vendor/MSFT/Policy/Config/Connectivity/AllowNFC
+
+
+ int
+
+ 0
+
+
+
+
+
+```
+
+## Related topics
+
[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 49d713d18e..e025ffe2fc 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -135,9 +135,6 @@ ms.date: 08/08/2018
Browser/FirstRunURL
-
- Browser/ForceEnabledExtensions
-
Browser/HomePages
@@ -2717,66 +2714,6 @@ Data type = String
-
-**Browser/ForceEnabledExtensions**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
-  |
-  5 |
- 5 |
- 5 |
- 5 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-> * Device
-
-
-
-
-
-This setting lets you decide which extensions should be always enabled.
-
-
-
-ADMX Info:
-- GP name: *ForceEnabledExtensions*
-- GP element: *ForceEnabledExtensions_List*
-- GP ADMX file name: *MicrosoftEdge.admx*
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
**Browser/HomePages**
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index 104c932ccf..7c7ed13b63 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -6,11 +6,13 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
-ms.date: 05/14/2018
+ms.date: 07/06/2018
---
# Policy CSP - DeliveryOptimization
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
@@ -25,6 +27,9 @@ ms.date: 05/14/2018
DeliveryOptimization/DOAllowVPNPeerCaching
+
+ DeliveryOptimization/DOCacheHost
+
DeliveryOptimization/DODelayBackgroundDownloadFromHttp
@@ -217,6 +222,67 @@ The following list shows the supported values:
+
+**DeliveryOptimization/DOCacheHost**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+[Reserved for future use]
+
+
+
+ADMX Info:
+- GP English name: *[Reserved for future use] Cache Server Hostname*
+- GP name: *CacheHost*
+- GP element: *CacheHost*
+- GP path: *Windows Components/Delivery Optimization*
+- GP ADMX file name: *DeliveryOptimization.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
**DeliveryOptimization/DODelayBackgroundDownloadFromHttp**
@@ -1231,7 +1297,6 @@ ADMX Info:
**DeliveryOptimization/DOPercentageMaxDownloadBandwidth**
-
[Scope](./policy-configuration-service-provider.md#policy-scope):
@@ -1501,6 +1566,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
+- 5 - Added in the next major release of Windows 10.
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index 52ede722ea..f45615badd 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -1,4847 +1,4865 @@
----
-title: Policy CSP - Privacy
-description: Policy CSP - Privacy
-ms.author: maricia
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: MariciaAlforque
-ms.date: 08/08/2018
----
-
-# Policy CSP - Privacy
-
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
-
-
-
-
-## Privacy policies
-
-
- -
- Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
-
- -
- Privacy/AllowCrossDeviceClipboard
-
- -
- Privacy/AllowInputPersonalization
-
- -
- Privacy/DisableAdvertisingId
-
- -
- Privacy/EnableActivityFeed
-
- -
- Privacy/LetAppsAccessAccountInfo
-
- -
- Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessCalendar
-
- -
- Privacy/LetAppsAccessCalendar_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessCalendar_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessCallHistory
-
- -
- Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessCamera
-
- -
- Privacy/LetAppsAccessCamera_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessCamera_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessCamera_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessContacts
-
- -
- Privacy/LetAppsAccessContacts_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessContacts_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessContacts_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessEmail
-
- -
- Privacy/LetAppsAccessEmail_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessEmail_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessEmail_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessGazeInput
-
- -
- Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessLocation
-
- -
- Privacy/LetAppsAccessLocation_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessLocation_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessLocation_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessMessaging
-
- -
- Privacy/LetAppsAccessMessaging_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessMessaging_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessMicrophone
-
- -
- Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessMotion
-
- -
- Privacy/LetAppsAccessMotion_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessMotion_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessMotion_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessNotifications
-
- -
- Privacy/LetAppsAccessNotifications_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessNotifications_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessPhone
-
- -
- Privacy/LetAppsAccessPhone_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessPhone_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessPhone_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessRadios
-
- -
- Privacy/LetAppsAccessRadios_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessRadios_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessRadios_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessTasks
-
- -
- Privacy/LetAppsAccessTasks_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessTasks_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessTasks_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsAccessTrustedDevices
-
- -
- Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps
-
- -
- Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps
-
- -
- Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsGetDiagnosticInfo
-
- -
- Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps
-
- -
- Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps
-
- -
- Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsRunInBackground
-
- -
- Privacy/LetAppsRunInBackground_ForceAllowTheseApps
-
- -
- Privacy/LetAppsRunInBackground_ForceDenyTheseApps
-
- -
- Privacy/LetAppsRunInBackground_UserInControlOfTheseApps
-
- -
- Privacy/LetAppsSyncWithDevices
-
- -
- Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps
-
- -
- Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps
-
- -
- Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps
-
- -
- Privacy/PublishUserActivities
-
- -
- Privacy/UploadUserActivities
-
-
-
-
-
-
-
-**Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 3 |
- 3 |
- 3 |
- 3 |
- 3 |
- 3 |
- 3 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps.
-
-> [!Note]
-> There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709.
-
-
-Most restricted value is 0.
-
-
-
-The following list shows the supported values:
-
-- 0 (default)– Not allowed.
-- 1 – Allowed.
-
-
-
-
-
-
-
-**Privacy/AllowCrossDeviceClipboard**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 5 |
- 5 |
- 5 |
- 5 |
- 5 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, next major version. Specifies whether clipboard items roam across devices. When this is allowed, an item copied to the clipboard is uploaded to the cloud so that other devices can access. Also, when this is allowed, a new clipboard item on the cloud is downloaded to a device so that user can paste on the device.
-
-Most restricted value is 0.
-
-
-
-ADMX Info:
-- GP English name: *Allow Clipboard synchronization across devices*
-- GP name: *AllowCrossDeviceClipboard*
-- GP path: *System/OS Policies*
-- GP ADMX file name: *OSPolicy.admx*
-
-
-
-The following list shows the supported values:
-
-0 – Not allowed.
-1 (default) – Allowed.
-
-
-
-
-
-
-
-
-
-
-
-
-
-**Privacy/AllowInputPersonalization**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- |
- |
- |
- |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Updated in Windows 10, next major version. This policy specifies whether users on the device have the option to enable online speech recognition. When enabled, users can use their voice for dictation and to talk to Cortana and other apps that use Microsoft cloud-based speech recognition. Microsoft will use voice input to help improve our speech services. If the policy value is set to 0, online speech recognition will be disabled and users cannot enable online speech recognition via settings. If policy value is set to 1 or is not configured, control is deferred to users.
-
-Most restricted value is 0.
-
-
-
-ADMX Info:
-- GP English name: *Allow input personalization*
-- GP name: *AllowInputPersonalization*
-- GP path: *Control Panel/Regional and Language Options*
-- GP ADMX file name: *Globalization.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – Not allowed.
-- 1 (default) – Choice deferred to user's preference.
-
-
-
-
-
-
-
-**Privacy/DisableAdvertisingId**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Enables or disables the Advertising ID.
-
-Most restricted value is 0.
-
-
-
-ADMX Info:
-- GP English name: *Turn off the advertising ID*
-- GP name: *DisableAdvertisingId*
-- GP path: *System/User Profiles*
-- GP ADMX file name: *UserProfiles.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – Disabled.
-- 1 – Enabled.
-- 65535 (default)- Not configured.
-
-
-
-
-
-
-
-**Privacy/EnableActivityFeed**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 3 |
- 3 |
- 3 |
- 3 |
- 3 |
- 3 |
- 3 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1709. Allows IT Admins to allow Apps/OS to publish to the activity feed.
-
-
-
-ADMX Info:
-- GP English name: *Enables Activity Feed*
-- GP name: *EnableActivityFeed*
-- GP path: *System/OS Policies*
-- GP ADMX file name: *OSPolicy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – Disabled. Apps/OS can't publish the activities and roaming is disabled. (not published to the cloud).
-- 1 – (default) Enabled. Apps/OS can publish the activities and will be roamed across device graph.
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessAccountInfo**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Specifies whether Windows apps can access account information.
-
-
-Most restricted value is 2.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access account information*
-- GP name: *LetAppsAccessAccountInfo*
-- GP element: *LetAppsAccessAccountInfo_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – User in control.
-- 1 – Force allow.
-- 2 - Force deny.
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access account information*
-- GP name: *LetAppsAccessAccountInfo*
-- GP element: *LetAppsAccessAccountInfo_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access account information*
-- GP name: *LetAppsAccessAccountInfo*
-- GP element: *LetAppsAccessAccountInfo_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access account information*
-- GP name: *LetAppsAccessAccountInfo*
-- GP element: *LetAppsAccessAccountInfo_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessCalendar**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Specifies whether Windows apps can access the calendar.
-
-
-Most restricted value is 2.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access the calendar*
-- GP name: *LetAppsAccessCalendar*
-- GP element: *LetAppsAccessCalendar_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – User in control.
-- 1 – Force allow.
-- 2 - Force deny.
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessCalendar_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access the calendar*
-- GP name: *LetAppsAccessCalendar*
-- GP element: *LetAppsAccessCalendar_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessCalendar_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access the calendar*
-- GP name: *LetAppsAccessCalendar*
-- GP element: *LetAppsAccessCalendar_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access the calendar*
-- GP name: *LetAppsAccessCalendar*
-- GP element: *LetAppsAccessCalendar_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessCallHistory**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Specifies whether Windows apps can access call history.
-
-
-Most restricted value is 2.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access call history*
-- GP name: *LetAppsAccessCallHistory*
-- GP element: *LetAppsAccessCallHistory_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – User in control.
-- 1 – Force allow.
-- 2 - Force deny.
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access call history*
-- GP name: *LetAppsAccessCallHistory*
-- GP element: *LetAppsAccessCallHistory_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access call history*
-- GP name: *LetAppsAccessCallHistory*
-- GP element: *LetAppsAccessCallHistory_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access call history*
-- GP name: *LetAppsAccessCallHistory*
-- GP element: *LetAppsAccessCallHistory_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessCamera**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Specifies whether Windows apps can access the camera.
-
-
-Most restricted value is 2.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access the camera*
-- GP name: *LetAppsAccessCamera*
-- GP element: *LetAppsAccessCamera_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – User in control.
-- 1 – Force allow.
-- 2 - Force deny.
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessCamera_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access the camera*
-- GP name: *LetAppsAccessCamera*
-- GP element: *LetAppsAccessCamera_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessCamera_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access the camera*
-- GP name: *LetAppsAccessCamera*
-- GP element: *LetAppsAccessCamera_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessCamera_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access the camera*
-- GP name: *LetAppsAccessCamera*
-- GP element: *LetAppsAccessCamera_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessContacts**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Specifies whether Windows apps can access contacts.
-
-
-Most restricted value is 2.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access contacts*
-- GP name: *LetAppsAccessContacts*
-- GP element: *LetAppsAccessContacts_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – User in control.
-- 1 – Force allow.
-- 2 - Force deny.
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessContacts_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access contacts*
-- GP name: *LetAppsAccessContacts*
-- GP element: *LetAppsAccessContacts_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessContacts_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access contacts*
-- GP name: *LetAppsAccessContacts*
-- GP element: *LetAppsAccessContacts_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessContacts_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access contacts*
-- GP name: *LetAppsAccessContacts*
-- GP element: *LetAppsAccessContacts_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessEmail**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Specifies whether Windows apps can access email.
-
-
-Most restricted value is 2.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access email*
-- GP name: *LetAppsAccessEmail*
-- GP element: *LetAppsAccessEmail_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – User in control.
-- 1 – Force allow.
-- 2 - Force deny.
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessEmail_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access email*
-- GP name: *LetAppsAccessEmail*
-- GP element: *LetAppsAccessEmail_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessEmail_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access email*
-- GP name: *LetAppsAccessEmail*
-- GP element: *LetAppsAccessEmail_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessEmail_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access email*
-- GP name: *LetAppsAccessEmail*
-- GP element: *LetAppsAccessEmail_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessGazeInput**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 5 |
- 5 |
- 5 |
- 5 |
- 5 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting specifies whether Windows apps can access the eye tracker.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 5 |
- 5 |
- 5 |
- 5 |
- 5 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the eye tracker. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 5 |
- 5 |
- 5 |
- 5 |
- 5 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the eye tracker. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 5 |
- 5 |
- 5 |
- 5 |
- 5 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the eye tracker privacy setting for the listed apps. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessLocation**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Specifies whether Windows apps can access location.
-
-
-Most restricted value is 2.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access location*
-- GP name: *LetAppsAccessLocation*
-- GP element: *LetAppsAccessLocation_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – User in control.
-- 1 – Force allow.
-- 2 - Force deny.
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessLocation_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access location*
-- GP name: *LetAppsAccessLocation*
-- GP element: *LetAppsAccessLocation_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessLocation_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access location*
-- GP name: *LetAppsAccessLocation*
-- GP element: *LetAppsAccessLocation_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessLocation_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access location*
-- GP name: *LetAppsAccessLocation*
-- GP element: *LetAppsAccessLocation_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessMessaging**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Specifies whether Windows apps can read or send messages (text or MMS).
-
-
-Most restricted value is 2.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access messaging*
-- GP name: *LetAppsAccessMessaging*
-- GP element: *LetAppsAccessMessaging_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – User in control.
-- 1 – Force allow.
-- 2 - Force deny.
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessMessaging_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access messaging*
-- GP name: *LetAppsAccessMessaging*
-- GP element: *LetAppsAccessMessaging_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessMessaging_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access messaging*
-- GP name: *LetAppsAccessMessaging*
-- GP element: *LetAppsAccessMessaging_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access messaging*
-- GP name: *LetAppsAccessMessaging*
-- GP element: *LetAppsAccessMessaging_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessMicrophone**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Specifies whether Windows apps can access the microphone.
-
-
-Most restricted value is 2.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access the microphone*
-- GP name: *LetAppsAccessMicrophone*
-- GP element: *LetAppsAccessMicrophone_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – User in control.
-- 1 – Force allow.
-- 2 - Force deny.
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access the microphone*
-- GP name: *LetAppsAccessMicrophone*
-- GP element: *LetAppsAccessMicrophone_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access the microphone*
-- GP name: *LetAppsAccessMicrophone*
-- GP element: *LetAppsAccessMicrophone_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access the microphone*
-- GP name: *LetAppsAccessMicrophone*
-- GP element: *LetAppsAccessMicrophone_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessMotion**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Specifies whether Windows apps can access motion data.
-
-
-Most restricted value is 2.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access motion*
-- GP name: *LetAppsAccessMotion*
-- GP element: *LetAppsAccessMotion_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – User in control.
