merge from master

.openpublishing.redirection.json

@@ -1,5 +1,15 @@
 {
 "redirections": [
+{
+    "source_path": "windows/deployment/update/waas-windows-insider-for-business-aad.md",
+    "redirect_url": "https://docs.microsoft.com/en-us/windows-insider/at-work-pro/wip-4-biz-add",
+        "redirect_document_id": true
+ },
+{
+    "source_path": "windows/deployment/update/waas-windows-insider-for-business-faq.md",
+    "redirect_url": "https://docs.microsoft.com/en-us/windows-insider/at-work-pro/wip-4-biz-get-started",
+    "redirect_document_id": true
+},
 {
 "source_path": "windows/deployment/update/waas-windows-insider-for-business.md",
 "redirect_url": "/windows-insider/at-work-pro/wip-4-biz-get-started",
@@ -6556,6 +6566,21 @@
 "redirect_document_id": true
 },
 {
+"source_path": "windows/configuration/kiosk-shared-pc.md",
+"redirect_url": "/windows/configuration/kiosk-methods",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/configuration/setup-kiosk-digital-signage.md",
+"redirect_url": "/windows/configuration/kiosk-single-app",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/configuration/multi-app-kiosk-xml.md",
+"redirect_url": "/windows/configuration/kiosk-xml",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/configure/lock-down-windows-10-to-specific-apps.md",
 "redirect_url": "/windows/configuration/lock-down-windows-10-to-specific-apps",
 "redirect_document_id": true
@@ -6676,11 +6701,6 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/configuration/multi-app-kiosk-xml.md",
-"redirect_url": "windows/configuration/kiosk-xml.md",
-"redirect_document_id": true     
-},
-{
 "source_path": "windows/configure/provisioning-uninstall-package.md",
 "redirect_url": "/windows/configuration/provisioning-packages/provisioning-uninstall-package",
 "redirect_document_id": true
@@ -13491,11 +13511,6 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/update/waas-windows-insider-for-business-faq.md",
-"redirect_url": "/windows/deployment/update/waas-windows-insider-for-business-faq",
-"redirect_document_id": true
-},
-{
 "source_path": "windows/update/waas-windows-insider-for-business.md",
 "redirect_url": "/windows/deployment/update/waas-windows-insider-for-business",
 "redirect_document_id": true

browsers/edge/Index.md

@@ -37,7 +37,6 @@ Microsoft Edge lets you stay up-to-date through the Microsoft Store and to manag
 | [Microsoft Edge requirements and language support](hardware-and-software-requirements.md) |Microsoft Edge is pre-installed on all Windows 10-capable devices that meet the minimum system requirements and are on the supported language list.|
 | [Available policies for Microsoft Edge](available-policies.md)  |Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings.<br><br>Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain. |
 | [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md) |If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11.<br><br>Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. |
-| [Security enhancements for Microsoft Edge](security-enhancements-microsoft-edge.md) |Microsoft Edge is designed with significant security improvements over existing browsers, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows. |
 |[Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.md)|Answering frequently asked questions about Microsoft Edge features, integration, support, and potential problems.
 
 ## Interoperability goals and enterprise guidance

browsers/edge/TOC.md

@@ -8,21 +8,19 @@
 ###[Home button settings](group-policies/home-button-gp.md)
 ###[Prelaunch Microsoft Edge and preload tabs](group-policies/prelaunch-preload-gp.md)
 ###[Search engine customization](group-policies/search-engine-customization-gp.md)
+###[Security and privacy management](group-policies/security-privacy-management-gp.md)
 ###[Start pages settings](group-policies/start-pages-gp.md)
 ###[Sync browser settings](group-policies/sync-browser-settings-gp.md)
-
+###[Interoperability and enterprise guidance](group-policies/interoperability-enterprise-guidance-gp.md)
 
 ##[Change history for Microsoft Edge](change-history-for-microsoft-edge.md)
 
-##[Enterprise guidance about using Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md)
-
 ##[Microsoft Edge requirements and language support](hardware-and-software-requirements.md)
 
 ##[Available policies for Microsoft Edge](available-policies.md)
 
 ##[Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md)
 
-##[Security enhancements for Microsoft Edge](security-enhancements-microsoft-edge.md)
-
 ##[Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.md)
 
+

browsers/edge/group-policies/address-bar-settings-gp.md

@@ -0,0 +1,23 @@
+---
+title: Microsoft Edge - Address bar settings
+description: 115-145 characters including spaces. Edit the intro para describing article intent to fit here. This abstract displays in the search result.
+services: 
+keywords: Don’t add or edit keywords without consulting your SEO champ.
+author: shortpatti
+ms.author: pashort
+ms.date: 07/25/2018
+ms.topic: article
+ms.prod: edge
+ms.mktglfcycl: explore
+ms.sitesec: library
+---
+
+# Address bar settings
+>*Supported versions: Microsoft Edge on Windows 10*  
+
+I need a description here
+
+
+[!INCLUDE [allow-address-bar-suggestions-include](../includes/allow-address-bar-suggestions-include.md)]
+
+[!INCLUDE [configure-search-suggestions-address-bar-include](../includes/configure-search-suggestions-address-bar-include.md)]

browsers/edge/group-policies/adobe-settings-gp.md

@@ -0,0 +1,24 @@
+---
+title: Microsoft Edge - Adobe settings
+description: 115-145 characters including spaces. Edit the intro para describing article intent to fit here. This abstract displays in the search result.
+services: 
+keywords: Don’t add or edit keywords without consulting your SEO champ.
+author: shortpatti
+ms.author: pashort
+ms.date: 07/25/2018
+ms.topic: article
+ms.prod: edge
+ms.mktglfcycl: explore
+ms.sitesec: library
+---
+
+# Adobe settings
+>*Supported versions: Microsoft Edge on Windows 10*  
+
+I need a description here, maybe with scenarios
+
+[!INCLUDE [allow-adobe-flash-include](../includes/allow-adobe-flash-include.md)]
+
+
+[!INCLUDE [configure-adobe-flash-click-to-run-include](../includes/configure-adobe-flash-click-to-run-include.md)]
+

browsers/edge/group-policies/books-library-management-gp.md

@@ -0,0 +1,27 @@
+---
+title: Microsoft Edge - Books Library management
+description: 115-145 characters including spaces. Edit the intro para describing article intent to fit here. This abstract displays in the search result.
+services: 
+keywords: Don’t add or edit keywords without consulting your SEO champ.
+author: shortpatti
+ms.author: pashort
+ms.date: 07/25/2018
+ms.topic: article
+ms.prod: edge
+ms.mktglfcycl: explore
+ms.sitesec: library
+---
+
+# Books Library management
+>*Supported versions: Microsoft Edge on Windows 10*  
+
+I need a description here, maybe with scenarios
+
+
+[!INCLUDE [allow-shared-folder-books-include](../includes/allow-shared-folder-books-include.md)]
+
+[!INCLUDE [allow-config-updates-books-include](../includes/allow-config-updates-books-include.md)]
+
+[!INCLUDE [allow-ext-telemetry-books-tab-include](../includes/allow-ext-telemetry-books-tab-include.md)]
+
+[!INCLUDE [always-enable-book-library-include](../includes/always-enable-book-library-include.md)]

browsers/edge/group-policies/bowser-settings-management-gp.md

@@ -0,0 +1,47 @@
+---
+title: Microsoft Edge - Browser settings management
+description: 115-145 characters including spaces. Edit the intro para describing article intent to fit here. This abstract displays in the search result.
+services: 
+keywords: Don’t add or edit keywords without consulting your SEO champ.
+author: shortpatti
+ms.author: pashort
+ms.date: 07/25/2018
+ms.topic: article
+ms.prod: edge
+ms.mktglfcycl: explore
+ms.sitesec: library
+---
+
+# Browser settings management
+>*Supported versions: Microsoft Edge on Windows 10*  
+
+I need a description here, maybe with scenarios
+
+
+
+## Allow clearing browsing data on exit 
+[!INCLUDE [allow-clearing-browsing-data-include](../includes/allow-clearing-browsing-data-include.md)]
+
+## Allow printing 
+[!INCLUDE [allow-printing-include](../includes/allow-printing-include.md)]
+
+## Allow Saving History 
+[!INCLUDE [allow-saving-history-include](../includes/allow-saving-history-include.md)]
+
+## Configure Autofill 
+[!INCLUDE [configure-autofill-include](../includes/configure-autofill-include.md)]
+
+## Configure Pop-up Blocker  
+[!INCLUDE [configure-pop-up-blocker-include](../includes/configure-pop-up-blocker-include.md)]
+
+## Do not sync 
+[!INCLUDE [do-not-sync-include](../includes/do-not-sync-include.md)]
+
+## Do not sync browser settings 
+[!INCLUDE [do-not-sync-browser-settings-include](../includes/do-not-sync-browser-settings-include.md)]
+
+## Prevent users from turning on browser syncing  
+[!INCLUDE [prevent-users-to-turn-on-browser-syncing-include](../includes/prevent-users-to-turn-on-browser-syncing-include.md)]
+
+
+

browsers/edge/group-policies/developer-settings-gp.md

@@ -0,0 +1,24 @@
+---
+title: Microsoft Edge - Developer settings
+description: 115-145 characters including spaces. Edit the intro para describing article intent to fit here. This abstract displays in the search result.
+services: 
+keywords: Don’t add or edit keywords without consulting your SEO champ.
+author: shortpatti
+ms.author: pashort
+ms.date: 07/25/2018
+ms.topic: article
+ms.prod: edge
+ms.mktglfcycl: explore
+ms.sitesec: library
+---
+
+# Developer settings
+>*Supported versions: Microsoft Edge on Windows 10*  
+
+I need a description here, maybe with scenarios
+
+## Allow Developer Tools 
+[!INCLUDE [allow-dev-tools-include](../includes/allow-dev-tools-include.md)] 
+
+## Prevent access to the about:flags page 
+[!INCLUDE [prevent-access-about-flag-include](../includes/prevent-access-about-flag-include.md)]

browsers/edge/group-policies/extensions-management-gp.md

@@ -0,0 +1,27 @@
+---
+title: Microsoft Edge - Extensions management
+description: 115-145 characters including spaces. Edit the intro para describing article intent to fit here. This abstract displays in the search result.
+services: 
+keywords: Don’t add or edit keywords without consulting your SEO champ.
+author: shortpatti
+ms.author: pashort
+ms.date: 07/25/2018
+ms.topic: article
+ms.prod: edge
+ms.mktglfcycl: explore
+ms.sitesec: library
+---
+
+# Extensions management
+>*Supported versions: Microsoft Edge on Windows 10*  
+
+I need a description here, maybe with scenarios 
+
+## Allow Extensions 
+[!INCLUDE [allow-extensions-include](../includes/allow-extensions-include.md)] 
+
+## Allow sideloading of extensions 
+[!INCLUDE [allow-sideloading-extensions-include](../includes/allow-sideloading-extensions-include.md)] 
+
+## Prevent turning off required extensions 
+[!INCLUDE [prevent-turning-off-required-extensions-include](../includes/prevent-turning-off-required-extensions-include.md)] 

browsers/edge/group-policies/favorites-management-gp.md

@@ -0,0 +1,31 @@
+---
+title: Microsoft Edge - Favorites management
+description: 115-145 characters including spaces. Edit the intro para describing article intent to fit here. This abstract displays in the search result.
+services: 
+keywords: Don’t add or edit keywords without consulting your SEO champ.
+author: shortpatti
+ms.author: pashort
+ms.date: 07/25/2018
+ms.topic: article
+ms.prod: edge
+ms.mktglfcycl: explore
+ms.sitesec: library
+---
+
+# Favorites management
+>*Supported versions: Microsoft Edge on Windows 10*  
+
+I need a description here, maybe with scenarios
+
+
+## Configure Favorites Bar 
+[!INCLUDE [configure-favorites-bar-include](../includes/configure-favorites-bar-include.md)]
+
+## Keep favorites in sync between Internet Explorer and Microsoft Edge 
+[!INCLUDE [keep-fav-sync-ie-edge-include](../includes/keep-fav-sync-ie-edge-include.md)] 
+
+## Prevent changes to Favorites on Microsoft Edge
+[!INCLUDE [prevent-changes-to-favorites-include](../includes/prevent-changes-to-favorites-include.md)] 
+
+## Provision Favorites 
+[!INCLUDE [provision-favorites-shortdesc](../shortdesc/provision-favorites-shortdesc.md)] 

browsers/edge/group-policies/home-button-gp.md

@@ -4,9 +4,14 @@ description: Microsoft Edge shows the home button and by clicking it the Start p
 ms.author: pashort
 author: shortpatti
 ms.date: 07/23/2018
+ms.prod: edge
+ms.mktglfcycl: explore
+ms.sitesec: library
 ---
 
 # Home button configuration options
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+
 Microsoft Edge shows the home button and by clicking it the Start page loads by default. You can configure the Home button to load the New tab page or a URL defined in the Set Home button URL policy. You can also configure Microsoft Edge to hide the home button. 
 
 ## Policies

browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md

@@ -0,0 +1,41 @@
+---
+title: Microsoft Edge - Interoperability and enterprise guidance
+description: 
+ms.author: pashort
+author: shortpatti
+ms.date: 07/23/2018
+ms.prod: edge
+ms.mktglfcycl: explore
+ms.sitesec: library
+---
+
+# Interoperability and enterprise guidance
+>*Supported versions: Microsoft Edge on Windows 10*  
+
+If you have specific websites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to open using IE11 automatically.
+
+Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
+
+
+**Policies** 
+
+1. [Configure the Enterprise Mode Site List](#configure-the-enterprise-mode-site-list)
+2. [Send all intranet sites to Internet Explorer 11](#send-all-intranet-sites-to-internet-explorer-11)
+3. [Show message when opening sites in Internet Explorer](#show-message-when-opening-sites-in-internet-explorer)
+4. [(IE11 policy) Send all sites not included in the Enterprise Mode Site List to Microsoft Edge](#ie11-policy-send-all-sites-not-included-in-the-enterprise-mode-site-list-to-microsoft-edge)
+
+
+![Use Enterprise Mode with Microsoft Edge to improve compatibility](../images/use-enterprise-mode-with-microsoft-edge-sm.png)
+
+
+## Configure the Enterprise Mode Site List
+[!INCLUDE [configure-enterprise-mode-site-list-include](../includes/configure-enterprise-mode-site-list-include.md)] 
+
+## Send all intranet sites to Internet Explorer 11
+[!INCLUDE [send-all-intranet-sites-ie-include](../includes/send-all-intranet-sites-ie-include.md)]
+
+## Show message when opening sites in Internet Explorer
+[!INCLUDE [show-message-opening-sites-ie-include](../includes/show-message-opening-sites-ie-include.md)] 
+
+## (IE11 policy) Send all sites not included in the Enterprise Mode Site List to Microsoft Edge 
+[!INCLUDE [ie11-send-all-sites-not-in-site-list-include](../includes/ie11-send-all-sites-not-in-site-list-include.md)] 

browsers/edge/group-policies/new-tab-page-settings-gp.md

@@ -1,17 +1,21 @@
 ---
-title: New tab page 
+title: Microsoft Edge - New tab page 
 description: Microsoft Edge loads the default New tab page by default. You can configure Microsoft Edge to load a New tab page URL and prevent users from changing it. 
 ms.author: pashort
 author: shortpatti
-ms.date: 07/20/2018
+ms.date: 07/25/2018
+ms.prod: edge
+ms.mktglfcycl: explore
+ms.sitesec: library
 ---
 
 
-
-
-
 # New tab page 
+>*Supported versions: Microsoft Edge on Windows 10*
+
 
 Microsoft Edge loads the default New tab page by default. You can configure Microsoft Edge to load a New tab page URL and prevent users from changing it.  When you enable this policy, and you disable the Allow web content on New tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank. 
 
-Policy: Set New Tab page URL 
+
+## Set New Tab page URL 
+[!INCLUDE [set-new-tab-url-include](../includes/set-new-tab-url-include.md)]

browsers/edge/group-policies/prelaunch-preload-gp.md

@@ -3,10 +3,12 @@ title: Microsoft Edge - Prelaunch and tab preload configuration options
 description: Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user.  Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge.
 ms.author: pashort
 author: shortpatti
-ms.date: 07/23/2018
+ms.date: 07/25/2018
 ---
 
 # Prelaunch Microsoft Edge and preload tabs in the background  
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+
 
 Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user.  Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge. You can also configure Microsoft Edge to prevent Microsoft Edge from pre-launching.  
 
@@ -14,9 +16,11 @@ Additionally, Microsoft Edge preloads the Start and New tab pages during Windows
 
 
 ## Policies
+
+- [Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed](../new-policies.md#allow-microsoft-edge-to-pre-launch-at-windows-startup-when-the-system-is-idle-and-each-time-microsoft-edge-is-closed)
+
 - [Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](../new-policies.md#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)
 
-- [Allow Prelaunch ](../new-policies.md#allow-prelaunch)
 
 ## Configuration options
 

browsers/edge/group-policies/search-engine-customization-gp.md

@@ -3,26 +3,29 @@ title: Microsoft Edge - Search engine customization
 description: By default, Microsoft Edge uses the default search engine specified in App settings, which lets users make changes to it. You can configure Microsoft Edge to use the policy-set search engine specified in the OpenSearch XML file.
 ms.author: pashort
 author: shortpatti
-ms.date: 07/23/2018
+ms.date: 07/25/2018
 ---
 
 # Search engine customization
 
 By default, Microsoft Edge uses the default search engine specified in App settings, which lets users make changes to it. You can configure Microsoft Edge to use the policy-set search engine specified in the OpenSearch XML file. You can also prevent users from making changes to the search engine settings.
 
