diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index ad02deaa2f..151c91f3ba 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -71,7 +71,7 @@ Steps to use this policy correctly:
1. Enroll HoloLens devices and verify both configurations get applied to the device.
1. Let Azure AD user 1 sign-in when internet is available. Once the user signs-in and Azure AD group membership is confirmed successfully, cache will be created.
1. Now Azure AD user 1 can take HoloLens offline and use it for kiosk mode as long as policy value allows for X number of days.
-1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point is that any Azure AD user must sign-in to device using Internet at least once. Then we can determine that they are member of Azure AD group to which Kiosk configuration is targeted.
+1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point is that any Azure AD user must sign-in to device using Internet at least once. Then we can determine that they're a member of Azure AD group to which Kiosk configuration is targeted.
> [!NOTE]
> Until step 4 is performed for a Azure AD user will experience failure behavior mentioned similar to “disconnected” environments.
@@ -91,9 +91,9 @@ Steps to use this policy correctly:
|HoloLens 2|Yes|
-This new AutoLogonUser policy controls whether a user will be automatically logged on. Some customers want to set up devices that are tied to an identity but don't want any sign in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly distribute HoloLens devices and enable their end users to speed up login.
+This new AutoLogonUser policy controls whether a user will be automatically signed in. Some customers want to set up devices that are tied to an identity but don't want any sign-in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly distribute HoloLens devices and enable their end users to speed up sign in.
-When the policy is set to a non-empty value, it specifies the email address of the auto log-on user. The specified user must logon to the device at least once to enable autologon.
+When the policy is set to a non-empty value, it specifies the email address of the auto log-on user. The specified user must sign in to the device at least once to enable autologon.
The OMA-URI of new policy `./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoLogonUser`
@@ -102,7 +102,7 @@ String value
- User with the same email address will have autologon enabled.
-On a device where this policy is configured, the user specified in the policy will need to log-on at least once. Subsequent reboots of the device after the first logon will have the specified user automatically logged on. Only a single autologon user is supported. Once enabled, the automatically logged on user will not be able to log out manually. To log-on as a different user, the policy must first be disabled.
+On a device where this policy is configured, the user specified in the policy will need to sign in at least once. Subsequent reboots of the device after the first sign in will have the specified user automatically signed in. Only a single autologon user is supported. Once enabled, the automatically signed-in user won't be able to sign out manually. To sign in as a different user, the policy must first be disabled.
> [!NOTE]
>
@@ -122,7 +122,7 @@ On a device where this policy is configured, the user specified in the policy wi
-This policy setting controls for how many days Azure AD group membership cache is allowed to be used for Assigned Access configurations targeting Azure AD groups for signed in user. Once this policy setting is set only then cache is used otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions.
+This policy setting controls for how many days Azure AD group membership cache is allowed to be used for Assigned Access configurations targeting Azure AD groups for signed in user. Once this policy setting is set, only then cache is used, otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions.
@@ -162,7 +162,7 @@ Supported values are 0-60. The default value is 0 (day) and maximum value is 60
-This policy setting controls if pressing the brightness button changes the brightness or not. It only impacts brightness on HoloLens and not the functionality of the button when it is used with other buttons as combination for other purposes.
+This policy setting controls if pressing the brightness button changes the brightness or not. It only impacts brightness on HoloLens and not the functionality of the button when it's used with other buttons as combination for other purposes.
@@ -205,7 +205,7 @@ The following list shows the supported values:
-This policy controls the behavior of moving platform feature on Hololens 2, that is, whether it is turned off / on or it can be toggled by a user. It should only be used by customers who intend to use Hololens 2 in moving environments with low dynamic motion. For background information, see [HoloLens 2 Moving Platform Mode | Microsoft Docs](/hololens/hololens2-moving-platform#:~:text=Why%20Moving%20Platform%20Mode%20is%20Necessary%20HoloLens%20needs%2csimilar%20pieces%20of%20information%20from%20two%20separate%20sources:).
+This policy controls the behavior of moving platform feature on Hololens 2, that is, whether it's turned off / on or it can be toggled by a user. It should only be used by customers who intend to use Hololens 2 in moving environments with low dynamic motion. For background information, see [HoloLens 2 Moving Platform Mode | Microsoft Docs](/hololens/hololens2-moving-platform#:~:text=Why%20Moving%20Platform%20Mode%20is%20Necessary%20HoloLens%20needs%2csimilar%20pieces%20of%20information%20from%20two%20separate%20sources:).
@@ -216,8 +216,8 @@ This policy controls the behavior of moving platform feature on Hololens 2, that
- Integer value
- 0 (Default) - Last set user's preference. Initial state is OFF and after that user's preference is persisted across reboots and is used to initialize the system.
-- 1 Force off - Moving platform is disabled and cannot be changed by user.
-- 2 Force on - Moving platform is enabled and cannot be changed by user.
+- 1 Force off - Moving platform is disabled and can't be changed by user.
+- 2 Force on - Moving platform is enabled and can't be changed by user.
@@ -377,7 +377,7 @@ The following list shows the supported values:
-This policy setting controls if pressing the volume button changes the volume or not. It only impacts volume on HoloLens and not the functionality of the button when it is used with other buttons as combination for other purposes.
+This policy setting controls if pressing the volume button changes the volume or not. It only impacts volume on HoloLens and not the functionality of the button when it's used with other buttons as combination for other purposes.
diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md
index 5d7d45779b..1bd998b15e 100644
--- a/windows/client-management/mdm/policy-csp-multitasking.md
+++ b/windows/client-management/mdm/policy-csp-multitasking.md
@@ -60,9 +60,9 @@ manager: dansimp
This policy controls the inclusion of Edge tabs into Alt+Tab.
-Enabling this policy restricts the number of Edge tabs that are allowed to appear in the Alt+Tab switcher. Alt+Tab can be configured to show all open Edge tabs, only the 5 most recent tabs, only the 3 most recent tabs, or no tabs. Setting the policy to no tabs configures the Alt+Tab switcher to show app windows only, which is the classic Alt+Tab behavior.
+Enabling this policy restricts the number of Edge tabs that are allowed to appear in the Alt+Tab switcher. Alt+Tab can be configured to show all open Edge tabs, only the five most recent tabs, only the three most recent tabs, or no tabs. Setting the policy to no tabs configures the Alt+Tab switcher to show app windows only, which is the classic Alt+Tab behavior.
-This policy only applies to the Alt+Tab switcher. When the policy is not enabled, the feature respects the user's setting in the Settings app.
+This policy only applies to the Alt+Tab switcher. When the policy isn't enabled, the feature respects the user's setting in the Settings app.
> [!TIP]
@@ -85,8 +85,8 @@ ADMX Info:
The following list shows the supported values:
- 1 - Open windows and all tabs in Edge.
-- 2 - Open windows and 5 most recent tabs in Edge.
-- 3 - Open windows and 3 most recent tabs in Edge.
+- 2 - Open windows and five most recent tabs in Edge.
+- 3 - Open windows and three most recent tabs in Edge.
- 4 - Open windows only.
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
index b7c30247ea..9dbb409924 100644
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -119,7 +119,7 @@ ADMX Info:
-Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of IPv4 and IPv6 ranges.
+Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. These ranges are a comma-separated list of IPv4 and IPv6 ranges.
@@ -215,7 +215,7 @@ ADMX Info:
-This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies.
+This list is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They're considered to be enterprise network locations. The proxies are only used in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies.
@@ -257,7 +257,7 @@ ADMX Info:
-This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com".
+This list is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected. These locations will be considered a safe destination for enterprise data to be shared to. This list is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com".
> [!NOTE]
> The client requires domain name to be canonical, otherwise the setting will be rejected by the client.
@@ -300,7 +300,7 @@ Here are the steps to create canonical domain names:
-This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59".
+This list is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59".
@@ -383,7 +383,7 @@ ADMX Info:
-List of domain names that can used for work or personal resource.
+List of domain names that can be used for work or personal resource.
diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index 22a950170a..1e7e152515 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -70,7 +70,7 @@ When entering a list of TLS endpoints in Microsoft Endpoint Manager, you must fo
- The client must trust the server certificate. So the CA certificate that the HTTPS server certificate chains to must be present in the client machine's root certificate store.
-- A certificate should not be a public certificate.
+- A certificate shouldn't be a public certificate.
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index f2a1383e75..20823757ce 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -65,13 +65,13 @@ manager: dansimp
-This policy setting blocks applications from using the network to send tile, badge, toast, and raw notifications. Specifically, this policy setting turns off the connection between Windows and the Windows Push Notification Service (WNS). This policy setting also stops applications from being able to use [periodic (polling) notifications](/windows/uwp/design/shell/tiles-and-notifications/periodic-notification-overview).
+This policy setting blocks application from using the network to send tile, badge, toast, and raw notifications. Specifically, this policy setting turns off the connection between Windows and the Windows Push Notification Service (WNS). This policy setting also stops applications from being able to use [periodic (polling) notifications](/windows/uwp/design/shell/tiles-and-notifications/periodic-notification-overview).
-If you enable this policy setting, applications and system features will not be able receive notifications from the network from WNS or via notification polling APIs.
+If you enable this policy setting, applications and system features won't be able to receive notifications from the network from WNS or via notification polling APIs.
If you enable this policy setting, notifications can still be raised by applications running on the machine via local API calls from within the application.
-If you disable or do not configure this policy setting, the client computer will connect to WNS at user login and applications will be allowed to use periodic (polling) notifications.
+If you disable or don't configure this policy setting, the client computer will connect to WNS at user sign in and applications will be allowed to use periodic (polling) notifications.
No reboots or service restarts are required for this policy setting to take effect.
@@ -130,7 +130,7 @@ Validation:
Boolean value that turns off notification mirroring.
-For each user logged into the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device will not get mirrored to other devices of the same logged in user. If you disable or do not configure this policy (set value to 0) the notifications received by this user on this device will be mirrored to other devices of the same logged in user. This feature can be turned off by apps that do not want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page.
+For each user signed in to the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device won't get mirrored to other devices of the same signed-in user. If you disable or don't configure this policy (set value to 0), the notifications received by this user on this device will be mirrored to other devices of the same signed-in user. This feature can be turned off by apps that don't want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page.
No reboot or service restart is required for this policy to take effect.
@@ -182,9 +182,9 @@ The following list shows the supported values:
This policy setting turns off tile notifications.
-If you enable this policy setting, applications and system features will not be able to update their tiles and tile badges in the Start screen.
+If you enable this policy setting, applications and system features won't be able to update their tiles and tile badges in the Start screen.
-If you disable or do not configure this policy setting, tile and badge notifications are enabled and can be turned off by the administrator or user.
+If you disable or don't configure this policy setting, tile and badge notifications are enabled and can be turned off by the administrator or user.
No reboots or service restarts are required for this policy setting to take effect.
@@ -263,7 +263,7 @@ Validation:
This policy setting determines which Windows Notification Service endpoint will be used to connect for Windows Push Notifications.
-If you disable or do not configure this setting, the push notifications will connect to the default endpoint of client.wns.windows.com.
+If you disable or don't configure this setting, the push notifications will connect to the default endpoint of client.wns.windows.com.
Note: Ensure the proper WNS FQDNs, VIPs, IPs and Ports are also allowlisted from your firewall settings.
@@ -277,7 +277,7 @@ ADMX Info:
-If the policy is not specified, we will default our connection to client.wns.windows.com.
+If the policy isn't specified, we'll default our connection to client.wns.windows.com.
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index 417c2b7bb8..6b1bf6a7d3 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -195,9 +195,9 @@ ADMX Info:
This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.
-If you enable or do not configure this policy setting, Windows uses standby states to put the computer in a sleep state.
+If you enable or don't configure this policy setting, Windows uses standby states to put the computer in a sleep state.
-If you disable this policy setting, standby states (S1-S3) are not allowed.
+If you disable this policy setting, standby states (S1-S3) aren't allowed.
@@ -241,9 +241,9 @@ ADMX Info:
This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.
-If you enable or do not configure this policy setting, Windows uses standby states to put the computer in a sleep state.
+If you enable or don't configure this policy setting, Windows uses standby states to put the computer in a sleep state.
-If you disable this policy setting, standby states (S1-S3) are not allowed.
+If you disable this policy setting, standby states (S1-S3) aren't allowed.
@@ -289,9 +289,9 @@ This policy setting allows you to specify the period of inactivity before Window
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
@@ -337,9 +337,9 @@ This policy setting allows you to specify the period of inactivity before Window
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
@@ -386,7 +386,7 @@ This policy setting allows you to specify battery charge level at which Energy S
If you enable this policy setting, you must specify a percentage value that indicates the battery charge level. Energy Saver is automatically turned on at (and below) the specified battery charge level.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -441,7 +441,7 @@ This policy setting allows you to specify battery charge level at which Energy S
If you enable this policy setting, you must provide a percentage value that indicates the battery charge level. Energy Saver is automatically turned on at (and below) the specified battery charge level.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
@@ -496,9 +496,9 @@ This policy setting allows you to specify the period of inactivity before Window
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
@@ -544,9 +544,9 @@ This policy setting allows you to specify the period of inactivity before Window
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
@@ -591,9 +591,9 @@ ADMX Info:
This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.