-- 1 – Force allow.
-- 2 - Force deny.
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessMotion_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access motion*
-- GP name: *LetAppsAccessMotion*
-- GP element: *LetAppsAccessMotion_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessMotion_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access motion*
-- GP name: *LetAppsAccessMotion*
-- GP element: *LetAppsAccessMotion_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessMotion_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access motion*
-- GP name: *LetAppsAccessMotion*
-- GP element: *LetAppsAccessMotion_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessNotifications**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Specifies whether Windows apps can access notifications.
-
-
-Most restricted value is 2.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access notifications*
-- GP name: *LetAppsAccessNotifications*
-- GP element: *LetAppsAccessNotifications_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – User in control.
-- 1 – Force allow.
-- 2 - Force deny.
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessNotifications_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access notifications*
-- GP name: *LetAppsAccessNotifications*
-- GP element: *LetAppsAccessNotifications_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessNotifications_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access notifications*
-- GP name: *LetAppsAccessNotifications*
-- GP element: *LetAppsAccessNotifications_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access notifications*
-- GP name: *LetAppsAccessNotifications*
-- GP element: *LetAppsAccessNotifications_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessPhone**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Specifies whether Windows apps can make phone calls.
-
-
-Most restricted value is 2.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps make phone calls*
-- GP name: *LetAppsAccessPhone*
-- GP element: *LetAppsAccessPhone_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – User in control.
-- 1 – Force allow.
-- 2 - Force deny.
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessPhone_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps make phone calls*
-- GP name: *LetAppsAccessPhone*
-- GP element: *LetAppsAccessPhone_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessPhone_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps make phone calls*
-- GP name: *LetAppsAccessPhone*
-- GP element: *LetAppsAccessPhone_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessPhone_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps make phone calls*
-- GP name: *LetAppsAccessPhone*
-- GP element: *LetAppsAccessPhone_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessRadios**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Specifies whether Windows apps have access to control radios.
-
-
-Most restricted value is 2.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps control radios*
-- GP name: *LetAppsAccessRadios*
-- GP element: *LetAppsAccessRadios_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – User in control.
-- 1 – Force allow.
-- 2 - Force deny.
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessRadios_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps control radios*
-- GP name: *LetAppsAccessRadios*
-- GP element: *LetAppsAccessRadios_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessRadios_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps control radios*
-- GP name: *LetAppsAccessRadios*
-- GP element: *LetAppsAccessRadios_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessRadios_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps control radios*
-- GP name: *LetAppsAccessRadios*
-- GP element: *LetAppsAccessRadios_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessTasks**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. Specifies whether Windows apps can access tasks.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access Tasks*
-- GP name: *LetAppsAccessTasks*
-- GP element: *LetAppsAccessTasks_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessTasks_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access Tasks*
-- GP name: *LetAppsAccessTasks*
-- GP element: *LetAppsAccessTasks_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessTasks_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access Tasks*
-- GP name: *LetAppsAccessTasks*
-- GP element: *LetAppsAccessTasks_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessTasks_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access Tasks*
-- GP name: *LetAppsAccessTasks*
-- GP element: *LetAppsAccessTasks_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessTrustedDevices**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Specifies whether Windows apps can access trusted devices.
-
-
-Most restricted value is 2.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access trusted devices*
-- GP name: *LetAppsAccessTrustedDevices*
-- GP element: *LetAppsAccessTrustedDevices_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – User in control.
-- 1 – Force allow.
-- 2 - Force deny.
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access trusted devices*
-- GP name: *LetAppsAccessTrustedDevices*
-- GP element: *LetAppsAccessTrustedDevices_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access trusted devices*
-- GP name: *LetAppsAccessTrustedDevices*
-- GP element: *LetAppsAccessTrustedDevices_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access trusted devices*
-- GP name: *LetAppsAccessTrustedDevices*
-- GP element: *LetAppsAccessTrustedDevices_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsGetDiagnosticInfo**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. Force allow, force deny or give user control of apps that can get diagnostic information about other running apps.
-
-
-Most restricted value is 2.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access diagnostic information about other apps*
-- GP name: *LetAppsGetDiagnosticInfo*
-- GP element: *LetAppsGetDiagnosticInfo_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – User in control.
-- 1 – Force allow.
-- 2 - Force deny.
-
-
-
-
-
-
-
-**Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access diagnostic information about other apps*
-- GP name: *LetAppsGetDiagnosticInfo*
-- GP element: *LetAppsGetDiagnosticInfo_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access diagnostic information about other apps*
-- GP name: *LetAppsGetDiagnosticInfo*
-- GP element: *LetAppsGetDiagnosticInfo_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps access diagnostic information about other apps*
-- GP name: *LetAppsGetDiagnosticInfo*
-- GP element: *LetAppsGetDiagnosticInfo_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsRunInBackground**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. Specifies whether Windows apps can run in the background.
-
-
-Most restricted value is 2.
-> [!WARNING]
-> Be careful when determining which apps should have their background activity disabled. Communication apps normally update tiles and notifications through background processes. Turning off background activity for these types of apps could cause text message, email, and voicemail notifications to not function. This could also cause background email syncing to not function properly.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps run in the background*
-- GP name: *LetAppsRunInBackground*
-- GP element: *LetAppsRunInBackground_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – User in control (default).
-- 1 – Force allow.
-- 2 - Force deny.
-
-
-
-
-
-
-
-**Privacy/LetAppsRunInBackground_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps run in the background*
-- GP name: *LetAppsRunInBackground*
-- GP element: *LetAppsRunInBackground_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsRunInBackground_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps run in the background*
-- GP name: *LetAppsRunInBackground*
-- GP element: *LetAppsRunInBackground_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsRunInBackground_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps run in the background*
-- GP name: *LetAppsRunInBackground*
-- GP element: *LetAppsRunInBackground_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsSyncWithDevices**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Specifies whether Windows apps can sync with devices.
-
-
-Most restricted value is 2.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps communicate with unpaired devices*
-- GP name: *LetAppsSyncWithDevices*
-- GP element: *LetAppsSyncWithDevices_Enum*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – User in control.
-- 1 – Force allow.
-- 2 - Force deny.
-
-
-
-
-
-
-
-**Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps communicate with unpaired devices*
-- GP name: *LetAppsSyncWithDevices*
-- GP element: *LetAppsSyncWithDevices_ForceAllowTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps communicate with unpaired devices*
-- GP name: *LetAppsSyncWithDevices*
-- GP element: *LetAppsSyncWithDevices_ForceDenyTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
-
-
-
-ADMX Info:
-- GP English name: *Let Windows apps communicate with unpaired devices*
-- GP name: *LetAppsSyncWithDevices*
-- GP element: *LetAppsSyncWithDevices_UserInControlOfTheseApps_List*
-- GP path: *Windows Components/App Privacy*
-- GP ADMX file name: *AppPrivacy.admx*
-
-
-
-
-
-
-
-**Privacy/PublishUserActivities**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 3 |
- 3 |
- 3 |
- 3 |
- 3 |
- 3 |
- 3 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1709. Allows It Admins to enable publishing of user activities to the activity feed.
-
-
-
-ADMX Info:
-- GP English name: *Allow publishing of User Activities*
-- GP name: *PublishUserActivities*
-- GP path: *System/OS Policies*
-- GP ADMX file name: *OSPolicy.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – Disabled. Apps/OS can't publish the *user activities*.
-- 1 – (default) Enabled. Apps/OS can publish the *user activities*.
-
-
-
-
-
-
-
-**Privacy/UploadUserActivities**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- | 5 |
- 5 |
- 5 |
- 5 |
- 5 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Allows ActivityFeed to upload published 'User Activities'.
-
-
-
-ADMX Info:
-- GP English name: *Allow upload of User Activities*
-- GP name: *UploadUserActivities*
-- GP path: *System/OS Policies*
-- GP ADMX file name: *OSPolicy.admx*
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in the next major release of Windows 10.
-
-
-
-
+---
+title: Policy CSP - Privacy
+description: Policy CSP - Privacy
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MariciaAlforque
+ms.date: 08/14/2018
+---
+
+# Policy CSP - Privacy
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+
+
+
+## Privacy policies
+
+
+ -
+ Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
+
+ -
+ Privacy/AllowCrossDeviceClipboard
+
+ -
+ Privacy/AllowInputPersonalization
+
+ -
+ Privacy/DisableAdvertisingId
+
+ -
+ Privacy/DisablePrivacyExperience
+
+ -
+ Privacy/EnableActivityFeed
+
+ -
+ Privacy/LetAppsAccessAccountInfo
+
+ -
+ Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessCalendar
+
+ -
+ Privacy/LetAppsAccessCalendar_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessCalendar_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessCallHistory
+
+ -
+ Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessCamera
+
+ -
+ Privacy/LetAppsAccessCamera_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessCamera_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessCamera_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessContacts
+
+ -
+ Privacy/LetAppsAccessContacts_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessContacts_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessContacts_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessEmail
+
+ -
+ Privacy/LetAppsAccessEmail_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessEmail_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessEmail_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessGazeInput
+
+ -
+ Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessLocation
+
+ -
+ Privacy/LetAppsAccessLocation_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessLocation_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessLocation_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessMessaging
+
+ -
+ Privacy/LetAppsAccessMessaging_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessMessaging_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessMicrophone
+
+ -
+ Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessMotion
+
+ -
+ Privacy/LetAppsAccessMotion_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessMotion_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessMotion_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessNotifications
+
+ -
+ Privacy/LetAppsAccessNotifications_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessNotifications_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessPhone
+
+ -
+ Privacy/LetAppsAccessPhone_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessPhone_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessPhone_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessRadios
+
+ -
+ Privacy/LetAppsAccessRadios_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessRadios_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessRadios_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessTasks
+
+ -
+ Privacy/LetAppsAccessTasks_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessTasks_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessTasks_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsAccessTrustedDevices
+
+ -
+ Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsGetDiagnosticInfo
+
+ -
+ Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsRunInBackground
+
+ -
+ Privacy/LetAppsRunInBackground_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsRunInBackground_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsRunInBackground_UserInControlOfTheseApps
+
+ -
+ Privacy/LetAppsSyncWithDevices
+
+ -
+ Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps
+
+ -
+ Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps
+
+ -
+ Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps
+
+ -
+ Privacy/PublishUserActivities
+
+ -
+ Privacy/UploadUserActivities
+
+
+
+
+
+
+
+**Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 3 |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps.
+
+> [!Note]
+> There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709.
+
+
+Most restricted value is 0.
+
+
+
+The following list shows the supported values:
+
+- 0 (default)– Not allowed.
+- 1 – Allowed.
+
+
+
+
+
+
+
+**Privacy/AllowCrossDeviceClipboard**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 5 |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, next major version. Specifies whether clipboard items roam across devices. When this is allowed, an item copied to the clipboard is uploaded to the cloud so that other devices can access. Also, when this is allowed, a new clipboard item on the cloud is downloaded to a device so that user can paste on the device.
+
+Most restricted value is 0.
+
+
+
+ADMX Info:
+- GP English name: *Allow Clipboard synchronization across devices*
+- GP name: *AllowCrossDeviceClipboard*
+- GP path: *System/OS Policies*
+- GP ADMX file name: *OSPolicy.admx*
+
+
+
+The following list shows the supported values:
+
+0 – Not allowed.
+1 (default) – Allowed.
+
+
+
+
+
+
+
+**Privacy/AllowInputPersonalization**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Updated in Windows 10, next major version. This policy specifies whether users on the device have the option to enable online speech recognition. When enabled, users can use their voice for dictation and to talk to Cortana and other apps that use Microsoft cloud-based speech recognition. Microsoft will use voice input to help improve our speech services. If the policy value is set to 0, online speech recognition will be disabled and users cannot enable online speech recognition via settings. If policy value is set to 1 or is not configured, control is deferred to users.
+
+Most restricted value is 0.
+
+
+
+ADMX Info:
+- GP English name: *Allow input personalization*
+- GP name: *AllowInputPersonalization*
+- GP path: *Control Panel/Regional and Language Options*
+- GP ADMX file name: *Globalization.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – Not allowed.
+- 1 (default) – Choice deferred to user's preference.
+
+
+
+
+
+
+
+**Privacy/DisableAdvertisingId**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Enables or disables the Advertising ID.
+
+Most restricted value is 0.
+
+
+
+ADMX Info:
+- GP English name: *Turn off the advertising ID*
+- GP name: *DisableAdvertisingId*
+- GP path: *System/User Profiles*
+- GP ADMX file name: *UserProfiles.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – Disabled.
+- 1 – Enabled.
+- 65535 (default)- Not configured.
+
+
+
+
+
+
+
+**Privacy/DisablePrivacyExperience**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 5 |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+
+
+
+
+Enabling this policy prevents the privacy experience from launching during user logon for new and upgraded users.
+
+Value type is integer.
+- 0 (default) - Allow the "choose privacy settings for your device" screen for a new user during their first logon or when an existing user logs in for the first time after an upgrade.
+- 1 - Do not allow the "choose privacy settings for your device" screen when a new user logs in or an existing user logs in for the first time after an upgrade.
+
+In some enterprise managed environments, the privacy settings may be set by policies. In these cases, you can use this policy if you do not want to show a screen that would prompt your users to change these privacy settings.
+
+
+
+ADMX Info:
+- GP English name: *Don't launch privacy settings experience on user logon*
+- GP name: *DisablePrivacyExperience*
+- GP path: *Windows Components/OOBE*
+- GP ADMX file name: *OOBE.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**Privacy/EnableActivityFeed**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 3 |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1709. Allows IT Admins to allow Apps/OS to publish to the activity feed.
+
+
+
+ADMX Info:
+- GP English name: *Enables Activity Feed*
+- GP name: *EnableActivityFeed*
+- GP path: *System/OS Policies*
+- GP ADMX file name: *OSPolicy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – Disabled. Apps/OS can't publish the activities and roaming is disabled. (not published to the cloud).
+- 1 – (default) Enabled. Apps/OS can publish the activities and will be roamed across device graph.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessAccountInfo**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Specifies whether Windows apps can access account information.
+
+
+Most restricted value is 2.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access account information*
+- GP name: *LetAppsAccessAccountInfo*
+- GP element: *LetAppsAccessAccountInfo_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – User in control.
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access account information*
+- GP name: *LetAppsAccessAccountInfo*
+- GP element: *LetAppsAccessAccountInfo_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access account information*
+- GP name: *LetAppsAccessAccountInfo*
+- GP element: *LetAppsAccessAccountInfo_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access account information*
+- GP name: *LetAppsAccessAccountInfo*
+- GP element: *LetAppsAccessAccountInfo_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessCalendar**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Specifies whether Windows apps can access the calendar.
