diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index 59f79b2a6c..2e6580c656 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/27/2017
+ms.date: 09/19/2017
---
# AssignedAccess CSP
@@ -19,7 +19,7 @@ The AssignedAccess configuration service provider (CSP) is used set the device t
For step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](http://go.microsoft.com/fwlink/p/?LinkID=722211)
-> **Note** The AssignedAccess CSP is only supported in Windows 10 Enterprise and Windows 10 Education.
+> **Note** The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting in Windows 10, version 1709 it is also supported in Windows 10 Pro.
The following diagram shows the AssignedAccess configuration service provider in tree format
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index f619993de2..ff8c33aa7e 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 06/27/2017
+ms.date: 09/19/2017
---
# Configuration service provider reference
@@ -164,7 +164,7 @@ Footnotes:
 |
- |
+  3 |
|
|
|
diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md
index e92ab5e8bc..9b64ff0fb4 100644
--- a/windows/client-management/mdm/enterpriseapn-csp.md
+++ b/windows/client-management/mdm/enterpriseapn-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 06/19/2017
+ms.date: 09/19/2017
---
# EnterpriseAPN CSP
@@ -128,6 +128,149 @@ The following image shows the EnterpriseAPN configuration service provider in tr
Supported operations are Get and Replace.
+## Examples
+
+``` syntax
+
+
+
+
+
+
+ 8000
+
+
+ 8001
+ -
+
+ ./Vendor/MSFT/EnterpriseAPN/E_APN1/APNName
+
+
+ chr
+
+ enterprise_apn1
+
+
+
+ 8002
+ -
+
+ ./Vendor/MSFT/EnterpriseAPN/E_APN1/IPType
+
+
+ chr
+
+ IPv4
+
+
+
+ 8003
+ -
+
+ ./Vendor/MSFT/EnterpriseAPN/E_APN1/IsAttachAPN
+
+
+ bool
+
+ false
+
+
+
+ 8004
+ -
+
+ ./Vendor/MSFT/EnterpriseAPN/E_APN1/ClassId
+
+
+ chr
+
+ AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA
+
+
+
+ 8005
+ -
+
+ ./Vendor/MSFT/EnterpriseAPN/E_APN1/AuthType
+
+
+ chr
+
+ CHAP
+
+
+
+ 8006
+ -
+
+ ./Vendor/MSFT/EnterpriseAPN/E_APN1/UserName
+
+
+ chr
+
+ myusername
+
+
+
+ 8007
+ -
+
+ ./Vendor/MSFT/EnterpriseAPN/E_APN1/Password
+
+
+ chr
+
+ mypassword
+
+
+
+ 8008
+ -
+
+ ./Vendor/MSFT/EnterpriseAPN/E_APN1/IccId
+
+
+ chr
+
+ FFFFFFFFFFFFFFFFFFFF
+
+
+
+
+
+
+
+
+
+
+```
+
## Related topics
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 50d3253a38..18854315f9 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -10,7 +10,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 09/12/2017
+ms.date: 09/19/2017
---
# What's new in MDM enrollment and management
@@ -974,6 +974,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
+Starting in Windows 10, version 1709, AssignedAccess CSP is supported in Windows 10 Pro.
| [DeviceManageability CSP](devicemanageability-csp.md) |
@@ -1378,6 +1379,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.
+
+| [AssignedAccess CSP](assignedaccess-csp.md) |
+Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.
+ |
| Microsoft Store for Business |
Windows Store for Business name changed to Microsoft Store for Business.
@@ -1393,6 +1398,9 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation.
|
+| [EntepriseAPN CSP](enterpriseapn-csp.md) |
+Added a SyncML example.
+ |
[VPNv2 CSP](vpnv2-csp.md) |
Added RegisterDNS setting in Windows 10, version 1709.
|
@@ -1617,6 +1625,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
+Starting in Windows 10, version 1709, AssignedAccess CSP is supported in Windows 10 Pro.
| [SurfaceHub CSP](surfacehub-csp.md) |
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index d077ea3454..a6ffde5756 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/20/2017
---
# Policy CSP - System
@@ -303,7 +303,13 @@ ms.date: 08/30/2017
The following tables describe the supported values:
-
+Windows 8.1 Values:
+
+- 0 - Not allowed.
+- 1 – Allowed, except for Secondary Data Requests.
+- 2 (default) – Allowed.
+
+
+Windows 10 Values:
-
+- 0 – Security. Information that is required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
+ Note: This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016. Using this setting on other devices is equivalent to setting the value of 1.