-If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep.
+If you enable or don't configure this policy setting, the user is prompted for a password when the system resumes from sleep.
-If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep.
+If you disable this policy setting, the user isn't prompted for a password when the system resumes from sleep.
@@ -637,9 +637,9 @@ ADMX Info:
This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.
-If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep.
+If you enable or don't configure this policy setting, the user is prompted for a password when the system resumes from sleep.
-If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep.
+If you disable this policy setting, the user isn't prompted for a password when the system resumes from sleep.
@@ -685,7 +685,7 @@ This policy setting specifies the action that Windows takes when a user closes t
If you enable this policy setting, you must select the desired action.
-If you disable this policy setting or do not configure it, users can see and change this setting.
+If you disable this policy setting or don't configure it, users can see and change this setting.
@@ -746,7 +746,7 @@ This policy setting specifies the action that Windows takes when a user closes t
If you enable this policy setting, you must select the desired action.
-If you disable this policy setting or do not configure it, users can see and change this setting.
+If you disable this policy setting or don't configure it, users can see and change this setting.
@@ -807,7 +807,7 @@ This policy setting specifies the action that Windows takes when a user presses
If you enable this policy setting, you must select the desired action.
-If you disable this policy setting or do not configure it, users can see and change this setting.
+If you disable this policy setting or don't configure it, users can see and change this setting.
@@ -868,7 +868,7 @@ This policy setting specifies the action that Windows takes when a user presses
If you enable this policy setting, you must select the desired action.
-If you disable this policy setting or do not configure it, users can see and change this setting.
+If you disable this policy setting or don't configure it, users can see and change this setting.
@@ -929,7 +929,7 @@ This policy setting specifies the action that Windows takes when a user presses
If you enable this policy setting, you must select the desired action.
-If you disable this policy setting or do not configure it, users can see and change this setting.
+If you disable this policy setting or don't configure it, users can see and change this setting.
@@ -990,7 +990,7 @@ This policy setting specifies the action that Windows takes when a user presses
If you enable this policy setting, you must select the desired action.
-If you disable this policy setting or do not configure it, users can see and change this setting.
+If you disable this policy setting or don't configure it, users can see and change this setting.
@@ -1051,9 +1051,9 @@ This policy setting allows you to specify the period of inactivity before Window
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
@@ -1099,9 +1099,9 @@ This policy setting allows you to specify the period of inactivity before Window
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
@@ -1145,9 +1145,9 @@ ADMX Info:
This policy setting allows you to turn off hybrid sleep.
-If you set this policy setting to 0, a hiberfile is not generated when the system transitions to sleep (Stand By).
+If you set this policy setting to 0, a hiberfile isn't generated when the system transitions to sleep (Stand By).
-If you set this policy setting to 1 or do not configure this policy setting, users control this setting.
+If you set this policy setting to 1 or don't configure this policy setting, users control this setting.
@@ -1203,9 +1203,9 @@ The following are the supported values for Hybrid sleep (on battery):
This policy setting allows you to turn off hybrid sleep.
-If you set this policy setting to 0, a hiberfile is not generated when the system transitions to sleep (Stand By).
+If you set this policy setting to 0, a hiberfile isn't generated when the system transitions to sleep (Stand By).
-If you set this policy setting to 1 or do not configure this policy setting, users control this setting.
+If you set this policy setting to 1 or don't configure this policy setting, users control this setting.
@@ -1259,13 +1259,13 @@ The following are the supported values for Hybrid sleep (plugged in):
-This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.
+This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user isn't present at the computer.
-If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep.
+If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows doesn't automatically transition to sleep.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
@@ -1317,13 +1317,13 @@ Default value for unattended sleep timeout (on battery):
-This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.
+This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user isn't present at the computer.
-If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep.
+If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows doesn't automatically transition to sleep.
-If you disable or do not configure this policy setting, users control this setting.
+If you disable or don't configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this slide show can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index ce1673fa34..48b7f7722b 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -105,8 +105,8 @@ manager: dansimp
This policy implements the print portion of the Device Control requirements.
-These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.
-This policy will contain the comma separated list of approved USB Vid&Pid combinations which the print spooler will allow to print when Device Control is enabled.
+These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+This policy will contain the comma-separated list of approved USB Vid&Pid combinations that the print spooler will allow to print when Device Control is enabled.
The format of this setting is `/[,/]`
Parent deliverable: 26209274 - Device Control: Printer
@@ -176,8 +176,8 @@ ADMX Info:
This policy implements the print portion of the Device Control requirements.
-These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.
-This policy will contain the comma separated list of approved USB Vid&Pid combinations which the print spooler will allow to print when Device Control is enabled.
+These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+This policy will contain the comma separated list of approved USB Vid&Pid combinations that the print spooler will allow to print when Device Control is enabled.
The format of this setting is `/[,/]`
@@ -244,14 +244,14 @@ ADMX Info:
This policy implements the print portion of the Device Control requirements.
-These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.
This policy will control whether the print spooler will attempt to restrict printing as part of Device Control.
The default value of the policy will be Unconfigured.
-If the policy value is either Unconfigured or Disabled the print spooler will not restrict printing.
+If the policy value is either Unconfigured or Disabled, the print spooler won't restrict printing.
-If the policy value is Enabled the print spooler will restrict local printing to USB devices in the Approved Device list.
+If the policy value is Enabled, the print spooler will restrict local printing to USB devices in the Approved Device list.
@@ -320,14 +320,14 @@ ADMX Info:
This policy implements the print portion of the Device Control requirements.
-These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.
+These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network.
This policy will control whether the print spooler will attempt to restrict printing as part of Device Control.
The default value of the policy will be Unconfigured.
-If the policy value is either Unconfigured or Disabled the print spooler will not restrict printing.
+If the policy value is either Unconfigured or Disabled, the print spooler won't restrict printing.
-If the policy value is Enabled the print spooler will restrict local printing to USB devices in the Approved Device list.
+If the policy value is Enabled, the print spooler will restrict local printing to USB devices in the Approved Device list.
@@ -374,11 +374,11 @@ This policy setting controls the client Point and Print behavior, including the
If you enable this policy setting:
-- Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made.
+- Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver isn't available on the client, no connection will be made.
-- You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.
+- You can configure Windows Vista clients so that security warnings and elevated command prompts don't appear when users Point and Print, or when printer connection drivers need to be updated.
-If you do not configure this policy setting:
+If you don't configure this policy setting:
- Windows Vista client computers can point and print to any server.
@@ -392,9 +392,9 @@ If you disable this policy setting:
- Windows Vista client computers can create a printer connection to any server using Point and Print.
-- Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
+- Windows Vista computers won't show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
-- Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
+- Windows Vista computers won't show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
- Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
@@ -457,11 +457,11 @@ This policy setting controls the client Point and Print behavior, including the
If you enable this policy setting:
-- Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made.
+- Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver isn't available on the client, no connection will be made.
-- You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.
+- You can configure Windows Vista clients so that security warnings and elevated command prompts don't appear when users Point and Print, or when printer connection drivers need to be updated.
-If you do not configure this policy setting:
+If you don't configure this policy setting:
- Windows Vista client computers can point and print to any server.
@@ -475,9 +475,9 @@ If you disable this policy setting:
- Windows Vista client computers can create a printer connection to any server using Point and Print.
-- Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
+- Windows Vista computers won't show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
-- Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
+- Windows Vista computers won't show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
- Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
@@ -524,11 +524,11 @@ ADMX Info:
Determines whether the computer's shared printers can be published in Active Directory.
-If you enable this setting or do not configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory.
+If you enable this setting or don't configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory.
-If you disable this setting, this computer's shared printers cannot be published in Active Directory, and the "List in directory" option is not available.
+If you disable this setting, this computer's shared printers can't be published in Active Directory, and the "List in directory" option isn't available.
-Note: This settings takes priority over the setting "Automatically publish new printers in the Active Directory".
+Note: This setting takes priority over the setting "Automatically publish new printers in the Active Directory".
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
index 69ec854522..64c53af12c 100644
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -71,15 +71,15 @@ manager: dansimp
This policy setting lets you customize warning messages.
-The "Display warning message before sharing control" policy setting allows you to specify a custom message to display before a user shares control of his or her computer.
+The "Display warning message before sharing control" policy setting allows you to specify a custom message to display before users share control of their computers.
-The "Display warning message before connecting" policy setting allows you to specify a custom message to display before a user allows a connection to his or her computer.
+The "Display warning message before connecting" policy setting allows you to specify a custom message to display before users allow a connection to their computers.
If you enable this policy setting, the warning message you specify overrides the default message that is seen by the novice.
If you disable this policy setting, the user sees the default warning message.
-If you do not configure this policy setting, the user sees the default warning message.
+If you don't configure this policy setting, the user sees the default warning message.
@@ -125,9 +125,9 @@ This policy setting allows you to turn logging on or off. Log files are located
If you enable this policy setting, log files are generated.
-If you disable this policy setting, log files are not generated.
+If you disable this policy setting, log files aren't generated.
-If you do not configure this setting, application-based settings are used.
+If you don't configure this setting, application-based settings are used.
@@ -171,19 +171,19 @@ ADMX Info:
This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer.
-If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer, and you can configure additional Remote Assistance settings.
+If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer, and you can configure more Remote Assistance settings.
-If you disable this policy setting, users on this computer cannot use email or file transfer to ask someone for help. Also, users cannot use instant messaging programs to allow connections to this computer.
+If you disable this policy setting, users on this computer can't use email or file transfer to ask someone for help. Also, users can't use instant messaging programs to allow connections to this computer.
-If you do not configure this policy setting, users can turn on or turn off Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote Assistance settings.
+If you don't configure this policy setting, users can turn on or turn off Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote Assistance settings.
If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer."
The "Maximum ticket time" policy setting sets a limit on the amount of time that a Remote Assistance invitation created by using email or file transfer can remain open.
-The "Select the method for sending email invitations" setting specifies which email standard to use to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting is not available in Windows Vista since SMAPI is the only method supported.
+The "Select the method for sending email invitations" setting specifies which email standard to use to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting isn't available in Windows Vista since SMAPI is the only method supported.
-If you enable this policy setting you should also enable appropriate firewall exceptions to allow Remote Assistance communications.
+If you enable this policy setting, you should also enable appropriate firewall exceptions to allow Remote Assistance communications.
@@ -229,9 +229,9 @@ This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote
If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
-If you disable this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
+If you disable this policy setting, users on this computer can't get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
-If you do not configure this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
+If you don't configure this policy setting, users on this computer can't get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer." When you configure this policy setting, you also specify the list of users or user groups that are allowed to offer remote assistance.
@@ -241,7 +241,7 @@ To configure the list of helpers, click "Show." In the window that opens, you ca
`\`
-If you enable this policy setting, you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you are running.
+If you enable this policy setting, you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you're running.
Windows Vista and later
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index 31f36b4007..6519b2d40c 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -81,9 +81,9 @@ This policy setting allows you to configure remote access to computers by using
If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services.
-If you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections.
+If you disable this policy setting, users can't connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but won't accept any new incoming connections.
-If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections are not allowed.
+If you don't configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections aren't allowed.
Note: You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication.
@@ -129,17 +129,17 @@ ADMX Info:
-Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) is not recommended. This policy does not apply to SSL encryption.
+Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you're using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) isn't recommended. This policy doesn't apply to SSL encryption.
If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the encryption method specified in this setting. By default, the encryption level is set to High. The following encryption methods are available:
-* High: The High setting encrypts data sent from the client to the server and from the server to the client by using strong 128-bit encryption. Use this encryption level in environments that contain only 128-bit clients (for example, clients that run Remote Desktop Connection). Clients that do not support this encryption level cannot connect to RD Session Host servers.
+* High: The High setting encrypts data sent from the client to the server and from the server to the client by using strong 128-bit encryption. Use this encryption level in environments that contain only 128-bit clients (for example, clients that run Remote Desktop Connection). Clients that don't support this encryption level can't connect to RD Session Host servers.
-* Client Compatible: The Client Compatible setting encrypts data sent between the client and the server at the maximum key strength supported by the client. Use this encryption level in environments that include clients that do not support 128-bit encryption.
+* Client Compatible: The Client Compatible setting encrypts data sent between the client and the server at the maximum key strength supported by the client. Use this encryption level in environments that include clients that don't support 128-bit encryption.
* Low: The Low setting encrypts only data sent from the client to the server by using 56-bit encryption.
-If you disable or do not configure this setting, the encryption level to be used for remote connections to RD Session Host servers is not enforced through Group Policy.
+If you disable or don't configure this setting, the encryption level to be used for remote connections to RD Session Host servers isn't enforced through Group Policy.
Important
@@ -189,11 +189,11 @@ This policy setting specifies whether to prevent the mapping of client drives in
By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format `` on ``. You can use this policy setting to override this behavior.
-If you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is not allowed on computers running Windows Server 2019 and Windows 10.