+
+
+Most restricted value is 2.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access the calendar*
+- GP name: *LetAppsAccessCalendar*
+- GP element: *LetAppsAccessCalendar_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – User in control.
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessCalendar_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access the calendar*
+- GP name: *LetAppsAccessCalendar*
+- GP element: *LetAppsAccessCalendar_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessCalendar_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access the calendar*
+- GP name: *LetAppsAccessCalendar*
+- GP element: *LetAppsAccessCalendar_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access the calendar*
+- GP name: *LetAppsAccessCalendar*
+- GP element: *LetAppsAccessCalendar_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessCallHistory**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Specifies whether Windows apps can access call history.
+
+
+Most restricted value is 2.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access call history*
+- GP name: *LetAppsAccessCallHistory*
+- GP element: *LetAppsAccessCallHistory_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – User in control.
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access call history*
+- GP name: *LetAppsAccessCallHistory*
+- GP element: *LetAppsAccessCallHistory_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access call history*
+- GP name: *LetAppsAccessCallHistory*
+- GP element: *LetAppsAccessCallHistory_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access call history*
+- GP name: *LetAppsAccessCallHistory*
+- GP element: *LetAppsAccessCallHistory_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessCamera**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Specifies whether Windows apps can access the camera.
+
+
+Most restricted value is 2.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access the camera*
+- GP name: *LetAppsAccessCamera*
+- GP element: *LetAppsAccessCamera_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – User in control.
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessCamera_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access the camera*
+- GP name: *LetAppsAccessCamera*
+- GP element: *LetAppsAccessCamera_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessCamera_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access the camera*
+- GP name: *LetAppsAccessCamera*
+- GP element: *LetAppsAccessCamera_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessCamera_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access the camera*
+- GP name: *LetAppsAccessCamera*
+- GP element: *LetAppsAccessCamera_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessContacts**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Specifies whether Windows apps can access contacts.
+
+
+Most restricted value is 2.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access contacts*
+- GP name: *LetAppsAccessContacts*
+- GP element: *LetAppsAccessContacts_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – User in control.
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessContacts_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access contacts*
+- GP name: *LetAppsAccessContacts*
+- GP element: *LetAppsAccessContacts_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessContacts_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access contacts*
+- GP name: *LetAppsAccessContacts*
+- GP element: *LetAppsAccessContacts_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessContacts_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access contacts*
+- GP name: *LetAppsAccessContacts*
+- GP element: *LetAppsAccessContacts_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessEmail**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Specifies whether Windows apps can access email.
+
+
+Most restricted value is 2.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access email*
+- GP name: *LetAppsAccessEmail*
+- GP element: *LetAppsAccessEmail_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – User in control.
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessEmail_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access email*
+- GP name: *LetAppsAccessEmail*
+- GP element: *LetAppsAccessEmail_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessEmail_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access email*
+- GP name: *LetAppsAccessEmail*
+- GP element: *LetAppsAccessEmail_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessEmail_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access email*
+- GP name: *LetAppsAccessEmail*
+- GP element: *LetAppsAccessEmail_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessGazeInput**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 5 |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting specifies whether Windows apps can access the eye tracker.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 5 |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the eye tracker. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 5 |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the eye tracker. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 5 |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the eye tracker privacy setting for the listed apps. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessLocation**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Specifies whether Windows apps can access location.
+
+
+Most restricted value is 2.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access location*
+- GP name: *LetAppsAccessLocation*
+- GP element: *LetAppsAccessLocation_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – User in control.
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessLocation_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access location*
+- GP name: *LetAppsAccessLocation*
+- GP element: *LetAppsAccessLocation_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessLocation_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access location*
+- GP name: *LetAppsAccessLocation*
+- GP element: *LetAppsAccessLocation_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessLocation_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access location*
+- GP name: *LetAppsAccessLocation*
+- GP element: *LetAppsAccessLocation_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessMessaging**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Specifies whether Windows apps can read or send messages (text or MMS).
+
+
+Most restricted value is 2.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access messaging*
+- GP name: *LetAppsAccessMessaging*
+- GP element: *LetAppsAccessMessaging_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – User in control.
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessMessaging_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access messaging*
+- GP name: *LetAppsAccessMessaging*
+- GP element: *LetAppsAccessMessaging_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessMessaging_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access messaging*
+- GP name: *LetAppsAccessMessaging*
+- GP element: *LetAppsAccessMessaging_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access messaging*
+- GP name: *LetAppsAccessMessaging*
+- GP element: *LetAppsAccessMessaging_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessMicrophone**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Specifies whether Windows apps can access the microphone.
+
+
+Most restricted value is 2.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access the microphone*
+- GP name: *LetAppsAccessMicrophone*
+- GP element: *LetAppsAccessMicrophone_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – User in control.
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access the microphone*
+- GP name: *LetAppsAccessMicrophone*
+- GP element: *LetAppsAccessMicrophone_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access the microphone*
+- GP name: *LetAppsAccessMicrophone*
+- GP element: *LetAppsAccessMicrophone_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access the microphone*
+- GP name: *LetAppsAccessMicrophone*
+- GP element: *LetAppsAccessMicrophone_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessMotion**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Specifies whether Windows apps can access motion data.
+
+
+Most restricted value is 2.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access motion*
+- GP name: *LetAppsAccessMotion*
+- GP element: *LetAppsAccessMotion_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – User in control.
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessMotion_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access motion*
+- GP name: *LetAppsAccessMotion*
+- GP element: *LetAppsAccessMotion_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessMotion_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access motion*
+- GP name: *LetAppsAccessMotion*
+- GP element: *LetAppsAccessMotion_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessMotion_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access motion*
+- GP name: *LetAppsAccessMotion*
+- GP element: *LetAppsAccessMotion_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessNotifications**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Specifies whether Windows apps can access notifications.
+
+
+Most restricted value is 2.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access notifications*
+- GP name: *LetAppsAccessNotifications*
+- GP element: *LetAppsAccessNotifications_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – User in control.
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessNotifications_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access notifications*
+- GP name: *LetAppsAccessNotifications*
+- GP element: *LetAppsAccessNotifications_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessNotifications_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access notifications*
+- GP name: *LetAppsAccessNotifications*
+- GP element: *LetAppsAccessNotifications_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access notifications*
+- GP name: *LetAppsAccessNotifications*
+- GP element: *LetAppsAccessNotifications_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessPhone**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Specifies whether Windows apps can make phone calls.
+
+
+Most restricted value is 2.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps make phone calls*
+- GP name: *LetAppsAccessPhone*
+- GP element: *LetAppsAccessPhone_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – User in control.
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessPhone_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps make phone calls*
+- GP name: *LetAppsAccessPhone*
+- GP element: *LetAppsAccessPhone_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessPhone_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps make phone calls*
+- GP name: *LetAppsAccessPhone*
+- GP element: *LetAppsAccessPhone_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessPhone_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps make phone calls*
+- GP name: *LetAppsAccessPhone*
+- GP element: *LetAppsAccessPhone_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessRadios**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Specifies whether Windows apps have access to control radios.
+
+
+Most restricted value is 2.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps control radios*
+- GP name: *LetAppsAccessRadios*
+- GP element: *LetAppsAccessRadios_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – User in control.
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessRadios_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps control radios*
+- GP name: *LetAppsAccessRadios*
+- GP element: *LetAppsAccessRadios_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessRadios_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps control radios*
+- GP name: *LetAppsAccessRadios*
+- GP element: *LetAppsAccessRadios_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessRadios_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps control radios*
+- GP name: *LetAppsAccessRadios*
+- GP element: *LetAppsAccessRadios_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessTasks**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. Specifies whether Windows apps can access tasks.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access Tasks*
+- GP name: *LetAppsAccessTasks*
+- GP element: *LetAppsAccessTasks_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessTasks_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access Tasks*
+- GP name: *LetAppsAccessTasks*
+- GP element: *LetAppsAccessTasks_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessTasks_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access Tasks*
+- GP name: *LetAppsAccessTasks*
+- GP element: *LetAppsAccessTasks_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessTasks_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access Tasks*
+- GP name: *LetAppsAccessTasks*
+- GP element: *LetAppsAccessTasks_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessTrustedDevices**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Specifies whether Windows apps can access trusted devices.
+
+
+Most restricted value is 2.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access trusted devices*
+- GP name: *LetAppsAccessTrustedDevices*
+- GP element: *LetAppsAccessTrustedDevices_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – User in control.
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access trusted devices*
+- GP name: *LetAppsAccessTrustedDevices*
+- GP element: *LetAppsAccessTrustedDevices_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access trusted devices*
+- GP name: *LetAppsAccessTrustedDevices*
+- GP element: *LetAppsAccessTrustedDevices_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access trusted devices*
+- GP name: *LetAppsAccessTrustedDevices*
+- GP element: *LetAppsAccessTrustedDevices_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsGetDiagnosticInfo**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. Force allow, force deny or give user control of apps that can get diagnostic information about other running apps.
+
+
+Most restricted value is 2.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access diagnostic information about other apps*
+- GP name: *LetAppsGetDiagnosticInfo*
+- GP element: *LetAppsGetDiagnosticInfo_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – User in control.
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access diagnostic information about other apps*
+- GP name: *LetAppsGetDiagnosticInfo*
+- GP element: *LetAppsGetDiagnosticInfo_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access diagnostic information about other apps*
+- GP name: *LetAppsGetDiagnosticInfo*
+- GP element: *LetAppsGetDiagnosticInfo_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps access diagnostic information about other apps*
+- GP name: *LetAppsGetDiagnosticInfo*
+- GP element: *LetAppsGetDiagnosticInfo_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsRunInBackground**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. Specifies whether Windows apps can run in the background.
+
+
+Most restricted value is 2.
+> [!WARNING]
+> Be careful when determining which apps should have their background activity disabled. Communication apps normally update tiles and notifications through background processes. Turning off background activity for these types of apps could cause text message, email, and voicemail notifications to not function. This could also cause background email syncing to not function properly.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps run in the background*
+- GP name: *LetAppsRunInBackground*
+- GP element: *LetAppsRunInBackground_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – User in control (default).
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsRunInBackground_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps run in the background*
+- GP name: *LetAppsRunInBackground*
+- GP element: *LetAppsRunInBackground_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsRunInBackground_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps run in the background*
+- GP name: *LetAppsRunInBackground*
+- GP element: *LetAppsRunInBackground_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsRunInBackground_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps run in the background*
+- GP name: *LetAppsRunInBackground*
+- GP element: *LetAppsRunInBackground_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsSyncWithDevices**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Specifies whether Windows apps can sync with devices.
+
+
+Most restricted value is 2.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps communicate with unpaired devices*
+- GP name: *LetAppsSyncWithDevices*
+- GP element: *LetAppsSyncWithDevices_Enum*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – User in control.
+- 1 – Force allow.
+- 2 - Force deny.
+
+
+
+
+
+
+
+**Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps communicate with unpaired devices*
+- GP name: *LetAppsSyncWithDevices*
+- GP element: *LetAppsSyncWithDevices_ForceAllowTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps communicate with unpaired devices*
+- GP name: *LetAppsSyncWithDevices*
+- GP element: *LetAppsSyncWithDevices_ForceDenyTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+
+
+
+ADMX Info:
+- GP English name: *Let Windows apps communicate with unpaired devices*
+- GP name: *LetAppsSyncWithDevices*
+- GP element: *LetAppsSyncWithDevices_UserInControlOfTheseApps_List*
+- GP path: *Windows Components/App Privacy*
+- GP ADMX file name: *AppPrivacy.admx*
+
+
+
+
+
+
+
+**Privacy/PublishUserActivities**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 3 |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1709. Allows It Admins to enable publishing of user activities to the activity feed.
+
+
+
+ADMX Info:
+- GP English name: *Allow publishing of User Activities*
+- GP name: *PublishUserActivities*
+- GP path: *System/OS Policies*
+- GP ADMX file name: *OSPolicy.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – Disabled. Apps/OS can't publish the *user activities*.
+- 1 – (default) Enabled. Apps/OS can publish the *user activities*.
+
+
+
+
+
+
+
+**Privacy/UploadUserActivities**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 5 |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Allows ActivityFeed to upload published 'User Activities'.
+
+
+
+ADMX Info:
+- GP English name: *Allow upload of User Activities*
+- GP name: *UploadUserActivities*
+- GP path: *System/OS Policies*
+- GP ADMX file name: *OSPolicy.admx*
+
+
+
+
+
+Footnote:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in the next major release of Windows 10.
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index fce37d78d3..5c8db780af 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -6,11 +6,13 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
-ms.date: 08/09/2018
+ms.date: 08/14/2018
---
# Policy CSP - Start
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
@@ -49,6 +51,9 @@ ms.date: 08/09/2018
Start/AllowPinnedFolderVideos
+
+ Start/DisableContextMenus
+
Start/ForceStartSize
@@ -621,6 +626,67 @@ The following list shows the supported values:
+
+**Start/DisableContextMenus**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 4 |
+ 4 |
+ 4 |
+ 4 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+
+
+
+
+Enabling this policy prevents context menus from being invoked in the Start Menu.
+
+
+
+ADMX Info:
+- GP English name: *Disable context menus in the Start Menu*
+- GP name: *DisableContextMenusInStart*
+- GP path: *Start Menu and Taskbar*
+- GP ADMX file name: *StartMenu.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
**Start/ForceStartSize**
@@ -1780,6 +1846,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
+- 5 - Added in the next major release of Windows 10.