+**Policies**
 
-## Policies
+- [Set default search engine](#set-default-search-engine)
+- [Allow search engine customization](#allow-search-engine-customization)
+- [Configure additional search engines](#configure-additional-search-engines)
 
-- [Set default search engine](../available-policies.md#set-default-search-engine)
-
-- [Allow web content on New Tab page](../available-policies.md#allow-web-content-on-new-tab-page)
-
-- [Configure additional search engines](../available-policies.md#configure-additional-search-engines)
-
-
-## Configuration options
 
 ![Set default search engine configurations](../images/set-default-search-engine-v4-sm.png)
 
 
+## Set default search engine
+[!INCLUDE [set-default-search-engine-include](../includes/set-default-search-engine-include.md)] 
+
+## Allow search engine customization
+[!INCLUDE [allow-search-engine-customization-include](../includes/allow-search-engine-customization-include.md)] 
+
+## Configure additional search engines
+[!INCLUDE [configure-additional-search-engines-include](../includes/configure-additional-search-engines-include.md)] 
 

browsers/edge/group-policies/security-privacy-management-gp.md

@@ -0,0 +1,48 @@
+---
+title: Microsoft Edge - Security and privacy management
+description: Microsoft Edge helps to defend from increasingly sophisticated and prevalent web-based attacks against Windows.  While most websites are safe, some sites have been designed to steal personal information or gain access to your system’s resources. 
+ms.author: pashort
+author: shortpatti
+ms.date: 07/25/2018
+---
+
+# Security and privacy management
+>*Supported versions: Microsoft Edge on Windows 10*
+
+Microsoft Edge helps to defend from increasingly sophisticated and prevalent web-based attacks against Windows.  While most websites are safe, some sites are malicious in nature, like stealing personal information or gain access to your system’s resources. By no longer supporting VBScript, JScript, VML, Browser Helper Objects, Toolbars, ActiveX controls, and Internet Explorer document modes, Microsoft Edge significantly reduces attacks making the browser more secure.  
+
+
+| | |
+|---|---|
+| **Windows Hello** | Authenticates the user and the website with asymmetric cryptography. |
+| **Microsoft SmartScreen** | Defends against phishing by performing reputation checks on sites visited and blocking any site that is thought to be a phishing site. SmartScreen also helps to defend against installing malicious software or file downloads, even from trusted sites. |
+| **Certificate Reputation system** | Collects data about certificates in use, detecting new certificates and flagging fraudulent certificates automatically. |
+| **Microsoft EdgeHTML** | Defends against hacking through the following security standards features:<ul><li>Support for the W3C standard for Content Security Policy (CSP), which helps web developers defend their sites against cross-site scripting attacks.</li><li>Support for the HTTP Strict Transport Security (HSTS) feature, which is IETF-standard compliant, and helps to ensure that connections to sites are always secure.</li></ul> |
+| **Code integrity and image loading restrictions** | Prevents malicious DLLs from loading or injecting into the content processes. Only signed images are allowed to load in Microsoft Edge. Binaries on remote devices (such as UNC or WebDAV) can&#39;t load. |
+| **Memory corruption mitigations** | Defends against memory corruption weaknesses and vulnerabilities with the use of [CWE-416: Use After Free](http://cwe.mitre.org/data/definitions/416.html) (UAF). |
+| **Memory Garbage Collector (MemGC) mitigation** | Replaces Memory Protector and helps to defend the browser from UAF vulnerabilities by freeing memory from the programmer and automating it, only freeing memory when the automation detects that there are no more references left pointing to a given block of memory. |
+| **Control Flow Guard** | Compiles checks around code that performs indirect jumps based on a pointer, restricting those jumps to only going to function entry points with known addresses. Control Flow Guard is a Microsoft Visual Studio technology. |
+
+
+## Configure cookies
+[!INCLUDE [configure-cookies-include](../includes/configure-cookies-include.md)]
+
+## Configure Password Manager
+[!INCLUDE [configure-password-manager-include](../includes/configure-password-manager-include.md)]
+
+## Configure Windows Defender SmartScreen
+[!INCLUDE [configure-windows-defender-smartscreen-include](../includes/configure-windows-defender-smartscreen-include.md)]
+
+## Prevent bypassing Windows Defender SmartScreen prompts for files 
+[!INCLUDE [prevent-bypassing-win-defender-files-include](../includes/prevent-bypassing-win-defender-files-include.md)]
+
+## Prevent bypassing Windows Defender SmartScreen prompts for sites 
+[!INCLUDE [prevent-bypassing-win-defender-sites-include](../includes/prevent-bypassing-win-defender-sites-include.md)]
+
+## Prevent certificate error overrides 
+[!INCLUDE [prevent-certificate-error-overrides-include](../includes/prevent-certificate-error-overrides-include.md)]
+
+## Prevent using Localhost IP address for WebRTC
+[!INCLUDE [prevent-localhost-address-for-webrtc-include](../includes/prevent-localhost-address-for-webrtc-include.md)]
+
+

browsers/edge/group-policies/start-pages-gp.md

@@ -1,29 +1,42 @@
 ---
-title: Start pages 
+title: Microsoft Edge - Start pages 
 description: Configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages.
 ms.author: pashort
 author: shortpatti
-ms.date: 07/23/2018
+ms.date: 07/25/2018
+ms.prod: edge
+ms.mktglfcycl: explore
+ms.sitesec: library
 ---
 
 # Start pages 
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+
 
 Microsoft Edge loads the pages specified in App settings as the default Start pages.  You can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages.  You can also configure Microsoft Edge to prevent users from making changes. 
 
+**Policies**
 
-## Policies 
+- [Configure Open Microsoft Edge With](#configure-open-microsoft-edge-with)
+- [Configure Start Pages](#configure-start-pages)
+- [Disable Lockdown of Start pages](#disable-lockdown-of-start-pages)
 
-- [Configure Open Microsoft Edge With](../new-policies.md#configure-open-microsoft-edge-with) 
-
-- [Configure Start Pages](../available-policies.md#configure-start-pages) 
-
-- [Disable Lockdown of Start Pages](../available-policies.md#configure-windows-defender-smartscreen) 
-
-## Configuration options
 
 ![Load URLs defined in Configure Start Pages](../images/load-urls-defined-in-configure-open-edge-with-main-sm.png)
 
 
+## Configure Open Microsoft Edge With
+[!INCLUDE [configure-open-edge-with-include](../includes/configure-open-edge-with-include.md)]
+
+## Configure Start Pages
+[!INCLUDE [configure-start-pages-include](../includes/configure-start-pages-include.md)]
+
+## Disable Lockdown of Start pages
+[!INCLUDE [disable-lockdown-of-start-pages-include](../includes/disable-lockdown-of-start-pages-include.md)]
+
+
+## Configuration options
+
 | **Configure Open Microsoft Edge With** | **Configure Start Pages** | **Disabled Lockdown of Start Pages** | **Outcome** |
 | --- | --- | --- | --- |
 | Enabled (applies to all options) | Enabled – String | Enabled (all configured start pages are editable) | Load URLs defined in the Configure Open Microsoft Edge With policy, and allow users to make changes. |

browsers/edge/group-policies/sync-browser-settings-gp.md

@@ -1,12 +1,13 @@
 ---
-title: Microsoft Edge - Sync browser settings
+title: Microsoft Edge - Sync browser settings options 
 description: By default, the “browser” group syncs automatically between the user’s devices, letting users make changes.
 ms.author: pashort
 author: shortpatti
 ms.date: 07/23/2018
 ---
 
-# Sync browser settings  
+# Sync browser settings options 
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows* 
 
 By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. You can configure Microsoft Edge to prevent the “browser” group from syncing and prevent users from turning on the Sync your Settings toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. 
 

browsers/edge/includes/allow-ext-telemetry-books-tab-include.md

@@ -21,7 +21,7 @@
 - **GP ADMX file name:** MicrosoftEdge.admx
 
 #### MDM settings
-- **MDM name:** Browser/[Browser/EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry)
+- **MDM name:** [Browser/EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry)
 - **Supported devices:** Desktop and Mobile
 - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/EnableExtendedBooksTelemetry
 - **Data type:** Integer

browsers/edge/includes/allow-full-screen-include.md

@@ -1,5 +1,6 @@
-<!-- ## Allow fullscreen mode 
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
+<!-- ## Allow fullscreen mode --> 
+
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> 
 >*Default setting:  Enabled or not configured (Allowed)*
 
 

browsers/edge/includes/allow-prelaunch-include.md

@@ -1,6 +1,7 @@
 
-<!-- Allow Prelaunch 
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br>  -->
+<!-- Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed -->
+
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br>  
 >*Default setting:  Enabled or not configured (Allowed)*
 
 [!INCLUDE [allow-prelaunch-shortdesc](../shortdesc/allow-prelaunch-shortdesc.md)]
@@ -20,7 +21,7 @@ For more details about configuring the prelaunch and preload options, see [Prela
 ### ADMX info and settings
 
 #### ADMX info
-- **GP English name:** Allow Prelaunch
+- **GP English name:** Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed
 - **GP name:** AllowPreLaunch
 - **GP path:** Windows Components/Microsoft Edge
 - **GP ADMX file name:** MicrosoftEdge.admx

browsers/edge/includes/allow-printing-include.md

@@ -1,5 +1,5 @@
-<!-- ## Allow printing  
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
+<!-- ## Allow printing   -->
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br>  
 >*Default setting:  Enabled or not configured (Allowed)*
 
 [!INCLUDE [allow-printing-shortdesc](../shortdesc/allow-printing-shortdesc.md)]

browsers/edge/includes/allow-saving-history-include.md

@@ -1,5 +1,6 @@
-<!-- ## Allow Saving History 
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
+<!-- ## Allow Saving History --> 
+
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> 
 >*Default setting:  Enabled or not configured (Allowed)*
 
 [!INCLUDE [allow-saving-history-shortdesc](../shortdesc/allow-saving-history-shortdesc.md)]

browsers/edge/includes/allow-sideloading-extensions-include.md

@@ -1,5 +1,5 @@
-<!-- ## Allow sideloading of Extensions
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
+<!-- ## Allow sideloading of Extensions -->  
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br>  
 >*Default setting: Enabled (Allowed)*
 
 [!INCLUDE [allow-sideloading-of-extensions-shortdesc](../shortdesc/allow-sideloading-of-extensions-shortdesc.md)]

browsers/edge/includes/allow-tab-preloading-include.md

@@ -1,5 +1,5 @@
-<!-- ## Allow Start and New Tab page preload (aka: AllowStartAndNewTabPagePreload) 
->*Supported versions: Microsoft Edge on Windows 10, version 1802*<br> -->
+<!-- ## Allow Start and New Tab page preload (aka: AllowStartAndNewTabPagePreload)  -->  
+>*Supported versions: Microsoft Edge on Windows 10, version 1802*<br> 
 >*Default setting:  Enabled or not configured (Allowed)*
 
 [!INCLUDE [allow-tab-preloading-shortdesc](../shortdesc/allow-tab-preloading-shortdesc.md)]

browsers/edge/includes/allow-web-content-new-tab-page-include.md

@@ -1,5 +1,5 @@
-<!-- ## Allow web content on New Tab page
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
+<!-- ## Allow web content on New Tab page -->  
+>*Supported versions: Microsoft Edge on Windows 10*<br>  
 >*Default setting:  Enabled (Default New tab page loads)*
 
 

browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md

@@ -1,5 +1,5 @@
-<!-- Configure collection of browsing data for Microsoft 365 Analytics
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br>  -->
+<!-- Configure collection of browsing data for Microsoft 365 Analytics -->  
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br>  
 >*Default setting:  Disabled or not configured (No data collected or sent)*
 
 [!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](../shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)]

browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md

@@ -1,5 +1,6 @@
-<!-- ## Configure kiosk reset after idle timeout
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
+<!-- ## Configure kiosk reset after idle timeout-->  
+
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br>  
 >*Default setting: 5 minutes*
 
 [!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](../shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)]

browsers/edge/includes/configure-enterprise-mode-site-list-include.md

@@ -35,8 +35,7 @@
 
 ### Related Policies
 
-[Show message opening sites in IE](../available-policies.md#show-message-when-opening-sites-in-internet-explorer):
-[!INCLUDE
+[Show message opening sites in IE](../available-policies.md#show-message-when-opening-sites-in-internet-explorer): [!INCLUDE
 [show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
 
 ### Related topics

browsers/edge/includes/configure-favorites-bar-include.md

@@ -1,5 +1,5 @@
-<!-- ##Configure Favorites Bar
->*Supported versions: Microsoft Edge on Windows 10, new major release*<br> -->
+<!-- ##Configure Favorites Bar --> 
+>*Supported versions: Microsoft Edge on Windows 10, new major release*<br>  
 >*Default setting:  Not configured (Hidden)*
 
 

browsers/edge/includes/configure-home-button-include.md

@@ -1,5 +1,5 @@
-<!-- ## Configure Home button
->*Supported versions: Microsoft Edge on Windows 10*<br> -->
+<!-- ## Configure Home button-->  
+>*Supported versions: Microsoft Edge on Windows 10*<br>  
 >*Default setting: Disabled or not configured (Show home button and load the Start page)*
 
 

browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md

@@ -1,6 +1,6 @@
 
-<!-- ## Configure kiosk mode
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
+<!-- ## Configure kiosk mode --> 
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> 
 >*Default setting:  Not configured*
 
 [!INCLUDE [configure-kiosk-mode-shortdesc](../shortdesc/configure-kiosk-mode-shortdesc.md)]

browsers/edge/includes/configure-open-edge-with-include.md

@@ -1,6 +1,6 @@
-<!-- Configure Open Microsoft Edge With
+<!-- Configure Open Microsoft Edge With-->
 
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> 
 >*Default setting:  Enabled (A specific page or pages)*
 
 [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]

browsers/edge/includes/configure-start-pages-include.md

@@ -40,7 +40,7 @@ For more details about configuring the Start pages, see [Start pages](../group-p
 
 - [Disable Lockdown of Start Pages](#disable-lockdown-of-start-pages-include): [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
 
-- [Configure Start Pages](#configure-start-pages-include): [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
+- [Configure Open Microsoft Edge With](../new-policies.md#configure-open-microsoft-edge-with): [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
 
 
 

browsers/edge/includes/do-not-sync-browser-settings-include.md

@@ -1,5 +1,5 @@
-<!-- ## Do not sync browser settings
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
+<!-- ## Do not sync browser settings  --> 
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> 
 >*Default setting:  Disabled or not configured (Allowed/turned on)*
 
 [!INCLUDE [do-not-sync-browser-settings-shortdesc](../shortdesc/do-not-sync-browser-settings-shortdesc.md)]
@@ -14,7 +14,7 @@
 
 ### Configuration options
 
-For more details about configuring the browser syncing options, see [Sync browser settings](../group-policies/sync-browser-settings-gp.md).
+For more details about configuring the browser syncing options, see [Sync browser settings options](../group-policies/sync-browser-settings-gp.md).
 
 
 

browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md

@@ -0,0 +1,7 @@
+>*Supported versions: Internet Explorer 11 on Windows 10, version 1607 or later*<br>
+>*Default setting: Disabled or not configured*
+
+By default, all sites open the currently active browser. With this policy, you can automatically open all sites not included in the Enterprise Mode Site List in Microsoft Edge. When you enable this policy, you must also turn on the Internet Explorer\Use the Enterprise Mode IE website list policy and include at least one site in the Enterprise Mode Site List.
+
+>[!NOTE]
+>If you’ve also enabled the Microsoft Edge [Send all intranet sites to Internet Explorer 11](../available-policies.md#send-all-intranet-sites-to-internet-explorer-11) policy, all intranet sites continue to open in Internet Explorer 11.

browsers/edge/includes/prevent-certificate-error-overrides-include.md

@@ -1,5 +1,6 @@
-<!-- ## Prevent certificate error overrides
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
+<!-- ## Prevent certificate error overrides --> 
+
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> 
 >*Default setting:  Disabled or not configured (Allowed/turned off)*
 
 [!INCLUDE [prevent-certificate-error-overrides-shortdesc](../shortdesc/prevent-certificate-error-overrides-shortdesc.md)]

browsers/edge/includes/prevent-turning-off-required-extensions-include.md

@@ -1,5 +1,6 @@
-<!-- ## Prevent turning off required extensions
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
+<!-- ## Prevent turning off required extensions-->  
+
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br>  
 >*Default setting:  Disabled or not configured (Allowed)*
 
 [!INCLUDE [prevent-turning-off-required-extensions-shortdesc](../shortdesc/prevent-turning-off-required-extensions-shortdesc.md)]

browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md

@@ -1,6 +1,5 @@
-
-<!-- Prevent users from turning on browser syncing
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br>  -->
+ <!-- Prevent users from turning on browser syncing -->  
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br>  
 >*Default setting:  Enabled or not configured (Prevented/turned off)*
 
 [!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
@@ -14,7 +13,7 @@
 
 ### Configuration options
 
-For more details about configuring the browser syncing options, see [Sync browser settings](../group-policies/sync-browser-settings-gp.md).
+For more details about configuring the browser syncing options, see [Sync browser settings options](../group-policies/sync-browser-settings-gp.md).
 
 
 ### ADMX info and settings

browsers/edge/includes/set-home-button-url-include.md

@@ -1,5 +1,5 @@
-<!-- ## Set Home button URL
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
+<!-- ## Set Home button URL--> 
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> 
 >*Default setting: Disabled or not configured (Blank)*
 
 [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]

browsers/edge/includes/set-new-tab-url-include.md

@@ -1,5 +1,5 @@
-<!-- ## Set New Tab page URL
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
+<!-- ## Set New Tab page URL -->  
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> 
 >*Default setting:  Disabled or not configured (Blank)*
 
 [!INCLUDE [set-new-tab-url-shortdesc](../shortdesc/set-new-tab-url-shortdesc.md)]

browsers/edge/includes/show-message-opening-sites-ie-include.md

@@ -1,5 +1,6 @@
-<!-- ## Show message when opening sites in Internet Explorer
->*Supported versions: Microsoft Edge on Windows 10, version 1607 and later*<br> -->
+<!-- ## Show message when opening sites in Internet Explorer --> 
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1607 and later*<br> 
 >*Default setting:  Disabled or not configured (No additional message)*
 
 <!-- RS5 update: add option for showing interstitial page with stay in Edge link (Koch) -->

browsers/edge/includes/unlock-home-button-include.md

@@ -1,5 +1,5 @@
-<!-- ## Unlock Home Button
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> -->
+<!-- ## Unlock Home Button -->  
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*<br> 
 >*Default setting: Disabled or not configured (Home button is locked)*
 
 [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]

browsers/edge/microsoft-edge-kiosk-mode-deploy.md

@@ -7,13 +7,13 @@ ms.prod: edge
 ms.sitesec: library
 title: Deploy Microsoft Edge kiosk mode
 ms.localizationpriority: high
-ms.date: 07/23/2018 
+ms.date: 07/25/2018 
 ---
 
 # Deploy Microsoft Edge kiosk mode (Preview)
 
 >Applies to: Microsoft Edge on Windows 10 <br>
->Preview build 17713+
+>Preview build 17723
 
 Microsoft Edge kiosk mode works with assigned access to let IT administrators create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access. Learn more about [Configuring kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shared-pc).
 
@@ -45,7 +45,7 @@ When you set up Microsoft Edge kiosk mode in multi-app assigned access, Microsof
 
 The multi-app Microsoft Edge kiosk mode types include:
 
-3.  **Public browsing** supports browsing the internet and runs InPrivate with minimal features available. In this configuration, Microsoft Edge can be one of many apps available. Users can close and open multiple InPrivate windows. On a multi-app kiosk device, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access. You can enable Enterprise Mode to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.  Examples of public browsing include an information kiosk device at a public library or hotel concierge desk that provides access to Microsoft Edge and other app(s).
+3.  **Public browsing** supports browsing the internet and runs InPrivate with minimal features available. In this configuration, Microsoft Edge can be one of many apps available. Users can close and open multiple InPrivate windows. On a multi-app kiosk device, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access. You can enable Enterprise Mode to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support. A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other app(s).
 
     ![Public browsing Microsoft Edge kiosk mode on a multi-app kiosk device](images/Multi-app_kiosk_inFrame.png)
 
@@ -56,7 +56,7 @@ The multi-app Microsoft Edge kiosk mode types include:
 ## Let’s get started!
 Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Edge in assigned access. You can set up Microsoft Edge kiosk mode in assigned access using:
 
--   **Windows Settings.** (Build 17723) Best for physically setting up a single device as a kiosk. With this method, you set up assigned access and configure the kiosk or digital sign device using Settings.  You can configure Microsoft Edge in single-app (kiosk type – Full-screen or public browsing) and define a single URL for the Home button, Start page, and New tab page. You can also set the reset after an idle timeout. 
+-   **Windows Settings.** Best for physically setting up a single device as a kiosk. With this method, you set up assigned access and configure the kiosk or digital sign device using Settings.  You can configure Microsoft Edge in single-app (kiosk type – Full-screen or public browsing) and define a single URL for the Home button, Start page, and New tab page. You can also set the reset after an idle timeout. 
 