+If you enable this policy setting, client drive redirection isn't allowed in Remote Desktop Services sessions, and Clipboard file copy redirection isn't allowed on computers running Windows Server 2019 and Windows 10.
If you disable this policy setting, client drive redirection is always allowed. In addition, Clipboard file copy redirection is always allowed if Clipboard redirection is allowed.
-If you do not configure this policy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level.
+If you don't configure this policy setting, client drive redirection and Clipboard file copy redirection aren't specified at the Group Policy level.
@@ -237,7 +237,7 @@ ADMX Info:
Controls whether passwords can be saved on this computer from Remote Desktop Connection.
-If you enable this setting the password saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings, any password that previously existed in the RDP file will be deleted.
+If you enable this setting, the password-saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves their settings, any password that previously existed in the RDP file will be deleted.
If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection.
@@ -285,13 +285,13 @@ This policy setting specifies whether Remote Desktop Services always prompts the
You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client.
-By default, Remote Desktop Services allows users to automatically log on by entering a password in the Remote Desktop Connection client.
+By default, Remote Desktop Services allows users to automatically sign in by entering a password in the Remote Desktop Connection client.
-If you enable this policy setting, users cannot automatically log on to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They are prompted for a password to log on.
+If you enable this policy setting, users can't automatically sign in to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They're prompted for a password to sign in.
-If you disable this policy setting, users can always log on to Remote Desktop Services automatically by supplying their passwords in the Remote Desktop Connection client.
+If you disable this policy setting, users can always sign in to Remote Desktop Services automatically by supplying their passwords in the Remote Desktop Connection client.
-If you do not configure this policy setting, automatic logon is not specified at the Group Policy level.
+If you don't configure this policy setting, automatic logon isn't specified at the Group Policy level.
@@ -337,9 +337,9 @@ Specifies whether a Remote Desktop Session Host server requires secure RPC commu
You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.
-If the status is set to Enabled, Remote Desktop Services accepts requests from RPC clients that support secure requests, and does not allow unsecured communication with untrusted clients.
+If the status is set to Enabled, Remote Desktop Services accepts requests from RPC clients that support secure requests, and doesn't allow unsecured communication with untrusted clients.
-If the status is set to Disabled, Remote Desktop Services always requests security for all RPC traffic. However, unsecured communication is allowed for RPC clients that do not respond to the request.
+If the status is set to Disabled, Remote Desktop Services always requests security for all RPC traffic. However, unsecured communication is allowed for RPC clients that don't respond to the request.
If the status is set to Not Configured, unsecured communication is allowed.
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index 7062b9695c..a0059027d9 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -108,7 +108,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
If you enable this policy setting, the WinRM client uses Basic authentication. If WinRM is configured to use HTTP transport, the user name and password are sent over the network as clear text.
-If you disable or do not configure this policy setting, the WinRM client does not use Basic authentication.
+If you disable or don't configure this policy setting, the WinRM client doesn't use Basic authentication.
@@ -154,7 +154,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
If you enable this policy setting, the WinRM service accepts Basic authentication from a remote client.
-If you disable or do not configure this policy setting, the WinRM service does not accept Basic authentication from a remote client.
+If you disable or don't configure this policy setting, the WinRM service doesn't accept Basic authentication from a remote client.
@@ -200,7 +200,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
If you enable this policy setting, the WinRM client uses CredSSP authentication.
-If you disable or do not configure this policy setting, the WinRM client does not use CredSSP authentication.
+If you disable or don't configure this policy setting, the WinRM client doesn't use CredSSP authentication.
@@ -246,7 +246,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
If you enable this policy setting, the WinRM service accepts CredSSP authentication from a remote client.
-If you disable or do not configure this policy setting, the WinRM service does not accept CredSSP authentication from a remote client.
+If you disable or don't configure this policy setting, the WinRM service doesn't accept CredSSP authentication from a remote client.
@@ -294,11 +294,11 @@ If you enable this policy setting, the WinRM service automatically listens on th
To allow WinRM service to receive requests over the network, configure the Windows Firewall policy setting with exceptions for Port 5985 (default port for HTTP).
-If you disable or do not configure this policy setting, the WinRM service will not respond to requests from a remote computer, regardless of whether or not any WinRM listeners are configured.
+If you disable or don't configure this policy setting, the WinRM service won't respond to requests from a remote computer, regardless of whether or not any WinRM listeners are configured.
The service listens on the addresses specified by the IPv4 and IPv6 filters. The IPv4 filter specifies one or more ranges of IPv4 addresses, and the IPv6 filter specifies one or more ranges of IPv6addresses. If specified, the service enumerates the available IP addresses on the computer and uses only addresses that fall within one of the filter ranges.
-You should use an asterisk (\*) to indicate that the service listens on all available IP addresses on the computer. When \* is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses.
+You should use an asterisk (\*) to indicate that the service listens on all available IP addresses on the computer. When \* is used, other ranges in the filter are ignored. If the filter is left blank, the service doesn't listen on any addresses.
For example, if you want the service to listen only on IPv4 addresses, leave the IPv6 filter empty.
@@ -351,7 +351,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
If you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network.
-If you disable or do not configure this policy setting, the WinRM client sends or receives only encrypted messages over the network.
+If you disable or don't configure this policy setting, the WinRM client sends or receives only encrypted messages over the network.
@@ -397,7 +397,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
If you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network.
-If you disable or do not configure this policy setting, the WinRM client sends or receives only encrypted messages over the network.
+If you disable or don't configure this policy setting, the WinRM client sends or receives only encrypted messages over the network.
@@ -441,9 +441,9 @@ ADMX Info:
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authentication.
-If you enable this policy setting, the WinRM client does not use Digest authentication.
+If you enable this policy setting, the WinRM client doesn't use Digest authentication.
-If you disable or do not configure this policy setting, the WinRM client uses Digest authentication.
+If you disable or don't configure this policy setting, the WinRM client uses Digest authentication.
@@ -487,9 +487,9 @@ ADMX Info:
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Negotiate authentication.
-If you enable this policy setting, the WinRM client does not use Negotiate authentication.
+If you enable this policy setting, the WinRM client doesn't use Negotiate authentication.
-If you disable or do not configure this policy setting, the WinRM client uses Negotiate authentication.
+If you disable or don't configure this policy setting, the WinRM client uses Negotiate authentication.
@@ -533,9 +533,9 @@ ADMX Info:
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Negotiate authentication from a remote client.
-If you enable this policy setting, the WinRM service does not accept Negotiate authentication from a remote client.
+If you enable this policy setting, the WinRM service doesn't accept Negotiate authentication from a remote client.
-If you disable or do not configure this policy setting, the WinRM service accepts Negotiate authentication from a remote client.
+If you disable or don't configure this policy setting, the WinRM service accepts Negotiate authentication from a remote client.
@@ -577,13 +577,13 @@ ADMX Info:
-This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not allow RunAs credentials to be stored for any plug-ins.
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) service won't allow RunAs credentials to be stored for any plug-ins.
-If you enable this policy setting, the WinRM service will not allow the RunAsUser or RunAsPassword configuration values to be set for any plug-ins. If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will be erased from the credential store on this computer.
+If you enable this policy setting, the WinRM service won't allow the RunAsUser or RunAsPassword configuration values to be set for any plug-ins. If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will be erased from the credential store on this computer.
-If you disable or do not configure this policy setting, the WinRM service will allow the RunAsUser and RunAsPassword configuration values to be set for plug-ins and the RunAsPassword value will be stored securely.
+If you disable or don't configure this policy setting, the WinRM service will allow the RunAsUser and RunAsPassword configuration values to be set for plug-ins and the RunAsPassword value will be stored securely.
-If you enable and then disable this policy setting,any values that were previously configured for RunAsPassword will need to be reset.
+If you enable and then disable this policy setting, any values that were previously configured for RunAsPassword will need to be reset.
@@ -625,17 +625,17 @@ ADMX Info:
-This policy setting allows you to set the hardening level of the Windows Remote Management (WinRM) service with regard to channel binding tokens.
+This policy setting allows you to set the hardening level of the Windows Remote Management (WinRM) service regarding channel binding tokens.
If you enable this policy setting, the WinRM service uses the level specified in HardeningLevel to determine whether or not to accept a received request, based on a supplied channel binding token.
-If you disable or do not configure this policy setting, you can configure the hardening level locally on each computer.
+If you disable or don't configure this policy setting, you can configure the hardening level locally on each computer.
If HardeningLevel is set to Strict, any request not containing a valid channel binding token is rejected.
-If HardeningLevel is set to Relaxed (default value), any request containing an invalid channel binding token is rejected. However, a request that does not contain a channel binding token is accepted (though it is not protected from credential-forwarding attacks).
+If HardeningLevel is set to Relaxed (default value), any request containing an invalid channel binding token is rejected. However, a request that doesn't contain a channel binding token is accepted (though it isn't protected from credential-forwarding attacks).
-If HardeningLevel is set to None, all requests are accepted (though they are not protected from credential-forwarding attacks).
+If HardeningLevel is set to None, all requests are accepted (though they aren't protected from credential-forwarding attacks).
@@ -679,9 +679,9 @@ ADMX Info:
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity.
-If you enable this policy setting, the WinRM client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity. The WinRM client uses this list when neither HTTPS nor Kerberos are used to authenticate the identity of the host.
+If you enable this policy setting, the WinRM client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity. The WinRM client uses this list when HTTPS or Kerberos is used to authenticate the identity of the host.
-If you disable or do not configure this policy setting and the WinRM client needs to use the list of trusted hosts, you must configure the list of trusted hosts locally on each computer.
+If you disable or don't configure this policy setting and the WinRM client needs to use the list of trusted hosts, you must configure the list of trusted hosts locally on each computer.
@@ -727,7 +727,7 @@ This policy setting turns on or turns off an HTTP listener created for backward
If you enable this policy setting, the HTTP listener always appears.
-If you disable or do not configure this policy setting, the HTTP listener never appears.
+If you disable or don't configure this policy setting, the HTTP listener never appears.
When certain port 80 listeners are migrated to WinRM 2.0, the listener port number changes to 5985.
@@ -777,7 +777,7 @@ This policy setting turns on or turns off an HTTPS listener created for backward
If you enable this policy setting, the HTTPS listener always appears.
-If you disable or do not configure this policy setting, the HTTPS listener never appears.
+If you disable or don't configure this policy setting, the HTTPS listener never appears.
When certain port 443 listeners are migrated to WinRM 2.0, the listener port number changes to 5986.
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index a750b0adde..c2235cdbb4 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -1,6 +1,6 @@
---
title: Policy CSP - RemoteProcedureCall
-description: The Policy CSP - RemoteProcedureCall setting controls whether RPC clients authenticate when the call they are making contains authentication information.
+description: The Policy CSP - RemoteProcedureCall setting controls whether RPC clients authenticate when the call they're making contains authentication information.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -64,15 +64,15 @@ manager: dansimp
-This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner.
+This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they're making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) can't process authentication information supplied in this manner.
-If you disable this policy setting, RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Endpoint Mapper Service on Windows NT4 Server.
+If you disable this policy setting, RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Endpoint Mapper Service on Windows NT4 Server.
-If you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls will not be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
+If you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls won't be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
-If you do not configure this policy setting, it remains disabled. RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
+If you don't configure this policy setting, it remains disabled. RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
-Note: This policy will not be applied until the system is rebooted.
+Note: This policy won't be applied until the system is rebooted.
@@ -116,13 +116,13 @@ ADMX Info:
This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.
-This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.
+This policy setting impacts all RPC applications. In a domain environment, this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.
If you disable this policy setting, the RPC server runtime uses the value of "Authenticated" on Windows Client, and the value of "None" on Windows Server versions that support this policy setting.
-If you do not configure this policy setting, it remains disabled. The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting.
+If you don't configure this policy setting, it remains disabled. The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting.
-If you enable this policy setting, it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have specifically requested to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value for this policy setting.
+If you enable this policy setting, it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have requested to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value for this policy setting.
- "None" allows all RPC clients to connect to RPC Servers running on the machine on which the policy setting is applied.
@@ -131,7 +131,7 @@ If you enable this policy setting, it directs the RPC server runtime to restrict
- "Authenticated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. No exceptions are allowed.
> [!NOTE]
-> This policy setting will not be applied until the system is rebooted.
+> This policy setting won't be applied until the system is rebooted.
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index 5c7775b5f5..b56f078278 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -160,7 +160,7 @@ ADMX Info:
-This is a simple boolean value, default false, that can be set by MDM policy to allow the Cortana Page in OOBE when logged in with an AAD account.
+This value is a simple boolean value, default false, that can be set by MDM policy to allow the Cortana Page in OOBE when logged in with an AAD account.
@@ -194,7 +194,7 @@ This is a simple boolean value, default false, that can be set by MDM policy to
-Controls if the user can configure search to Find My Files mode, which searches files in secondary hard drives and also outside of the user profile. Find My Files does not allow users to search files or locations to which they do not have access.
+Controls if the user can configure search to Find My Files mode, which searches files in secondary hard drives and also outside of the user profile. Find My Files doesn't allow users to search files or locations to which they don't have access.