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 99145cc967..df68eeee47 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -1,3570 +1,3570 @@
----
-title: Policy CSP - Update
-description: Policy CSP - Update
-ms.author: maricia
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: MariciaAlforque
-ms.date: 08/10/2018
----
-
-# Policy CSP - Update
-
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
-
-
-
-
-## Update policies
-
-
- -
- Update/ActiveHoursEnd
-
- -
- Update/ActiveHoursMaxRange
-
- -
- Update/ActiveHoursStart
-
- -
- Update/AllowAutoUpdate
-
- -
- Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork
-
- -
- Update/AllowMUUpdateService
-
- -
- Update/AllowNonMicrosoftSignedUpdate
-
- -
- Update/AllowUpdateService
-
- -
- Update/AutoRestartDeadlinePeriodInDays
-
- -
- Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates
-
- -
- Update/AutoRestartNotificationSchedule
-
- -
- Update/AutoRestartRequiredNotificationDismissal
-
- -
- Update/BranchReadinessLevel
-
- -
- Update/ConfigureFeatureUpdateUninstallPeriod
-
- -
- Update/DeferFeatureUpdatesPeriodInDays
-
- -
- Update/DeferQualityUpdatesPeriodInDays
-
- -
- Update/DeferUpdatePeriod
-
- -
- Update/DeferUpgradePeriod
-
- -
- Update/DetectionFrequency
-
- -
- Update/DisableDualScan
-
- -
- Update/EngagedRestartDeadline
-
- -
- Update/EngagedRestartDeadlineForFeatureUpdates
-
- -
- Update/EngagedRestartSnoozeSchedule
-
- -
- Update/EngagedRestartSnoozeScheduleForFeatureUpdates
-
- -
- Update/EngagedRestartTransitionSchedule
-
- -
- Update/EngagedRestartTransitionScheduleForFeatureUpdates
-
- -
- Update/ExcludeWUDriversInQualityUpdate
-
- -
- Update/FillEmptyContentUrls
-
- -
- Update/IgnoreMOAppDownloadLimit
-
- -
- Update/IgnoreMOUpdateDownloadLimit
-
- -
- Update/ManagePreviewBuilds
-
- -
- Update/PauseDeferrals
-
- -
- Update/PauseFeatureUpdates
-
- -
- Update/PauseFeatureUpdatesStartTime
-
- -
- Update/PauseQualityUpdates
-
- -
- Update/PauseQualityUpdatesStartTime
-
- -
- Update/PhoneUpdateRestrictions
-
- -
- Update/RequireDeferUpgrade
-
- -
- Update/RequireUpdateApproval
-
- -
- Update/ScheduleImminentRestartWarning
-
- -
- Update/ScheduleRestartWarning
-
- -
- Update/ScheduledInstallDay
-
- -
- Update/ScheduledInstallEveryWeek
-
- -
- Update/ScheduledInstallFirstWeek
-
- -
- Update/ScheduledInstallFourthWeek
-
- -
- Update/ScheduledInstallSecondWeek
-
- -
- Update/ScheduledInstallThirdWeek
-
- -
- Update/ScheduledInstallTime
-
- -
- Update/SetAutoRestartNotificationDisable
-
- -
- Update/SetDisablePauseUXAccess
-
- -
- Update/SetDisableUXWUAccess
-
- -
- Update/SetEDURestart
-
- -
- Update/UpdateNotificationLevel
-
- -
- Update/UpdateServiceUrl
-
- -
- Update/UpdateServiceUrlAlternate
-
-
-
-
-
-
-
-**Update/ActiveHoursEnd**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 1 |
- 1 |
- 1 |
- 1 |
- |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time.
-
-> [!NOTE]
-> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information.
-
-Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
-
-The default is 17 (5 PM).
-
-
-
-ADMX Info:
-- GP English name: *Turn off auto-restart for updates during active hours*
-- GP name: *ActiveHours*
-- GP element: *ActiveHoursEndTime*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/ActiveHoursMaxRange**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 2 |
- 2 |
- 2 |
- 2 |
- |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time.
-
-Supported values are 8-18.
-
-The default value is 18 (hours).
-
-
-
-ADMX Info:
-- GP English name: *Specify active hours range for auto-restarts*
-- GP name: *ActiveHoursMaxRange*
-- GP element: *ActiveHoursMaxRange*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/ActiveHoursStart**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 1 |
- 1 |
- 1 |
- 1 |
- |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time.
-
-> [!NOTE]
-> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information.
-
-Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
-
-The default value is 8 (8 AM).
-
-
-
-ADMX Info:
-- GP English name: *Turn off auto-restart for updates during active hours*
-- GP name: *ActiveHours*
-- GP element: *ActiveHoursStartTime*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/AllowAutoUpdate**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- |
- |
- |
- |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Enables the IT admin to manage automatic update behavior to scan, download, and install updates.
-
-Supported operations are Get and Replace.
-
-
-> [!IMPORTANT]
-> This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
-
-
-If the policy is not configured, end-users get the default behavior (Auto install and restart).
-
-
-
-ADMX Info:
-- GP English name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *AutoUpdateMode*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel.
-- 1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that do not shutdown properly on restart.
-- 2 (default) – Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that does not shutdown properly on restart.
-- 3 – Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart.
-- 4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only.
-- 5 – Turn off automatic updates.
-
-
-
-
-
-
-
-**Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 3 |
- 3 |
- 3 |
- 3 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1709. Option to download updates automatically over metered connections (off by default). Value type is integer.
-
-A significant number of devices primarily use cellular data and do not have Wi-Fi access, which leads to a lower number of devices getting updates. Since a large number of devices have large data plans or unlimited data, this policy can unblock devices from getting updates.
-
-This policy is accessible through the Update setting in the user interface or Group Policy.
-
-
-
-ADMX Info:
-- GP English name: *Allow updates to be downloaded automatically over metered connections*
-- GP name: *AllowAutoWindowsUpdateDownloadOverMeteredNetwork*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 (default) - Not allowed
-- 1 - Allowed
-
-
-
-
-
-
-
-**Update/AllowMUUpdateService**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 1 |
- 1 |
- 1 |
- 1 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
-
-
-
-ADMX Info:
-- GP English name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *AllowMUUpdateServiceId*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – Not allowed or not configured.
-- 1 – Allowed. Accepts updates received through Microsoft Update.
-
-
-
-
-
-
-
-**Update/AllowNonMicrosoftSignedUpdate**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- |
- |
- |
- |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution.
-
-Supported operations are Get and Replace.
-
-This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
-
-
-
-The following list shows the supported values:
-
-- 0 – Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft.
-- 1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer.
-
-
-
-
-
-
-
-**Update/AllowUpdateService**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- |
- |
- |
- |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store.
-
-Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store
-
-Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft Store to stop working.
-
-> [!NOTE]
-> This policy applies only when the desktop or device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy.
-
-
-
-ADMX Info:
-- GP English name: *Specify intranet Microsoft update service location*
-- GP name: *CorpWuURL*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – Update service is not allowed.
-- 1 (default) – Update service is allowed.
-
-
-
-
-
-
-
-**Update/AutoRestartDeadlinePeriodInDays**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 2 |
- 2 |
- 2 |
- 2 |
- |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-For Quality Updates, this policy specifies the deadline in days before automatically executing a scheduled restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart is scheduled.
-
-Value type is integer. Default is 7 days.
-
-Supported values range: 2-30.
-
-Note that the PC must restart for certain updates to take effect.
-
-If you enable this policy, a restart will automatically occur the specified number of days after the restart was scheduled.
-
-If you disable or do not configure this policy, the PC will restart according to the default schedule.
-
-If any of the following two policies are enabled, this policy has no effect:
-1. No auto-restart with logged on users for scheduled automatic updates installations.
-2. Always automatically restart at scheduled time.
-
-
-
-ADMX Info:
-- GP English name: *Specify deadline before auto-restart for update installation*
-- GP name: *AutoRestartDeadline*
-- GP element: *AutoRestartDeadline*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 5 |
- 5 |
- 5 |
- 5 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-For Feature Updates, this policy specifies the deadline in days before automatically executing a scheduled restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart is scheduled.
-
-Value type is integer. Default is 7 days.
-
-Supported values range: 2-30.
-
-Note that the PC must restart for certain updates to take effect.
-
-If you enable this policy, a restart will automatically occur the specified number of days after the restart was scheduled.
-
-If you disable or do not configure this policy, the PC will restart according to the default schedule.
-
-If any of the following two policies are enabled, this policy has no effect:
-1. No auto-restart with logged on users for scheduled automatic updates installations.
-2. Always automatically restart at scheduled time.
-
-
-
-ADMX Info:
-- GP English name: *Specify deadline before auto-restart for update installation*
-- GP name: *AutoRestartDeadline*
-- GP element: *AutoRestartDeadlineForFeatureUpdates*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/AutoRestartNotificationSchedule**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 2 |
- 2 |
- 2 |
- 2 |
- |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications.
-
-The default value is 15 (minutes).
-
-
-
-ADMX Info:
-- GP English name: *Configure auto-restart reminder notifications for updates*
-- GP name: *AutoRestartNotificationConfig*
-- GP element: *AutoRestartNotificationSchd*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-Supported values are 15, 30, 60, 120, and 240 (minutes).
-
-
-
-
-
-
-
-**Update/AutoRestartRequiredNotificationDismissal**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 2 |
- 2 |
- 2 |
- 2 |
- |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed.
-
-
-
-ADMX Info:
-- GP English name: *Configure auto-restart required notification for updates*
-- GP name: *AutoRestartRequiredNotificationDismissal*
-- GP element: *AutoRestartRequiredNotificationDismissal*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- 1 (default) – Auto Dismissal.
-- 2 – User Dismissal.
-
-
-
-
-
-
-
-**Update/BranchReadinessLevel**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 1 |
- 1 |
- 1 |
- 1 |
- |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from.
-
-
-
-ADMX Info:
-- GP English name: *Select when Preview Builds and Feature Updates are received*
-- GP name: *DeferFeatureUpdates*
-- GP element: *BranchReadinessLevelId*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- 2 {0x2} - Windows Insider build - Fast (added in Windows 10, version 1709)
-- 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709)
-- 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709)
-- 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted).
-- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel.
-
-
-
-
-
-
-
-**Update/ConfigureFeatureUpdateUninstallPeriod**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 4 |
- 4 |
- 4 |
- 4 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1803. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days.
-
-
-
-
-
-
-
-**Update/DeferFeatureUpdatesPeriodInDays**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 1 |
- 1 |
- 1 |
- 1 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
-
-Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days.
-
-Supported values are 0-365 days.
-
-> [!IMPORTANT]
-> The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703.
-
-
-
-ADMX Info:
-- GP English name: *Select when Preview Builds and Feature Updates are received*
-- GP name: *DeferFeatureUpdates*
-- GP element: *DeferFeatureUpdatesPeriodId*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/DeferQualityUpdatesPeriodInDays**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 1 |
- 1 |
- 1 |
- 1 |
- |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days.
-
-Supported values are 0-30.
-
-
-
-ADMX Info:
-- GP English name: *Select when Quality Updates are received*
-- GP name: *DeferQualityUpdates*
-- GP element: *DeferQualityUpdatesPeriodId*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/DeferUpdatePeriod**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- |
- |
- |
- |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices.
-
-
-Allows IT Admins to specify update delays for up to 4 weeks.
-
-Supported values are 0-4, which refers to the number of weeks to defer updates.
-
-In Windows 10 Mobile Enterprise version 1511 devices set to automatic updates, for DeferUpdatePeriod to work, you must set the following:
-
-- Update/RequireDeferUpgrade must be set to 1
-- System/AllowTelemetry must be set to 1 or higher
-
-If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
-If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
-OS upgrade:
-- Maximum deferral: 8 months
-- Deferral increment: 1 month
-- Update type/notes:
- - Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5
-
-Update:
-- Maximum deferral: 1 month
-- Deferral increment: 1 week
-- Update type/notes:
- If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic.
- - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441
- - Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4
- - Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F
- - Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828
- - Tools - B4832BD8-E735-4761-8DAF-37F882276DAB
- - Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F
- - Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
- - Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
-
-Other/cannot defer:
-- Maximum deferral: No deferral
-- Deferral increment: No deferral
-- Update type/notes:
- Any update category not specifically enumerated above falls into this category.
- - Definition Update - E0789628-CE08-4437-BE74-2495B842F43B
-
-
-
-
-
-ADMX Info:
-- GP name: *DeferUpgrade*
-- GP element: *DeferUpdatePeriodId*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/DeferUpgradePeriod**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- |
- |
- |
- |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
->
-> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices.
-
-
-Allows IT Admins to specify additional upgrade delays for up to 8 months.
-
-Supported values are 0-8, which refers to the number of months to defer upgrades.
-
-If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
-If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
-
-
-ADMX Info:
-- GP name: *DeferUpgrade*
-- GP element: *DeferUpgradePeriodId*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/DetectionFrequency**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 2 |
- 2 |
- 2 |
- 2 |
- |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours.
-
-
-
-ADMX Info:
-- GP English name: *Automatic Updates detection frequency*
-- GP name: *DetectionFrequency_Title*
-- GP element: *DetectionFrequency_Hour2*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/DisableDualScan**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 3 |
- 3 |
- 3 |
- 3 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1709, but was added to 1607 and 1703 service releases. Do not allow update deferral policies to cause scans against Windows Update. If this policy is not enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like.
-
-For more information about dual scan, see [Demystifying "Dual Scan"](https://blogs.technet.microsoft.com/wsus/2017/05/05/demystifying-dual-scan/) and [Improving Dual Scan on 1607](https://blogs.technet.microsoft.com/wsus/2017/08/04/improving-dual-scan-on-1607/).
-
-This is the same as the Group Policy in Windows Components > Window Update "Do not allow update deferral policies to cause scans against Windows Update."
-
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
-
-
-
-ADMX Info:
-- GP English name: *Do not allow update deferral policies to cause scans against Windows Update*
-- GP name: *DisableDualScan*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 - allow scan against Windows Update
-- 1 - do not allow update deferral policies to cause scans against Windows Update
-
-
-
-
-
-
-
-**Update/EngagedRestartDeadline**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 2 |
- 2 |
- 2 |
- 2 |
- |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-For Quality Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period.
-
-Value type is integer. Default is 14.
-
-Supported value range: 2 - 30.
-
-If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (e.g. pending user scheduling).
-
-If you disable or do not configure this policy, the default behaviors will be used.
-
-If any of the following policies are configured, this policy has no effect:
-1. No auto-restart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before auto-restart for update installation
-
-
-
-ADMX Info:
-- GP English name: *Specify Engaged restart transition and notification schedule for updates*
-- GP name: *EngagedRestartTransitionSchedule*
-- GP element: *EngagedRestartDeadline*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/EngagedRestartDeadlineForFeatureUpdates**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 5 |
- 5 |
- 5 |
- 5 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-For Feature Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period.
-
-Value type is integer. Default is 14.
-
-Supported value range: 2 - 30.
-
-If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (e.g. pending user scheduling).
-
-If you disable or do not configure this policy, the default behaviors will be used.
-
-If any of the following policies are configured, this policy has no effect:
-1. No auto-restart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before auto-restart for update installation
-
-
-
-ADMX Info:
-- GP English name: *Specify Engaged restart transition and notification schedule for updates*
-- GP name: *EngagedRestartTransitionSchedule*
-- GP element: *EngagedRestartDeadlineForFeatureUpdates*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/EngagedRestartSnoozeSchedule**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 2 |
- 2 |
- 2 |
- 2 |
- |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-For Quality Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.