 -   **Microsoft Intune or other MDM service.** Best for setting up multiple devices as a kiosk. With this method, you configure Microsoft Edge in assigned access and configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access.
 
@@ -78,8 +78,6 @@ Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Ed
 
 
 ### Use Windows Settings 
->Preview build 17723 
- 
 
 Windows Settings is the simplest and easiest way to set up one or a couple of devices because you must perform these steps on each device. This method is ideal for small businesses.
 
@@ -116,7 +114,7 @@ Windows Settings is the simplest and easiest way to set up one or a couple of de
 
 13.  Close **Settings** to save your choices automatically and apply them the next time the user account logs on.
 
-14.  Configure the policies for Microsoft Edge kiosk mode. For details on the valid kiosk policy settings, see [Related policies](#related-policies).
+14.  Configure the policies for Microsoft Edge kiosk mode. For details on the valid kiosk policy settings, see [Relevant policies](#relevant-policies).
 
 15.  Validate the Microsoft Edge kiosk mode by restarting the device and signing in with the local kiosk account.
 
@@ -210,7 +208,7 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
 | [AllowMicrosoftCompatibilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist)                                        | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)<sup>1</sup> | ![Supported](images/148767.png)   |
 | [AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager)                                                   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
 | [AllowPopups](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpopups)                                                            | ![Not supported](images/148766.png) | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
-| [AllowPrelaunch](new-policies.md#allow-prelaunch)\*                                                       | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [AllowPrelaunch](new-policies.md#allow-microsoft-edge-to-pre-launch-at-windows-startup-when-the-system-is-idle-and-each-time-microsoft-edge-is-closed)\*                                                      | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
 | [AllowPrinting](new-policies.md#allow-printing)\*                                                        | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
 | [AllowSavingHistory](new-policies.md#allow-saving-history)\*                                                   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
 | [AllowSearchEngineCustomization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization)                                         | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
@@ -230,7 +228,7 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
 | [ConfigureOpenMicrosoftEdgeWith](new-policies.md#configure-open-microsoft-edge-with)\*                                       | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
 | [ConfigureTelemetryForMicrosoft365Analytics](new-policies.md#configure-collection-of-browsing-data-for-microsoft-365-analytics)\*                           | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
 | [DisableLockdownOfStartPages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages)                                            | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
-| [DoNotSyncBrowserSetting](available-policies.md#do-not-sync-browser-settings)\* and [PreventUsersFromTurningOnBrowserSyncing](new-policies.md#prevent-users-from-turning-on-browser-syncing)\* | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)   |
+| [Experience/DoNotSyncBrowserSetting](available-policies.md#do-not-sync-browser-settings)\* and [Experience/PreventUsersFromTurningOnBrowserSyncing](new-policies.md#prevent-users-from-turning-on-browser-syncing)\* | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)   |
 | [EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry)                                           | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
 | [EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist)                                                 | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)<sup>1</sup> | ![Supported](images/148767.png)   |
 | [FirstRunURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-firstrunurl)                                                            | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Not supported](images/148766.png) |
@@ -257,7 +255,7 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
 
 *\* New policy coming in the next release of Windows 10.*<p>
 *1) For multi-app assigned access, you must configure Internet Explorer 11.*<br>
-*2) For digital/interactive signage to enable Flash, set [AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) to 0.*
+*2) For digital/interactive signage to enable Flash, set [AllowFlashClickToRun].(https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) to 0.*
 
 **Legend:**<p>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ![Not supported](images/148766.png) = Not applicable or not supported <br>
@@ -287,24 +285,12 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
 
 ---
 
-## Known issues with RS_PRERELEASE build 17723
+## Known issues with prerelease build 17723
 
-- When you set up Microsoft Edge kiosk mode on a single-app kiosk device you must set the “ConfigureKioskMode” policy because the default behavior is not honored. 
+When you set up Microsoft Edge kiosk mode on a single-app kiosk device you must set the “ConfigureKioskMode” policy because the default behavior is not honored. 
 - **Expected behavior** – Microsoft Edge kiosk mode launches in full-screen mode. 
 - **Actual behavior** – Normal Microsoft Edge launches.
 
-- When you enable or set the “ConfigureFavoritesBar” policy to 1, the favorites bar does not show in Microsoft Edge kiosk mode. 
-    - **Expected behavior** – Microsoft Edge kiosk mode shows the favorites bar. 
-    - **Actual behavior** – The favorites bar is hidden.
-
-- Extensions should not be available in Public browsing multi-app kiosk. 
-    - **Expected behavior** – Extensions are disabled in _Settings and more_ menu. 
-    - **Actual behavior** – Extensions are accessible in _Settings and more_ menu.
-
-- Books should not be available in Public browsing multi-app kiosk. 
-    - **Expected behavior** – Books are disabled in _Settings and more_ menu. 
-    - **Actual behavior** – Books are accessible in _Settings and more_ menu.
-
 ---
 
 ## Provide feedback or get support

browsers/edge/new-policies.md

@@ -8,7 +8,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 title: New Microsoft Edge Group Policies and MDM settings
 ms.localizationpriority: 
-ms.date: 07/23/2018 
+ms.date: 07/25/2018 
 ---
 
 # New Microsoft Edge Group Policies and MDM settings (Preview)
@@ -32,8 +32,8 @@ We are discontinuing the use of the **Configure Favorites** group policy. Use th
 | **Group Policy** | **New/update?** | **MDM Setting** | **New/update?** |
 | --- | --- | --- | --- |
 | [Allow fullscreen mode](#allow-fullscreen-mode) | New |  [AllowFullscreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode) | New |
+| [Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed](#allow-prelaunch) | New | [AllowPrelaunch](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) | New |
 | [Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed) | New | [AllowTabPreloading](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) | New |
-| [Allow Prelaunch](#allow-prelaunch) | New | [AllowPrelaunch](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) | New |
 | [Allow printing](#allow-printing) | New |  [AllowPrinting](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprinting) | New |
 | [Allow Saving History](#allow-saving-history) | New | [AllowSavingHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory) | New |
 | [Allow sideloading of Extensions](#allow-sideloading-of-extensions) | New | [AllowSideloadingExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions) | New |
@@ -60,12 +60,12 @@ We are discontinuing the use of the **Configure Favorites** group policy. Use th
 ## Allow fullscreen mode
 [!INCLUDE [allow-full-screen-include](includes/allow-full-screen-include.md)]
 
+## Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed
+[!INCLUDE [allow-prelaunch-include](includes/allow-prelaunch-include.md)]
+
 ## Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
 [!INCLUDE [allow-tab-preloading-include](includes/allow-tab-preloading-include.md)]
 
-## Allow Prelaunch
-[!INCLUDE [allow-prelaunch-include](includes/allow-prelaunch-include.md)]
-
 ## Allow printing
 [!INCLUDE [allow-printing-include.md](includes/allow-printing-include.md)]
 

browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md

@@ -17,7 +17,7 @@ You can use the Group Policy setting, **Set a default associations configuration
 
  **To set the default browser as Internet Explorer 11**
 
-1.  Open your Group Policy editor and go to the **Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.<p>
+1.  Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.<p>
 Turning this setting on also requires you to create and store a default associations configuration file, locally or on a network share. For more information about creating this file, see [Export or Import Default Application Associations]( https://go.microsoft.com/fwlink/p/?LinkId=618268).
 
     ![set default associations group policy setting](images/setdefaultbrowsergp.png)

devices/hololens/TOC.md

@@ -1,5 +1,6 @@
 # [Microsoft HoloLens](index.md)
 ## [What's new in Microsoft HoloLens](hololens-whats-new.md)
+## [Insider preview for Microsoft HoloLens](hololens-insider.md)
 ## [HoloLens in the enterprise: requirements and FAQ](hololens-requirements.md)
 ## [Set up HoloLens](hololens-setup.md)
 ## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) 

devices/hololens/change-history-hololens.md

@@ -9,13 +9,19 @@ author: jdeckerms
 ms.author: jdecker
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 06/04/2018
+ms.date: 07/27/2018
 ---
 
 # Change history for Microsoft HoloLens documentation
 
 This topic lists new and updated topics in the [Microsoft HoloLens documentation](index.md).
 
+## July 2018
+
+New or changed topic | Description
+--- | ---
+[Insider preview for Microsoft HoloLens](hololens-insider.md) | New
+
 ## June 2018
 
 New or changed topic | Description

devices/hololens/hololens-insider.md

@@ -0,0 +1,176 @@
+---
+title: Insider preview for Microsoft HoloLens (HoloLens)
+description: It’s simple to get started with Insider builds and to provide valuable feedback for our next major operating system update for HoloLens.
+ms.prod: hololens
+ms.sitesec: library
+author: jdeckerms
+ms.author: jdecker
+ms.topic: article
+ms.localizationpriority: medium
+ms.date: 07/27/2018
+---
+
+# Insider preview for Microsoft HoloLens
+
+Welcome to the latest Insider Preview builds for HoloLens!  It’s simple to get started and provide valuable feedback for our next major operating system update for HoloLens. 
+ 
+>Latest insider version: 10.0.17720.1000 
+
+<span id="get-insider" />
+## How do I install the Insider builds? 
+ 
+On a device running the Windows 10 April 2018 Update, go to **Settings -> Update & Security -> Windows Insider Program** and select **Get started**. Link the account you used to register as a Windows Insider. 
+
+Then, select **Active development of Windows**, choose whether you’d like to receive **Fast** or **Slow** builds, and review the program terms. 
+
+Select **Confirm -> Restart Now** to finish up. After your device has rebooted, go to **Settings -> Update & Security -> Check for updates** to get the latest build. 
+
+## New features for HoloLens 
+ 
+The latest Insider Preview (RS5) has arrived for all HoloLens customers! This latest flight is packed with improvements that have been introduced since the [last major release of HoloLens software in May 2018](https://docs.microsoft.com/windows/mixed-reality/release-notes). 
+
+### For everyone 
+ 
+
+Feature | Details  | Instructions 
+--- | --- | ---
+Stop video capture from the Start or quick actions menu | If you start video capture from the Start menu or quick actions menu, you’ll be able to stop recording from the same place. (Don’t forget, you can always do this with voice commands too.) | To start recording, select **Start > Video**. To stop recording, select **Start > Stop video**.
+Project to a Miracast-enabled device | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter | On **Start**, select **Connect**. Select the device you want to project to. 
+New notifications | View and respond to notification toasts on HoloLens, just like you do on a PC. | You’ll now see notifications from apps that provide them. Gaze to respond to or dismiss them (or if you’re in an immersive experience, use the bloom gesture).  
+HoloLens overlays (file picker, keyboard, dialogs, etc.) | You’ll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. | When you’re using an immersive app, input text, select a file from the file picker, or interact with dialogs without leaving the app. 
+Visual feedback overlay UI for volume change | When you use the volume up/down buttons on your HoloLens you’ll see a visual display of the volume level. | Adjust the device volume using the volume up/down buttons located on the right arm of the HoloLens. Use the visual display to track the volume level. 
+New UI for device boot | A loading indicator was added during the boot process to provide visual feedback that the system is loading. | Reboot your device to see the new loading indicator—it’s between the "Hello" message and the Windows boot logo. 
+Share UX: Nearby Sharing | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. | Capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge).  Select a nearby Windows device to share with. 
+Share from Microsoft Edge | Share button is now available on Microsoft Edge windows on HoloLens. | In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. 
+
+### For developers 
+ 
+- Support for Holographic [Camera Capture UI API](https://docs.microsoft.com/windows/uwp/audio-video-camera/capture-photos-and-video-with-cameracaptureui), which will let developers expose a way for users to seamlessly invoke camera or video capture from within their applications. For example, users can now capture and insert photo or video content directly within apps like Word.  
+- Mixed Reality Capture has been improved to exclude hidden mesh from captures, which means videos captures by apps will no longer contain black corners around the content.  
+
+### For commercial customers 
+
+
+Feature | Details | Instructions 
+--- | --- | ---
+Enable post-setup provisioning | Can now apply a runtime provisioning package at any time using **Settings**. | On your PC:<br><br>1. Create a provisioning package as described at [Create a provisioning package for HoloLens using the HoloLens wizard](hololens-provisioning.md). <br>2. Connect the HoloLens device via USB to a PC. HoloLens will show up as a device in File Explorer on the PC. <br>3. Drag and drop the provisioning package to the Documents folder on the HoloLens. <br><br>On your HoloLens: <br><br>1. Go to **Settings > Accounts > Access work or school**. <br>2. In **Related Settings**, select **Add or remove a provisioning package**.<br>3. On the next page, select **Add a package** to launch the file picker and select your provisioning package. <br>**Note:** if the folder is empty, make sure you select **This Device** and select **Documents**.<br>After your package has been applied, it will show in the list of Installed packages. To view package details or to remove the package from the device, select the listed package. 
+Assigned access with Azure AD groups | Flexibility to use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. | Prepare XML file to configure Assigned Access on PC:<br><br>1. In a text editor, open [the provided file AssignedAccessHoloLensConfiguration_AzureADGroup.xml](#xml).<br>2. Change the group ID to one available in your Azure AD tenant. You can find the group ID of an Azure Active Directory Group by either :<br>- following the steps at [Azure Active Directory version 2 cmdlets for group management](https://docs.microsoft.com/azure/active-directory/active-directory-accessmanagement-groups-settings-v2-cmdlets),<br>OR<br>- in the Azure portal, with the steps at [Manage the settings for a group in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-groups-settings-azure-portal).<br><br>**Note:** The sample configures the following apps: Skype, Learning, Feedback Hub, Flow, Camera, and Calibration. <br><br>Create provisioning package with WCD:<br><br>1. On a PC, follow the steps at [Create a provisioning package for HoloLens using the HoloLens wizard](hololens-provisioning.md) to create a provisioning package.<br>2. Ensure that you include the license file in **Set up device**.<br>3. Select **Switch to advanced editor** (bottom left), and **Yes** for warning prompt.<br>4. Expand the runtime settings selection in the **Available customizations** panel and select **AssignedAccess > MultiAppAssignedAccessSettings**.<br>5. In the middle panel, you should now see the setting displayed with documentation in the panel below. Browse to the XML you modified for Assigned Access.<br>6. On the **Export** menu, select **Provisioning package**. <br>**Warning:** If you encrypt the provisioning package, provisioning the HoloLens device will fail.<br>7. Select **Next** to specify the output location where you want the provisioning package to go once it's built.<br>8. Select **Next**, and then select **Build** to start building the package.<br>9. When the build completes, select **Finish**. <br><br>Apply the package to HoloLens: <br><br>1. Connect HoloLens via USB to a PC and start the device, but do not continue past the **Fit** page of OOBE (the first page with the blue box). HoloLens will show up as a device in File Explorer on the PC. <br>2. In File Explorer, drag and drop the provisioning package (.ppkg) onto the device storage.<br>3. Briefly press and release the **Volume Down** and **Power** buttons simultaneously again while on the fit page. <br>4. The device will ask you if you trust the package and would like to apply it. Confirm that you trust the package.<br>5. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with OOBE.<br><br>Enable assigned access on HoloLens: <br><br>1. After applying the provisioning package, during the **Account Setup** flows in OOBE, select **My work or school owns this** to set up your device with an Azure AD account. <br>**Note:** This account must not be in the group chosen for Assigned Access.<br>2. Once you reach the Shell, ensure the Skype app is installed either via your MDM environment or from the Store. <br>3. After the Skype app is installed, sign out. <br>4. On the sign-in screen, select the **Other User** option and enter an Azure AD account email address that belongs to the group chosen for Assigned Access. Then enter the password to sign in. You should now see this user with only the apps configured in the Assigned Access profile. 
+PIN sign-in on profile switch from sign-in screen  | PIN sign-in is now available for **Other User**.  | When signing in as **Other User**, the PIN option is now available under **Sign-In options**. 
+Sign in with Web Cred Provider using password | You can now select the Globe sign-in option to launch web sign-in with your password. Look for additional web sign-in methods coming in the future. | From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. <br>**Note:** You can choose to bypass any PIN/Smartcard options when prompted during web sign-in.  
+Read device hardware info through MDM so devices can be tracked by serial # | IT administrators can see and track HoloLens by device serial number in their MDM console. | Refer to your MDM documentation for feature availability, and for how to use your MDM console to view HoloLens device serial number. 
+Set HoloLens device name through MDM (rename) |  IT administrators can see and rename HoloLens devices in their MDM console. | Refer to your MDM documentation for feature availability, and for how to use your MDM console to view and set your HoloLens device name (rename). 
+
+### For international customers 
+ 
+
+Feature | Details | Instructions 
+--- | --- | ---
+Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands. | See below.  
+
+#### Installing the Chinese or Japanese versions of the Insider builds 
+ 
+In order to switch to the Chinese or Japanese version of HoloLens, you’ll need to download the build for the language on a PC and then install it on your HoloLens using the Windows Device Recovery Tool (WDRT). 
+ 
+>[!IMPORTANT] 
+>Installing the Chinese or Japanese builds of HoloLens using WDRT will delete existing data, like personal files and settings, from your HoloLens. 
+ 
+1. On a retail HoloLens device, [opt in to Insider Preview builds](#get-insider) to prepare your device for the RS5 Preview.   
+2. On your PC, download and install [the Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379). 
+3. Download the package for the language you want to your PC:  [Simplified Chinese](https://aka.ms/hololenspreviewdownload-ch) or [Japanese](https://aka.ms/hololenspreviewdownload-jp).
+4. When the download is finished, select **File Explorer > Downloads**. Right-click the zipped folder you just downloaded, and select **Extract all... > Extract** to unzip it. 
+5. Connect your HoloLens to your PC using the micro-USB cable it came with. (Even if you've been using other cables to connect your HoloLens, this one works best.)  
+6. The tool will automatically detect your HoloLens. Select the Microsoft HoloLens tile. 
+7. On the next screen, select **Manual package selection** and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the extension “.ffu”.) 
+8. Select **Install software** and follow the instructions to finish installing. 
+9. Once the build is installed, HoloLens setup will start automatically. Put on the device and follow the setup directions. 
+ 
+When you’re done with setup, go to **Settings -> Update & Security -> Windows Insider Program** and check that you’re configured to receive the latest preview builds.  The Chinese/Japanese version of HoloLens will be kept up-to-date with the latest preview builds via the Windows Insider Program the same way the English version is. 
+
+## Note for language support
+
+- You can’t change the system language between English, Japanese, and Chinese using the Settings app. Flashing a new build is the only supported way to change the device system language.
+- While you can enter Simplified Chinese / Japanese text using the on-screen Pinyin keyboard, typing in Simplified Chinese / Japanese using a Bluetooth hardware keyboard is not supported at this time.  However, on Chinese/Japanese HoloLens, you can continue to use a BT keyboard to type in English (the ~ key on a hardware keyboard toggles the keyboard to type in English).
+
+## Note for developers
+
+You are welcome and encouraged to try developing your applications using this build of HoloLens.  Check out the [HoloLens Developer Documentation](https://developer.microsoft.com/windows/mixed-reality/development) to get started.  Those same instructions work with this latest build of HoloLens.  You can use the same builds of Unity and Visual Studio that you're already using for HoloLens development.
+
+## Provide feedback and report issues
+
+Please use [the Feedback Hub app](https://docs.microsoft.com/windows/mixed-reality/give-us-feedback) on your HoloLens or Windows 10 PC to provide feedback and report issues. Using Feedback Hub ensures that all necessary diagnostics information is included to help our engineers quickly debug and resolve the problem.  Issues with the Chinese and Japanese version of HoloLens should be reported the same way.
+
+>[!NOTE]
+>Be sure to accept the prompt that asks whether you’d like Feedback Hub to access your Documents folder (select **Yes** when prompted).
+ 
+<span id="xml" />
+## AssignedAccessHoloLensConfiguration_AzureADGroup.xml
+
+Copy this sample XML to use for the [**Assigned access with Azure AD groups** feature](#for-commercial-customers).
+
+```xml
+<?xml version="1.0" encoding="utf-8" ?>
+<!-- 
+  This is a sample Assigned Access XML file. The Profile specifies which apps are allowed
+  and their app IDs. An Assigned Access Config specifies the accounts or groups to which 
+  a Profile is applicable. 
+  
+  !!! NOTE: Change the Name of the AzureActiveDirectoryGroup below to a valid object ID for a group in the tenant being tested.  !!!
+  
+  You can find the object ID of an Azure Active Directory Group by following the steps at 
+  https://docs.microsoft.com/en-us/azure/active-directory/active-directory-accessmanagement-groups-settings-v2-cmdlets
+  
+  OR in the Azure portal with the steps at
+  https://docs.microsoft.com/en-us/azure/active-directory/active-directory-groups-settings-azure-portal
+  
+-->
+<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
+    <Profiles>
+        <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
+            <AllAppsList>
+                <AllowedApps>
+                    <!-- Learning app -->
+                    <App AppUserModelId="GGVLearning_cw5n1h2txyewy!GGVLearning" />
+                    <!-- Calibration app -->
+                    <App AppUserModelId="ViewCalibrationApp_cw5n1h2txyewy!ViewCalibrationApp" />
+                    <!-- Feedback Hub -->
+                    <App AppUserModelId="Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe!App" />
+                    <!-- HoloSkype -->
+                    <App AppUserModelId="Microsoft.SkypeApp_kzf8qxf38zg5c!App" />
+                    <!-- HoloCamera -->
+                    <App AppUserModelId="HoloCamera_cw5n1h2txyewy!App" />
+                    <!-- HoloDevicesFlow -->
+                    <App AppUserModelId="HoloDevicesFlow_cw5n1h2txyewy!App" />
+                </AllowedApps>
+            </AllAppsList>
+            <!-- This section is required for parity with Desktop Assigned Access. It is not currently used on HoloLens -->
+            <StartLayout>
+                <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+                      <LayoutOptions StartTileGroupCellWidth="6" />
+                      <DefaultLayoutOverride>
+                        <StartLayoutCollection>
+                          <defaultlayout:StartLayout GroupCellWidth="6">
+                            <start:Group Name="Life at a glance">
+                              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="Microsoft.SkypeApp_kzf8qxf38zg5c!App" />
+                            </start:Group>
+                          </defaultlayout:StartLayout>
+                        </StartLayoutCollection>
+                      </DefaultLayoutOverride>
+                    </LayoutModificationTemplate>
+                ]]>
+            </StartLayout>
+            <!-- This section is required for parity with Desktop Assigned Access. It is not currently used on HoloLens -->
+            <Taskbar ShowTaskbar="true"/>
+        </Profile>
+    </Profiles>
+    <Configs>
+        <!-- IMPORTANT: Replace the group ID here with a valid object ID for a group in the tenant being tested that you want to 
+        be enabled for assigned access. Refer to https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-settings-v2-cmdlets on how to determine Object-Id for a AzureActiveDirectoryGroup. -->
+        <Config>
+           <UserGroup Type="AzureActiveDirectoryGroup" Name="ade2d5d2-1c86-4303-888e-80f323c33c61" /> <!-- All Intune Licensed Users -->
+           <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+        </Config>
+    </Configs>
+</AssignedAccessConfiguration>
+
+```
+