@@ -252,7 +252,7 @@ Allows or disallows the indexing of items. This switch is for the Windows Search
When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes things like file path and date modified.
-When the policy is disabled, the WIP protected items are not indexed and do not show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps if there are a lot of WIP protected media files on the device.
+When the policy is disabled, the WIP protected items aren't indexed and don't show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps if there are many WIP-protected media files on the device.
Most restricted value is 0.
@@ -302,7 +302,7 @@ The following list shows the supported values:
-Specifies whether search can leverage location information.
+Specifies whether search can use location information.
Most restricted value is 0.
@@ -605,9 +605,9 @@ The following list shows the supported values:
This policy setting configures whether or not locations on removable drives can be added to libraries.
-If you enable this policy setting, locations on removable drives cannot be added to libraries. In addition, locations on removable drives cannot be indexed.
+If you enable this policy setting, locations on removable drives can't be added to libraries. In addition, locations on removable drives can't be indexed.
-If you disable or do not configure this policy setting, locations on removable drives can be added to libraries. In addition, locations on removable drives can be indexed.
+If you disable or don't configure this policy setting, locations on removable drives can be added to libraries. In addition, locations on removable drives can be indexed.
@@ -659,7 +659,7 @@ Don't search the web or display web results in Search, or show search highlights
This policy setting allows you to control whether or not Search can perform queries on the web, if web results are displayed in Search, and if search highlights are shown in the search box and in search home.
-- If you enable this policy setting, queries won't be performed on the web, web results won't be displayed when a user performs a query in Search, and search highlights will not be shown in the search box and in search home.
+- If you enable this policy setting, queries won't be performed on the web, web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home.
- If you disable this policy setting, queries will be performed on the web, web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home.
@@ -711,7 +711,7 @@ The following list shows the supported values:
Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 1.
-Enable this policy if computers in your environment have extremely limited hard drive space.
+Enable this policy if computers in your environment have limited hard drive space.
When this policy is disabled or not configured, Windows Desktop Search automatically manages your index size.
@@ -761,7 +761,7 @@ The following list shows the supported values:
-If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index..
+If enabled, clients will be unable to query this computer's index remotely. Thus, when they're browsing network shares that are stored on this computer, they won't search them using the index. If disabled, client search requests will use this computer's index..
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index dc3da9ca62..dcf870fbf8 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -199,7 +199,7 @@ ADMX Info:
The following list shows the supported values:
-- 0 (default) – Will not force recovery from a non-ready TPM state.
+- 0 (default) – Won't force recovery from a non-ready TPM state.
- 1 – Will prompt to clear the TPM if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear.
@@ -326,7 +326,7 @@ This policy controls the Admin Authentication requirement in RecoveryEnvironment
Supported values:
- 0 - Default: Keep using default(current) behavior
- 1 - RequireAuthentication: Admin Authentication is always required for components in RecoveryEnvironment
-- 2 - NoRequireAuthentication: Admin Authentication is not required for components in RecoveryEnvironment
+- 2 - NoRequireAuthentication: Admin Authentication isn't required for components in RecoveryEnvironment
@@ -344,10 +344,10 @@ The process of starting Push Button Reset (PBR) in WinRE:
1. Open a cmd as Administrator, run command "reagentc /boottore" and restart the OS to boot to WinRE.
1. OS should boot to the blue screen of WinRE UI, go through TroubleShoot -> Reset this PC, it should show two options: "Keep my files" and "Remove everything".
-If the MDM policy is set to "Default" (0) or does not exist, the admin authentication flow should work as default behavior:
+If the MDM policy is set to "Default" (0) or doesn't exist, the admin authentication flow should work as default behavior:
1. Start PBR in WinRE, choose "Keep my files", it should pop up admin authentication.
-1. Click "<-" (right arrow) button and choose "Remove everything", it should not pop up admin authentication and just go to PBR options.
+1. Click "<-" (right arrow) button and choose "Remove everything", it shouldn't pop up admin authentication and just go to PBR options.
If the MDM policy is set to "RequireAuthentication" (1)
@@ -356,9 +356,9 @@ If the MDM policy is set to "RequireAuthentication" (1)
If the MDM policy is set to "NoRequireAuthentication" (2)
-1. Start PBR in WinRE, choose "Keep my files", it should not pop up admin authentication.
+1. Start PBR in WinRE, choose "Keep my files", it shouldn't pop up admin authentication.
1. Go through PBR options and click "cancel" at final confirmation page, wait unit the UI is back.
-1. Click "TroubleShoot" -> "Reset this PC" again, choose "Remove everything", it should not pop up admin authentication neither.
+1. Click "TroubleShoot" -> "Reset this PC" again, choose "Remove everything", it shouldn't pop up admin authentication neither.
@@ -403,7 +403,7 @@ Most restricted value is 1.
The following list shows the supported values:
-- 0 (default) – Encryption is not required.
+- 0 (default) – Encryption isn't required.
- 1 – Encryption is required.
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index 8713e65ba8..1b0e0f8bc4 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -249,7 +249,7 @@ This policy disables edit device name option on Settings.
-Describes what value are supported in by this policy and meaning of each value, default value.
+Describes what values are supported in by this policy and meaning of each value, default value.
@@ -626,7 +626,7 @@ ADMX Info:
The following list shows the supported values:
- 0 (default) – User will be allowed to configure the setting.
-- 1 – Don't show additional calendars.
+- 1 – Don't show more calendars.
- 2 - Simplified Chinese (Lunar).
- 3 - Traditional Chinese (Lunar).
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index 2fd9258e23..f760f05bc0 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -156,7 +156,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
@@ -197,7 +197,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
@@ -238,7 +238,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
@@ -279,7 +279,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
@@ -320,7 +320,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
@@ -361,7 +361,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
@@ -402,7 +402,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
@@ -443,7 +443,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
@@ -484,7 +484,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
@@ -525,7 +525,7 @@ The following list shows the supported values:
- 0 – The shortcut is hidden and disables the setting in the Settings app.
- 1 – The shortcut is visible and disables the setting in the Settings app.
-- 65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+- 65535 (default) - there's no enforced configuration and the setting can be changed by the user.
@@ -634,7 +634,7 @@ ADMX Info:
The following list shows the supported values:
-- 0 (default) – False (Do not disable).
+- 0 (default) – False (don't disable).
- 1 - True (disable).
@@ -679,13 +679,13 @@ The following list shows the supported values:
Forces the start screen size.
-If there is policy configuration conflict, the latest configuration request is applied to the device.
+If there's policy configuration conflict, the latest configuration request is applied to the device.
The following list shows the supported values:
-- 0 (default) – Do not force size of Start.
+- 0 (default) – Don't force size of Start.
- 1 – Force non-fullscreen size of Start.
- 2 - Force a fullscreen size of Start.
@@ -730,12 +730,12 @@ Allows IT Admins to configure Start by collapsing or removing the all apps list.
> There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709.
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
- 1 - Enable policy and restart explorer.exe
-- 2a - If set to '1': Verify that the all apps list is collapsed, and that the Settings toggle is not grayed out.
+- 2a - If set to '1': Verify that the all apps list is collapsed, and that the Settings toggle isn't grayed out.
- 2b - If set to '2': Verify that the all apps list is collapsed, and that the Settings toggle is grayed out.
-- 2c - If set to '3': Verify that there is no way of opening the all apps list from Start, and that the Settings toggle is grayed out.
+- 2c - If set to '3': Verify that there's no way of opening the all apps list from Start, and that the Settings toggle is grayed out.
@@ -783,15 +783,15 @@ Allows IT Admins to configure Start by hiding "Change account settings" from app
The following list shows the supported values:
-- 0 (default) – False (do not hide).
+- 0 (default) – False (don't hide).
- 1 - True (hide).
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
1. Enable policy.
-2. Open Start, click on the user tile, and verify that "Change account settings" is not available.
+2. Open Start, click on the user tile, and verify that "Change account settings" isn't available.
@@ -834,19 +834,19 @@ Allows IT Admins to configure Start by hiding most used apps.
The following list shows the supported values:
-- 0 (default) – False (do not hide).
+- 0 (default) – False (don't hide).
- 1 - True (hide).
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
1. Enable "Show most used apps" in the Settings app.
2. Use some apps to get them into the most used group in Start.
3. Enable policy.
4. Restart explorer.exe
5. Check that "Show most used apps" Settings toggle is grayed out.
-6. Check that most used apps do not appear in Start.
+6. Check that most used apps don't appear in Start.
@@ -883,21 +883,21 @@ Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the
> [!NOTE]
-> This policy can only be verified on laptops as "Hibernate" does not appear on regular PC's.
+> This policy can only be verified on laptops as "Hibernate" doesn't appear on regular PC's.
The following list shows the supported values:
-- 0 (default) – False (do not hide).
+- 0 (default) – False (don't hide).
- 1 - True (hide).
-To validate on Laptop, do the following:
+To validate on Laptop, do the following steps:
1. Enable policy.
-2. Open Start, click on the Power button, and verify "Hibernate" is not available.
+2. Open Start, click on the Power button, and verify "Hibernate" isn't available.
@@ -936,15 +936,15 @@ Allows IT Admins to configure Start by hiding "Lock" from appearing in the user
The following list shows the supported values:
-- 0 (default) – False (do not hide).
+- 0 (default) – False (don't hide).
- 1 - True (hide).
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
1. Enable policy.
-2. Open Start, click on the user tile, and verify "Lock" is not available.
+2. Open Start, click on the user tile, and verify "Lock" isn't available.
@@ -977,7 +977,7 @@ To validate on Desktop, do the following:
-Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar.
+Enabling this policy removes the people icon from the taskbar and the corresponding settings toggle. It also prevents users from pinning people to the taskbar.
Value type is integer.
@@ -993,7 +993,7 @@ ADMX Info:
The following list shows the supported values:
-- 0 (default) – False (do not hide).
+- 0 (default) – False (don't hide).
- 1 - True (hide).
@@ -1036,15 +1036,15 @@ Allows IT Admins to configure Start by hiding the Power button from appearing.
The following list shows the supported values:
-- 0 (default) – False (do not hide).
+- 0 (default) – False (don't hide).
- 1 - True (hide).
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
1. Enable policy.
-2. Open Start, and verify the power button is not available.
+2. Open Start, and verify the power button isn't available.
@@ -1086,12 +1086,12 @@ Allows IT Admins to configure Start by hiding recently opened items in the jump
The following list shows the supported values:
-- 0 (default) – False (do not hide).
+- 0 (default) – False (don't hide).
- 1 - True (hide).
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
1. Enable "Show recently opened items in Jump Lists on Start of the taskbar" in Settings.
2. Pin Photos to the taskbar, and open some images in the photos app.
@@ -1101,7 +1101,7 @@ To validate on Desktop, do the following:
6. Restart explorer.exe
7. Check that Settings toggle is grayed out.
8. Repeat Step 2.
-9. Right Click pinned photos app and verify that there is no jump list of recent items.
+9. Right Click pinned photos app and verify that there's no jump list of recent items.
@@ -1152,19 +1152,19 @@ ADMX Info:
The following list shows the supported values:
-- 0 (default) – False (do not hide).
+- 0 (default) – False (don't hide).
- 1 - True (hide).
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
1. Enable "Show recently added apps" in the Settings app.
2. Check if there are recently added apps in Start (if not, install some).
3. Enable policy.
4. Restart explorer.exe
5. Check that "Show recently added apps" Settings toggle is grayed out.
-6. Check that recently added apps do not appear in Start.
+6. Check that recently added apps don't appear in Start.
@@ -1203,15 +1203,15 @@ Allows IT Admins to configure Start by hiding "Restart" and "Update and restart"
The following list shows the supported values:
-- 0 (default) – False (do not hide).
+- 0 (default) – False (don't hide).
- 1 - True (hide).
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
1. Enable policy.
-2. Open Start, click on the Power button, and verify "Restart" and "Update and restart" are not available.
+2. Open Start, click on the Power button, and verify "Restart" and "Update and restart" aren't available.
@@ -1250,15 +1250,15 @@ Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut d
The following list shows the supported values:
-- 0 (default) – False (do not hide).
+- 0 (default) – False (don't hide).
- 1 - True (hide).
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
1. Enable policy.
-2. Open Start, click on the Power button, and verify "Shut down" and "Update and shut down" are not available.
+2. Open Start, click on the Power button, and verify "Shut down" and "Update and shut down" aren't available.
@@ -1297,15 +1297,15 @@ Allows IT Admins to configure Start by hiding "Sign out" from appearing in the u
The following list shows the supported values:
-- 0 (default) – False (do not hide).
+- 0 (default) – False (don't hide).
- 1 - True (hide).
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
1. Enable policy.
-2. Open Start, click on the user tile, and verify "Sign out" is not available.
+2. Open Start, click on the user tile, and verify "Sign out" isn't available.
@@ -1344,15 +1344,15 @@ Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Powe
The following list shows the supported values:
-- 0 (default) – False (do not hide).
+- 0 (default) – False (don't hide).