-
-Value type is integer. Default is 3 days.
-
-Supported value range: 1 - 3.
-
-If you disable or do not configure this policy, the default behaviors will be used.
-
-If any of the following policies are configured, this policy has no effect:
-1. No auto-restart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before auto-restart for update installation
-
-
-
-ADMX Info:
-- GP English name: *Specify Engaged restart transition and notification schedule for updates*
-- GP name: *EngagedRestartTransitionSchedule*
-- GP element: *EngagedRestartSnoozeSchedule*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/EngagedRestartSnoozeScheduleForFeatureUpdates**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 5 |
- 5 |
- 5 |
- 5 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-For Feature Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.
-
-Value type is integer. Default is 3 days.
-
-Supported value range: 1 - 3.
-
-If you disable or do not configure this policy, the default behaviors will be used.
-
-If any of the following policies are configured, this policy has no effect:
-1. No auto-restart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before auto-restart for update installation
-
-
-
-ADMX Info:
-- GP English name: *Specify Engaged restart transition and notification schedule for updates*
-- GP name: *EngagedRestartTransitionSchedule*
-- GP element: *EngagedRestartSnoozeScheduleForFeatureUpdates*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/EngagedRestartTransitionSchedule**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 2 |
- 2 |
- 2 |
- 2 |
- |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-For Quality Updates, this policy specifies the timing before transitioning from Auto restarts scheduled_outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
-
-Value type is integer.
-
-Supported value range: 0 - 30.
-
-If you disable or do not configure this policy, the default behaviors will be used.
-
-If any of the following policies are configured, this policy has no effect:
-1. No auto-restart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before auto-restart for update installation
-
-
-
-ADMX Info:
-- GP English name: *Specify Engaged restart transition and notification schedule for updates*
-- GP name: *EngagedRestartTransitionSchedule*
-- GP element: *EngagedRestartTransitionSchedule*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/EngagedRestartTransitionScheduleForFeatureUpdates**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 5 |
- 5 |
- 5 |
- 5 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-For Feature Updates, this policy specifies the timing before transitioning from Auto restarts scheduled_outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
-
-Value type is integer.
-
-Supported value range: 0 - 30.
-
-If you disable or do not configure this policy, the default behaviors will be used.
-
-If any of the following policies are configured, this policy has no effect:
-1. No auto-restart with logged on users for scheduled automatic updates installations
-2. Always automatically restart at scheduled time
-3. Specify deadline before auto-restart for update installation
-
-
-
-ADMX Info:
-- GP English name: *Specify Engaged restart transition and notification schedule for updates*
-- GP name: *EngagedRestartTransitionSchedule*
-- GP element: *EngagedRestartTransitionScheduleForFeatureUpdates*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/ExcludeWUDriversInQualityUpdate**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 1 |
- 1 |
- 1 |
- 1 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
-
-Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates.
-
-
-
-ADMX Info:
-- GP English name: *Do not include drivers with Windows Updates*
-- GP name: *ExcludeWUDriversInQualityUpdate*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 (default) – Allow Windows Update drivers.
-- 1 – Exclude Windows Update drivers.
-
-
-
-
-
-
-
-**Update/FillEmptyContentUrls**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 2 |
- 2 |
- 2 |
- 2 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in the April service release of Windows 10, version 1607. Allows Windows Update Agent to determine the download URL when it is missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL).
-
-> [!NOTE]
-> This setting should only be used in combination with an alternate download URL and configured to use ISV file cache. This setting is used when the intranet update service does not provide download URLs in the update metadata for files which are available on the alternate download server.
-
-
-
-ADMX Info:
-- GP English name: *Specify intranet Microsoft update service location*
-- GP name: *CorpWuURL*
-- GP element: *CorpWUFillEmptyContentUrls*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 (default) – Disabled.
-- 1 – Enabled.
-
-
-
-
-
-
-
-**Update/IgnoreMOAppDownloadLimit**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 2 |
- 2 |
- 2 |
- 2 |
- |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
-
-> [!WARNING]
-> Setting this policy might cause devices to incur costs from MO operators.
-
-
-
-The following list shows the supported values:
-
-- 0 (default) – Do not ignore MO download limit for apps and their updates.
-- 1 – Ignore MO download limit (allow unlimited downloading) for apps and their updates.
-
-
-
-To validate this policy:
-
-1. Enable the policy ensure the device is on a cellular network.
-2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell:
- - `regd delete HKEY_USERS\S-1-5-21-2702878673-795188819-444038987-2781\software\microsoft\windows\currentversion\windowsupdate /v LastAutoAppUpdateSearchSuccessTime /f`
-
- - `exec-device schtasks.exe -arguments ""/run /tn """"\Microsoft\Windows\WindowsUpdate\Automatic App Update"""" /I""`
-
-3. Verify that any downloads that are above the download size limit will complete without being paused.
-
-
-
-
-
-
-
-**Update/IgnoreMOUpdateDownloadLimit**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 2 |
- 2 |
- 2 |
- 2 |
- |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
-
-> [!WARNING]
-> Setting this policy might cause devices to incur costs from MO operators.
-
-
- - `exec-device schtasks.exe -arguments ""/run /tn """"\Microsoft\Windows\WindowsUpdate\AUScheduledInstall"""" /I""`
-
-3. Verify that any downloads that are above the download size limit will complete without being paused.
-
-
-
-The following list shows the supported values:
-
-- 0 (default) – Do not ignore MO download limit for OS updates.
-- 1 – Ignore MO download limit (allow unlimited downloading) for OS updates.
-
-
-
-To validate this policy:
-
-1. Enable the policy and ensure the device is on a cellular network.
-2. Run the scheduled task on phone to check for OS updates in the background. For example, on a mobile device, run the following commands in TShell:
-
-
-
-
-
-
-
-**Update/ManagePreviewBuilds**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 3 |
- 3 |
- 3 |
- 3 |
- |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1709. Used to manage Windows 10 Insider Preview builds. Value type is integer.
-
-
-
-ADMX Info:
-- GP English name: *Manage preview builds*
-- GP name: *ManagePreviewBuilds*
-- GP element: *ManagePreviewBuildsId*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 - Disable Preview builds
-- 1 - Disable Preview builds once the next release is public
-- 2 - Enable Preview builds
-
-
-
-
-
-
-
-**Update/PauseDeferrals**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- |
- |
- |
- |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices.
-
-
-Allows IT Admins to pause updates and upgrades for up to 5 weeks. Paused deferrals will be reset after 5 weeks.
-
-
-If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
-If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
-
-
-ADMX Info:
-- GP name: *DeferUpgrade*
-- GP element: *PauseDeferralsId*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 (default) – Deferrals are not paused.
-- 1 – Deferrals are paused.
-
-
-
-
-
-
-
-**Update/PauseFeatureUpdates**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 1 |
- 1 |
- 1 |
- 1 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
-
-
-Added in Windows 10, version 1607. Allows IT Admins to pause Feature Updates for up to 60 days.
-
-
-
-ADMX Info:
-- GP English name: *Select when Preview Builds and Feature Updates are received*
-- GP name: *DeferFeatureUpdates*
-- GP element: *PauseFeatureUpdatesId*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 (default) – Feature Updates are not paused.
-- 1 – Feature Updates are paused for 60 days or until value set to back to 0, whichever is sooner.
-
-
-
-
-
-
-
-**Update/PauseFeatureUpdatesStartTime**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 2 |
- 2 |
- 2 |
- 2 |
- |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Feature Updates.
-
-Value type is string. Supported operations are Add, Get, Delete, and Replace.
-
-
-
-ADMX Info:
-- GP English name: *Select when Preview Builds and Feature Updates are received*
-- GP name: *DeferFeatureUpdates*
-- GP element: *PauseFeatureUpdatesStartId*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/PauseQualityUpdates**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 1 |
- 1 |
- 1 |
- 1 |
- |
- 1 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates.
-
-
-
-ADMX Info:
-- GP English name: *Select when Quality Updates are received*
-- GP name: *DeferQualityUpdates*
-- GP element: *PauseQualityUpdatesId*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 (default) – Quality Updates are not paused.
-- 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner.
-
-
-
-
-
-
-
-**Update/PauseQualityUpdatesStartTime**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 2 |
- 2 |
- 2 |
- 2 |
- |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Quality Updates.
-
-Value type is string. Supported operations are Add, Get, Delete, and Replace.
-
-
-
-ADMX Info:
-- GP English name: *Select when Quality Updates are received*
-- GP name: *DeferQualityUpdates*
-- GP element: *PauseQualityUpdatesStartId*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/PhoneUpdateRestrictions**
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead.
-
-
-
-
-
-
-
-**Update/RequireDeferUpgrade**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- |
- |
- |
- |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices.
-
-
-Allows the IT admin to set a device to Semi-Annual Channel train.
-
-
-
-ADMX Info:
-- GP name: *DeferUpgrade*
-- GP element: *DeferUpgradePeriodId*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 (default) – User gets upgrades from Semi-Annual Channel (Targeted).
-- 1 – User gets upgrades from Semi-Annual Channel.
-
-
-
-
-
-
-
-**Update/RequireUpdateApproval**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- |
- |
- |
- |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead.
-
-
-Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved.
-
-Supported operations are Get and Replace.
-
-
-
-The following list shows the supported values:
-
-- 0 – Not configured. The device installs all applicable updates.
-- 1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment.
-
-
-
-
-
-
-
-**Update/ScheduleImminentRestartWarning**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 2 |
- 2 |
- 2 |
- 2 |
- |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications.
-
-The default value is 15 (minutes).
-
-
-
-ADMX Info:
-- GP English name: *Configure auto-restart warning notifications schedule for updates*
-- GP name: *RestartWarnRemind*
-- GP element: *RestartWarn*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-Supported values are 15, 30, or 60 (minutes).
-
-
-
-
-
-
-
-**Update/ScheduleRestartWarning**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 2 |
- 2 |
- 2 |
- 2 |
- |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart warning reminder notifications.
-
-The default value is 4 (hours).
-
-
-
-ADMX Info:
-- GP English name: *Configure auto-restart warning notifications schedule for updates*
-- GP name: *RestartWarnRemind*
-- GP element: *RestartWarnRemind*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-Supported values are 2, 4, 8, 12, or 24 (hours).
-
-
-
-
-
-
-
-**Update/ScheduledInstallDay**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- |
- |
- |
- |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Enables the IT admin to schedule the day of the update installation.
-
-The data type is a integer.
-
-Supported operations are Add, Delete, Get, and Replace.
-
-
-
-ADMX Info:
-- GP English name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *AutoUpdateSchDay*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 (default) – Every day
-- 1 – Sunday
-- 2 – Monday
-- 3 – Tuesday
-- 4 – Wednesday
-- 5 – Thursday
-- 6 – Friday
-- 7 – Saturday
-
-
-
-
-
-
-
-**Update/ScheduledInstallEveryWeek**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 3 |
- 3 |
- 3 |
- 3 |
- 3 |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the every week. Value type is integer. Supported values:
-
-- 0 - no update in the schedule
-- 1 - update is scheduled every week
-
-
-
-
-ADMX Info:
-- GP English name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *AutoUpdateSchEveryWeek*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/ScheduledInstallFirstWeek**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 3 |
- 3 |
- 3 |
- 3 |
- 3 |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer. Supported values:
-
-- 0 - no update in the schedule
-- 1 - update is scheduled every first week of the month
-
-
-
-
-ADMX Info:
-- GP English name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *AutoUpdateSchFirstWeek*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/ScheduledInstallFourthWeek**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 3 |
- 3 |
- 3 |
- 3 |
- 3 |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer. Supported values:
-
-- 0 - no update in the schedule
-- 1 - update is scheduled every fourth week of the month
-
-
-
-
-ADMX Info:
-- GP English name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *ScheduledInstallFourthWeek*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/ScheduledInstallSecondWeek**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 3 |
- 3 |
- 3 |
- 3 |
- 3 |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer. Supported values:
-
-- 0 - no update in the schedule
-- 1 - update is scheduled every second week of the month
-
-
-
-
-ADMX Info:
-- GP English name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *ScheduledInstallSecondWeek*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/ScheduledInstallThirdWeek**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 3 |
- 3 |
- 3 |
- 3 |
- 3 |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer. Supported values:
-
-- 0 - no update in the schedule
-- 1 - update is scheduled every third week of the month
-
-
-
-
-ADMX Info:
-- GP English name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *ScheduledInstallThirdWeek*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/ScheduledInstallTime**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- |
- |
- |
- |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-Enables the IT admin to schedule the time of the update installation.
-
-The data type is a integer.
-
-Supported operations are Add, Delete, Get, and Replace.
-
-Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM.
-
-The default value is 3.
-
-
-
-ADMX Info:
-- GP English name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *AutoUpdateSchTime*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/SetAutoRestartNotificationDisable**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 2 |
- 2 |
- 2 |
- 2 |
- |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. Allows the IT Admin to disable auto-restart notifications for update installations.
-
-
-
-ADMX Info:
-- GP English name: *Turn off auto-restart notifications for update installations*
-- GP name: *AutoRestartNotificationDisable*
-- GP element: *AutoRestartNotificationSchd*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 (default) – Enabled
-- 1 – Disabled
-
-
-
-
-
-
-
-**Update/SetDisablePauseUXAccess**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 5 |
- 5 |
- 5 |
- 5 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy allows the IT admin to disable the "Pause Updates" feature. When this policy is enabled, the user cannot access the "Pause updates" feature.
-
-Value type is integer. Default is 0. Supported values 0, 1.
-
-
-
-ADMX Info:
-- GP name: *SetDisablePauseUXAccess*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/SetDisableUXWUAccess**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 5 |
- 5 |
- 5 |
- 5 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy allows the IT admin to remove access to scan Windows Update. When this policy is enabled, the user cannot access the Windows Update scan, download, and install features.
-
-Value type is integer. Default is 0. Supported values 0, 1.
-
-
-
-ADMX Info:
-- GP name: *SetDisableUXWUAccess*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-**Update/SetEDURestart**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 2 |
- 2 |
- 2 |
- 2 |
- |
- 2 |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in Windows 10, version 1703. For devices in a cart, this policy skips all restart checks to ensure that the reboot will happen at ScheduledInstallTime.
-
-
-
-ADMX Info:
-- GP English name: *Update Power Policy for Cart Restarts*
-- GP name: *SetEDURestart*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 - not configured
-- 1 - configured
-
-
-
-
-
-
-
-**Update/UpdateNotificationLevel**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 5 |
- 5 |
- 5 |
- 5 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Display options for update notifications. This policy allows you to define what Windows Update notifications users see. This policy doesn’t control how and when updates are downloaded and installed.