devices/hololens/index.md

@@ -7,7 +7,7 @@ author: jdeckerms
 ms.author: jdecker
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 05/21/2018
+ms.date: 07/27/2018
 ---
 
 # Microsoft HoloLens
@@ -22,6 +22,7 @@ ms.date: 05/21/2018
 | Topic | Description |
 | --- | --- |
 | [What's new in Microsoft HoloLens](hololens-whats-new.md) | Discover the new features in the latest update. |
+[Insider preview for Microsoft HoloLens](hololens-insider.md) | Learn about new HoloLens features available in the latest Insider Preview build.
 | [HoloLens in the enterprise: requirements](hololens-requirements.md) | Lists requirements for general use, Wi-Fi, and device management |
 | [Set up HoloLens](hololens-setup.md) | How to set up HoloLens for the first time  |
 | [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md)  | How to upgrade your Development Edition HoloLens to Windows Holographic for Business |

devices/surface/surface-dock-updater.md

@@ -117,6 +117,12 @@ Microsoft periodically updates Surface Dock Updater. To learn more about the app
 >[!Note]
 >Each update to Surface Dock firmware is included in a new version of Surface Dock Updater. To update a Surface Dock to the latest firmware, you must use the latest version of Surface Dock Updater.
 
+### Version 2.22.139.0
+*Release Date: 26 July 2018*
+
+This version of Surface Dock Updater adds support for the following:
+t.b.d.
+
 ### Version 2.12.136.0
 *Release Date: 29 January 2018*
 

education/windows/use-set-up-school-pcs-app.md

@@ -15,7 +15,7 @@ ms.date: 07/11/2018
 
 # Use the Set up School PCs app  
 
-IT administrators and technical teachers can use the **Set up School PCs** app to quickly set up Windows 10 PCs for students. The app configures PCs with the apps and features students need, and it removes the ones they don't need. During setup, if licensed in your tenant, the app anrolls each student PC into a mobile device management (MDM) provider, such as Intune for Education. You can then manage all the settings Set up School PCs configures through the MDM.   
+IT administrators and technical teachers can use the **Set up School PCs** app to quickly set up Windows 10 PCs for students. The app configures PCs with the apps and features students need, and it removes the ones they don't need. During setup, if licensed in your tenant, the app enrolls each student PC into a mobile device management (MDM) provider, such as Intune for Education. You can then manage all the settings Set up School PCs configures through the MDM.   
 
 Set up School PCs also:  
 * Joins each student PC to your organization's Office 365 and Azure Active Directory tenant.  

mdop/mbam-v25/mbam-25-supported-configurations.md

@@ -284,7 +284,7 @@ MBAM supports the following versions of Configuration Manager.
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>Microsoft System Center Configuration Manager (Current Branch), version 1610</p></td>
+<td align="left"><p>Microsoft System Center Configuration Manager (Current Branch), versions up to 1806</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>64-bit</p></td>
 </tr>
@@ -365,7 +365,7 @@ https://www.microsoft.com/en-us/download/details.aspx?id=54967<td align="left"><
 </table>
 
 **Note**  
-In order to support SQL 2016 you must install the March 2017 Servicing Release for MDOP https://www.microsoft.com/en-us/download/details.aspx?id=54967 .  In general stay current by always using the most recent servicing update as it also includes all bugfixes and new features.
+In order to support SQL 2016 you must install the March 2017 Servicing Release for MDOP https://www.microsoft.com/en-us/download/details.aspx?id=54967  and to support SQL 2017 you must install the July 2018 Servicing Release for MDOP https://www.microsoft.com/en-us/download/details.aspx?id=57157. In general stay current by always using the most recent servicing update as it also includes all bugfixes and new features.
  
 
 ### <a href="" id="bkmk-sql-stand-alone-ramreqs"></a>SQL Server processor, RAM, and disk space requirements – Stand-alone topology

windows/client-management/mdm/configuration-service-provider-reference.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 04/24/2018
+ms.date: 07/27/2018
 ---
 
 # Configuration service provider reference
@@ -2660,6 +2660,7 @@ The following list shows the configuration service providers supported in Window
 | [NodeCache CSP](nodecache-csp.md)  | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)       |
 [PassportForWork CSP](passportforwork-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) |
 | [Policy CSP](policy-configuration-service-provider.md)    | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       |
+| [RemoteFind CSP](remotefind-csp.md)    | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)4       |
 | [RemoteWipe CSP](remotewipe-csp.md)    | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)4       |
 | [RootCATrustedCertificates CSP](rootcacertificates-csp.md)   | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       |
 | [Update CSP](update-csp.md)     | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       |

windows/client-management/mdm/devicestatus-csp.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 03/12/2018
+ms.date: 07/26/2018
 ---
 
 # DeviceStatus CSP
@@ -178,11 +178,24 @@ Supported operation is Get.
 <a href="" id="devicestatus-antispyware-signaturestatus"></a>**DeviceStatus/Antispyware/SignatureStatus**  
 Added in Windows, version 1607. Integer that specifies the status of the antispyware signature.
 
+Valid values:
+
+-  0 - The security software reports that it is not the most recent version.
+-  1 - The security software reports that it is the most recent version.
+-  2 - Not applicable. This is returned for devices like the phone that do not have an antivirus (where the API doesn’t exist.)
+
 Supported operation is Get.
 
 <a href="" id="devicestatus-antispyware-status"></a>**DeviceStatus/Antispyware/Status**  
 Added in Windows, version 1607. Integer that specifies the status of the antispyware.
 
+Valid values:
+
+-  0 - The status of the security provider category is good and does not need user attention.
+-  1 - The status of the security provider category is not monitored by Windows Security Center (WSC).
+-  2 - The status of the security provider category is poor and the computer may be at risk.
+-  3 - The security provider category is in snooze state. Snooze indicates that WSC is not actively protecting the computer.
+
 Supported operation is Get.
 
 <a href="" id="devicestatus-firewall"></a>**DeviceStatus/Firewall**  

windows/client-management/mdm/enterprisemodernappmanagement-csp.md

@@ -7,11 +7,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 03/01/2018
+ms.date: 07/24/2018
 ---
 
 # EnterpriseModernAppManagement CSP
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps. For details about how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](enterprise-app-management.md).
 
@@ -23,30 +25,30 @@ The following image shows the EnterpriseModernAppManagement configuration servic
 ![enterprisemodernappmanagement csp diagram](images/provisioning-csp-enterprisemodernappmanagement.png)
 
 <a href="" id="device-or-user-context"></a>**Device or User context**  
-<p style="margin-left: 20px">For user context, use **./User/Vendor/MSFT** path and for device context, use **./Device/Vendor/MSFT** path.
+For user context, use **./User/Vendor/MSFT** path and for device context, use **./Device/Vendor/MSFT** path.
 
 > [!Note]
 > Windows Holographic and Windows 10 Mobile only support per-user configuration of the EnterpriseModernAppManagement CSP.
 
 <a href="" id="appmanagement"></a>**AppManagement**  
-<p style="margin-left: 20px">Required. Used for inventory and app management (post-install).
+Required. Used for inventory and app management (post-install).
 
 <a href="" id="appmanagement-updatescan"></a>**AppManagement/UpdateScan**  
-<p style="margin-left: 20px">Required. Used to start the Windows Update scan.
+Required. Used to start the Windows Update scan.
 
-<p style="margin-left: 20px">Supported operation is Execute.
+Supported operation is Execute.
 
 <a href="" id="appmanagement-lastscanerror"></a>**AppManagement/LastScanError**  
-<p style="margin-left: 20px">Required. Reports the last error code returned by the update scan.
+Required. Reports the last error code returned by the update scan.
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="appmanagement-appinventoryresults"></a>**AppManagement/AppInventoryResults**  
-<p style="margin-left: 20px">Added in Windows 10, version 1511. Required. Returns the results for app inventory that was created after the AppInventoryQuery operation.
+Added in Windows 10, version 1511. Required. Returns the results for app inventory that was created after the AppInventoryQuery operation.
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
-<p style="margin-left: 20px">Here's an example of AppInventoryResults operation.
+Here's an example of AppInventoryResults operation.
 
 ``` syntax
 <Get>
@@ -60,9 +62,9 @@ The following image shows the EnterpriseModernAppManagement configuration servic
 ```
 
 <a href="" id="appmanagement-appinventoryquery"></a>**AppManagement/AppInventoryQuery**  
-<p style="margin-left: 20px">Added in Windows 10, version 1511. Required. Specifies the query for app inventory.
+Added in Windows 10, version 1511. Required. Specifies the query for app inventory.
 
-<p style="margin-left: 20px">Query parameters:
+Query parameters:
 
 -   Output - Specifies the parameters for the information returned in AppInventoryResults operation. Mutiple value must be separate by |. Valid values are:
     -   PackagesName - returns the *PackageFamilyName* and *PackageFullName* of the app. Default if nothing is specified.
@@ -92,9 +94,9 @@ The following image shows the EnterpriseModernAppManagement configuration servic
     If you do not specify this value, then all publishers are returned.
 
 
-<p style="margin-left: 20px">Supported operation is Get and Replace.
+Supported operation is Get and Replace.
 
-<p style="margin-left: 20px">The following example sets the inventory query for the package names and checks the status for reinstallation for all main packages that are nonStore apps.
+The following example sets the inventory query for the package names and checks the status for reinstallation for all main packages that are nonStore apps.
 
 ``` syntax
 <Replace>
@@ -109,9 +111,9 @@ The following image shows the EnterpriseModernAppManagement configuration servic
 </Replace>
 ```
 <a href="" id="appmanagement-removepackage"></a>**AppManagement/RemovePackage**  
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Used to remove packages. Not supported for ./User/Vendor/MSFT.
+Added in Windows 10, version 1703. Used to remove packages. Not supported for ./User/Vendor/MSFT.
 
-<p style="margin-left: 20px">Parameters:
+Parameters:
 <ul>
    <li>Package
       <ul>
@@ -128,9 +130,9 @@ The following image shows the EnterpriseModernAppManagement configuration servic
 </ul>
     
     
-<p style="margin-left: 20px">Supported operation is Execute.
+Supported operation is Execute.
 
-<p style="margin-left: 20px">The following example removes a package for all users:
+The following example removes a package for all users:
 
 ````XML
 <Exec>
@@ -148,30 +150,30 @@ The following image shows the EnterpriseModernAppManagement configuration servic
 ````
 
 <a href="" id="appmanagement-nonstore"></a>**AppManagement/nonStore**  
-<p style="margin-left: 20px">Used to manage enterprise apps or developer apps that were not acquired from the Microsoft Store.
+Used to manage enterprise apps or developer apps that were not acquired from the Microsoft Store.
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="appmanagement-system"></a>**AppManagement/System**  
-<p style="margin-left: 20px">Reports apps installed as part of the operating system.
+Reports apps installed as part of the operating system.
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="appmanagement-appstore"></a>**AppManagement/AppStore**  
-<p style="margin-left: 20px">Required. Used for managing apps from the Microsoft Store.
+Required. Used for managing apps from the Microsoft Store.
 
-<p style="margin-left: 20px">Supported operations are Get and Delete.
+Supported operations are Get and Delete.
 
 <a href="" id="----packagefamilyname"></a>**.../****_PackageFamilyName_**  
-<p style="margin-left: 20px">Optional. Package family name (PFN) of the app. There is one for each PFN on the device when reporting inventory. These items are rooted under their signing origin.
+Optional. Package family name (PFN) of the app. There is one for each PFN on the device when reporting inventory. These items are rooted under their signing origin.
 
-<p style="margin-left: 20px">Supported operations are Get and Delete.
+Supported operations are Get and Delete.
 
 > [!Note]
 > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}.
 
 
-<p style="margin-left: 20px">Here's an example for uninstalling an app:
+Here's an example for uninstalling an app:
 
 ``` syntax
 <SyncML xmlns="SYNCML:SYNCML1.2">
@@ -191,79 +193,76 @@ The following image shows the EnterpriseModernAppManagement configuration servic
 ```
 
 <a href="" id="----packagefamilyname-packagefullname"></a>**.../*PackageFamilyName*/****_PackageFullName_**  
-<p style="margin-left: 20px">Optional. Full name of the package installed.
+Optional. Full name of the package installed.
 
-<p style="margin-left: 20px">Supported operations are Get and Delete.
+Supported operations are Get and Delete.
 
 > [!Note]
 > XAP files use a product ID in place of PackageFullName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}.
 
  
 <a href="" id="----packagefamilyname-packagefullname-name"></a>**.../*PackageFamilyName*/*PackageFullName*/Name**  
-<p style="margin-left: 20px">Required. Name of the app. Value type is string.
+Required. Name of the app. Value type is string.
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="----packagefamilyname-packagefullname-version"></a>**.../*PackageFamilyName*/*PackageFullName*/Version**  
-<p style="margin-left: 20px">Required. Version of the app. Value type is string.
+Required. Version of the app. Value type is string.
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="----packagefamilyname-packagefullname-publisher"></a>**.../*PackageFamilyName*/*PackageFullName*/Publisher**  
-<p style="margin-left: 20px">Required. Publisher name of the app. Value type is string.
+Required. Publisher name of the app. Value type is string.
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="----packagefamilyname-packagefullname-architecture"></a>**.../*PackageFamilyName*/*PackageFullName*/Architecture**  
-<p style="margin-left: 20px">Required. Architecture of installed package. Value type is string.
+Required. Architecture of installed package. Value type is string.
 
 > [!Note]
 > Not applicable to XAP files.
 
  
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="----packagefamilyname-packagefullname-installlocation"></a>**.../*PackageFamilyName*/*PackageFullName*/InstallLocation**  
-<p style="margin-left: 20px">Required. Install location of the app on the device. Value type is string.
+Required. Install location of the app on the device. Value type is string.
 
 > [!Note]
 > Not applicable to XAP files.
 
  
-
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="----packagefamilyname-packagefullname-isframework"></a>**.../*PackageFamilyName*/*PackageFullName*/IsFramework**  
-<p style="margin-left: 20px">Required. Whether or not the app is a framework package. Value type is int. The value is 1 if the app is a framework package and 0 (zero) for all other cases.
+Required. Whether or not the app is a framework package. Value type is int. The value is 1 if the app is a framework package and 0 (zero) for all other cases.
 
 > [!Note]
 > Not applicable to XAP files.
 
- 
-<p style="margin-left: 20px">Supported operation is Get.
+ Supported operation is Get.
 
 <a href="" id="----packagefamilyname-packagefullname-isbundle"></a>**.../*PackageFamilyName*/*PackageFullName*/IsBundle**  
-<p style="margin-left: 20px">Required. The value is 1 if the package is an app bundle and 0 (zero) for all other cases. Value type is int.
+Required. The value is 1 if the package is an app bundle and 0 (zero) for all other cases. Value type is int.
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="----packagefamilyname-packagefullname-installdate"></a>**.../*PackageFamilyName*/*PackageFullName*/InstallDate**  
-<p style="margin-left: 20px">Required. Date the app was installed. Value type is string.
+Required. Date the app was installed. Value type is string.
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="----packagefamilyname-packagefullname-resourceid"></a>**.../*PackageFamilyName*/*PackageFullName*/ResourceID**  
-<p style="margin-left: 20px">Required. Resource ID of the app. This is null for the main app, ~ for a bundle, and contains resource information for resources packages. Value type is string.
+Required. Resource ID of the app. This is null for the main app, ~ for a bundle, and contains resource information for resources packages. Value type is string.
 