- 1 - True (hide).
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
1. Enable policy.
-2. Open Start, click on the Power button, and verify that "Sleep" is not available.
+2. Open Start, click on the Power button, and verify that "Sleep" isn't available.
@@ -1391,15 +1391,15 @@ Allows IT Admins to configure Start by hiding "Switch account" from appearing in
The following list shows the supported values:
-- 0 (default) – False (do not hide).
+- 0 (default) – False (don't hide).
- 1 - True (hide).
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
1. Enable policy.
-2. Open Start, click on the user tile, and verify that "Switch account" is not available.
+2. Open Start, click on the user tile, and verify that "Switch account" isn't available.
@@ -1441,16 +1441,16 @@ Allows IT Admins to configure Start by hiding the user tile.
The following list shows the supported values:
-- 0 (default) – False (do not hide).
+- 0 (default) – False (don't hide).
- 1 - True (hide).
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
1. Enable policy.
-2. Log off.
-3. Log in, and verify that the user tile is gone from Start.
+2. Sign out.
+3. Sign in, and verify that the user tile is gone from Start.
@@ -1486,7 +1486,7 @@ To validate on Desktop, do the following:
> [!NOTE]
> This policy requires reboot to take effect.
-Here is additional SKU support information:
+Here's more SKU support information:
|Release |SKU Supported |
|---------|---------|
@@ -1494,7 +1494,7 @@ Here is additional SKU support information:
|Windows 10, version 1703 and later |Enterprise, Education, Business |
|Windows 10, version 1709 and later |Enterprise, Education, Business, Pro, ProEducation, S, ProWorkstation |
-This policy imports Edge assets (e.g. .png/.jpg files) for secondary tiles into its local app data path which allows the StartLayout policy to pin Edge secondary tiles as weblink that tie to the image asset files.
+This policy imports Edge assets (for example, .png/.jpg files) for secondary tiles into its local app data path, which allows the StartLayout policy to pin Edge secondary tiles as weblink that ties to the image asset files.
> [!IMPORTANT]
> Please note that the import happens only when StartLayout policy is changed. So it is better to always change ImportEdgeAssets policy at the same time as StartLayout policy whenever there are Edge secondary tiles to be pinned from StartLayout policy.
@@ -1503,7 +1503,7 @@ The value set for this policy is an XML string containing Edge assets. For an e
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
1. Set policy with an XML for Edge assets.
2. Set StartLayout policy to anything so that it would trigger the Edge assets import.
@@ -1552,13 +1552,13 @@ The following list shows the supported values:
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
1. Enable policy.
2. Right click on a program pinned to taskbar.
-3. Verify that "Unpin from taskbar" menu does not show.
+3. Verify that "Unpin from taskbar" menu doesn't show.
4. Open Start and right click on one of the app list icons.
-5. Verify that More->Pin to taskbar menu does not show.
+5. Verify that More->Pin to taskbar menu doesn't show.
@@ -1622,8 +1622,8 @@ To validate on Desktop, do the following:
The following list shows the supported values:
-- 1 - Force showing of Most Used Apps in Start Menu, user cannot change in Settings
-- 0 - Force hiding of Most Used Apps in Start Menu, user cannot change in Settings
+- 1 - Force showing of Most Used Apps in Start Menu, user can't change in Settings
+- 0 - Force hiding of Most Used Apps in Start Menu, user can't change in Settings
- Not set - User can use Settings to hide or show Most Used Apps in Start Menu
On clean install, the user setting defaults to "hide".
@@ -1664,7 +1664,7 @@ On clean install, the user setting defaults to "hide".
> [!IMPORTANT]
> In addition to being able to set this node on a per user-basis, it can now also be set on a per-device basis. For more information, see [Policy scope](./policy-configuration-service-provider.md#policy-scope)
-Here is additional SKU support information:
+Here's more SKU support information:
|Release |SKU Supported |
|---------|---------|
@@ -1674,7 +1674,7 @@ Here is additional SKU support information:
Allows you to override the default Start layout and prevents the user from changing it. If both user and device policies are set, the user policy will be used. Apps pinned to the taskbar can also be changed with this policy
-For further details on how to customize the Start layout, please see [Customize and export Start layout](/windows/configuration/customize-and-export-start-layout) and [Configure Windows 10 taskbar](/windows/configuration/configure-windows-10-taskbar).
+For more information on how to customize the Start layout, see [Customize and export Start layout](/windows/configuration/customize-and-export-start-layout) and [Configure Windows 10 taskbar](/windows/configuration/configure-windows-10-taskbar).
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index 77b5ec67b9..d600b89da2 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -107,7 +107,7 @@ ADMX Info:
The following list shows the supported values:
-- 0 - Do not allow
+- 0 - Don't allow
- 1 (default) - Allow
@@ -128,7 +128,7 @@ The following list shows the supported values:
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 do not support group policy.
+Note: Versions prior to version 1903 don't support group policy.
@@ -145,11 +145,11 @@ Note: Versions prior to version 1903 do not support group policy.
Storage Sense can automatically clean some of the user’s files to free up disk space. By default, Storage Sense is automatically turned on when the machine runs into low disk space and is set to run whenever the machine runs into storage pressure. This cadence can be changed in Storage settings or set with the Storage/ConfigStorageSenseGlobalCadence group policy.
-If you enable this policy setting without setting a cadence, Storage Sense is turned on for the machine with the default cadence of "during low free disk space." Users cannot disable Storage Sense, but they can adjust the cadence (unless you also configure the Storage/ConfigStorageSenseGlobalCadence group policy).
+If you enable this policy setting without setting a cadence, Storage Sense is turned on for the machine with the default cadence of "during low free disk space." Users can't disable Storage Sense, but they can adjust the cadence (unless you also configure the Storage/ConfigStorageSenseGlobalCadence group policy).
-If you disable this policy setting, the machine will turn off Storage Sense. Users cannot enable Storage Sense.
+If you disable this policy setting, the machine will turn off Storage Sense. Users can't enable Storage Sense.
-If you do not configure this policy setting, Storage Sense is turned off by default until the user runs into low disk space or the user enables it manually. Users can configure this setting in Storage settings.
+If you don't configure this policy setting, Storage Sense is turned off by default until the user runs into low disk space or the user enables it manually. Users can configure this setting in Storage settings.
ADMX Info:
@@ -185,7 +185,7 @@ ADMX Info:
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 do not support group policy.
+Note: Versions prior to version 1903 don't support group policy.
@@ -200,15 +200,15 @@ Note: Versions prior to version 1903 do not support group policy.
-When Storage Sense runs, it can delete the user’s temporary files that are not in use.
+When Storage Sense runs, it can delete the user’s temporary files that aren't in use.
-If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.
+If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy doesn't have any effect.
-If you enable this policy setting, Storage Sense will delete the user’s temporary files that are not in use. Users cannot disable this setting in Storage settings.
+If you enable this policy setting, Storage Sense will delete the user’s temporary files that aren't in use. Users can't disable this setting in Storage settings.
-If you disable this policy setting, Storage Sense will not delete the user’s temporary files. Users cannot enable this setting in Storage settings.
+If you disable this policy setting, Storage Sense won't delete the user’s temporary files. Users can't enable this setting in Storage settings.
-If you do not configure this policy setting, Storage Sense will delete the user’s temporary files by default. Users can configure this setting in Storage settings.
+If you don't configure this policy setting, Storage Sense will delete the user’s temporary files by default. Users can configure this setting in Storage settings.
@@ -245,7 +245,7 @@ ADMX Info:
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 do not support group policy.
+Note: Versions prior to version 1903 don't support group policy.
@@ -260,15 +260,15 @@ Note: Versions prior to version 1903 do not support group policy.
-When Storage Sense runs, it can dehydrate cloud-backed content that hasn’t been opened in a certain amount of days.
+When Storage Sense runs, it can dehydrate cloud-backed content that hasn’t been opened in a certain number of days.
-If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.
+If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy doesn't have any effect.
If you enable this policy setting, you must provide the minimum number of days a cloud-backed file can remain unopened before Storage Sense dehydrates it. Supported values are: 0–365.
-If you set this value to zero, Storage Sense will not dehydrate any cloud-backed content. The default value is 0, which never dehydrates cloud-backed content.
+If you set this value to zero, Storage Sense won't dehydrate any cloud-backed content. The default value is 0, which never dehydrates cloud-backed content.
-If you disable or do not configure this policy setting, then Storage Sense will not dehydrate any cloud-backed content by default. Users can configure this setting in Storage settings.
+If you disable or don't configure this policy setting, then Storage Sense won't dehydrate any cloud-backed content by default. Users can configure this setting in Storage settings.
@@ -305,7 +305,7 @@ ADMX Info:
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 do not support group policy.
+Note: Versions prior to version 1903 don't support group policy.
@@ -322,13 +322,13 @@ Note: Versions prior to version 1903 do not support group policy.
When Storage Sense runs, it can delete files in the user’s Downloads folder if they haven’t been opened for more than a certain number of days.
-If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.
+If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy doesn't have any effect.
If you enable this policy setting, you must provide the minimum number of days a file can remain unopened before Storage Sense deletes it from the Downloads folder. Supported values are: 0-365.
-If you set this value to zero, Storage Sense will not delete files in the user’s Downloads folder. The default is 0, or never deleting files in the Downloads folder.
+If you set this value to zero, Storage Sense won't delete files in the user’s Downloads folder. The default is 0, or never deleting files in the Downloads folder.
-If you disable or do not configure this policy setting, then Storage Sense will not delete files in the user’s Downloads folder by default. Users can configure this setting in Storage settings.
+If you disable or don't configure this policy setting, then Storage Sense won't delete files in the user’s Downloads folder by default. Users can configure this setting in Storage settings.
@@ -365,7 +365,7 @@ ADMX Info:
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 do not support group policy.
+Note: Versions prior to version 1903 don't support group policy.
@@ -381,7 +381,7 @@ Note: Versions prior to version 1903 do not support group policy.
Storage Sense can automatically clean some of the user’s files to free up disk space.
-If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.
+If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy doesn't have any effect.
If you enable this policy setting, you must provide the desired Storage Sense cadence.
@@ -394,7 +394,7 @@ The following are supported options:
The default is 0 (during low free disk space).
-If you do not configure this policy setting, then the Storage Sense cadence is set to “during low free disk space” by default. Users can configure this setting in Storage settings.
+If you don't configure this policy setting, then the Storage Sense cadence is set to “during low free disk space” by default. Users can configure this setting in Storage settings.
@@ -431,7 +431,7 @@ ADMX Info:
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Note: Versions prior to version 1903 do not support group policy.
+Note: Versions prior to version 1903 don't support group policy.
@@ -446,15 +446,15 @@ Note: Versions prior to version 1903 do not support group policy.
-When Storage Sense runs, it can delete files in the user’s Recycle Bin if they have been there for over a certain amount of days.
+When Storage Sense runs, it can delete files in the user’s Recycle Bin if they've been there for over a certain number of days.
-If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.
+If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy doesn't have any effect.
If you enable this policy setting, you must provide the minimum age threshold (in days) of a file in the Recycle Bin before Storage Sense will delete it. Supported values are: 0–365.
-If you set this value to zero, Storage Sense will not delete files in the user’s Recycle Bin. The default is 30 days.
+If you set this value to zero, Storage Sense won't delete files in the user’s Recycle Bin. The default is 30 days.
-If you disable or do not configure this policy setting, Storage Sense will delete files in the user’s Recycle Bin that have been there for over 30 days by default. Users can configure this setting in Storage settings.
+If you disable or don't configure this policy setting, Storage Sense will delete files in the user’s Recycle Bin which have been there for over 30 days by default. Users can configure this setting in Storage settings.
@@ -506,9 +506,9 @@ ADMX Info:
This policy setting configures whether or not Windows will activate an Enhanced Storage device.
-If you enable this policy setting, Windows will not activate unactivated Enhanced Storage devices.
+If you enable this policy setting, Windows won't activate unactivated Enhanced Storage devices.
-If you disable or do not configure this policy setting, Windows will activate unactivated Enhanced Storage devices.
+If you disable or don't configure this policy setting, Windows will activate unactivated Enhanced Storage devices.
> [!TIP]
@@ -556,7 +556,7 @@ ADMX Info:
-If you enable this policy setting, write access is denied to this removable storage class. If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+If you enable this policy setting, write access is denied to this removable storage class. If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
> [!Note]
> To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives."
@@ -616,7 +616,7 @@ See [Use custom settings for Windows 10 devices in Intune](/intune/custom-settin
-This policy will do the enforcement over the following protocols which are used by most portable devices, e.g. mobile/IOS/Android:
+This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android:
- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
@@ -624,10 +624,10 @@ This policy will do the enforcement over the following protocols which are used
To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
-If enabled, this policy will block end-user from Read access on any Windows Portal devices, e.g. mobile/iOS/Android.
+If enabled, this policy will block end-user from Read access on any Windows Portal devices, for example, mobile/iOS/Android.