+- 1 – Basic. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the Security level.
+- 2 – Enhanced. Additional insights, including: how Windows, Windows Server, System Center, and apps are used, how they perform, advanced reliability data, and data from both the Basic and the Security levels.
+- 3 – Full. All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels.
+
+
> [!IMPORTANT]
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 1bf1c34365..acd676eecb 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/20/2017
---
# Policy CSP - Update
@@ -595,7 +595,34 @@ This policy is accessible through the Update setting in the user interface or Gr
If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
+OS upgrade:
+- Maximum deferral: 8 months
+- Deferral increment: 1 month
+- Update type/notes:
+ - Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5
+
+Update:
+- Maximum deferral: 1 month
+- Deferral increment: 1 week
+- Update type/notes:
+ If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic.
+ - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441
+ - Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4
+ - Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F
+ - Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828
+ - Tools - B4832BD8-E735-4761-8DAF-37F882276DAB
+ - Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F
+ - Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
+ - Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
+
+Other/cannot defer:
+- Maximum deferral: No deferral
+- Deferral increment: No deferral
+- Update type/notes:
+ Any update category not specifically enumerated above falls into this category.
+ - Definition Update - E0789628-CE08-4437-BE74-2495B842F43B
+
+
diff --git a/windows/device-security/tpm/tpm-recommendations.md b/windows/device-security/tpm/tpm-recommendations.md
index 8dcde29788..21314c3f0b 100644
--- a/windows/device-security/tpm/tpm-recommendations.md
+++ b/windows/device-security/tpm/tpm-recommendations.md
@@ -98,20 +98,19 @@ For end consumers, TPM is behind the scenes but is still very relevant. TPM is u
The following table defines which Windows features require TPM support.
-| Windows Features | Windows 10 TPM 1.2 | Windows 10 TPM 2.0 | Details |
-|-------------------------|----------------------|----------------------|----------|
-| Measured Boot | Required | Required | Measured boot requires TPM 1.2 or 2.0 and UEFI Secure Boot. |
-| Bitlocker | Required | Required | TPM 1.2 or later required or a removable USB memory device such as a flash drive. Please note that TPM 2.0 requires UEFI Secure Boot in order for BitLocker to work properly. |
-| Passport: Domain AADJ Join | Required | Required | Supports both versions of TPM, but requires TPM with HMAC and EK certificate for key attestation support. |
-| Passport: MSA or Local Account | Required | Required | TPM 2.0 is required with HMAC and EK certificate for key attestation support. |
-| Device Encryption | Not Applicable | Required | TPM 2.0 is required for all InstantGo devices. |
-| Credential Guard | Required | Required | For Windows 10, version 1511, TPM 1.2 or 2.0 is highly recommended. If you don't have a TPM installed, Credential Guard will still be enabled, but the keys used to encrypt Credential Guard will not be protected by the TPM. |
-| Device Health Attestation | Required | Required | |
-| Windows Hello / Windows Hello for Business | Not Required | Recommended | Whenever possible, Microsoft recommends the use of TPM hardware. The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. [How keys are protected](https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-how-it-works#how-keys-are-protected) |
-| UEFI Secure Boot | Not Required | Recommended | |
-| Platform Key Storage provider | Required | Required | |
-| Virtual Smart Card | Required | Required | |
-| Certificate storage (TPM bound) | Required | Required | |
+| Windows Features | TPM Required | Supports TPM 1.2 | Supports TPM 2.0 | Details |
+|-------------------------|--------------|--------------------|--------------------|----------|
+| Measured Boot | Yes | Yes | Yes | |
+| Bitlocker | No | Yes | Yes | A removable USB memory device such as a flash drive can also be used instead of a TPM. |
+| Device Encryption | Yes | N/A | Yes | Device Encryption requires InstantGo/Connected Standby certification. All systems certified for InstantGo/Connected Standby shipped with TPM 2.0, so TPM 1.3 support is Not Applicable. |
+| Device Guard | No | Yes | Yes | |
+| Credential Guard | No | Yes | Yes | Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 is supported. |
+| Device Health Attestation| Yes | Yes | Yes | |
+| Windows Hello/Windows Hello for Business| No | Yes | Yes | |
+| UEFI Secure Boot | No | Yes | Yes | |
+| TPM Platform Crypto Provider Key Storage Provider| Yes | Yes| Yes | |
+| Virtual Smart Card | Yes | Yes | Yes | |
+| Certificate storage | No | Yes | Yes | TPM is only required when the certificate is stored in the TPM. |
## OEM Status on TPM 2.0 system availability and certified parts