 > [!Note]
 > Not applicable to XAP files.
-
  
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="----packagefamilyname-packagefullname-packagestatus"></a>**.../*PackageFamilyName*/*PackageFullName*/PackageStatus**  
-<p style="margin-left: 20px">Required. Provides information about the status of the package. Value type is int. Valid values are:
+Required. Provides information about the status of the package. Value type is int. Valid values are:
 
 -   OK (0) - The package is usable.
 -   LicenseIssue (1) - The license of the package is not valid.
@@ -274,50 +273,47 @@ The following image shows the EnterpriseModernAppManagement configuration servic
 > [!Note]
 > Not applicable to XAP files.
 
- 
-
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="----packagefamilyname-packagefullname-requiresreinstall"></a>**.../*PackageFamilyName*/*PackageFullName*/RequiresReinstall**  
-<p style="margin-left: 20px">Required. Specifies whether the package state has changed and requires a reinstallation of the app. This can occur when new app resources are required, such as when a device has a change in language preference or a new DPI. It can also occur of the package was corrupted. If the value is 1, reinstallation of the app is performed. Value type is int.
+Required. Specifies whether the package state has changed and requires a reinstallation of the app. This can occur when new app resources are required, such as when a device has a change in language preference or a new DPI. It can also occur of the package was corrupted. If the value is 1, reinstallation of the app is performed. Value type is int.
 
 > [!Note]
 > Not applicable to XAP files.
-
  
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="----packagefamilyname-packagefullname-users"></a>**.../*PackageFamilyName*/*PackageFullName*/Users**  
-<p style="margin-left: 20px">Required. Registered users of the app and the package install state. If the query is at the device level, it returns all the registered users of the device. If you query the user context, it will only return the current user. Value type is string.
+Required. Registered users of the app and the package install state. If the query is at the device level, it returns all the registered users of the device. If you query the user context, it will only return the current user. Value type is string.
 
 -   Not Installed = 0
 -   Staged = 1
 -   Installed = 2
 -   Paused = 6
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="----packagefamilyname-packagefullname-isprovisioned"></a>**.../*PackageFamilyName*/*PackageFullName*/IsProvisioned**  
-<p style="margin-left: 20px">Required. The value is 0 or 1 that indicates if the app is provisioned on the device. The value type is int.
+Required. The value is 0 or 1 that indicates if the app is provisioned on the device. The value type is int.
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="----packagefamilyname-donotupdate"></a>**.../*PackageFamilyName*/DoNotUpdate**  
-<p style="margin-left: 20px">Required. Specifies whether you want to block a specific app from being updated via auto-updates.
+Required. Specifies whether you want to block a specific app from being updated via auto-updates.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="----packagefamilyname-appsettingpolicy---only-for---user-vendor-msft-"></a>**.../*PackageFamilyName*/AppSettingPolicy** (only for ./User/Vendor/MSFT)  
-<p style="margin-left: 20px">Added in Windows 10, version 1511. Interior node for all managed app setting values. This node is only supported in the user context.
+Added in Windows 10, version 1511. Interior node for all managed app setting values. This node is only supported in the user context.
 
 <a href="" id="----packagefamilyname-appsettingpolicy-settingvalue---only-for---user-vendor-msft-"></a>**.../*PackageFamilyName*/AppSettingPolicy/****_SettingValue_** (only for ./User/Vendor/MSFT)  
-<p style="margin-left: 20px">Added in Windows 10, version 1511. The *SettingValue* and data represent a key value pair to be configured for the app. The node represents the name of the key and the data represents the value. You can find this value in LocalSettings in the Managed.App.Settings container.
+Added in Windows 10, version 1511. The *SettingValue* and data represent a key value pair to be configured for the app. The node represents the name of the key and the data represents the value. You can find this value in LocalSettings in the Managed.App.Settings container.
 
-<p style="margin-left: 20px">This setting only works for apps that support the feature and it is only supported in the user context.
+This setting only works for apps that support the feature and it is only supported in the user context.
 
-<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Replace, and Delete.
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
-<p style="margin-left: 20px">The following example sets the value for the 'Server'
+The following example sets the value for the 'Server'
 
 ``` syntax
 <!— Configure app settings -->
@@ -335,7 +331,7 @@ The following image shows the EnterpriseModernAppManagement configuration servic
 </Add>
 ```
 
-<p style="margin-left: 20px">The following example gets all managed app settings for a specific app.
+The following example gets all managed app settings for a specific app.
 
 ``` syntax
 <!—Get app settings -->
@@ -349,7 +345,7 @@ The following image shows the EnterpriseModernAppManagement configuration servic
 </Get>
 ```
 
-<a href="" id="----packagefamilyname-maintainprocessorarchitectureonupdate"></a>**.../*PackageFamilyName*/MaintainProcessorArchitectureOnUpdate**  
+<a href="" id="----packagefamilyname-maintainprocessorarchitectureonupdate"></a>**.../_PackageFamilyName_/MaintainProcessorArchitectureOnUpdate**  
 Added in Windows 10, version 1803. Specify whether on a AMD64 device, across an app update, the architecture of the installed app must not change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available.
 
 Supported operations are Add, Get, Delete, and Replace. Value type is integer.
@@ -363,32 +359,125 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M
 |True |Disabled         |X86 flavor is picked         |
 |False (not set) |Not configured         |X64 flavor is picked          |
 
+<a href="" id="----packagefamilyname-nonremovable"></a>**.../_PackageFamilyName_/NonRemovable**  
+Added in Windows 10, next major version. Specifies if an app is nonremovable by the user. 
+
+This setting allows the IT admin to set an app to be nonremovable, or unable to be uninstalled by a user. This is useful in enterprise and education scenarios, where the IT admin might want to ensure that everyone always has certain apps and they won't be removed accidentally. This is also useful when there are multiple users per device, and you want to ensure that one user doesn’t remove it for all users.  
+
+This setting requires admin permission. This can only be set per device, not per user. You can query the setting using AppInvetoryQuery or AppInventoryResults.
+
+Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+Valid values:  
+-	0 – app is not in the nonremovable app policy list
+-	1 – app is included in the nonremovable app policy list
+
+**Examples:**
+
+Add an app to the nonremovable app policy list 
+```
+<SyncML xmlns="SYNCML:SYNCML1.2">  
+    <SyncBody> 
+        <Add> 
+            <CmdID>1</CmdID> 
+            <Item> 
+                <Target> 
+                    <LocURI>./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/Test123/NonRemovable</LocURI> 
+                </Target> 
+                <Meta> 
+                    <Format xmlns="syncml:metinf">int</Format> 
+                </Meta> 
+                <Data>0</Data> 
+            </Item> 
+        </Add> 
+        <Final/> 
+      </SyncBody> 
+</SyncML> 
+```
+
+Delete an app from the nonremovable app policy list 
+```
+<SyncML xmlns="SYNCML:SYNCML1.2"> 
+    <SyncBody> 
+        <Delete> 
+            <CmdID>1</CmdID> 
+                <Item> 
+                    <Target> 
+                        <LocURI>./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/Test123/NonRemovable</LocURI> 
+                    </Target> 
+                </Item> 
+        </Delete> 
+        <Final/> 
+    </SyncBody> 
+</SyncML> 
+```
+
+Get list of apps in the nonremovable app policy list 
+```
+<SyncML xmlns="SYNCML:SYNCML1.2"> 
+    <SyncBody> 
+        <Get> 
+            <CmdID>1</CmdID> 
+            <Item> 
+                <Target> 
+                    <LocURI>./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/Test123/NonRemovable</LocURI> 
+                </Target> 
+            </Item> 
+        </Get> 
+        <Final/> 
+    </SyncBody> 
+</SyncML> 
+```
+
+Replace an app in the nonremovable app policy list 
+Data 0 = app is not in the app policy list 
+Data 1 = app is in the app policy list 
+```
+<SyncML xmlns="SYNCML:SYNCML1.2"> 
+    <SyncBody> 
+        <Replace> 
+            <CmdID>1</CmdID> 
+            <Item> 
+                <Target> 
+                    <LocURI>./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/Test123/NonRemovable</LocURI> 
+                </Target> 
+                <Meta> 
+                    <Format xmlns="syncml:metinf">int</Format> 
+                </Meta> 
+                <Data>0</Data> 
+            </Item> 
+        </Replace> 
+        <Final/> 
+    </SyncBody> 
+</SyncML> 
+```
+
 <a href="" id="appinstallation"></a>**AppInstallation**  
-<p style="margin-left: 20px">Required node. Used to perform app installation.
+Required node. Used to perform app installation.
 
 <a href="" id="appinstallation-packagefamilyname"></a>**AppInstallation/****_PackageFamilyName_**  
-<p style="margin-left: 20px">Optional node. Package family name (PFN) of the app. There is one for each PFN on the device when reporting inventory. These items are rooted under their signing origin.
+Optional node. Package family name (PFN) of the app. There is one for each PFN on the device when reporting inventory. These items are rooted under their signing origin.
 
-<p style="margin-left: 20px">Supported operations are Get and Add.
+Supported operations are Get and Add.
 
 > [!Note]
 > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}.
 
  
 <a href="" id="appinstallation-packagefamilyname-storeinstall"></a>**AppInstallation/*PackageFamilyName*/StoreInstall**  
-<p style="margin-left: 20px">Required. Command to perform an install of an app and a license from the Microsoft Store.
+Required. Command to perform an install of an app and a license from the Microsoft Store.
 
-<p style="margin-left: 20px">Supported operation is Execute, Add, Delete, and Get.
+Supported operation is Execute, Add, Delete, and Get.
 
 <a href="" id="appinstallation-packagefamilyname-hostedinstall"></a>**AppInstallation/*PackageFamilyName*/HostedInstall**  
-<p style="margin-left: 20px">Required. Command to perform an install of an app package from a hosted location (this can be a local drive, a UNC, or https data source).
+Required. Command to perform an install of an app package from a hosted location (this can be a local drive, a UNC, or https data source).
 
-<p style="margin-left: 20px">Supported operation is Execute, Add, Delete, and Get.
+Supported operation is Execute, Add, Delete, and Get.
 
 <a href="" id="appinstallation-packagefamilyname-lasterror"></a>**AppInstallation/*PackageFamilyName*/LastError**  
-<p style="margin-left: 20px">Required. Last error relating to the app installation.
+Required. Last error relating to the app installation.
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 > [!Note]
 > This element is not present after the app is installed.
@@ -396,50 +485,50 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M
  
 
 <a href="" id="appinstallation-packagefamilyname-lasterrordescription"></a>**AppInstallation/*PackageFamilyName*/LastErrorDescription**  
-<p style="margin-left: 20px">Required. Description of last error relating to the app installation.
+Required. Description of last error relating to the app installation.
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 > [!Note]
 > This element is not present after the app is installed.
 
  
 <a href="" id="appinstallation-packagefamilyname-status"></a>**AppInstallation/*PackageFamilyName*/Status**  
-<p style="margin-left: 20px">Required. Status of app installation. The following values are returned:
+Required. Status of app installation. The following values are returned:
 
 -   NOT\_INSTALLED (0) - The node was added, but the execution has not completed.
 -   INSTALLING (1) - Execution has started, but the deployment has not completed. If the deployment completes regardless of success, this value is updated.
 -   FAILED (2) - Installation failed. The details of the error can be found under LastError and LastErrorDescription.
 -   INSTALLED (3) - Once an install is successful this node is cleaned up, however in the event the clean up action has not completed, this state may briefly appear.
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 > [!Note]
 > This element is not present after the app is installed.
 
  
 <a href="" id="appinstallation-packagefamilyname-progessstatus"></a>**AppInstallation/*PackageFamilyName*/ProgessStatus**  
-<p style="margin-left: 20px">Required. An integer the indicates the progress of the app installation. For https locations, this indicates the download progress. ProgressStatus is not available for provisioning and it is only for user-based installations. In provisioning, the value is always 0 (zero).
+Required. An integer the indicates the progress of the app installation. For https locations, this indicates the download progress. ProgressStatus is not available for provisioning and it is only for user-based installations. In provisioning, the value is always 0 (zero).
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 > [!Note]
 > This element is not present after the app is installed.
 
  
 <a href="" id="applicenses"></a>**AppLicenses**  
-<p style="margin-left: 20px">Required node. Used to manage licenses for app scenarios.
+Required node. Used to manage licenses for app scenarios.
 
 <a href="" id="applicenses-storelicenses"></a>**AppLicenses/StoreLicenses**  
-<p style="margin-left: 20px">Required node. Used to manage licenses for store apps.
+Required node. Used to manage licenses for store apps.
 
 <a href="" id="applicenses-storelicenses-licenseid"></a>**AppLicenses/StoreLicenses/****_LicenseID_**  
-<p style="margin-left: 20px">Optional node. License ID for a store installed app. The license ID is generally the PFN of the app.
+Optional node. License ID for a store installed app. The license ID is generally the PFN of the app.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, and Delete.
+Supported operations are Add, Get, and Delete.
 
 <a href="" id="applicenses-storelicenses-licenseid-licensecategory"></a>**AppLicenses/StoreLicenses/*LicenseID*/LicenseCategory**  
-<p style="margin-left: 20px">Added in Windows 10, version 1511. Required. Category of license that is used to classify various license sources. Valid value:
+Added in Windows 10, version 1511. Required. Category of license that is used to classify various license sources. Valid value:
 
 -   Unknown - unknown license category
 -   Retail - license sold through retail channels, typically from the Microsoft Store
@@ -447,39 +536,39 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M
 -   OEM - license issued to an OEM
 -   Developer - developer license, typically installed during the app development or side-loading scernarios.
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="applicenses-storelicenses-licenseid-licenseusage"></a>**AppLicenses/StoreLicenses/*LicenseID*/LicenseUsage**  
-<p style="margin-left: 20px">Added in Windows 10, version 1511. Required. Indicates the allowed usage for the license. Valid values:
+Added in Windows 10, version 1511. Required. Indicates the allowed usage for the license. Valid values:
 
 -   Unknown - usage is unknown
 -   Online - the license is only valid for online usage. This is for applications with concurrence requirements, such as an app used on several computers, but can only be used on one at any given time.
 -   Offline - license is valid for use offline. You don't need a connection to the internet to use this license.
 -   Enterprise Root -
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="applicenses-storelicenses-licenseid-requesterid"></a>**AppLicenses/StoreLicenses/*LicenseID*/RequesterID**  
-<p style="margin-left: 20px">Added in Windows 10, version 1511. Required. Identifier for the entity that requested the license, such as the client who acquired the license. For example, all licenses issued by the Store for Business for a particular enterprise client has the same RequesterID.
+Added in Windows 10, version 1511. Required. Identifier for the entity that requested the license, such as the client who acquired the license. For example, all licenses issued by the Store for Business for a particular enterprise client has the same RequesterID.
 
-<p style="margin-left: 20px">Supported operation is Get.
+Supported operation is Get.
 
 <a href="" id="applicenses-storelicenses-licenseid-addlicense"></a>**AppLicenses/StoreLicenses/*LicenseID*/AddLicense**  
-<p style="margin-left: 20px">Required. Command to add license.
+Required. Command to add license.
 
-<p style="margin-left: 20px">Supported operation is Execute.
+Supported operation is Execute.
 
 <a href="" id="applicenses-storelicenses-licenseid-getlicensefromstore"></a>**AppLicenses/StoreLicenses/*LicenseID*/GetLicenseFromStore**  
-<p style="margin-left: 20px">Added in Windows 10, version 1511. Required. Command to get license from the store.
+Added in Windows 10, version 1511. Required. Command to get license from the store.
 
-<p style="margin-left: 20px">Supported operation is Execute.
+Supported operation is Execute.
 
 ## Examples
 
 
-<p style="margin-left: 20px">For examples of how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](enterprise-app-management.md).
+For examples of how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](enterprise-app-management.md).
 
-<p style="margin-left: 20px">Query the device for a specific app subcategory, such as nonStore apps.
+Query the device for a specific app subcategory, such as nonStore apps.
 
 ``` syntax
 <Get>
@@ -492,9 +581,9 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M
 </Get>
 ```
 
-<p style="margin-left: 20px">The result contains a list of apps, such as &lt;Data&gt;App1/App2/App3&lt;/Data&gt;.
+The result contains a list of apps, such as &lt;Data&gt;App1/App2/App3&lt;/Data&gt;.
 
-<p style="margin-left: 20px">Subsequent query for a specific app for its properties.
+Subsequent query for a specific app for its properties.
 
 ``` syntax
   

windows/client-management/mdm/enterprisemodernappmanagement-ddf.md

@@ -7,17 +7,19 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 03/01/2018
+ms.date: 07/23/2018
 ---
 
 # EnterpriseModernAppManagement DDF
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **EnterpriseModernAppManagement** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is for Windows 10, version 1803.
+The XML below is for Windows 10, next major version.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -487,6 +489,181 @@ The XML below is for Windows 10, version 1803.
               </DFType>
             </DFProperties>
           </Node>
+          <Node>
+            <NodeName>NonRemovable</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Add />
+                <Delete />
+                <Replace />
+              </AccessType>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrOne />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFTitle>NonRemovable</DFTitle>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+        </Node>
+        <Node>
+          <NodeName>ReleaseManagement</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+              <Add />
+              <Delete />
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName></NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Add />
+                <Delete />
+              </AccessType>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrMore />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFTitle>ReleaseManagementKey</DFTitle>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
+            </DFProperties>
+            <Node>
+              <NodeName>ChannelId</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                  <Add />
+                  <Delete />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>ReleaseId</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                  <Add />
+                  <Delete />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>EffectiveRelease</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <DFFormat>
+                  <node />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <DDFName></DDFName>
+                </DFType>
+              </DFProperties>
+              <Node>
+                <NodeName>ChannelId</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                  </AccessType>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <ZeroOrOne />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>ReleaseId</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                  </AccessType>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <ZeroOrOne />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+            </Node>
+          </Node>
         </Node>
       </Node>
       <Node>
@@ -928,17 +1105,3 @@ The XML below is for Windows 10, version 1803.
   </Node>
 </MgmtTree>
 ```
-
-## Related topics
-
-[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)
-
- 
-
- 
-
-
-
-
-
-

windows/client-management/mdm/firewall-csp.md

@@ -14,7 +14,7 @@ ms.date: 01/26/2018
 
 The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, as well as the desired set of custom rules to be enforced on the device.  Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network.  This CSP was added Windows 10, version 1709.
  
-Firewall configuration commands must be wrapped in an Atomic block in SyncML.
+Firewall rules in the FirewallRules section must be wrapped in an Atomic block in SyncML, either individually or collectively.
 
 For detailed information on some of the fields below see [[MS-FASP]: Firewall and Advanced Security Protocol documentation](https://msdn.microsoft.com/en-us/library/mt620101.aspx).
 