>[!NOTE]
-> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
+> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, for example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
Supported values for this policy are:
- Not configured
@@ -678,7 +678,7 @@ ADMX Info:
-This policy will do the enforcement over the following protocols which are used by most portable devices, e.g. mobile/IOS/Android:
+This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android:
- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
@@ -686,7 +686,7 @@ This policy will do the enforcement over the following protocols which are used
To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
-If enabled, this policy will block end-user from Read access on any Windows Portal devices, e.g. mobile/iOS/Android.
+If enabled, this policy will block end-user from Read access on any Windows Portal devices, for example, mobile/iOS/Android.
>[!NOTE]
> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
@@ -740,7 +740,7 @@ ADMX Info:
-This policy will do the enforcement over the following protocols which are used by most portable devices, e.g. mobile/IOS/Android:
+This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android:
- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
@@ -748,7 +748,7 @@ This policy will do the enforcement over the following protocols which are used
To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
-If enabled, this will block end-user from Write access on any Windows Portal devices, e.g. mobile/iOS/Android.
+If enabled, this policy will block end-user from Write access on any Windows Portal devices, for example, mobile/iOS/Android.
>[!NOTE]
> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
@@ -802,7 +802,7 @@ ADMX Info:
-This policy will do the enforcement over the following protocols which are used by most portable devices, e.g. mobile/IOS/Android:
+This policy will do the enforcement over the following protocols that are used by most portable devices, for example, mobile/IOS/Android:
- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
@@ -810,7 +810,7 @@ This policy will do the enforcement over the following protocols which are used
To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
-If enabled, this will block end-user from Write access on any Windows Portal devices, e.g. mobile/iOS/Android.
+If enabled, this policy will block end-user from Write access on any Windows Portal devices, for example, mobile/iOS/Android.
>[!NOTE]
> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 9e31c3a67b..a824fde8d4 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -144,7 +144,7 @@ manager: dansimp
This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. These controls are located under "Get Insider builds," and enable users to make their devices available for downloading and installing Windows preview software.
-If you enable or do not configure this policy setting, users can download and install Windows preview software on their devices. If you disable this policy setting, the item "Get Insider builds" will be unavailable.
+If you enable or don't configure this policy setting, users can download and install Windows preview software on their devices. If you disable this policy setting, the item "Get Insider builds" will be unavailable.
@@ -201,9 +201,9 @@ To enable this behavior, you must complete two steps:
Windows diagnostic data is collected when the Allow Telemetry policy setting is set to 1 – **Required (Basic)** or above.
-If you disable or do not configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft’s [privacy statement](https://go.microsoft.com/fwlink/?LinkId=521839) unless you have enabled policies like Allow Update Compliance Processing or Allow Desktop Analytics Processing.
+If you disable or don't configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft’s [privacy statement](https://go.microsoft.com/fwlink/?LinkId=521839) unless you have enabled policies like Allow Update Compliance Processing or Allow Desktop Analytics Processing.
-Configuring this setting does not change the Windows diagnostic data collection level set for the device or the operation of optional analytics processor services like Desktop Analytics and Update Compliance.
+Configuring this setting doesn't change the Windows diagnostic data collection level set for the device or the operation of optional analytics processor services like Desktop Analytics and Update Compliance.
See the documentation at [ConfigureWDD](https://aka.ms/ConfigureWDD) for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data.
@@ -248,11 +248,11 @@ To enable this behavior, you must complete three steps:
2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above
3. Set the Configure the Commercial ID setting for your Desktop Analytics workspace
-This setting has no effect on devices unless they are properly enrolled in Desktop Analytics.
+This setting has no effect on devices unless they're properly enrolled in Desktop Analytics.
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
-If you disable or do not configure this policy setting, devices will not appear in Desktop Analytics.
+If you disable or don't configure this policy setting, devices won't appear in Desktop Analytics.
The following list shows the supported values:
@@ -289,7 +289,7 @@ The following list shows the supported values:
-This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data. If you disable or do not configure this policy setting, then device name will not be sent to Microsoft as part of Windows diagnostic data.
+This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data. If you disable or don't configure this policy setting, then device name won't be sent to Microsoft as part of Windows diagnostic data.
@@ -385,7 +385,7 @@ The following list shows the supported values:
> [!NOTE]
-> This policy is not supported in Windows 10, version 1607.
+> This policy isn't supported in Windows 10, version 1607.
This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior.
@@ -430,11 +430,11 @@ The following list shows the supported values:
-Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally installed fonts.
+Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows doesn't connect to an online font provider and only enumerates locally installed fonts.
-This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value is not set by default, so the default behavior is true (enabled).
+This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value isn't set by default, so the default behavior is true (enabled).
-This setting is used by lower-level components for text display and fond handling and has not direct effect on web browsers, which may download web fonts used in web content.
+This setting is used by lower-level components for text display and fond handling and hasn't direct effect on web browsers, which may download web fonts used in web content.
> [!NOTE]
> Reboot is required after setting the policy; alternatively you can stop and restart the FontCache service.
@@ -458,7 +458,7 @@ The following list shows the supported values:
To verify if System/AllowFontProviders is set to true:
-- After a client machine is rebooted, check whether there is any network traffic from client machine to fs.microsoft.com.
+- After a client machine is rebooted, check whether there's any network traffic from client machine to fs.microsoft.com.
@@ -513,9 +513,9 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Force Location Off. All Location Privacy settings are toggled off and grayed out. Users cannot change the settings, and no apps are allowed access to the Location service, including Cortana and Search.
+- 0 – Force Location Off. All Location Privacy settings are toggled off and grayed out. Users can't change the settings, and no apps are allowed access to the Location service, including Cortana and Search.
- 1 (default) – Location service is allowed. The user has control and can change Location Privacy settings on or off.
-- 2 – Force Location On. All Location Privacy settings are toggled on and grayed out. Users cannot change the settings and all consent permissions will be automatically suppressed.
+- 2 – Force Location On. All Location Privacy settings are toggled on and grayed out. Users can't change the settings and all consent permissions will be automatically suppressed.
@@ -531,7 +531,7 @@ This policy setting configures an Azure Active Directory joined device so that M
For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data](/microsoft-365/managed-desktop/service-description/privacy-personal-data.md).
-This setting has no effect on devices unless they are properly enrolled in Microsoft Managed Desktop.
+This setting has no effect on devices unless they're properly enrolled in Microsoft Managed Desktop.
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
@@ -575,7 +575,7 @@ Most restricted value is 0.
The following list shows the supported values:
-- 0 – SD card use is not allowed and USB drives are disabled. This setting does not prevent programmatic access to the storage card.
+- 0 – SD card use isn't allowed and USB drives are disabled. This setting doesn't prevent programmatic access to the storage card.
- 1 (default) – Allow a storage card.
@@ -611,7 +611,7 @@ The following list shows the supported values:
Allows the device to send diagnostic and usage telemetry data, such as Watson.
-For more information about diagnostic data, including what is and what is not collected by Windows, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
+For more information about diagnostic data, including what is and what isn't collected by Windows, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
The following list shows the supported values for Windows 8.1:
- 0 - Not allowed.
@@ -623,19 +623,19 @@ In Windows 10, you can configure this policy setting to decide what level of dia
The following list shows the supported values for Windows 10 version 1809 and older, choose the value that is applicable to your OS version (older OS values are displayed in the brackets):
-- 0 – **Off (Security)** This turns Windows diagnostic data off.
+- 0 – **Off (Security)** This value turns Windows diagnostic data off.
> [!NOTE]
> This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 IoT Core (IoT Core), HoloLens 2, and Windows Server 2016 (and later versions). Using this setting on other devices editions of Windows is equivalent to setting the value of 1.
- 1 – **Required (Basic)** Sends basic device info, including quality-related data, app compatibility, and other similar data to keep the device secure and up-to-date.
-- 2 – (**Enhanced**) Sends the same data as a value of 1, plus additional insights, including how Windows apps are used, how they perform, and advanced reliability data, such as limited crash dumps.
+- 2 – (**Enhanced**) Sends the same data as a value of 1, plus extra insights, including how Windows apps are used, how they perform, and advanced reliability data, such as limited crash dumps.
> [!NOTE]
> **Enhanced** is no longer an option for Windows Holographic, version 21H1.
-- 3 – **Optional (Full)** Sends the same data as a value of 2, plus additional data necessary to identify and fix problems with devices such as enhanced error logs.
+- 3 – **Optional (Full)** Sends the same data as a value of 2, plus extra data necessary to identify and fix problems with devices such as enhanced error logs.
Most restrictive value is 0.
@@ -689,7 +689,7 @@ To enable this behavior, you must complete three steps:
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
-If you disable or do not configure this policy setting, devices will not appear in Update Compliance.
+If you disable or don't configure this policy setting, devices won't appear in Update Compliance.
@@ -771,7 +771,7 @@ To enable this behavior, you must complete three steps:
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
-If you disable or do not configure this policy setting, devices enrolled to the Windows Update for Business deployment service will not be able to take advantage of some deployment service features.
+If you disable or don't configure this policy setting, devices enrolled to the Windows Update for Business deployment service won't be able to take advantage of some deployment service features.
@@ -810,16 +810,16 @@ The following list shows the supported values:
This policy setting allows you to specify which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver. The Early Launch Antimalware boot-start driver can return the following classifications for each boot-start driver:
-- Good: The driver has been signed and has not been tampered with.
-- Bad: The driver has been identified as malware. It is recommended that you do not allow known bad drivers to be initialized.
-- Bad, but required for boot: The driver has been identified as malware, but the computer cannot successfully boot without loading this driver.
-- Unknown: This driver has not been attested to by your malware detection application and has not been classified by the Early Launch Antimalware boot-start driver.
+- Good: The driver has been signed and hasn't been tampered with.
+- Bad: The driver has been identified as malware. It's recommended that you don't allow known bad drivers to be initialized.
+- Bad, but required for boot: The driver has been identified as malware, but the computer can't successfully boot without loading this driver.
+- Unknown: This driver hasn't been attested to by your malware detection application and hasn't been classified by the Early Launch Antimalware boot-start driver.
-If you enable this policy setting you will be able to choose which boot-start drivers to initialize the next time the computer is started.
+If you enable this policy setting, you'll be able to choose which boot-start drivers to initialize the next time the computer is started.
-If you disable or do not configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped.
+If you disable or don't configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped.
-If your malware detection application does not include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized.
+If your malware detection application doesn't include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized.
> [!TIP]
@@ -921,9 +921,9 @@ ADMX Info:
-This policy setting determines whether a device shows notifications about telemetry levels to people on first logon or when changes occur in Settings.
+This policy setting determines whether a device shows notifications about telemetry levels to people on first sign in or when changes occur in Settings.
If you set this policy setting to "Disable telemetry change notifications", telemetry level notifications stop appearing.
-If you set this policy setting to "Enable telemetry change notifications" or don't configure this policy setting, telemetry notifications appear at first logon and when changes occur in Settings.
+If you set this policy setting to "Enable telemetry change notifications" or don't configure this policy setting, telemetry notifications appear at first sign in and when changes occur in Settings.
@@ -1075,7 +1075,7 @@ ADMX Info:
This policy setting controls whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page.
-If you enable this policy setting, the Diagnostic Data Viewer will not be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device.
+If you enable this policy setting, the Diagnostic Data Viewer won't be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device.
If you disable or don't configure this policy setting, the Diagnostic Data Viewer will be enabled in Settings page.
@@ -1126,7 +1126,7 @@ ADMX Info:
-This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.
+This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or don't configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.
@@ -1169,13 +1169,13 @@ ADMX Info:
Allows IT Admins to prevent apps and features from working with files on OneDrive. If you enable this policy setting:
-* Users cannot access OneDrive from the OneDrive app or file picker.
-* Microsoft Store apps cannot access OneDrive using the WinRT API.
-* OneDrive does not appear in the navigation pane in File Explorer.
-* OneDrive files are not kept in sync with the cloud.
-* Users cannot automatically upload photos and videos from the camera roll folder.
+* Users can't access OneDrive from the OneDrive app or file picker.
+* Microsoft Store apps can't access OneDrive using the WinRT API.
+* OneDrive doesn't appear in the navigation pane in File Explorer.
+* OneDrive files aren't kept in sync with the cloud.
+* Users can't automatically upload photos and videos from the camera roll folder.
-If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
+If you disable or don't configure this policy setting, apps and features can work with OneDrive file storage.
@@ -1194,11 +1194,11 @@ The following list shows the supported values:
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
1. Enable policy.
2. Restart machine.
-3. Verify that OneDrive.exe is not running in Task Manager.
+3. Verify that OneDrive.exe isn't running in Task Manager.
@@ -1234,11 +1234,11 @@ Allows you to disable System Restore.
This policy setting allows you to turn off System Restore.
-System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for the boot volume.
+System Restore enables users, in case of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for the boot volume.
-If you enable this policy setting, System Restore is turned off, and the System Restore Wizard cannot be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled.
+If you enable this policy setting, System Restore is turned off, and the System Restore Wizard can't be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled.
-If you disable or do not configure this policy setting, users can perform System Restore and configure System Restore settings through System Protection.