-
-Options:
-
-- 0 (default) – Use the default Windows Update notifications
-- 1 – Turn off all notifications, excluding restart warnings
-- 2 – Turn off all notifications, including restart warnings
-
-> [!Important]
-> If you choose not to get update notifications and also define other Group policies so that devices aren’t automatically getting updates, neither you nor device users will be aware of critical security, quality, or feature updates, and your devices may be at risk.
-
-
-
-ADMX Info:
-- GP English name: *Display options for update notifications*
-- GP name: *UpdateNotificationLevel*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-**Update/UpdateServiceUrl**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- |
- |
- |
- |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-> [!Important]
-> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile.
-
-Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.
-
-Supported operations are Get and Replace.
-
-
-
-ADMX Info:
-- GP English name: *Specify intranet Microsoft update service location*
-- GP name: *CorpWuURL*
-- GP element: *CorpWUURL_Name*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-The following list shows the supported values:
-
-- Not configured. The device checks for updates from Microsoft Update.
-- Set to a URL, such as `http://abcd-srv:8530`. The device checks for updates from the WSUS server at the specified URL.
-
-
-
-Example
-
-``` syntax
-
- $CmdID$
- -
-
- chr
- text/plain
-
-
- ./Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl
-
- http://abcd-srv:8530
-
-
-```
-
-
-
-
-
-
-
-**Update/UpdateServiceUrlAlternate**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 1 |
- 1 |
- 1 |
- 1 |
- |
- |
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Added in the January service release of Windows 10, version 1607. Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.
-
-This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.
-
-To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server.
-
-Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
-
-> [!Note]
-> If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect.
-> If the "Alternate Download Server" Group Policy is not set, it will use the WSUS server by default to download updates.
-> This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
-
-
-
-ADMX Info:
-- GP English name: *Specify intranet Microsoft update service location*
-- GP name: *CorpWuURL*
-- GP element: *CorpWUContentHost_Name*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
-
-
-
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-- 4 - Added in Windows 10, version 1803.
-- 5 - Added in the next major release of Windows 10.
-
-
+---
+title: Policy CSP - Update
+description: Policy CSP - Update
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MariciaAlforque
+ms.date: 08/10/2018
+---
+
+# Policy CSP - Update
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+
+
+
+## Update policies
+
+
+ -
+ Update/ActiveHoursEnd
+
+ -
+ Update/ActiveHoursMaxRange
+
+ -
+ Update/ActiveHoursStart
+
+ -
+ Update/AllowAutoUpdate
+
+ -
+ Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork
+
+ -
+ Update/AllowMUUpdateService
+
+ -
+ Update/AllowNonMicrosoftSignedUpdate
+
+ -
+ Update/AllowUpdateService
+
+ -
+ Update/AutoRestartDeadlinePeriodInDays
+
+ -
+ Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates
+
+ -
+ Update/AutoRestartNotificationSchedule
+
+ -
+ Update/AutoRestartRequiredNotificationDismissal
+
+ -
+ Update/BranchReadinessLevel
+
+ -
+ Update/ConfigureFeatureUpdateUninstallPeriod
+
+ -
+ Update/DeferFeatureUpdatesPeriodInDays
+
+ -
+ Update/DeferQualityUpdatesPeriodInDays
+
+ -
+ Update/DeferUpdatePeriod
+
+ -
+ Update/DeferUpgradePeriod
+
+ -
+ Update/DetectionFrequency
+
+ -
+ Update/DisableDualScan
+
+ -
+ Update/EngagedRestartDeadline
+
+ -
+ Update/EngagedRestartDeadlineForFeatureUpdates
+
+ -
+ Update/EngagedRestartSnoozeSchedule
+
+ -
+ Update/EngagedRestartSnoozeScheduleForFeatureUpdates
+
+ -
+ Update/EngagedRestartTransitionSchedule
+
+ -
+ Update/EngagedRestartTransitionScheduleForFeatureUpdates
+
+ -
+ Update/ExcludeWUDriversInQualityUpdate
+
+ -
+ Update/FillEmptyContentUrls
+
+ -
+ Update/IgnoreMOAppDownloadLimit
+
+ -
+ Update/IgnoreMOUpdateDownloadLimit
+
+ -
+ Update/ManagePreviewBuilds
+
+ -
+ Update/PauseDeferrals
+
+ -
+ Update/PauseFeatureUpdates
+
+ -
+ Update/PauseFeatureUpdatesStartTime
+
+ -
+ Update/PauseQualityUpdates
+
+ -
+ Update/PauseQualityUpdatesStartTime
+
+ -
+ Update/PhoneUpdateRestrictions
+
+ -
+ Update/RequireDeferUpgrade
+
+ -
+ Update/RequireUpdateApproval
+
+ -
+ Update/ScheduleImminentRestartWarning
+
+ -
+ Update/ScheduleRestartWarning
+
+ -
+ Update/ScheduledInstallDay
+
+ -
+ Update/ScheduledInstallEveryWeek
+
+ -
+ Update/ScheduledInstallFirstWeek
+
+ -
+ Update/ScheduledInstallFourthWeek
+
+ -
+ Update/ScheduledInstallSecondWeek
+
+ -
+ Update/ScheduledInstallThirdWeek
+
+ -
+ Update/ScheduledInstallTime
+
+ -
+ Update/SetAutoRestartNotificationDisable
+
+ -
+ Update/SetDisablePauseUXAccess
+
+ -
+ Update/SetDisableUXWUAccess
+
+ -
+ Update/SetEDURestart
+
+ -
+ Update/UpdateNotificationLevel
+
+ -
+ Update/UpdateServiceUrl
+
+ -
+ Update/UpdateServiceUrlAlternate
+
+
+
+
+
+
+
+**Update/ActiveHoursEnd**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time.
+
+> [!NOTE]
+> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information.
+
+Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
+
+The default is 17 (5 PM).
+
+
+
+ADMX Info:
+- GP English name: *Turn off auto-restart for updates during active hours*
+- GP name: *ActiveHours*
+- GP element: *ActiveHoursEndTime*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/ActiveHoursMaxRange**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time.
+
+Supported values are 8-18.
+
+The default value is 18 (hours).
+
+
+
+ADMX Info:
+- GP English name: *Specify active hours range for auto-restarts*
+- GP name: *ActiveHoursMaxRange*
+- GP element: *ActiveHoursMaxRange*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/ActiveHoursStart**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time.
+
+> [!NOTE]
+> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information.
+
+Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
+
+The default value is 8 (8 AM).
+
+
+
+ADMX Info:
+- GP English name: *Turn off auto-restart for updates during active hours*
+- GP name: *ActiveHours*
+- GP element: *ActiveHoursStartTime*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/AllowAutoUpdate**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Enables the IT admin to manage automatic update behavior to scan, download, and install updates.
+
+Supported operations are Get and Replace.
+
+
+> [!IMPORTANT]
+> This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
+
+
+If the policy is not configured, end-users get the default behavior (Auto install and restart).
+
+
+
+ADMX Info:
+- GP English name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *AutoUpdateMode*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel.
+- 1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that do not shutdown properly on restart.
+- 2 (default) – Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that does not shutdown properly on restart.
+- 3 – Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart.
+- 4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only.
+- 5 – Turn off automatic updates.
+
+
+
+
+
+
+
+**Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1709. Option to download updates automatically over metered connections (off by default). Value type is integer.
+
+A significant number of devices primarily use cellular data and do not have Wi-Fi access, which leads to a lower number of devices getting updates. Since a large number of devices have large data plans or unlimited data, this policy can unblock devices from getting updates.
+
+This policy is accessible through the Update setting in the user interface or Group Policy.
+
+
+
+ADMX Info:
+- GP English name: *Allow updates to be downloaded automatically over metered connections*
+- GP name: *AllowAutoWindowsUpdateDownloadOverMeteredNetwork*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 (default) - Not allowed
+- 1 - Allowed
+
+
+
+
+
+
+
+**Update/AllowMUUpdateService**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
+
+
+
+ADMX Info:
+- GP English name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *AllowMUUpdateServiceId*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – Not allowed or not configured.
+- 1 – Allowed. Accepts updates received through Microsoft Update.
+
+
+
+
+
+
+
+**Update/AllowNonMicrosoftSignedUpdate**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution.
+
+Supported operations are Get and Replace.
+
+This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
+
+
+
+The following list shows the supported values:
+
+- 0 – Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft.
+- 1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer.
+
+
+
+
+
+
+
+**Update/AllowUpdateService**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store.
+
+Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store
+
+Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft Store to stop working.
+
+> [!NOTE]
+> This policy applies only when the desktop or device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy.
+
+
+
+ADMX Info:
+- GP English name: *Specify intranet Microsoft update service location*
+- GP name: *CorpWuURL*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – Update service is not allowed.
+- 1 (default) – Update service is allowed.
+
+
+
+
+
+
+
+**Update/AutoRestartDeadlinePeriodInDays**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+For Quality Updates, this policy specifies the deadline in days before automatically executing a scheduled restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart is scheduled.
+
+Value type is integer. Default is 7 days.
+
+Supported values range: 2-30.
+
+Note that the PC must restart for certain updates to take effect.
+
+If you enable this policy, a restart will automatically occur the specified number of days after the restart was scheduled.
+
+If you disable or do not configure this policy, the PC will restart according to the default schedule.
+
+If any of the following two policies are enabled, this policy has no effect:
+1. No auto-restart with logged on users for scheduled automatic updates installations.
+2. Always automatically restart at scheduled time.
+
+
+
+ADMX Info:
+- GP English name: *Specify deadline before auto-restart for update installation*
+- GP name: *AutoRestartDeadline*
+- GP element: *AutoRestartDeadline*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+For Feature Updates, this policy specifies the deadline in days before automatically executing a scheduled restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart is scheduled.
+
+Value type is integer. Default is 7 days.
+
+Supported values range: 2-30.
+
+Note that the PC must restart for certain updates to take effect.
+
+If you enable this policy, a restart will automatically occur the specified number of days after the restart was scheduled.
+
+If you disable or do not configure this policy, the PC will restart according to the default schedule.
+
+If any of the following two policies are enabled, this policy has no effect:
+1. No auto-restart with logged on users for scheduled automatic updates installations.
+2. Always automatically restart at scheduled time.
+
+
+
+ADMX Info:
+- GP English name: *Specify deadline before auto-restart for update installation*
+- GP name: *AutoRestartDeadline*
+- GP element: *AutoRestartDeadlineForFeatureUpdates*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/AutoRestartNotificationSchedule**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications.
+
+The default value is 15 (minutes).
+
+
+
+ADMX Info:
+- GP English name: *Configure auto-restart reminder notifications for updates*
+- GP name: *AutoRestartNotificationConfig*
+- GP element: *AutoRestartNotificationSchd*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+Supported values are 15, 30, 60, 120, and 240 (minutes).
+
+
+
+
+
+
+
+**Update/AutoRestartRequiredNotificationDismissal**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed.
+
+
+
+ADMX Info:
+- GP English name: *Configure auto-restart required notification for updates*
+- GP name: *AutoRestartRequiredNotificationDismissal*
+- GP element: *AutoRestartRequiredNotificationDismissal*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 1 (default) – Auto Dismissal.
+- 2 – User Dismissal.
+
+
+
+
+
+
+
+**Update/BranchReadinessLevel**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from.
+
+
+
+ADMX Info:
+- GP English name: *Select when Preview Builds and Feature Updates are received*
+- GP name: *DeferFeatureUpdates*
+- GP element: *BranchReadinessLevelId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 2 {0x2} - Windows Insider build - Fast (added in Windows 10, version 1709)
+- 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709)
+- 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709)
+- 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted).
+- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel.
+
+
+
+
+
+
+
+**Update/ConfigureFeatureUpdateUninstallPeriod**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 4 |
+ 4 |
+ 4 |
+ 4 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1803. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days.
+
+
+
+
+
+
+
+**Update/DeferFeatureUpdatesPeriodInDays**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
+
+Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days.
+
+Supported values are 0-365 days.
+
+> [!IMPORTANT]
+> The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703.
+
+
+
+ADMX Info:
+- GP English name: *Select when Preview Builds and Feature Updates are received*
+- GP name: *DeferFeatureUpdates*
+- GP element: *DeferFeatureUpdatesPeriodId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/DeferQualityUpdatesPeriodInDays**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days.
+
+Supported values are 0-30.
+
+
+
+ADMX Info:
+- GP English name: *Select when Quality Updates are received*
+- GP name: *DeferQualityUpdates*
+- GP element: *DeferQualityUpdatesPeriodId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/DeferUpdatePeriod**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+> [!NOTE]
+> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices.
+
+
+Allows IT Admins to specify update delays for up to 4 weeks.
+
+Supported values are 0-4, which refers to the number of weeks to defer updates.
+
+In Windows 10 Mobile Enterprise version 1511 devices set to automatic updates, for DeferUpdatePeriod to work, you must set the following:
+
+- Update/RequireDeferUpgrade must be set to 1
+- System/AllowTelemetry must be set to 1 or higher
+
+If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
+If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
+OS upgrade:
+- Maximum deferral: 8 months
+- Deferral increment: 1 month
+- Update type/notes:
+ - Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5
+
+Update:
+- Maximum deferral: 1 month
+- Deferral increment: 1 week
+- Update type/notes:
+ If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic.
+ - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441
+ - Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4
+ - Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F
+ - Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828
+ - Tools - B4832BD8-E735-4761-8DAF-37F882276DAB
+ - Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F
+ - Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
+ - Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
+
+Other/cannot defer:
+- Maximum deferral: No deferral
+- Deferral increment: No deferral
+- Update type/notes:
+ Any update category not specifically enumerated above falls into this category.
+ - Definition Update - E0789628-CE08-4437-BE74-2495B842F43B
+
+
+
+
+
+ADMX Info:
+- GP name: *DeferUpgrade*
+- GP element: *DeferUpdatePeriodId*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/DeferUpgradePeriod**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+> [!NOTE]
+> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
+>
+> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices.
+
+
+Allows IT Admins to specify additional upgrade delays for up to 8 months.
+
+Supported values are 0-8, which refers to the number of months to defer upgrades.
+
+If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
+If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
+
+
+ADMX Info:
+- GP name: *DeferUpgrade*
+- GP element: *DeferUpgradePeriodId*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/DetectionFrequency**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours.