@@ -284,7 +284,7 @@ Sample syncxml to provision the firewall settings to evaluate
 
 <a href="" id="enabled"></a>**FirewallRules/_FirewallRuleName_/Enabled**
 <p style="margin-left: 20px">Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true.
-<p style="margin-left: 20px">If not specified - a new rule is disabled by default.</p>
+<p style="margin-left: 20px">If not specified - a new rule is enabled by default.</p>
 <p style="margin-left: 20px">Boolean value. Supported operations are Get and Replace.</p>
 
 <a href="" id="profiles"></a>**FirewallRules/_FirewallRuleName_/Profiles**
@@ -310,7 +310,7 @@ Sample syncxml to provision the firewall settings to evaluate
 <ul>
 <li>IN - the rule applies to inbound traffic.</li>
 <li>OUT - the rule applies to outbound traffic.</li>
-<li>If not specified, the default is IN.</li>
+<li>If not specified, the default is Out.</li>
 </ul>
 <p style="margin-left: 20px">Value type is string. Supported operations are Get and Replace.</p>
 
@@ -331,7 +331,7 @@ Sample syncxml to provision the firewall settings to evaluate
 <p style="margin-left: 20px">New rules have the EdgeTraversal property disabled by default.</p>
 <p style="margin-left: 20px">Value type is bool. Supported operations are Add, Get, Replace, and Delete.</p>
 
-<a href="" id="localuserauthorizedlist"></a>**FirewallRules/_FirewallRuleName_/LocalUserAuthorizedList**
+<a href="" id="localuserauthorizedlist"></a>**FirewallRules/_FirewallRuleName_/LocalUserAuthorizationList**
 <p style="margin-left: 20px">Specifies the list of authorized local users for the app container. This is a string in Security Descriptor Definition Language (SDDL) format.</p>
 <p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Replace, and Delete.</p>
 

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -10,7 +10,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 07/23   /2018
+ms.date: 07/27/2018
 ---
 
 # What's new in MDM enrollment and management
@@ -1638,24 +1638,36 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </thead>
 <tbody>
 <tr>
+<td style="vertical-align:top">[PassportForWork  CSP](passportforwork-csp.md)</td>
+<td style="vertical-align:top"><p>Added new settings in Windows 10, next major version.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[EnterpriseModernAppManagement  CSP](enterprisemodernappmanagement-csp.md)</td>
+<td style="vertical-align:top"><p>Added NonRemovable setting under AppManagement node in Windows 10, next major version.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[Win32CompatibilityAppraiser  CSP](win32compatibilityappraiser-csp.md)</td>
+<td style="vertical-align:top"><p>Added new configuration service provider in Windows 10, next major version.</p>
+</td></tr>
+<tr>
 <td style="vertical-align:top">[WindowsLicensing  CSP](windowslicensing-csp.md)</td>
-<td style="vertical-align:top"><p>Added S mode settings.</p>
+<td style="vertical-align:top"><p>Added S mode settings and SyncML examples in Windows 10, next major version.</p>
 </td></tr>
 <tr>
 <td style="vertical-align:top">[SUPL CSP](supl-csp.md)</td>
-<td style="vertical-align:top"><p>Added 3 new certificate nodes.</p>
+<td style="vertical-align:top"><p>Added 3 new certificate nodes in Windows 10, next major version.</p>
 </td></tr>
 <tr>
 <td style="vertical-align:top">[Defender CSP](defender-csp.md)</td>
-<td style="vertical-align:top"><p>Added a new node Health/ProductStatus.</p>
+<td style="vertical-align:top"><p>Added a new node Health/ProductStatus in Windows 10, next major version.</p>
 </td></tr>
 <tr>
 <td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
-<td style="vertical-align:top"><p>Added a new node AllowStandardUserEncryption.</p>
+<td style="vertical-align:top"><p>Added a new node AllowStandardUserEncryption in Windows 10, next major version.</p>
 </td></tr>
 <tr>
 <td style="vertical-align:top">[DevDetail CSP](devdetail-csp.md)</td>
-<td style="vertical-align:top"><p>Added a new node SMBIOSSerialNumber.</p>
+<td style="vertical-align:top"><p>Added a new node SMBIOSSerialNumber in Windows 10, next major version.</p>
 </td></tr>
 <tr>
 <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
@@ -1669,6 +1681,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>Defender/EnableLowCPUPriority</li>
 <li>Defender/SignatureUpdateFallbackOrder </li>
 <li>Defender/SignatureUpdateFileSharesSources </li>
+<li>DeviceInstallation/AllowInstallationOfMatchingDeviceIDs</li>
+<li>DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses</li>
+<li>DeviceInstallation/PreventDeviceMetadataFromNetwork</li>
+<li>DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings</li>
 <li>DmaGuard/DeviceEnumerationPolicy</li>
 <li>Experience/AllowClipboardHistory</li>
 <li>TaskManager/AllowEndTask</li>
@@ -1679,7 +1695,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </ul>
 <p>Recent changes:</p>
 <ul>
-<li>DataUsage/SetCost3G - deprecated in RS5.</li>
+<li>DataUsage/SetCost3G - deprecated in Windows 10, next major version.</li>
 </ul>
 </td></tr>
 </tbody>

windows/client-management/mdm/passportforwork-csp.md

@@ -7,11 +7,14 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 06/26/2017
+ms.date: 07/26/2018
 ---
 
 # PassportForWork CSP
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work). It allows you to login to Windows using your Active Directory or Azure Active Directory account and replace passwords, smartcards, and virtual smart cards.
 
 > [!IMPORTANT]
@@ -30,204 +33,243 @@ The following diagram shows the PassportForWork configuration service provider i
 ![passportforwork diagram](images/provisioning-csp-passportforwork2.png)
 
 <a href="" id="passportforwork"></a>**PassportForWork**  
-<p style="margin-left: 20px">Root node for PassportForWork configuration service provider.
+Root node for PassportForWork configuration service provider.
 
 <a href="" id="tenantid"></a>***TenantId***  
-<p style="margin-left: 20px">A globally unique identifier (GUID), without curly braces ( { , } ), that is used as part of Windows Hello for Business provisioning and management.
+A globally unique identifier (GUID), without curly braces ( { , } ), that is used as part of Windows Hello for Business provisioning and management.
 
 <a href="" id="tenantid-policies"></a>***TenantId*/Policies**  
-<p style="margin-left: 20px">Node for defining the Windows Hello for Business policy settings.
+Node for defining the Windows Hello for Business policy settings.
 
 <a href="" id="tenantid-policies-usepassportforwork"></a>***TenantId*/Policies/UsePassportForWork**  
-<p style="margin-left: 20px">Boolean value that sets Windows Hello for Business as a method for signing into Windows.
+Boolean value that sets Windows Hello for Business as a method for signing into Windows.
 
-<p style="margin-left: 20px">Default value is true. If you set this policy to false, the user cannot provision Windows Hello for Business except on Azure Active Directory joined mobile phones where provisioning is required.
+Default value is true. If you set this policy to false, the user cannot provision Windows Hello for Business except on Azure Active Directory joined mobile phones where provisioning is required.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="tenantid-policies-requiresecuritydevice"></a>***TenantId*/Policies/RequireSecurityDevice**  
-<p style="margin-left: 20px">Boolean value that requires a Trusted Platform Module (TPM) for Windows Hello for Business. TPM provides an additional security benefit over software so that data stored in it cannot be used on other devices.
+Boolean value that requires a Trusted Platform Module (TPM) for Windows Hello for Business. TPM provides an additional security benefit over software so that data stored in it cannot be used on other devices.
 
-<p style="margin-left: 20px">Default value is false. If you set this policy to true, only devices with a usable TPM can provision Windows Hello for Business. If you set this policy to false, all devices can provision Windows Hello for Business using software even if there is not a usable TPM. If you do not configure this setting, all devices can provision Windows Hello for Business using software if the TPM is non-functional or unavailable.
+Default value is false. If you set this policy to true, only devices with a usable TPM can provision Windows Hello for Business. If you set this policy to false, all devices can provision Windows Hello for Business using software even if there is not a usable TPM. If you do not configure this setting, all devices can provision Windows Hello for Business using software if the TPM is non-functional or unavailable.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="tenantid-policies-excludesecuritydevices--only-for---device-vendor-msft-"></a>***TenantId*/Policies/ExcludeSecurityDevices** (only for ./Device/Vendor/MSFT)  
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Root node for excluded security devices.
-<p style="margin-left: 20px">*Not supported on Windows Holographic and Windows Holographic for Business.*
+Added in Windows 10, version 1703. Root node for excluded security devices.
+*Not supported on Windows Holographic and Windows Holographic for Business.*
 
 <a href="" id="tenantid-policies-excludesecuritydevices-tpm12--only-for---device-vendor-msft-"></a>***TenantId*/Policies/ExcludeSecurityDevices/TPM12** (only for ./Device/Vendor/MSFT)  
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Some Trusted Platform Modules (TPMs) are compliant only with the older 1.2 revision of the TPM specification defined by the Trusted Computing Group (TCG).
+Added in Windows 10, version 1703. Some Trusted Platform Modules (TPMs) are compliant only with the older 1.2 revision of the TPM specification defined by the Trusted Computing Group (TCG).
 
-<p style="margin-left: 20px">Default value is false. If you enable this policy setting, TPM revision 1.2 modules will be disallowed from being used with Windows Hello for Business.
+Default value is false. If you enable this policy setting, TPM revision 1.2 modules will be disallowed from being used with Windows Hello for Business.
 
-<p style="margin-left: 20px">If you disable or do not configure this policy setting, TPM revision 1.2 modules will be allowed to be used with Windows Hello for Business.
+If you disable or do not configure this policy setting, TPM revision 1.2 modules will be allowed to be used with Windows Hello for Business.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="tenantid-policies-enablepinrecovery"></a>***TenantId*/Policies/EnablePinRecovery**  
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Boolean value that enables a user to change their PIN by using the Windows Hello for Business PIN recovery service. 
+Added in Windows 10, version 1703. Boolean value that enables a user to change their PIN by using the Windows Hello for Business PIN recovery service. 
 This cloud service encrypts a recovery secret, which is stored locally on the client, and can be decrypted only by the cloud service.
 
-<p style="margin-left: 20px">Default value is false. If you enable this policy setting, the PIN recovery secret will be stored on the device and the user can change their PIN if needed.
+Default value is false. If you enable this policy setting, the PIN recovery secret will be stored on the device and the user can change their PIN if needed.
 
-<p style="margin-left: 20px">If you disable or do not configure this policy setting, the PIN recovery secret will not be created or stored. If the user's PIN is forgotten, the only way to get a new PIN is by deleting the existing PIN and creating a new one, which will require the user to re-register with any services the old PIN provided access to.
+If you disable or do not configure this policy setting, the PIN recovery secret will not be created or stored. If the user's PIN is forgotten, the only way to get a new PIN is by deleting the existing PIN and creating a new one, which will require the user to re-register with any services the old PIN provided access to.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="tenantid-policies-usecertificateforonpremauth--only-for---device-vendor-msft-"></a>***TenantId*/Policies/UseCertificateForOnPremAuth** (only for ./Device/Vendor/MSFT)  
-<p style="margin-left: 20px">Boolean value that enables Windows Hello for Business to use certificates to authenticate on-premises resources.
+Boolean value that enables Windows Hello for Business to use certificates to authenticate on-premises resources.
 
-<p style="margin-left: 20px">If you enable this policy setting, Windows Hello for Business will wait until the device has received a certificate payload from the mobile device management server before provisioning a PIN.
+If you enable this policy setting, Windows Hello for Business will wait until the device has received a certificate payload from the mobile device management server before provisioning a PIN.
 
-<p style="margin-left: 20px">If you disable or do not configure this policy setting, the PIN will be provisioned when the user logs in, without waiting for a certificate payload.
+If you disable or do not configure this policy setting, the PIN will be provisioned when the user logs in, without waiting for a certificate payload.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="tenantid-policies-pincomplexity"></a>***TenantId*/Policies/PINComplexity**  
-<p style="margin-left: 20px">Node for defining PIN settings.
+Node for defining PIN settings.
 
 <a href="" id="tenantid-policies-pincomplexity-minimumpinlength"></a>***TenantId*/Policies/PINComplexity/MinimumPINLength**  
-<p style="margin-left: 20px">Integer value that sets the minimum number of characters required for the PIN. Default value is 4. The lowest number you can configure for this policy setting is 4. The largest number you can configure must be less than the number configured in the Maximum PIN length policy setting or the number 127, whichever is the lowest.
+Integer value that sets the minimum number of characters required for the PIN. Default value is 4. The lowest number you can configure for this policy setting is 4. The largest number you can configure must be less than the number configured in the Maximum PIN length policy setting or the number 127, whichever is the lowest.
 
-<p style="margin-left: 20px">If you configure this policy setting, the PIN length must be greater than or equal to this number. If you disable or do not configure this policy setting, the PIN length must be greater than or equal to 4.
+If you configure this policy setting, the PIN length must be greater than or equal to this number. If you disable or do not configure this policy setting, the PIN length must be greater than or equal to 4.
 
 > [!NOTE]
 > If the conditions specified above for the minimum PIN length are not met, default values will be used for both the maximum and minimum PIN lengths.
 
  
-<p style="margin-left: 20px">Value type is int. Supported operations are Add, Get, Delete, and Replace.
+Value type is int. Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="tenantid-policies-pincomplexity-maximumpinlength"></a>***TenantId*/Policies/PINComplexity/MaximumPINLength**  
-<p style="margin-left: 20px">Integer value that sets the maximum number of characters allowed for the PIN. Default value is 127. The largest number you can configure for this policy setting is 127. The lowest number you can configure must be larger than the number configured in the Minimum PIN length policy setting or the number 4, whichever is greater.
+Integer value that sets the maximum number of characters allowed for the PIN. Default value is 127. The largest number you can configure for this policy setting is 127. The lowest number you can configure must be larger than the number configured in the Minimum PIN length policy setting or the number 4, whichever is greater.
 
-<p style="margin-left: 20px">If you configure this policy setting, the PIN length must be less than or equal to this number. If you disable or do not configure this policy setting, the PIN length must be less than or equal to 127.
+If you configure this policy setting, the PIN length must be less than or equal to this number. If you disable or do not configure this policy setting, the PIN length must be less than or equal to 127.
 
 > [!NOTE]
 > If the conditions specified above for the maximum PIN length are not met, default values will be used for both the maximum and minimum PIN lengths.
 
  
-<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="tenantid-policies-pincomplexity-uppercaseletters"></a>***TenantId*/Policies/PINComplexity/UppercaseLetters**  
-<p style="margin-left: 20px">Integer value that configures the use of uppercase letters in the Windows Hello for Business PIN.
+Integer value that configures the use of uppercase letters in the Windows Hello for Business PIN.
 
-<p style="margin-left: 20px">Valid values:
+Valid values:
 
 -   0 - Allows the use of uppercase letters in PIN.
 -   1 - Requires the use of at least one uppercase letters in PIN.
 -   2 - Does not allow the use of uppercase letters in PIN.
 
-<p style="margin-left: 20px">Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply.
+Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="tenantid-policies-pincomplexity-lowercaseletters"></a>***TenantId*/Policies/PINComplexity/LowercaseLetters**  
-<p style="margin-left: 20px">Integer value that configures the use of lowercase letters in the Windows Hello for Business PIN.
+Integer value that configures the use of lowercase letters in the Windows Hello for Business PIN.
 
-<p style="margin-left: 20px">Valid values:
+Valid values:
 
 -   0 - Allows the use of lowercase letters in PIN.
 -   1 - Requires the use of at least one lowercase letters in PIN.
 -   2 - Does not allow the use of lowercase letters in PIN.
 
-<p style="margin-left: 20px">Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply.
+Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="tenantid-policies-pincomplexity-specialcharacters"></a>***TenantId*/Policies/PINComplexity/SpecialCharacters**  
-<p style="margin-left: 20px">Integer value that configures the use of special characters in the Windows Hello for Business PIN. Valid special characters for Windows Hello for Business PIN gestures include: ! " \# $ % & ' ( ) \* + , - . / : ; &lt; = &gt; ? @ \[ \\ \] ^ \_ \` { | } ~ .
+Integer value that configures the use of special characters in the Windows Hello for Business PIN. Valid special characters for Windows Hello for Business PIN gestures include: ! " \# $ % & ' ( ) \* + , - . / : ; &lt; = &gt; ? @ \[ \\ \] ^ \_ \` { | } ~ .
 
-<p style="margin-left: 20px">Valid values:
+Valid values:
 
 -   0 - Allows the use of special characters in PIN.
 -   1 - Requires the use of at least one special character in PIN.
 -   2 - Does not allow the use of special characters in PIN.
 
-<p style="margin-left: 20px">Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply.
+Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="tenantid-policies-pincomplexity-digits"></a>***TenantId*/Policies/PINComplexity/Digits**  
-<p style="margin-left: 20px">Integer value that configures the use of digits in the Windows Hello for Business PIN.
+Integer value that configures the use of digits in the Windows Hello for Business PIN.
 
-<p style="margin-left: 20px">Valid values:
+Valid values:
 
 -   0 - Allows the use of digits in PIN.
 -   1 - Requires the use of at least one digit in PIN.
 -   2 - Does not allow the use of digits in PIN.
 
-<p style="margin-left: 20px">Default value is 1. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply.
+Default value is 1. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="tenantid-policies-pincomplexity-history"></a>***TenantId*/Policies/PINComplexity/History**  
-<p style="margin-left: 20px">Integer value that specifies the number of past PINs that can be associated to a user account that can’t be reused. The largest number you can configure for this policy setting is 50. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then storage of previous PINs is not required. This node was added in Windows 10, version 1511.
+Integer value that specifies the number of past PINs that can be associated to a user account that can’t be reused. The largest number you can configure for this policy setting is 50. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then storage of previous PINs is not required. This node was added in Windows 10, version 1511.
 
-<p style="margin-left: 20px">The current PIN of the user is included in the set of PINs associated with the user account. PIN history is not preserved through a PIN reset.
+The current PIN of the user is included in the set of PINs associated with the user account. PIN history is not preserved through a PIN reset.
 
-<p style="margin-left: 20px">Default value is 0.
+Default value is 0.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="tenantid-policies-pincomplexity-expiration"></a>***TenantId*/Policies/PINComplexity/Expiration**  
-<p style="margin-left: 20px">Integer value specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The largest number you can configure for this policy setting is 730. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then the user’s PIN will never expire. This node was added in Windows 10, version 1511.
+Integer value specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The largest number you can configure for this policy setting is 730. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then the user’s PIN will never expire. This node was added in Windows 10, version 1511.
 