+If you disable or don't configure this policy setting, users can perform System Restore and configure System Restore settings through System Protection.
Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setting is used to determine whether the option to configure System Restore is available.
@@ -1287,14 +1287,14 @@ ADMX Info:
-When filing feedback in the Feedback Hub, diagnostic logs are collected for certain types of feedback. We now offer the option for users to save it locally, in addition to sending it to Microsoft. This policy will allow enterprises to mandate that all diagnostics are saved locally for use in internal investigations.
+When feedback in the Feedback Hub is being filed, diagnostic logs are collected for certain types of feedback. We now offer the option for users to save it locally, in addition to sending it to Microsoft. This policy will allow enterprises to mandate that all diagnostics are saved locally for use in internal investigations.
The following list shows the supported values:
-- 0 (default) - False. The Feedback Hub will not always save a local copy of diagnostics that may be created when a feedback is submitted. The user will have the option to do so.
-- 1 - True. The Feedback Hub should always save a local copy of diagnostics that may be created when a feedback is submitted.
+- 0 (default) - False. The Feedback Hub won't always save a local copy of diagnostics that may be created when feedback is submitted. The user will have the option to do so.
+- 1 - True. The Feedback Hub should always save a local copy of diagnostics that may be created when feedback is submitted.
@@ -1326,9 +1326,9 @@ The following list shows the supported values:
-This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. It is sent only if we have permission to collect optional diagnostic data, and only if the device meets the criteria for additional data collection.
+This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. It's sent only if we have permission to collect optional diagnostic data, and only if the device meets the criteria for more data collection.
-If you disable or do not configure this policy setting, we may occasionally collect advanced diagnostic data if the user has opted to send optional diagnostic data.
+If you disable or don't configure this policy setting, we may occasionally collect advanced diagnostic data if the user has opted to send optional diagnostic data.
@@ -1375,11 +1375,11 @@ The following list shows the supported values:
-This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps are not sent unless we have permission to collect optional diagnostic data.
+This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps aren't sent unless we have permission to collect optional diagnostic data.
-By enabling this policy setting, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps only.
+With this policy setting being enabled, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps only.
-If you disable or do not configure this policy setting, we may occasionally collect full or heap dumps if the user has opted to send optional diagnostic data.
+If you disable or don't configure this policy setting, we may occasionally collect full or heap dumps if the user has opted to send optional diagnostic data.
@@ -1441,11 +1441,11 @@ To enable this behavior, you must complete two steps:
- For Windows 10 version 19H1 and later: set **AllowTelemetry** to Optional (Full)
-When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics.
+When you configure these policy settings, a basic level of diagnostic data plus other events that are required for Windows Analytics are sent to Microsoft. These events are documented here: Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics.
-Enabling enhanced diagnostic data in the Allow Telemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send Required (Basic) or Optional (Full) diagnostic data to Microsoft.
+Enabling enhanced diagnostic data in the Allow Telemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus enhanced level telemetry data. This setting has no effect on computers configured to send Required (Basic) or Optional (Full) diagnostic data to Microsoft.
-If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy.
+If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy.
@@ -1486,9 +1486,9 @@ ADMX Info:
-Allows you to specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. The format for this setting is *<server>:<port>*. The connection is made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if there is no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data will not be transmitted and will remain on the local device.
+Allows you to specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. The format for this setting is *<server>:<port>*. The connection is made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if there's no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data won't be transmitted and will remain on the local device.
-If you disable or do not configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration.
+If you disable or don't configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration.
@@ -1531,9 +1531,9 @@ ADMX Info:
This policy setting allows you to turn off File History.
-If you enable this policy setting, File History cannot be activated to create regular, automatic backups.
+If you enable this policy setting, File History can't be activated to create regular, automatic backups.
-If you disable or do not configure this policy setting, File History can be activated to create regular, automatic backups.
+If you disable or don't configure this policy setting, File History can be activated to create regular, automatic backups.
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index c1f1785f9d..09a8420d64 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -65,11 +65,11 @@ manager: dansimp
-This policy setting controls whether the maintenance task will run to clean up language packs installed on a machine but are not used by any users on that machine.
+This policy setting controls whether the maintenance task will run to clean up language packs installed on a machine but aren't used by any users on that machine.
-If you enable this policy setting (value 1), language packs that are installed as part of the system image will remain installed even if they are not used by any user on that system.
+If you enable this policy setting (value 1), language packs that are installed as part of the system image will remain installed even if they aren't used by any user on that system.
-If you disable (value 0) or do not configure this policy setting, language packs that are installed as part of the system image but are not used by any user on that system will be removed as part of a scheduled clean up task.
+If you disable (value 0) or don't configure this policy setting, language packs that are installed as part of the system image but aren't used by any user on that system will be removed as part of a scheduled cleanup task.
@@ -119,7 +119,7 @@ ADMX Info:
-Specifies the time zone to be applied to the device. This is the standard Windows name for the target time zone.
+Specifies the time zone to be applied to the device. This policy name is the standard Windows name for the target time zone.
> [!TIP]
> To get the list of available time zones, run `Get-TimeZone -ListAvailable` in PowerShell.
@@ -165,9 +165,9 @@ Specifies the time zone to be applied to the device. This is the standard Window
This policy setting controls which UI language is used for computers with more than one UI language installed.
-If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language is restricted to a specified language. If the specified language is not installed on the target computer or you disable this policy setting, the language selection defaults to the language selected by the local administrator.
+If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language is restricted to a specified language. If the specified language isn't installed on the target computer or you disable this policy setting, the language selection defaults to the language selected by the local administrator.
-If you disable or do not configure this policy setting, there is no restriction of a specific language used for the Windows menus and dialogs.
+If you disable or don't configure this policy setting, there's no restriction of a specific language used for the Windows menus and dialogs.
@@ -217,11 +217,11 @@ ADMX Info:
-This policy setting restricts standard users from installing language features on demand. This policy does not restrict the Windows language, if you want to restrict the Windows language use the following policy: “Restricts the UI languages Windows should use for the selected user.”
+This policy setting restricts standard users from installing language features on demand. This policy doesn't restrict the Windows language, if you want to restrict the Windows language use the following policy: “Restricts the UI languages Windows should use for the selected user.”
If you enable this policy setting, the installation of language features is prevented for standard users.
-If you disable or do not configure this policy setting, there is no language feature installation restriction for the standard users.
+If you disable or don't configure this policy setting, there's no language feature installation restriction for the standard users.
diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md
index d04526eee3..b19352d765 100644
--- a/windows/client-management/mdm/policy-csp-troubleshooting.md
+++ b/windows/client-management/mdm/policy-csp-troubleshooting.md
@@ -66,17 +66,17 @@ ADMX Info:
-This is a numeric policy setting with merge algorithm (lowest value is the most secure) that uses the most restrictive settings for complex manageability scenarios.
+This setting is a numeric policy setting with merge algorithm (lowest value is the most secure) that uses the most restrictive settings for complex manageability scenarios.
Supported values:
-- 0 (default) - Turn this feature off.
-- 1 - Turn this feature off but still apply critical troubleshooting.
+- 0 (default) - Turn off this feature.
+- 1 - Turn off this feature but still apply critical troubleshooting.
- 2 - Notify users when recommended troubleshooting is available, then allow the user to run or ignore it.
- 3 - Run recommended troubleshooting automatically and notify the user after it ran successfully.
- 4 - Run recommended troubleshooting automatically without notifying the user.
- 5 - Allow the user to choose their own recommended troubleshooting settings.
-By default, this policy is not configured and the SKU based defaults are used for managed devices. Current policy values for SKU's are as follows:
+By default, this policy isn't configured and the SKU based defaults are used for managed devices. Current policy values for SKUs are as follows:
|SKU|Unmanaged Default|Managed Default|
|--- |--- |--- |
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 7b40a61a6b..46fceb630a 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -263,7 +263,7 @@ ms.collection: highpri
-Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12-hour maximum from start time.
+Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots aren't scheduled. This value sets the end time. there's a 12-hour maximum from start time.
> [!NOTE]
> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information.
@@ -358,7 +358,7 @@ ADMX Info:
-Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12-hour maximum from end time.
+Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots aren't scheduled. This value sets the start time. There's a 12-hour maximum from end time.
> [!NOTE]
> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information.
@@ -411,7 +411,7 @@ Enables the IT admin to manage automatic update behavior to scan, download, and
Supported operations are Get and Replace.
-If the policy is not configured, end-users get the default behavior (Auto install and restart).
+If the policy isn't configured, end-users get the default behavior (Auto install and restart).
@@ -427,15 +427,15 @@ ADMX Info:
The following list shows the supported values:
- 0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end users to manage data usage. With these option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel.
-- 1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end user is prompted to schedule the restart time. The end user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end user to control the start time reduces the risk of accidental data loss caused by applications that do not shut down properly on restart.
-- 2 (default) – Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. Automatic restarting when a device is not being used is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that does not shut down properly on restart.
+- 1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end user is prompted to schedule the restart time. The end user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end user to control the start time reduces the risk of accidental data loss caused by applications that don't shut down properly on restart.
+- 2 (default) – Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. Automatic restarting when a device isn't being used is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that doesn't shut down properly on restart.
- 3 – Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart.
-- 4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only.
+- 4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. This setting option also sets the end-user control panel to read-only.
- 5 – Turn off automatic updates.
> [!IMPORTANT]
-> This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
+> This option should be used only for systems under regulatory compliance, as you won't get security updates as well.
@@ -471,7 +471,7 @@ The following list shows the supported values:
Option to download updates automatically over metered connections (off by default). Value type is integer.
-A significant number of devices primarily use cellular data and do not have Wi-Fi access, which leads to a lower number of devices getting updates. Since a large number of devices have large data plans or unlimited data, this policy can unblock devices from getting updates.
+A significant number of devices primarily use cellular data and don't have Wi-Fi access, which leads to a lower number of devices getting updates. Since a large number of devices have large data plans or unlimited data, this policy can unblock devices from getting updates.
This policy is accessible through the Update setting in the user interface or Group Policy.
@@ -540,7 +540,7 @@ The following list shows the supported values:
- 1 – Allowed. Accepts updates received through Microsoft Update.
> [!NOTE]
-> Setting this policy back to **0** or **Not configured** does not revert the configuration to receive updates from Microsoft Update automatically. In order to revert the configuration, you can run the PowerShell commands that are listed below to remove the Microsoft Update service:.
+> Setting this policy back to **0** or **Not configured** doesn't revert the configuration to receive updates from Microsoft Update automatically. In order to revert the configuration, you can run the PowerShell commands that are listed below to remove the Microsoft Update service:.
```
$MUSM = New-Object -ComObject "Microsoft.Update.ServiceManager"
@@ -589,7 +589,7 @@ This policy is specific to desktop and local publishing via WSUS for third-party
The following list shows the supported values:
- 0 – Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft.
-- 1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer.
+- 1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they're signed by a certificate found in the "Trusted Publishers" certificate store of the local computer.
@@ -643,7 +643,7 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Update service is not allowed.
+- 0 – Update service isn't allowed.
- 1 (default) – Update service is allowed.
@@ -689,10 +689,10 @@ The PC must restart for certain updates to take effect.
If you enable this policy, a restart will automatically occur the specified number of days after the restart was scheduled.
-If you disable or do not configure this policy, the PC will restart according to the default schedule.
+If you disable or don't configure this policy, the PC will restart according to the default schedule.
If any of the following two policies are enabled, this policy has no effect:
-1. No autorestart with logged on users for scheduled automatic updates installations.
+1. No autorestart with signed-in users for scheduled automatic updates installations.
2. Always automatically restart at scheduled time.
@@ -743,11 +743,11 @@ Value type is integer. Default is 7 days.
Supported values range: 2-30.
-Note that the PC must restart for certain updates to take effect.
+The PC must restart for certain updates to take effect.
If you enable this policy, a restart will automatically occur the specified number of days after the restart was scheduled.
-If you disable or do not configure this policy, the PC will restart according to the default schedule.
+If you disable or don't configure this policy, the PC will restart according to the default schedule.
If any of the following two policies are enabled, this policy has no effect:
1. No autorestart with logged on users for scheduled automatic updates installations.
@@ -897,7 +897,7 @@ This policy setting allows you to configure if Automatic Maintenance should make
If you enable this policy setting, Automatic Maintenance attempts to set OS wake policy and make a wake request for the daily scheduled time, if necessary.
-If you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel applies.
+If you disable or don't configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel applies.
ADMX Info:
@@ -948,7 +948,7 @@ Supported values:
-Allows the IT admin to set which branch a device receives their updates from. As of 1903, the branch readiness levels of General Availability Channel (Targeted) and General Availability Channel have been combined into one General Availability Channel set with a value of 16. For devices on 1903 and later releases, the value of 32 is not a supported value.
+Allows the IT admin to set which branch a device receives their updates from. As of 1903, the branch readiness levels of General Availability Channel (Targeted) and General Availability Channel have been combined into one General Availability Channel set with a value of 16. For devices on 1903 and later releases, the value of 32 isn't a supported value.