+
+
+
+ADMX Info:
+- GP English name: *Automatic Updates detection frequency*
+- GP name: *DetectionFrequency_Title*
+- GP element: *DetectionFrequency_Hour2*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/DisableDualScan**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1709, but was added to 1607 and 1703 service releases. Do not allow update deferral policies to cause scans against Windows Update. If this policy is not enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like.
+
+For more information about dual scan, see [Demystifying "Dual Scan"](https://blogs.technet.microsoft.com/wsus/2017/05/05/demystifying-dual-scan/) and [Improving Dual Scan on 1607](https://blogs.technet.microsoft.com/wsus/2017/08/04/improving-dual-scan-on-1607/).
+
+This is the same as the Group Policy in Windows Components > Window Update "Do not allow update deferral policies to cause scans against Windows Update."
+
+Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+
+
+ADMX Info:
+- GP English name: *Do not allow update deferral policies to cause scans against Windows Update*
+- GP name: *DisableDualScan*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 - allow scan against Windows Update
+- 1 - do not allow update deferral policies to cause scans against Windows Update
+
+
+
+
+
+
+
+**Update/EngagedRestartDeadline**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+For Quality Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period.
+
+Value type is integer. Default is 14.
+
+Supported value range: 2 - 30.
+
+If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (e.g. pending user scheduling).
+
+If you disable or do not configure this policy, the default behaviors will be used.
+
+If any of the following policies are configured, this policy has no effect:
+1. No auto-restart with logged on users for scheduled automatic updates installations
+2. Always automatically restart at scheduled time
+3. Specify deadline before auto-restart for update installation
+
+
+
+ADMX Info:
+- GP English name: *Specify Engaged restart transition and notification schedule for updates*
+- GP name: *EngagedRestartTransitionSchedule*
+- GP element: *EngagedRestartDeadline*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/EngagedRestartDeadlineForFeatureUpdates**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+For Feature Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period.
+
+Value type is integer. Default is 14.
+
+Supported value range: 2 - 30.
+
+If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (e.g. pending user scheduling).
+
+If you disable or do not configure this policy, the default behaviors will be used.
+
+If any of the following policies are configured, this policy has no effect:
+1. No auto-restart with logged on users for scheduled automatic updates installations
+2. Always automatically restart at scheduled time
+3. Specify deadline before auto-restart for update installation
+
+
+
+ADMX Info:
+- GP English name: *Specify Engaged restart transition and notification schedule for updates*
+- GP name: *EngagedRestartTransitionSchedule*
+- GP element: *EngagedRestartDeadlineForFeatureUpdates*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/EngagedRestartSnoozeSchedule**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+For Quality Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.
+
+Value type is integer. Default is 3 days.
+
+Supported value range: 1 - 3.
+
+If you disable or do not configure this policy, the default behaviors will be used.
+
+If any of the following policies are configured, this policy has no effect:
+1. No auto-restart with logged on users for scheduled automatic updates installations
+2. Always automatically restart at scheduled time
+3. Specify deadline before auto-restart for update installation
+
+
+
+ADMX Info:
+- GP English name: *Specify Engaged restart transition and notification schedule for updates*
+- GP name: *EngagedRestartTransitionSchedule*
+- GP element: *EngagedRestartSnoozeSchedule*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/EngagedRestartSnoozeScheduleForFeatureUpdates**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+For Feature Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.
+
+Value type is integer. Default is 3 days.
+
+Supported value range: 1 - 3.
+
+If you disable or do not configure this policy, the default behaviors will be used.
+
+If any of the following policies are configured, this policy has no effect:
+1. No auto-restart with logged on users for scheduled automatic updates installations
+2. Always automatically restart at scheduled time
+3. Specify deadline before auto-restart for update installation
+
+
+
+ADMX Info:
+- GP English name: *Specify Engaged restart transition and notification schedule for updates*
+- GP name: *EngagedRestartTransitionSchedule*
+- GP element: *EngagedRestartSnoozeScheduleForFeatureUpdates*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/EngagedRestartTransitionSchedule**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+For Quality Updates, this policy specifies the timing before transitioning from Auto restarts scheduled_outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
+
+Value type is integer.
+
+Supported value range: 0 - 30.
+
+If you disable or do not configure this policy, the default behaviors will be used.
+
+If any of the following policies are configured, this policy has no effect:
+1. No auto-restart with logged on users for scheduled automatic updates installations
+2. Always automatically restart at scheduled time
+3. Specify deadline before auto-restart for update installation
+
+
+
+ADMX Info:
+- GP English name: *Specify Engaged restart transition and notification schedule for updates*
+- GP name: *EngagedRestartTransitionSchedule*
+- GP element: *EngagedRestartTransitionSchedule*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/EngagedRestartTransitionScheduleForFeatureUpdates**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+For Feature Updates, this policy specifies the timing before transitioning from Auto restarts scheduled_outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
+
+Value type is integer.
+
+Supported value range: 0 - 30.
+
+If you disable or do not configure this policy, the default behaviors will be used.
+
+If any of the following policies are configured, this policy has no effect:
+1. No auto-restart with logged on users for scheduled automatic updates installations
+2. Always automatically restart at scheduled time
+3. Specify deadline before auto-restart for update installation
+
+
+
+ADMX Info:
+- GP English name: *Specify Engaged restart transition and notification schedule for updates*
+- GP name: *EngagedRestartTransitionSchedule*
+- GP element: *EngagedRestartTransitionScheduleForFeatureUpdates*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/ExcludeWUDriversInQualityUpdate**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+> [!NOTE]
+> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
+
+Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates.
+
+
+
+ADMX Info:
+- GP English name: *Do not include drivers with Windows Updates*
+- GP name: *ExcludeWUDriversInQualityUpdate*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 (default) – Allow Windows Update drivers.
+- 1 – Exclude Windows Update drivers.
+
+
+
+
+
+
+
+**Update/FillEmptyContentUrls**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in the April service release of Windows 10, version 1607. Allows Windows Update Agent to determine the download URL when it is missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL).
+
+> [!NOTE]
+> This setting should only be used in combination with an alternate download URL and configured to use ISV file cache. This setting is used when the intranet update service does not provide download URLs in the update metadata for files which are available on the alternate download server.
+
+
+
+ADMX Info:
+- GP English name: *Specify intranet Microsoft update service location*
+- GP name: *CorpWuURL*
+- GP element: *CorpWUFillEmptyContentUrls*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 (default) – Disabled.
+- 1 – Enabled.
+
+
+
+
+
+
+
+**Update/IgnoreMOAppDownloadLimit**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
+
+> [!WARNING]
+> Setting this policy might cause devices to incur costs from MO operators.
+
+
+
+The following list shows the supported values:
+
+- 0 (default) – Do not ignore MO download limit for apps and their updates.
+- 1 – Ignore MO download limit (allow unlimited downloading) for apps and their updates.
+
+
+
+To validate this policy:
+
+1. Enable the policy ensure the device is on a cellular network.
+2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell:
+ - `regd delete HKEY_USERS\S-1-5-21-2702878673-795188819-444038987-2781\software\microsoft\windows\currentversion\windowsupdate /v LastAutoAppUpdateSearchSuccessTime /f`
+
+ - `exec-device schtasks.exe -arguments ""/run /tn """"\Microsoft\Windows\WindowsUpdate\Automatic App Update"""" /I""`
+
+3. Verify that any downloads that are above the download size limit will complete without being paused.
+
+
+
+
+
+
+
+**Update/IgnoreMOUpdateDownloadLimit**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
+
+> [!WARNING]
+> Setting this policy might cause devices to incur costs from MO operators.
+
+
+ - `exec-device schtasks.exe -arguments ""/run /tn """"\Microsoft\Windows\WindowsUpdate\AUScheduledInstall"""" /I""`
+
+3. Verify that any downloads that are above the download size limit will complete without being paused.
+
+
+
+The following list shows the supported values:
+
+- 0 (default) – Do not ignore MO download limit for OS updates.
+- 1 – Ignore MO download limit (allow unlimited downloading) for OS updates.
+
+
+
+To validate this policy:
+
+1. Enable the policy and ensure the device is on a cellular network.
+2. Run the scheduled task on phone to check for OS updates in the background. For example, on a mobile device, run the following commands in TShell:
+
+
+
+
+
+
+
+**Update/ManagePreviewBuilds**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1709. Used to manage Windows 10 Insider Preview builds. Value type is integer.
+
+
+
+ADMX Info:
+- GP English name: *Manage preview builds*
+- GP name: *ManagePreviewBuilds*
+- GP element: *ManagePreviewBuildsId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 - Disable Preview builds
+- 1 - Disable Preview builds once the next release is public
+- 2 - Enable Preview builds
+
+
+
+
+
+
+
+**Update/PauseDeferrals**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+> [!NOTE]
+> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices.
+
+
+Allows IT Admins to pause updates and upgrades for up to 5 weeks. Paused deferrals will be reset after 5 weeks.
+
+
+If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
+If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
+
+
+ADMX Info:
+- GP name: *DeferUpgrade*
+- GP element: *PauseDeferralsId*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 (default) – Deferrals are not paused.
+- 1 – Deferrals are paused.
+
+
+
+
+
+
+
+**Update/PauseFeatureUpdates**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
+
+
+Added in Windows 10, version 1607. Allows IT Admins to pause Feature Updates for up to 60 days.
+
+
+
+ADMX Info:
+- GP English name: *Select when Preview Builds and Feature Updates are received*
+- GP name: *DeferFeatureUpdates*
+- GP element: *PauseFeatureUpdatesId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 (default) – Feature Updates are not paused.
+- 1 – Feature Updates are paused for 60 days or until value set to back to 0, whichever is sooner.
+
+
+
+
+
+
+
+**Update/PauseFeatureUpdatesStartTime**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Feature Updates.
+
+Value type is string. Supported operations are Add, Get, Delete, and Replace.
+
+
+
+ADMX Info:
+- GP English name: *Select when Preview Builds and Feature Updates are received*
+- GP name: *DeferFeatureUpdates*
+- GP element: *PauseFeatureUpdatesStartId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/PauseQualityUpdates**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ |
+ 1 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates.
+
+
+
+ADMX Info:
+- GP English name: *Select when Quality Updates are received*
+- GP name: *DeferQualityUpdates*
+- GP element: *PauseQualityUpdatesId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 (default) – Quality Updates are not paused.
+- 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner.
+
+
+
+
+
+
+
+**Update/PauseQualityUpdatesStartTime**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Quality Updates.
+
+Value type is string. Supported operations are Add, Get, Delete, and Replace.
+
+
+
+ADMX Info:
+- GP English name: *Select when Quality Updates are received*
+- GP name: *DeferQualityUpdates*
+- GP element: *PauseQualityUpdatesStartId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/PhoneUpdateRestrictions**
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead.
+
+
+
+
+
+
+
+**Update/RequireDeferUpgrade**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+> [!NOTE]
+> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices.
+
+
+Allows the IT admin to set a device to Semi-Annual Channel train.
+
+
+
+ADMX Info:
+- GP name: *DeferUpgrade*
+- GP element: *DeferUpgradePeriodId*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 (default) – User gets upgrades from Semi-Annual Channel (Targeted).
+- 1 – User gets upgrades from Semi-Annual Channel.
+
+
+
+
+
+
+
+**Update/RequireUpdateApproval**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+> [!NOTE]
+> If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead.
+
+
+Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved.
+
+Supported operations are Get and Replace.
+
+
+
+The following list shows the supported values:
+
+- 0 – Not configured. The device installs all applicable updates.
+- 1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment.
+
+
+
+
+
+
+
+**Update/ScheduleImminentRestartWarning**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications.
+
+The default value is 15 (minutes).
+
+
+
+ADMX Info:
+- GP English name: *Configure auto-restart warning notifications schedule for updates*
+- GP name: *RestartWarnRemind*
+- GP element: *RestartWarn*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+Supported values are 15, 30, or 60 (minutes).
+
+
+
+
+
+
+
+**Update/ScheduleRestartWarning**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart warning reminder notifications.
+
+The default value is 4 (hours).
+
+
+
+ADMX Info:
+- GP English name: *Configure auto-restart warning notifications schedule for updates*
+- GP name: *RestartWarnRemind*
+- GP element: *RestartWarnRemind*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+Supported values are 2, 4, 8, 12, or 24 (hours).
+
+
+
+
+
+
+
+**Update/ScheduledInstallDay**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Enables the IT admin to schedule the day of the update installation.
+
+The data type is a integer.
+
+Supported operations are Add, Delete, Get, and Replace.
+
+
+
+ADMX Info:
+- GP English name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *AutoUpdateSchDay*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 (default) – Every day
+- 1 – Sunday
+- 2 – Monday
+- 3 – Tuesday
+- 4 – Wednesday
+- 5 – Thursday
+- 6 – Friday
+- 7 – Saturday
+
+
+
+
+
+
+
+**Update/ScheduledInstallEveryWeek**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the every week. Value type is integer. Supported values:
+
+- 0 - no update in the schedule
+- 1 - update is scheduled every week
+
+
+
+
+ADMX Info:
+- GP English name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *AutoUpdateSchEveryWeek*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/ScheduledInstallFirstWeek**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer. Supported values:
+
+- 0 - no update in the schedule
+- 1 - update is scheduled every first week of the month
+
+
+
+
+ADMX Info:
+- GP English name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *AutoUpdateSchFirstWeek*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/ScheduledInstallFourthWeek**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer. Supported values:
+
+- 0 - no update in the schedule
+- 1 - update is scheduled every fourth week of the month
+
+
+
+
+ADMX Info:
+- GP English name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *ScheduledInstallFourthWeek*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/ScheduledInstallSecondWeek**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer. Supported values:
+
+- 0 - no update in the schedule
+- 1 - update is scheduled every second week of the month
+
+
+
+
+ADMX Info:
+- GP English name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *ScheduledInstallSecondWeek*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/ScheduledInstallThirdWeek**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer. Supported values:
+
+- 0 - no update in the schedule
+- 1 - update is scheduled every third week of the month
+
+
+
+
+ADMX Info:
+- GP English name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *ScheduledInstallThirdWeek*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/ScheduledInstallTime**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+Enables the IT admin to schedule the time of the update installation.
+
+The data type is a integer.
+
+Supported operations are Add, Delete, Get, and Replace.
+
+Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM.
+
+The default value is 3.
+
+
+
+ADMX Info:
+- GP English name: *Configure Automatic Updates*
+- GP name: *AutoUpdateCfg*
+- GP element: *AutoUpdateSchTime*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/SetAutoRestartNotificationDisable**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. Allows the IT Admin to disable auto-restart notifications for update installations.