-<p style="margin-left: 20px">Default is 0.
+Default is 0.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="tenantid-policies-remote--only-for---device-vendor-msft-"></a>***TenantId*/Policies/Remote** (only for ./Device/Vendor/MSFT)  
-<p style="margin-left: 20px">Interior node for defining remote Windows Hello for Business policies. This node was added in Windows 10, version 1511.
-<p style="margin-left: 20px">*Not supported on Windows Holographic and Windows Holographic for Business.*
+Interior node for defining remote Windows Hello for Business policies. This node was added in Windows 10, version 1511.
+*Not supported on Windows Holographic and Windows Holographic for Business.*
 
 <a href="" id="tenantid-policies-remote-useremotepassport--only-for---device-vendor-msft-"></a>***TenantId*/Policies/Remote/UseRemotePassport** (only for ./Device/Vendor/MSFT)  
-<p style="margin-left: 20px">Boolean value used to enable or disable the use of remote Windows Hello for Business. Remote Windows Hello for Business provides the ability for a portable, registered device to be usable as a companion device for desktop authentication. Remote Windows Hello for Business requires that the desktop be Azure AD joined and that the companion device has a Windows Hello for Business PIN. This node was added in Windows 10, version 1511.
+Boolean value used to enable or disable the use of remote Windows Hello for Business. Remote Windows Hello for Business provides the ability for a portable, registered device to be usable as a companion device for desktop authentication. Remote Windows Hello for Business requires that the desktop be Azure AD joined and that the companion device has a Windows Hello for Business PIN. This node was added in Windows 10, version 1511.
 
-<p style="margin-left: 20px">Default value is false. If you set this policy to true, Remote Windows Hello for Business will be enabled and a portable, registered device can be used as a companion device for desktop authentication. If you set this policy to false, Remote Windows Hello for Business will be disabled.
+Default value is false. If you set this policy to true, Remote Windows Hello for Business will be enabled and a portable, registered device can be used as a companion device for desktop authentication. If you set this policy to false, Remote Windows Hello for Business will be disabled.
 
+Supported operations are Add, Get, Delete, and Replace.
 
+*Not supported on Windows Holographic and Windows Holographic for Business.*
 
-<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
+<a href="" id="tenantid-policies-usehellocertificatesassmartcardcertificates"></a>***TenantId*/Policies/UseHelloCertificatesAsSmartCardCertificates** (only for ./Device/Vendor/MSFT)  
+Added in Windows 10, next major version. If you enable this policy setting, applications use Windows Hello for Business certificates as smart card certificates. Biometric factors are unavailable when a user is asked to authorize the use of the certificate's private key. This policy setting is designed to allow compatibility with applications that rely exclusively on smart card certificates.
 
-<p style="margin-left: 20px">*Not supported on Windows Holographic and Windows Holographic for Business.*
+If you disable or do not configure this policy setting, applications do not use Windows Hello for Business certificates as smart card certificates, and biometric factors are available when a user is asked to authorize the use of the certificate's private key.
+
+Windows requires a user to lock and unlock their session after changing this setting if the user is currently signed in.
+
+Value type is bool. Supported operations are Add, Get, Replace, and Delete.
 
 <a href="" id="usebiometrics"></a>**UseBiometrics**  
-<p style="margin-left: 20px">This node is deprecated. Use **Biometrics/UseBiometrics** node instead.
+This node is deprecated. Use **Biometrics/UseBiometrics** node instead.
 
 <a href="" id="biometrics--only-for---device-vendor-msft-"></a>**Biometrics** (only for ./Device/Vendor/MSFT)  
-<p style="margin-left: 20px">Node for defining biometric settings. This node was added in Windows 10, version 1511.
-<p style="margin-left: 20px">*Not supported on Windows Holographic and Windows Holographic for Business.*
+Node for defining biometric settings. This node was added in Windows 10, version 1511.
+*Not supported on Windows Holographic and Windows Holographic for Business.*
 
 <a href="" id="biometrics-usebiometrics--only-for---device-vendor-msft-"></a>**Biometrics/UseBiometrics** (only for ./Device/Vendor/MSFT)  
-<p style="margin-left: 20px">Boolean value used to enable or disable the use of biometric gestures, such as face and fingerprint, as an alternative to the PIN gesture for Windows Hello for Business. Users must still configure a PIN if they configure biometric gestures to use in case of failures. This node was added in Windows 10, version 1511.
+Boolean value used to enable or disable the use of biometric gestures, such as face and fingerprint, as an alternative to the PIN gesture for Windows Hello for Business. Users must still configure a PIN if they configure biometric gestures to use in case of failures. This node was added in Windows 10, version 1511.
 
-<p style="margin-left: 20px">Default value is false. If you set this policy to true, biometric gestures are enabled for use with Windows Hello for Business. If you set this policy to false, biometric gestures are disabled for use with Windows Hello for Business.
+Default value is false. If you set this policy to true, biometric gestures are enabled for use with Windows Hello for Business. If you set this policy to false, biometric gestures are disabled for use with Windows Hello for Business.
 
 
 
-<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
 
-<p style="margin-left: 20px">*Not supported on Windows Holographic and Windows Holographic for Business.*
+*Not supported on Windows Holographic and Windows Holographic for Business.*
 
 <a href="" id="biometrics-facialfeaturesuseenhancedantispoofing--only-for---device-vendor-msft-"></a>**Biometrics/FacialFeaturesUseEnhancedAntiSpoofing** (only for ./Device/Vendor/MSFT)  
-<p style="margin-left: 20px">Boolean value used to enable or disable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication. This node was added in Windows 10, version 1511.
+Boolean value used to enable or disable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication. This node was added in Windows 10, version 1511.
 
-<p style="margin-left: 20px">Default value is false. If you set this policy to false or don't configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication.
+Default value is false. If you set this policy to false or don't configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication.
 
-<p style="margin-left: 20px">If you set this policy to true, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. Windows Hello face authentication is disabled on devices that do not support enhanced anti-spoofing.
+If you set this policy to true, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. Windows Hello face authentication is disabled on devices that do not support enhanced anti-spoofing.
 
-<p style="margin-left: 20px">Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices.
+Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices.
 
 
 
-<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
 
-<p style="margin-left: 20px">*Not supported on Windows Holographic and Windows Holographic for Business.*
+*Not supported on Windows Holographic and Windows Holographic for Business.*
+
+<a href="" id="deviceunlock"></a>**DeviceUnlock** (only for ./Device/Vendor/MSFT)  
+Added in Windows 10, version 1803. Interior node.
+
+<a href="" id="deviceunlock"></a>**DeviceUnlock/GroupA** (only for ./Device/Vendor/MSFT)  
+Added in Windows 10, version 1803. Contains a list of credential providers by GUID (comma separated) that are the first step of authentication.
+
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
+<a href="" id="deviceunlock-groupb"></a>**DeviceUnlock/GroupB** (only for ./Device/Vendor/MSFT)  
+Added in Windows 10, version 1803. Contains a list of credential providers by GUID (comma separated) that are the second step of authentication.
+
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
+<a href="" id="deviceunlock-plugins"></a>**DeviceUnlock/Plugins** (only for ./Device/Vendor/MSFT)  
+Added in Windows 10, version 1803. List of plugins (comma separated) that the passive provider monitors to detect user presence.
+
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
+<a href="" id="dynamiclock"></a>**DynamicLock** (only for ./Device/Vendor/MSFT)  
+Added in Windows 10, version 1803. Interior node.
+
+
+<a href="" id="dynamiclock-dynamiclock"></a>**DynamicLock/DynamicLock** (only for ./Device/Vendor/MSFT)  
+Added in Windows 10, version 1803. Enables the dynamic lock.
+
+Value type is bool. Supported operations are Add, Get, Replace, and Delete.
+
+<a href="" id="dynamiclock-plugins"></a>**DynamicLock/Plugins** (only for ./Device/Vendor/MSFT)  
+Added in Windows 10, version 1803. List of plugins (comma separated) that the passive provider monitors to detect user absence.
+
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
 ## Examples
 
-<p style="margin-left: 20px">Here's an example for setting Windows Hello for Business and setting the PIN policies. It also turns on the use of biometrics and TPM.
+Here's an example for setting Windows Hello for Business and setting the PIN policies. It also turns on the use of biometrics and TPM.
 
 ``` syntax
 <SyncML xmlns="SYNCML:SYNCML1.2">

windows/client-management/mdm/passportforwork-ddf.md

@@ -7,16 +7,19 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 12/05/2017
+ms.date: 07/26/2017
 ---
 
 # PassportForWork DDF
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 This topic shows the OMA DM device description framework (DDF) for the **PassportForWork** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is the current version for this CSP.
+The XML below is for Windows 10, next major version.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -42,7 +45,7 @@ The XML below is the current version for this CSP.
             <Permanent />
           </Scope>
           <DFType>
-            <MIME>com.microsoft/1.3/MDM/PassportForWork</MIME>
+            <MIME>com.microsoft/1.5/MDM/PassportForWork</MIME>
           </DFType>
         </DFProperties>
         <Node>
@@ -657,7 +660,7 @@ If you disable or do not configure this policy setting, the PIN recovery secret
                   <Replace />
                 </AccessType>
                 <DefaultValue>False</DefaultValue>
-                <Description>Windows Hello for Business can use certificates to authenticate to on-premises resources. 
+                <Description>Windows Hello for Business can use certificates to authenticate to on-premise resources. 
 
 If you enable this policy setting, Windows Hello for Business will wait until the device has received a certificate payload from the mobile device management server before provisioning a PIN.
 
@@ -985,6 +988,35 @@ Default value is false. If you enable this setting, a desktop device will allow
                 </DFProperties>
               </Node>
             </Node>
+            <Node>
+              <NodeName>UseHelloCertificatesAsSmartCardCertificates</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                  <Add />
+                  <Delete />
+                  <Replace />
+                </AccessType>
+                <DefaultValue>False</DefaultValue>
+                <Description>If you enable this policy setting, applications use Windows Hello for Business certificates as smart card certificates. Biometric factors are unavailable when a user is asked to authorize the use of the certificate's private key. This policy setting is designed to allow compatibility with applications that rely exclusively on smart card certificates.
+
+If you disable or do not configure this policy setting, applications do not use Windows Hello for Business certificates as smart card certificates, and biometric factors are available when a user is asked to authorize the use of the certificate's private key.
+
+Windows requires a user to lock and unlock their session after changing this setting if the user is currently signed in.</Description>
+                <DFFormat>
+                  <bool />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
           </Node>
         </Node>
         <Node>
@@ -1083,9 +1115,9 @@ NOTE: Disabling this policy prevents the use of biometric gestures on the device
               <DefaultValue>False</DefaultValue>
               <Description>This setting determines whether enhanced anti-spoofing is required for Windows Hello face authentication.
 
-If you enable or don't configure this setting, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. This disables Windows Hello face authentication on devices that do not support enhanced anti-spoofing.
+If you enable this setting, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. This disables Windows Hello face authentication on devices that do not support enhanced anti-spoofing.
 
-If you disable this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication.
+If you disable or do not configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication.
 
 Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices.</Description>
               <DFFormat>
@@ -1100,19 +1132,176 @@ Note that enhanced anti-spoofing for Windows Hello face authentication is not re
               <DFType>
                 <MIME>text/plain</MIME>
               </DFType>
+              <MSFT:SupportedValues AllowedValues="true,false">
+                <MSFT:SupportedValue value="true" description="Windows will require all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. This disables Windows Hello face authentication on devices that do not support enhanced anti-spoofing."/>
+                <MSFT:SupportedValue value="false" description="Enhanced anti-spoofing is not required for Windows Hello face authentication."/>
+              </MSFT:SupportedValues>
+            </DFProperties>
+          </Node>
+        </Node>
+        <Node>
+          <NodeName>DeviceUnlock</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>Device Unlock</Description>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName>GroupA</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Add />
+                <Delete />
+                <Replace />
+              </AccessType>
+              <Description>Contains a list of providers by GUID that are to be considered for the first step of authentication</Description>
+              <DFFormat>
+                <chr />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrOne />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>GroupB</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Add />
+                <Delete />
+                <Replace />
+              </AccessType>
+              <Description>Contains a list of providers by GUID that are to be considered for the second step of authentication</Description>
+              <DFFormat>
+                <chr />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrOne />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>Plugins</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Add />
+                <Delete />
+                <Replace />
+              </AccessType>
+              <Description>List of plugins that the passive provider monitors to detect user presence</Description>
+              <DFFormat>
+                <chr />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrOne />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+        </Node>
+        <Node>
+          <NodeName>DynamicLock</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>Dynamic Lock</Description>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName>DynamicLock</NodeName>
+            <DFProperties>
+                <AccessType>
+                    <Get />
+                    <Add />
+                    <Delete />
+                    <Replace />
+                </AccessType>
+                <DefaultValue>False</DefaultValue>
+                <Description>Enables/Disables Dyanamic Lock</Description>
+                <DFFormat>
+                    <bool />
+                </DFFormat>
+                <Occurrence>
+                    <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                    <Dynamic />
+                </Scope>
+                <DFType>
+                    <MIME>text/plain</MIME>
+                </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>Plugins</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Add />
+                <Delete />
+                <Replace />
+              </AccessType>
+              <Description>List of plugins that the passive provider monitors to detect user absence</Description>
+              <DFFormat>
+                <chr />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrOne />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
             </DFProperties>
           </Node>
         </Node>
       </Node>
 </MgmtTree>
 ```
-
- 
-
- 
-
-
-
-
-
-

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -979,6 +979,9 @@ The following diagram shows the Policy configuration service provider in tree fo
 ### DeviceGuard policies
 
 <dl>
+  <dd>
+    <a href="./policy-csp-deviceguard.md#deviceguard-enablesystemguard" id="deviceguard-enablesystemguard">DeviceGuard/EnableSystemGuard</a>
+  </dd>
   <dd>
     <a href="./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity" id="deviceguard-enablevirtualizationbasedsecurity">DeviceGuard/EnableVirtualizationBasedSecurity</a>
   </dd>
@@ -1246,6 +1249,12 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-experience.md#experience-donotshowfeedbacknotifications" id="experience-donotshowfeedbacknotifications">Experience/DoNotShowFeedbackNotifications</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-donotsyncbrowsersetting" id="experience-donotsyncbrowsersetting">Experience/DoNotSyncBrowserSetting</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-preventusersfromturningonbrowsersyncing" id="experience-preventusersfromturningonbrowsersyncing">Experience/PreventUsersFromTurningOnBrowserSyncing</a>
+  </dd>
 </dl>
 
 ### ExploitGuard policies
@@ -4278,6 +4287,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
 -   [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
 -   [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
+-   [DeviceGuard/EnableSystemGuard](./policy-csp-deviceguard.md#deviceguard-enablesystemguard)
 -   [DeviceGuard/EnableVirtualizationBasedSecurity](./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity)
 -   [DeviceGuard/LsaCfgFlags](./policy-csp-deviceguard.md#deviceguard-lsacfgflags)
 -   [DeviceGuard/RequirePlatformSecurityFeatures](./policy-csp-deviceguard.md#deviceguard-requireplatformsecurityfeatures)
@@ -4319,6 +4329,8 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Experience/AllowWindowsTips](./policy-csp-experience.md#experience-allowwindowstips)
 -   [Experience/ConfigureWindowsSpotlightOnLockScreen](./policy-csp-experience.md#experience-configurewindowsspotlightonlockscreen)
 -   [Experience/DoNotShowFeedbackNotifications](./policy-csp-experience.md#experience-donotshowfeedbacknotifications)
+-   [Experience/DoNotSyncBrowserSetting](./policy-csp-experience.md#experience-donotsyncbrowsersetting)
+-   [Experience/PreventUsersFromTurningOnBrowserSyncing](./policy-csp-experience.md#experience-preventusersfromturningonbrowsersyncing)
 -   [ExploitGuard/ExploitProtectionSettings](./policy-csp-exploitguard.md#exploitguard-exploitprotectionsettings)
 -   [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer)
 -   [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption)

windows/client-management/mdm/policy-csp-accounts.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 05/14/2018
+ms.date: 07/30/2018
 ---
 
 # Policy CSP - Accounts
@@ -248,9 +248,4 @@ Footnote:
 
 <!--/Policies-->
 
-<!--StartHoloLens-->
-## <a href="" id="hololenspolicies"></a>Accounts policies supported by Windows Holographic for Business  
-
--   [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection)  
-<!--EndHoloLens-->
 

windows/client-management/mdm/policy-csp-applicationmanagement.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 07/11/2018
+ms.date: 07/30/2018
 ---
 
 # Policy CSP - ApplicationManagement
@@ -1050,17 +1050,3 @@ Footnote:
 
 <!--/Policies-->
 
-<!--StartHoloLens-->
-## <a href="" id="hololenspolicies"></a>ApplicationManagement policies supported by Windows Holographic for Business  
-
--   [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)  
--   [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate)  
--   [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)  
-<!--EndHoloLens-->
-
-<!--StartIoTCore-->
-## <a href="" id="iotcore"></a>ApplicationManagement policies supported by IoT Core  
-
--   [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)  
-<!--EndIoTCore-->
-

windows/client-management/mdm/policy-csp-authentication.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 05/14/2018
+ms.date: 07/30/2018
 ---
 
 # Policy CSP - Authentication
@@ -312,16 +312,3 @@ Footnote:
 -   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
-
-<!--StartHoloLens-->
-## <a href="" id="hololenspolicies"></a>Authentication policies supported by Windows Holographic for Business  
-
--   [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)  
-<!--EndHoloLens-->
-
-<!--StartIoTCore-->
-## <a href="" id="iotcore"></a>Authentication policies supported by IoT Core  
-
--   [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)  
-<!--EndIoTCore-->
-

windows/client-management/mdm/policy-csp-bluetooth.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 05/14/2018
+ms.date: 07/30/2018
 ---
 
 # Policy CSP - Bluetooth
@@ -439,30 +439,4 @@ Footnote: * The Surface pen uses the HID over GATT profile
 
 {00001105-0000-1000-8000-00805F9B34FB};{00000008-0000-1000-8000-00805F9B34FB};{0000111E-0000-1000-8000-00805F9B34FB};{00001800-0000-1000-8000-00805F9B34FB};{0000180A-0000-1000-8000-00805F9B34FB};{00001813-0000-1000-8000-00805F9B34FB}
 
-<!--StartHoloLens-->
-## <a href="" id="hololenspolicies"></a>Bluetooth policies supported by Windows Holographic for Business  
-
--   [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)  
--   [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)  
--   [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)  
-<!--EndHoloLens-->
-
-<!--StartIoTCore-->
-## <a href="" id="iotcore"></a>Bluetooth policies supported by IoT Core  
-
--   [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)  
--   [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)  
--   [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)  
--   [Bluetooth/ServicesAllowedList](#bluetooth-servicesallowedlist)  
-<!--EndIoTCore-->
-
-<!--StartSurfaceHub-->
-## <a href="" id="surfacehubpolicies"></a>Bluetooth policies supported by Microsoft Surface Hub  
-
--   [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)  
--   [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)  
--   [Bluetooth/AllowPrepairing](#bluetooth-allowprepairing)  
--   [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)  
--   [Bluetooth/ServicesAllowedList](#bluetooth-servicesallowedlist)  
-<!--EndSurfaceHub-->
 

windows/client-management/mdm/policy-csp-browser.md

@@ -6,7 +6,7 @@ ms.prod: w10
 ms.technology: windows
 author: shortpatti
 ms.author: pashort
-ms.date: 07/18/2018
+ms.date: 07/30/2018
 ---
 
 # Policy CSP - Browser
@@ -1214,7 +1214,7 @@ To verify AllowPopups is set to 0 (not allowed):
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
--   GP English name: *Allow Prelaunch*
+-   GP English name: *Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed*
 -   GP name: *AllowPrelaunch*
 -   GP path: *Windows Components/Microsoft Edge*
 -   GP ADMX file name: *MicrosoftEdge.admx*
@@ -3974,57 +3974,3 @@ Footnote:
 