@@ -1000,7 +1000,7 @@ The following list shows the supported values:
-Allows admins to specify the number of days before feature updates are installed on the device automatically. Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours, according to [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot). After the deadline passes, restarts will occur regardless of active hours and users will not be able to reschedule.
+Allows admins to specify the number of days before feature updates are installed on the device automatically. Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours, according to [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot). After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule.
ADMX Info:
@@ -1052,7 +1052,7 @@ Default value is 7.
-Allows admins to specify the number of days before quality updates are installed on a device automatically. Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours, according to [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot). After deadline passes, restarts will occur regardless of active hours and users will not be able to reschedule.
+Allows admins to specify the number of days before quality updates are installed on a device automatically. Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours, according to [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot). After deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule.
ADMX Info:
@@ -1104,7 +1104,7 @@ Default value is 7.
-When used with [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates),allows the admin to specify a minimum number of days until restarts occur automatically for quality updates. Setting the grace period might extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) is configured but this policy is not, then the default value of 2 will be used.
+When used with [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates),allows the admin to specify a minimum number of days until restarts occur automatically for quality updates. Setting the grace period might extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) is configured but this policy isn't, then the default value of 2 will be used.
@@ -1158,7 +1158,7 @@ Default value is 2.
-When used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates), allows the admin to specify a minimum number of days until restarts occur automatically for feature updates. Setting the grace period may extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) is configured but this policy is not, then the value from [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) will be used; if that policy is also not configured, then the default value of 2 will be used.
+When used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates), allows the admin to specify a minimum number of days until restarts occur automatically for feature updates. Setting the grace period may extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) is configured but this policy isn't, then the value from [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) will be used; if that policy is also not configured, then the default value of 2 will be used.
@@ -1424,12 +1424,12 @@ Update:
- Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
- Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
-Other/cannot defer:
+Other/can't defer:
- Maximum deferral: No deferral
- Deferral increment: No deferral
- Update type/notes:
- Any update category not specifically enumerated above falls into this category.
+ Any update category not enumerated above falls into this category.
- Definition Update - E0789628-CE08-4437-BE74-2495B842F43B
@@ -1562,7 +1562,7 @@ ADMX Info:
-Do not allow update deferral policies to cause scans against Windows Update. If this policy is not enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like.
+Don't allow update deferral policies to cause scans against Windows Update. If this policy isn't enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like.
For more information about dual scan, see [Demystifying "Dual Scan"](/archive/blogs/wsus/demystifying-dual-scan) and [Improving Dual Scan on 1607](/archive/blogs/wsus/improving-dual-scan-on-1607).
@@ -1582,8 +1582,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 - allow scan against Windows Update
-- 1 - do not allow update deferral policies to cause scans against Windows Update
+- 0 - Allow scan against Windows Update
+- 1 - Don't allow update deferral policies to cause scans against Windows Update
@@ -1629,7 +1629,7 @@ IT admins can, if necessary, opt devices out of safeguard protections using this
>
> The disable safeguards policy will revert to “Not Configured” on a device after moving to a new Windows 10 version, even if previously enabled. This ensures the admin is consciously disabling Microsoft’s default protection from known issues for each new feature update.
>
-> Disabling safeguards does not guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade as you are bypassing the protection given by Microsoft pertaining to known issues.
+> Disabling safeguards doesn't guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade as you're bypassing the protection given by Microsoft pertaining to known issues.
@@ -1644,7 +1644,7 @@ ADMX Info:
The following list shows the supported values:
- 0 (default) - Safeguards are enabled and devices may be blocked for upgrades until the safeguard is cleared.
-- 1 - Safeguards are not enabled and upgrades will be deployed without blocking on safeguards.
+- 1 - Safeguards aren't enabled and upgrades will be deployed without blocking on safeguards.
@@ -1679,7 +1679,7 @@ The following list shows the supported values:
To ensure the highest levels of security, we recommended using WSUS TLS certificate pinning on all devices.
-By default, certificate pinning for Windows Update client is not enforced.
+By default, certificate pinning for Windows Update client isn't enforced.
@@ -1694,7 +1694,7 @@ ADMX Info:
The following list shows the supported values:
- 0 (default) - Enforce certificate pinning
-- 1 - Do not enforce certificate pinning
+- 1 - Don't enforce certificate pinning
@@ -1732,15 +1732,15 @@ For Quality Updates, this policy specifies the deadline in days before automatic
The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks.
> [!NOTE]
-> If Update/EngagedDeadline is the only policy set (Update/EngagedRestartTransitionSchedule and Update/EngagedRestartSnoozeSchedule are not set), the behavior goes from reboot required -> engaged behavior -> forced reboot after deadline is reached with a 3-day snooze period.
+> If Update/EngagedDeadline is the only policy set (Update/EngagedRestartTransitionSchedule and Update/EngagedRestartSnoozeSchedule aren't set), the behavior goes from reboot required -> engaged behavior -> forced reboot after deadline is reached with a 3-day snooze period.
Value type is integer. Default is 14.
Supported value range: 2 - 30.
-If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (for example, pending user scheduling).
+If no deadline is specified or deadline is set to 0, the restart won't be automatically executed and will remain Engaged restart (for example, pending user scheduling).
-If you disable or do not configure this policy, the default behaviors will be used.
+If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
1. No autorestart with logged on users for scheduled automatic updates installations
@@ -1793,9 +1793,9 @@ Value type is integer. Default is 14.
Supported value range: 2-30.
-If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (for example, pending user scheduling).
+If no deadline is specified or deadline is set to 0, the restart won't be automatically executed and will remain Engaged restart (for example, pending user scheduling).
-If you disable or do not configure this policy, the default behaviors will be used.
+If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
1. No autorestart with logged on users for scheduled automatic updates installations
@@ -1848,7 +1848,7 @@ Value type is integer. Default is three days.
Supported value range: 1-3.
-If you disable or do not configure this policy, the default behaviors will be used.
+If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
1. No autorestart with logged on users for scheduled automatic updates installations
@@ -1901,7 +1901,7 @@ Value type is integer. Default is three days.
Supported value range: 1-3.
-If you disable or do not configure this policy, the default behaviors will be used.
+If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
1. No autorestart with logged on users for scheduled automatic updates installations
@@ -1954,7 +1954,7 @@ Value type is integer. Default value is 7 days.
Supported value range: 2 - 30.
-If you disable or do not configure this policy, the default behaviors will be used.
+If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
1. No autorestart with logged on users for scheduled automatic updates installations
@@ -2007,7 +2007,7 @@ Value type is integer. Default value is seven days.
Supported value range: 2-30.
-If you disable or do not configure this policy, the default behaviors will be used.
+If you disable or don't configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
1. No autorestart with logged on users for scheduled automatic updates installations
@@ -2103,10 +2103,10 @@ The following list shows the supported values:
-Allows Windows Update Agent to determine the download URL when it is missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL).
+Allows Windows Update Agent to determine the download URL when it's missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL).
> [!NOTE]
-> This setting should only be used in combination with an alternate download URL and configured to use ISV file cache. This setting is used when the intranet update service does not provide download URLs in the update metadata for files which are available on the alternate download server.
+> This setting should only be used in combination with an alternate download URL and configured to use ISV file cache. This setting is used when the intranet update service doesn't provide download URLs in the update metadata for files which are available on the alternate download server.
@@ -2164,7 +2164,7 @@ Specifies whether to ignore the MO download limit (allow unlimited downloading)
The following list shows the supported values:
-- 0 (default) – Do not ignore MO download limit for apps and their updates.
+- 0 (default) – Don't ignore MO download limit for apps and their updates.
- 1 – Ignore MO download limit (allow unlimited downloading) for apps and their updates.
@@ -2217,7 +2217,7 @@ Specifies whether to ignore the MO download limit (allow unlimited downloading)
The following list shows the supported values:
-- 0 (default) – Do not ignore MO download limit for OS updates.
+- 0 (default) – Don't ignore MO download limit for OS updates.
- 1 – Ignore MO download limit (allow unlimited downloading) for OS updates.
@@ -2333,7 +2333,7 @@ ADMX Info:
The following list shows the supported values:
-- 0 (default) – Deferrals are not paused.
+- 0 (default) – Deferrals aren't paused.
- 1 – Deferrals are paused.
@@ -2368,7 +2368,7 @@ The following list shows the supported values:
-Allows IT Admins to pause feature updates for up to 35 days. We recomment that you use the *Update/PauseFeatureUpdatesStartTime* policy if you are running Windows 10, version 1703 or later.
+Allows IT Admins to pause feature updates for up to 35 days. We recomment that you use the *Update/PauseFeatureUpdatesStartTime* policy if you're running Windows 10, version 1703 or later.
@@ -2383,7 +2383,7 @@ ADMX Info:
The following list shows the supported values:
-- 0 (default) – Feature Updates are not paused.
+- 0 (default) – Feature Updates aren't paused.
- 1 – Feature Updates are paused for 35 days or until value set to back to 0, whichever is sooner.
@@ -2476,7 +2476,7 @@ ADMX Info:
The following list shows the supported values:
-- 0 (default) – Quality Updates are not paused.
+- 0 (default) – Quality Updates aren't paused.
- 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner.
@@ -2567,7 +2567,7 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd
Available in Windows 10, version 2004 and later. Enables IT administrators to specify which product they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy to target a new product.
-If no product is specified, the device will continue receiving newer versions of the Windows product it is currently on. For details about different Windows 10 versions, see [release information](/windows/release-health/release-information).
+If no product is specified, the device will continue receiving newer versions of the Windows product it's currently on. For details about different Windows 10 versions, see [release information](/windows/release-health/release-information).
@@ -2589,11 +2589,11 @@ Value type is a string containing a Windows product, for example, “Windows 11
-By using this Windows Update for Business policy to upgrade devices to a new product (for example, Windows 11) you are agreeing that when applying this operating system to a device, either:
+By using this Windows Update for Business policy to upgrade devices to a new product (for example, Windows 11) you're agreeing that when applying this operating system to a device, either:
1. The applicable Windows license was purchased through volume licensing, or
-2. That you are authorized to bind your organization and are accepting on its behalf the relevant Microsoft Software License Terms to be found here: (https://www.microsoft.com/Useterms).
+2. That you're authorized to bind your organization and are accepting on its behalf the relevant Microsoft Software License Terms to be found here: (https://www.microsoft.com/Useterms).
@@ -3212,7 +3212,7 @@ The following list shows the supported values:
-This policy allows the IT admin to disable the "Pause Updates" feature. When this policy is enabled, the user cannot access the "Pause updates" feature.
+This policy allows the IT admin to disable the "Pause Updates" feature. When this policy is enabled, the user can't access the "Pause updates" feature.
Value type is integer. Default is 0. Supported values 0, 1.
@@ -3253,7 +3253,7 @@ ADMX Info:
-This policy allows the IT admin to remove access to scan Windows Update. When this policy is enabled, the user cannot access the Windows Update scan, download, and install features.
+This policy allows the IT admin to remove access to scan Windows Update. When this policy is enabled, the user can't access the Windows Update scan, download, and install features.
Value type is integer. Default is 0. Supported values 0, 1.
@@ -3570,7 +3570,7 @@ The following list shows the supported values:
Available in Windows 10, version 1607 and later. By default, HTTP WSUS servers scan only if system proxy is configured. This policy setting allows you to configure user proxy as a fallback for detecting updates while using an HTTP-based intranet server despite the vulnerabilities it presents.
-This policy setting does not impact those customers who have, per Microsoft recommendation, secured their WSUS server with TLS/SSL protocol, thereby using HTTPS-based intranet servers to keep systems secure. That said, if a proxy is required, we recommend configuring a system proxy to ensure the highest level of security.
+This policy setting doesn't impact those customers who have, per Microsoft recommendation, secured their WSUS server with TLS/SSL protocol, thereby using HTTPS-based intranet servers to keep systems secure. That said, if a proxy is required, we recommend configuring a system proxy to ensure the highest level of security.
@@ -3731,9 +3731,9 @@ ADMX Info:
> [!IMPORTANT]
-> Starting in Windows 10, version 1703 this policy is not supported in IoT Mobile.
+> Starting in Windows 10, version 1703 this policy isn't supported in IoT Mobile.
-Allows the device to check for updates from a WSUS server instead of Microsoft Update. This setting is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.
+Allows the device to check for updates from a WSUS server instead of Microsoft Update. This setting is useful for on-premises MDMs that need to update devices that can't connect to the Internet.
Supported operations are Get and Replace.
@@ -3810,12 +3810,12 @@ This setting lets you specify a server on your network to function as an interna
To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server.
-Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
+Value type is string and the default value is an empty string, "". If the setting isn't configured, and if Automatic Updates isn't disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
> [!NOTE]
> If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect.
-> If the "Alternate Download Server" Group Policy is not set, it will use the WSUS server by default to download updates.
-> This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
+> If the "Alternate Download Server" Group Policy isn't set, it will use the WSUS server by default to download updates.
+> This policy isn't supported on Windows RT. Setting this policy won't have any effect on Windows RT PCs.