+
+
+
+ADMX Info:
+- GP English name: *Turn off auto-restart notifications for update installations*
+- GP name: *AutoRestartNotificationDisable*
+- GP element: *AutoRestartNotificationSchd*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 (default) – Enabled
+- 1 – Disabled
+
+
+
+
+
+
+
+**Update/SetDisablePauseUXAccess**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy allows the IT admin to disable the "Pause Updates" feature. When this policy is enabled, the user cannot access the "Pause updates" feature.
+
+Value type is integer. Default is 0. Supported values 0, 1.
+
+
+
+ADMX Info:
+- GP name: *SetDisablePauseUXAccess*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/SetDisableUXWUAccess**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy allows the IT admin to remove access to scan Windows Update. When this policy is enabled, the user cannot access the Windows Update scan, download, and install features.
+
+Value type is integer. Default is 0. Supported values 0, 1.
+
+
+
+ADMX Info:
+- GP name: *SetDisableUXWUAccess*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+**Update/SetEDURestart**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 2 |
+ 2 |
+ 2 |
+ 2 |
+ |
+ 2 |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1703. For devices in a cart, this policy skips all restart checks to ensure that the reboot will happen at ScheduledInstallTime.
+
+
+
+ADMX Info:
+- GP English name: *Update Power Policy for Cart Restarts*
+- GP name: *SetEDURestart*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 - not configured
+- 1 - configured
+
+
+
+
+
+
+
+**Update/UpdateNotificationLevel**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Display options for update notifications. This policy allows you to define what Windows Update notifications users see. This policy doesn’t control how and when updates are downloaded and installed.
+
+Options:
+
+- 0 (default) – Use the default Windows Update notifications
+- 1 – Turn off all notifications, excluding restart warnings
+- 2 – Turn off all notifications, including restart warnings
+
+> [!Important]
+> If you choose not to get update notifications and also define other Group policies so that devices aren’t automatically getting updates, neither you nor device users will be aware of critical security, quality, or feature updates, and your devices may be at risk.
+
+
+
+ADMX Info:
+- GP English name: *Display options for update notifications*
+- GP name: *UpdateNotificationLevel*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**Update/UpdateServiceUrl**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+> [!Important]
+> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile.
+
+Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.
+
+Supported operations are Get and Replace.
+
+
+
+ADMX Info:
+- GP English name: *Specify intranet Microsoft update service location*
+- GP name: *CorpWuURL*
+- GP element: *CorpWUURL_Name*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- Not configured. The device checks for updates from Microsoft Update.
+- Set to a URL, such as `http://abcd-srv:8530`. The device checks for updates from the WSUS server at the specified URL.
+
+
+
+Example
+
+``` syntax
+
+ $CmdID$
+ -
+
+ chr
+ text/plain
+
+
+ ./Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl
+
+ http://abcd-srv:8530
+
+
+```
+
+
+
+
+
+
+
+**Update/UpdateServiceUrlAlternate**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 1 |
+ 1 |
+ 1 |
+ 1 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in the January service release of Windows 10, version 1607. Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.
+
+This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.
+
+To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server.
+
+Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
+
+> [!Note]
+> If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect.
+> If the "Alternate Download Server" Group Policy is not set, it will use the WSUS server by default to download updates.
+> This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
+
+
+
+ADMX Info:
+- GP English name: *Specify intranet Microsoft update service location*
+- GP name: *CorpWuURL*
+- GP element: *CorpWUContentHost_Name*
+- GP path: *Windows Components/Windows Update*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+
+
+Footnote:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in the next major release of Windows 10.
+
+
diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md
index 366bb79824..82818fd8da 100644
--- a/windows/client-management/mdm/remotewipe-csp.md
+++ b/windows/client-management/mdm/remotewipe-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
-ms.date: 03/23/2018
+ms.date: 08/13/2018
---
# RemoteWipe CSP
@@ -44,7 +44,28 @@ Supported operation is Exec.
**doWipePersistUserData**
Added in Windows 10, version 1709. Exec on this node will perform a remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.
-
+
+**AutomaticRedeployment**
+Added in Windows 10, next major update. Node for the Autopilot Reset operation.
+
+**AutomaticRedeployment/doAutomaticRedeployment**
+Added in Windows 10, next major update. Exec on this node triggers Autopilot Reset operation. This works like PC Reset, similar to other existing nodes in this RemoteWipe CSP, except that it keeps the device enrolled in Azure AD and MDM, keeps Wi-Fi profiles, and a few other settings like region, language, keyboard.
+
+**AutomaticRedeployment/LastError**
+Added in Windows 10, next major update. Error value, if any, associated with Autopilot Reset operation (typically an HRESULT).
+
+**AutomaticRedeployment/Status**
+Added in Windows 10, next major update. Status value indicating current state of an Autopilot Reset operation.
+
+Supported values:
+
+- 0: Never run (not started). The default state.
+- 1: Complete.
+- 10: Reset has been scheduled.
+- 20: Reset is scheduled and waiting for a reboot.
+- 30: Failed during CSP Execute ("Exec" in SyncML).
+- 40: Failed: power requirements not met.
+- 50: Failed: reset internals failed during reset attempt.
## Related topics
diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md
index 0f0de9b725..b2adadcfd1 100644
--- a/windows/client-management/mdm/remotewipe-ddf-file.md
+++ b/windows/client-management/mdm/remotewipe-ddf-file.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
-ms.date: 03/23/2018
+ms.date: 08/13/2018
---
# RemoteWipe DDF file
@@ -17,7 +17,7 @@ This topic shows the OMA DM device description framework (DDF) for the **RemoteW
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-The XML below is the DDF for Windows 10, version 1709.
+The XML below is the DDF for Windows 10, next major version.
``` syntax
@@ -43,7 +43,7 @@ The XML below is the DDF for Windows 10, version 1709.
-
+ com.microsoft/1.1/MDM/RemoteWipe
The root node for remote wipe function.
@@ -131,21 +131,91 @@ The XML below is the DDF for Windows 10, version 1709.
Exec on this node will perform a remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.
+
+ AutomaticRedeployment
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ doAutomaticRedeployment
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ LastError
+
+
+
+
+ 0
+ Error value, if any, associated with Automatic Redeployment operation (typically an HRESULT).
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Status
+
+
+
+
+ 0
+ Status value indicating current state of an Automatic Redeployment operation. 0: Never run (not started). The default state. 1: Complete. 10: Reset has been scheduled. 20: Reset is scheduled and waiting for a reboot. 30: Failed during CSP Execute ("Exec" in SyncML). 40: Failed: power requirements not met. 50: Failed: reset internals failed during reset attempt.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
-```
-
-## Related topics
-
-
-[RemoteWipe configuration service provider](remotewipe-csp.md)
-
-
-
-
-
-
-
-
-
-
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/tenantlockdown-csp.md b/windows/client-management/mdm/tenantlockdown-csp.md
new file mode 100644
index 0000000000..43449f403a
--- /dev/null
+++ b/windows/client-management/mdm/tenantlockdown-csp.md
@@ -0,0 +1,39 @@
+---
+title: TenantLockdown CSP
+description:
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MariciaAlforque
+ms.date: 08/13/2018
+---
+
+# TenantLockdown CSP
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. This CSP was added in Windows 10, next major version.
+
+The TenantLockdown configuration service provider is used by the IT admin to lock a device to a tenant, which ensures that the device remains bound to the tenant in case of accidental or intentional resets or wipes.
+
+> [!Note]
+> The forced network connection is only applicable to devices after reset (not new).
+
+The following diagram shows the TenantLockdown configuration service provider in tree format.
+
+
+
+**./Vendor/MSFT/TenantLockdown**
+The root node.
+
+**RequireNetworkInOOBE**
+Specifies whether to require a network connection during the out-of-box experience (OOBE) at first logon.
+
+When RequireNetworkInOOBE is true, when the device goes through OOBE at first logon or after a reset, the user is required to choose a network before proceeding. There is no "skip for now" option.
+
+Value type is bool. Supported operations are Get and Replace.
+
+- true - Require network in OOBE
+- false - No network connection requirement in OOBE
+
+Example scenario: Henry is the IT admin at Contoso. He deploys 1000 devices successfully with RequireNetworkInOOBE set to true. When users accidentally or intentionally reset their device, they are required to connect to a network before they can proceed. Upon successful connection, users see the Contoso branded sign-in experience where they must use their Azure AD credentials. There is no option to skip the network connection and create a local account.
\ No newline at end of file
diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md
new file mode 100644
index 0000000000..4c75123a3f
--- /dev/null
+++ b/windows/client-management/mdm/tenantlockdown-ddf.md
@@ -0,0 +1,75 @@
+---
+title: TenantLockdown DDF file
+description: XML file containing the device description framework
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MariciaAlforque
+ms.date: 08/13/2018
+---
+
+# TenantLockdown DDF file
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+This topic shows the OMA DM device description framework (DDF) for the **TenantLockdown** configuration service provider.
+
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+
+The XML below is for Windows 10, next major version.
+
+``` syntax
+
+]>
+
+ 1.2
+
+ TenantLockdown
+ ./Vendor/MSFT
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ com.microsoft/1.0/MDM/TenantLockdown
+
+
+
+ RequireNetworkInOOBE
+
+
+
+
+
+ false
+ true - Require network in OOBE, false - no network connection requirement in OOBE
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
index 5efc199b30..5718fd4b66 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
@@ -16,7 +16,7 @@ ms.date: 07/19/2018
The Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telementry health. This CSP was added in Windows 10, next major version.
-The following diagram shows the Storage configuration service provider in tree format.
+The following diagram shows the Win32CompatibilityAppraiser configuration service provider in tree format.
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index 1e61634c31..5957967b3e 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
-ms.date: 07/25/2018
+ms.date: 08/15/2018
---
# WindowsLicensing CSP
@@ -182,6 +182,13 @@ Added in Windows 10, next major version. Returns the status of the latest Switch
Value type is integer. Supported operation is Get.
+Values:
+- Request fails with error code 404 - no SwitchFromSMode request has been made.
+- 0 - The device successfully switched out of S mode
+- 1 - The device is processing the request to switch out of S mode
+- 3 - The device was already switched out of S mode
+- 4 - The device failed to switch out of S mode
+
## SyncML examples
diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md
index 2ef8944586..a032dc458d 100644
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@@ -9,7 +9,7 @@ author: jdeckerms
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
-ms.date: 08/03/2018
+ms.date: 08/15/2018
---
# Guidelines for choosing an app for assigned access (kiosk mode)
@@ -45,6 +45,9 @@ Avoid selecting Windows apps that are designed to launch other apps as part of t
In Windows 10, version 1803, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure additional settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren’t allowed to go to a competitor's website.
+>[!NOTE]
+>Kiosk Browser supports a single tab. If a website has links that open a new tab, those links will not work with Kiosk Browser.
+
**Kiosk Browser** must be downloaded for offline licensing using Microsoft Store For Business. You can deploy **Kiosk Browser** to devices running Windows 10, version 1803 (Pro, Business, Enterprise, and Education).
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md
index 4d7cafc461..5d23640044 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md
@@ -420,7 +420,7 @@ In the **Advanced settings** blade you must specify where apps can access your c
### Choose where apps can access enterprise data
After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network.
-There are no default locations included with WIP, you must add each of your network locations. This area applies to any network endpoint device that gets an IP address in your enterprise’s range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT).
+Intune will add SharePoint sites that are discovered through the Graph API. You must add other network locations. This area applies to any network endpoint device that gets an IP address in your enterprise’s range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT).
>[!Important]
>Every WIP policy should include policy that defines your enterprise network locations.
Classless Inter-Domain Routing (CIDR) notation isn’t supported for WIP configurations.
diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md
index a21530fb60..5aa52eaa25 100644
--- a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md
+++ b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md
@@ -19,7 +19,7 @@ Describes the best practices, location, values, policy management, and security
## Reference
-The **Minimum password age** policy setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If [Maximum password age](maximum-password-age.md) is between 1 and 999 days, the minimum password age must be less than the maximum password age. If Maximum password age is set to 0, **Minimum password age** can be any value between 0 and 998 days.
+The **Minimum password age** policy setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0. The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998.
### Possible values
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
index 538e981c02..315a0b021a 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 06/13/2018
+ms.date: 08/15/2018
---
# Query data using Advanced hunting in Windows Defender ATP
@@ -51,7 +51,8 @@ First, we define a time filter to review only records from the previous seven da
We then add a filter on the _FileName_ to contain only instances of _powershell.exe_.
-Afterwards, we add a filter on the _ProcessCommandLine_
+Afterwards, we add a filter on the _ProcessCommandLine_.
+
Finally, we project only the columns we're interested in exploring and limit the results to 100 and click **Run query**.
You have the option of expanding the screen view so you can focus on your hunting query and related results.
diff --git a/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-query-example.PNG b/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-query-example.PNG
index dda65b5342..d7e7d092eb 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-query-example.PNG and b/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-query-example.PNG differ
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
index 8f8c0175e4..24a17e6b60 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -24,11 +24,16 @@ If this happens, see [Troubleshooting](#troubleshooting) for remediation steps.
## How to turn on HVCI in Windows 10
To enable HVCI on Windows 10 devices with supporting hardware throughout an enterprise, use any of these options:
+- [Windows Security app](#windows-security-app)
- [Microsoft Intune (or another MDM provider)](#enable-hvci-using-intune)
- [Group Policy](#enable-hvci-using-group-policy)
- [System Center Configuration Manager](https://cloudblogs.microsoft.com/enterprisemobility/2015/10/30/managing-windows-10-device-guard-with-configuration-manager/)
- [Registry](#use-registry-keys-to-enable-virtualization-based-protection-of-code-integrity)
+### Windows Security app
+
+HVCI is labeled **Memory integrity** in the Windows Security app and it can be accessed via **Settings** > **Update & Security** > **Windows Security** > **Device security** > **Core isolation details** > **Memory integrity**. For more information, see [KB4096339](https://support.microsoft.com/help/4096339/windows-10-device-protection-in-windows-defender-security-center).
+
### Enable HVCI using Intune
Enabling in Intune requires using the Code Integrity node in the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp).
diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md
index 7db90dbaca..df2abc4ea4 100644
--- a/windows/whats-new/whats-new-windows-10-version-1803.md
+++ b/windows/whats-new/whats-new-windows-10-version-1803.md
@@ -234,3 +234,4 @@ Support in [Windows Defender Application Guard](#windows-defender-application-gu
[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10.
[What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware.
[Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Windows Defender ATP in Windows 10, version 1709.
+[How to take a screenshot on pc without any app](https://rahulit.com/how-to-take-a-screenshot-on-a-dell-laptop/)