 <!--/Policies-->
 
-<!--StartEAS-->
-## <a href="" id="eas"></a>Browser policies that can be set using Exchange Active Sync (EAS)  
-
--   [Browser/AllowBrowser](#browser-allowbrowser)  
-<!--EndEAS-->
-
-<!--StartHoloLens-->
-## <a href="" id="hololenspolicies"></a>Browser policies supported by Windows Holographic for Business  
-
--   [Browser/AllowCookies](#browser-allowcookies)  
--   [Browser/AllowDoNotTrack](#browser-allowdonottrack)  
--   [Browser/AllowPasswordManager](#browser-allowpasswordmanager)  
--   [Browser/AllowPopups](#browser-allowpopups)  
--   [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)  
--   [Browser/AllowSmartScreen](#browser-allowsmartscreen)  
-<!--EndHoloLens-->
-
-<!--StartIoTCore-->
-## <a href="" id="iotcore"></a>Browser policies supported by IoT Core  
-
--   [Browser/AllowAutofill](#browser-allowautofill)  
--   [Browser/AllowBrowser](#browser-allowbrowser)  
--   [Browser/AllowCookies](#browser-allowcookies)  
--   [Browser/AllowDoNotTrack](#browser-allowdonottrack)  
--   [Browser/AllowInPrivate](#browser-allowinprivate)  
--   [Browser/AllowPasswordManager](#browser-allowpasswordmanager)  
--   [Browser/AllowPopups](#browser-allowpopups)  
--   [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)  
--   [Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist)  
--   [Browser/EnterpriseSiteListServiceUrl](#browser-enterprisesitelistserviceurl)  
--   [Browser/SendIntranetTraffictoInternetExplorer](#browser-sendintranettraffictointernetexplorer)  
-<!--EndIoTCore-->
-
-<!--StartSurfaceHub-->
-## <a href="" id="surfacehubpolicies"></a>Browser policies supported by Microsoft Surface Hub  
-
--   [Browser/AllowAddressBarDropdown](#browser-allowaddressbardropdown)  
--   [Browser/AllowCookies](#browser-allowcookies)  
--   [Browser/AllowDeveloperTools](#browser-allowdevelopertools)  
--   [Browser/AllowDoNotTrack](#browser-allowdonottrack)  
--   [Browser/AllowMicrosoftCompatibilityList](#browser-allowmicrosoftcompatibilitylist)  
--   [Browser/AllowPopups](#browser-allowpopups)  
--   [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)  
--   [Browser/AllowSmartScreen](#browser-allowsmartscreen)  
--   [Browser/ClearBrowsingDataOnExit](#browser-clearbrowsingdataonexit)  
--   [Browser/ConfigureAdditionalSearchEngines](#browser-configureadditionalsearchengines)  
--   [Browser/DisableLockdownOfStartPages](#browser-disablelockdownofstartpages)  
--   [Browser/HomePages](#browser-homepages)  
--   [Browser/PreventLiveTileDataCollection](#browser-preventlivetiledatacollection)  
--   [Browser/PreventSmartScreenPromptOverride](#browser-preventsmartscreenpromptoverride)  
--   [Browser/PreventSmartScreenPromptOverrideForFiles](#browser-preventsmartscreenpromptoverrideforfiles)  
--   [Browser/SetDefaultSearchEngine](#browser-setdefaultsearchengine)  
-<!--EndSurfaceHub-->
-

windows/client-management/mdm/policy-csp-connectivity.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 05/14/2018
+ms.date: 07/30/2018
 ---
 
 # Policy CSP - Connectivity
@@ -972,40 +972,5 @@ Footnote:
 
 <!--/Policies-->
 
-<!--StartEAS-->
-## <a href="" id="eas"></a>Connectivity policies that can be set using Exchange Active Sync (EAS)  
 
--   [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)  
--   [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming)  
--   [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection)  
-<!--EndEAS-->
-
-<!--StartHoloLens-->
-## <a href="" id="hololenspolicies"></a>Connectivity policies supported by Windows Holographic for Business  
-
--   [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)  
-<!--EndHoloLens-->
-
-<!--StartIoTCore-->
-## <a href="" id="iotcore"></a>Connectivity policies supported by IoT Core  
-
--   [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)  
--   [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming)  
--   [Connectivity/AllowNFC](#connectivity-allownfc)  
--   [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection)  
--   [Connectivity/AllowVPNOverCellular](#connectivity-allowvpnovercellular)  
--   [Connectivity/AllowVPNRoamingOverCellular](#connectivity-allowvpnroamingovercellular)  
--   [Connectivity/DiablePrintingOverHTTP](#connectivity-diableprintingoverhttp)  
--   [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](#connectivity-disabledownloadingofprintdriversoverhttp)  
--   [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards)  
--   [Connectivity/HardenedUNCPaths](#connectivity-hardeneduncpaths)  
--   [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](#connectivity-prohibitinstallationandconfigurationofnetworkbridge)  
-<!--EndIoTCore-->
-
-<!--StartSurfaceHub-->
-## <a href="" id="surfacehubpolicies"></a>Connectivity policies supported by Microsoft Surface Hub  
-
--   [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)  
--   [Connectivity/AllowConnectedDevices](#connectivity-allowconnecteddevices)  
-<!--EndSurfaceHub-->
 

windows/client-management/mdm/policy-csp-deviceguard.md

@@ -6,11 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 03/12/2018
+ms.date: 07/30/2018
 ---
 
 # Policy CSP - DeviceGuard
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 
 <hr/>
@@ -19,6 +21,9 @@ ms.date: 03/12/2018
 ## DeviceGuard policies  
 
 <dl>
+  <dd>
+    <a href="#deviceguard-enablesystemguard">DeviceGuard/EnableSystemGuard</a>
+  </dd>
   <dd>
     <a href="#deviceguard-enablevirtualizationbasedsecurity">DeviceGuard/EnableVirtualizationBasedSecurity</a>
   </dd>
@@ -31,6 +36,75 @@ ms.date: 03/12/2018
 </dl>
 
 
+<hr/>
+
+<!--Policy-->
+<a href="" id="deviceguard-enablesystemguard"></a>**DeviceGuard/EnableSystemGuard**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy allows the IT admin to configure the launch of System Guard.
+
+Secure Launch configuration:
+
+- 0 - Unmanaged, configurable by Administrative user
+- 1 - Enables Secure Launch if supported by hardware
+- 2 - Disables Secure Launch.
+
+For more information about System Guard, see [Introducing Windows Defender System Guard runtime attestation](https://cloudblogs.microsoft.com/microsoftsecure/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation/) and [How hardware-based containers help protect Windows 10](https://docs.microsoft.com/en-us/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows).
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn On Virtualization Based Security*
+-   GP name: *VirtualizationBasedSecurity*
+-   GP element: *SystemGuardDrop*
+-   GP path: *System/Device Guard*
+-   GP ADMX file name: *DeviceGuard.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
 <hr/>
 
 <!--Policy-->
@@ -215,6 +289,7 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
+-   5 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-devicelock.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 05/14/2018
+ms.date: 07/30/2018
 ---
 
 # Policy CSP - DeviceLock
@@ -1217,32 +1217,3 @@ Footnote:
 
 <!--/Policies-->
 
-<!--StartEAS-->
-## <a href="" id="eas"></a>DeviceLock policies that can be set using Exchange Active Sync (EAS)  
-
--   [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword)  
--   [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)  
--   [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)  
--   [DeviceLock/DevicePasswordExpiration](#devicelock-devicepasswordexpiration)  
--   [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)  
--   [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)  
--   [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)  
--   [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters)  
--   [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)  
--   [DeviceLock/PreventLockScreenSlideShow](#devicelock-preventlockscreenslideshow)  
-<!--EndEAS-->
-
-<!--StartHoloLens-->
-## <a href="" id="hololenspolicies"></a>DeviceLock policies supported by Windows Holographic for Business  
-
--   [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)
--   [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword)
--   [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)
--   [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
--   [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)
--   [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)
--   [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)
--   [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters) 
--   [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)   
-<!--EndHoloLens-->
-

windows/client-management/mdm/policy-csp-experience.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 07/13/2018
+ms.date: 07/30/2018
 ---
 
 # Policy CSP - Experience
@@ -90,6 +90,12 @@ ms.date: 07/13/2018
   <dd>
     <a href="#experience-donotshowfeedbacknotifications">Experience/DoNotShowFeedbackNotifications</a>
   </dd>
+  <dd>
+    <a href="#experience-donotsyncbrowsersetting">Experience/DoNotSyncBrowserSetting</a>
+  </dd>
+  <dd>
+    <a href="#experience-preventusersfromturningonbrowsersyncing">Experience/PreventUsersFromTurningOnBrowserSyncing</a>
+  </dd>
 </dl>
 
 
@@ -1392,6 +1398,159 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="experience-donotsyncbrowsersetting"></a>**Experience/DoNotSyncBrowserSetting**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+By default, the "browser" group syncs automatically between user’s devices and allowing users to choose to make changes. The "browser" group uses the **Sync your Settings** option in Settings to sync information like history and favorites. Enabling this policy prevents the "browser" group from using the **Sync your Settings** option. If you want syncing turned off by default but not disabled, select the Allow users to turn "browser" syncing option.
+
+Related policy: PreventUsersFromTurningOnBrowserSyncing.
+
+Value type is integer. Supported values:  
+
+-  0 (default) - Allowed/turned on. The "browser" group syncs automatically between user’s devices and lets users to make changes.
+-  2 - Prevented/turned off. The "browser" group does not use the **Sync your Settings** option.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Do not sync browser settings*
+-   GP name: *DisableWebBrowserSettingSync*
+-   GP path: *Windows Components/Sync your settings*
+-   GP ADMX file name: *SettingSync.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="experience-preventusersfromturningonbrowsersyncing"></a>**Experience/PreventUsersFromTurningOnBrowserSyncing**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+By default, the "browser" group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the "browser" group from syncing and prevent users from turning on the Sync your Settings toggle in Settings. If you want syncing turned off by default but not disabled, select the Allow users to turn "browser" syncing option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy.
+
+Related policy: DoNotSyncBrowserSetting
+
+Value type is integer. Supported values:  
+
+-  0 - Allowed/turned on. Users can sync the browser settings.
+-  1 (default) - Prevented/turned off.
+
+This policy only works with the Experience/DoNotSyncBrowserSetting policy, and for this policy to work correctly, you must set Experience/DoNotSynBrowserSettings to 2 (enabled). By default, when you set this policy and the Experience/DoNotSyncBrowserSetting policy to 0 (disabled or not configured), the browser settings sync automatically. However, with this policy, you can prevent the syncing of browser settings and prevent users from turning on the Sync your Settings option. Additionally, you can prevent syncing the browser settings but give users a choice to turn on syncing. 
+
+If you want to prevent syncing of browser settings and prevent users from turning it on:  
+1. Set Experience/DoNotSyncBrowserSetting to 2 (enabled).
+1. Set this policy (Experience/PreventUsersFromTurningOnBrowserSyncing) to 1 (enabled or not configured).
+
+If you want to prevent syncing of browser settings but give users a choice to turn on syncing:  
+1. Set Experience/DoNotSyncBrowserSetting to 2 (enabled).
+1. Set this policy (Experience/PreventUsersFromTurningOnBrowserSyncing) to 0 (disabled).
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Do not sync browser settings*
+-   GP name: *DisableWebBrowserSettingSync*
+-   GP element: *CheckBox_UserOverride*
+-   GP path: *Windows Components/Sync your settings*
+-   GP ADMX file name: *SettingSync.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+**Validation procedure:**  
+
+Microsoft Edge on your PC:
+1. Select More  > Settings.
+1. See if the setting is enabled or disabled based on your setting.
+
+<!--/Validation-->
+<!--/Policy-->
+<<<<<<< HEAD
+=======
+
+>>>>>>> 3c06afe9875ad82fff960313bea663f49a2f7d2c
+<hr/>
+
 Footnote:
 
 -   1 - Added in Windows 10, version 1607.
@@ -1402,10 +1561,4 @@ Footnote:
 
 <!--/Policies-->
 
-<!--StartHoloLens-->
-## <a href="" id="hololenspolicies"></a>Experience policies supported by Windows Holographic for Business  
-
--   [Experience/AllowCortana](#experience-allowcortana)  
--   [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment)  
-<!--EndHoloLens-->
 

windows/client-management/mdm/policy-csp-privacy.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 06/05/2018
+ms.date: 07/30/2018
 ---
 
 # Policy CSP - Privacy
@@ -4844,43 +4844,4 @@ Footnote:
 
 <!--/Policies-->
 
-<!--StartHoloLens-->
-## <a href="" id="hololenspolicies"></a>Privacy policies supported by Windows Holographic for Business  
-
--   [Privacy/AllowCrossDeviceClipboard](#privacy-allowcrossdeviceclipboard)  
--   [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)  
--   [Privacy/LetAppsAccessGazeInput](#privacy-letappsaccessgazeinput)  
--   [Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps](#privacy-letappsaccessgazeinput-forceallowtheseapps)  
--   [Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps](#privacy-letappsaccessgazeinput-forcedenytheseapps)  
--   [Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps](#privacy-letappsaccessgazeinput-userincontroloftheseapps)  
--   [Privacy/UploadUserActivities](#privacy-uploaduseractivities)  
-<!--EndHoloLens-->
-
-<!--StartIoTCore-->
-## <a href="" id="iotcore"></a>Privacy policies supported by IoT Core  
-
--   [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)  
--   [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)  
--   [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)  
--   [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps)  
--   [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground)  
--   [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps)  
--   [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)  
--   [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)  
-<!--EndIoTCore-->
-
-<!--StartSurfaceHub-->
-## <a href="" id="surfacehubpolicies"></a>Privacy policies supported by Microsoft Surface Hub  
-
--   [Privacy/EnableActivityFeed](#privacy-enableactivityfeed)  
--   [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)  
--   [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)  
--   [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)  
--   [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps)  
--   [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground)  
--   [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps)  
--   [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)  
--   [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)  
--   [Privacy/PublishUserActivities](#privacy-publishuseractivities)  
-<!--EndSurfaceHub-->
 

windows/client-management/mdm/policy-csp-search.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 05/14/2018
+ms.date: 07/30/2018
 ---
 
 # Policy CSP - Search
@@ -860,15 +860,5 @@ Footnote:
 
 <!--/Policies-->
 
-<!--StartEAS-->
-## <a href="" id="eas"></a>Search policies that can be set using Exchange Active Sync (EAS)  
 
--   [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)  
-<!--EndEAS-->
-
-<!--StartHoloLens-->
-## <a href="" id="hololenspolicies"></a>Search policies supported by Windows Holographic for Business  
-
--   [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)  
-<!--EndHoloLens-->
 

windows/client-management/mdm/policy-csp-security.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 06/26/2018
+ms.date: 07/30/2018
 ---
 
 # Policy CSP - Security
@@ -664,31 +664,5 @@ Footnote:
 
 <!--/Policies-->
 
-<!--StartEAS-->
-## <a href="" id="eas"></a>Security policies that can be set using Exchange Active Sync (EAS)  
 
--   [Security/RequireDeviceEncryption](#security-requiredeviceencryption)  
-<!--EndEAS-->
-
-<!--StartHoloLens-->
-## <a href="" id="hololenspolicies"></a>Security policies supported by Windows Holographic for Business  
-
--   [Security/RequireDeviceEncryption](#security-requiredeviceencryption)  
-<!--EndHoloLens-->
-
-<!--StartIoTCore-->
-## <a href="" id="iotcore"></a>Security policies supported by IoT Core  
-
--   [Security/AllowAddProvisioningPackage](#security-allowaddprovisioningpackage)  
--   [Security/AllowRemoveProvisioningPackage](#security-allowremoveprovisioningpackage)  
--   [Security/RequireDeviceEncryption](#security-requiredeviceencryption)  
--   [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature)  
-<!--EndIoTCore-->
-
-<!--StartSurfaceHub-->
-## <a href="" id="surfacehubpolicies"></a>Security policies supported by Microsoft Surface Hub  
-
--   [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature)  
--   [Security/RequireRetrieveHealthCertificateOnBoot](#security-requireretrievehealthcertificateonboot)  
-<!--EndSurfaceHub-->
 

windows/client-management/mdm/policy-csp-settings.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 05/14/2018
+ms.date: 07/30/2018
 ---
 
 # Policy CSP - Settings
@@ -849,10 +849,5 @@ Footnote:
 
 <!--/Policies-->
 
-<!--StartHoloLens-->
-## <a href="" id="hololenspolicies"></a>Settings policies supported by Windows Holographic for Business  
 
--   [Settings/AllowDateTime](#settings-allowdatetime)  
--   [Settings/AllowVPN](#settings-allowvpn)  
-<!--EndHoloLens-->
 

windows/client-management/mdm/policy-csp-system.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 06/05/2018
+ms.date: 07/30/2018
 ---
 
 # Policy CSP - System
@@ -1194,34 +1194,5 @@ Footnote:
 
 <!--/Policies-->
 
-<!--StartEAS-->
-## <a href="" id="eas"></a>System policies that can be set using Exchange Active Sync (EAS)  
 
--   [System/AllowStorageCard](#system-allowstoragecard)  
--   [System/TelemetryProxy](#system-telemetryproxy)  
-<!--EndEAS-->
-
-<!--StartHoloLens-->
-## <a href="" id="hololenspolicies"></a>System policies supported by Windows Holographic for Business  
-
--   [System/AllowLocation](#system-allowlocation)  
--   [System/AllowTelemetry](#system-allowtelemetry)  
-<!--EndHoloLens-->
-
-<!--StartIoTCore-->
-## <a href="" id="iotcore"></a>System policies supported by IoT Core  
-
--   [System/AllowEmbeddedMode](#system-allowembeddedmode)  
--   [System/AllowFontProviders](#system-allowfontproviders)  
--   [System/AllowStorageCard](#system-allowstoragecard)  
--   [System/TelemetryProxy](#system-telemetryproxy)  
-<!--EndIoTCore-->
-
-<!--StartSurfaceHub-->
-## <a href="" id="surfacehubpolicies"></a>System policies supported by Microsoft Surface Hub  
-
--   [System/AllowFontProviders](#system-allowfontproviders)  
--   [System/AllowLocation](#system-allowlocation)  
--   [System/AllowTelemetry](#system-allowtelemetry)  
-<!--EndSurfaceHub-->
 

windows/client-management/mdm/policy-csp-update.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 07/18/2018
+ms.date: 07/30/2018
 ---
 
 # Policy CSP - Update
@@ -3551,52 +3551,4 @@ Footnote:
 
 <!--/Policies-->
 
-<!--StartHoloLens-->
-## <a href="" id="hololenspolicies"></a>Update policies supported by Windows Holographic for Business  
-
--   [Update/AllowAutoUpdate](#update-allowautoupdate)  
--   [Update/AllowUpdateService](#update-allowupdateservice)  
--   [Update/RequireDeferUpgrade](#update-requiredeferupgrade)  
--   [Update/RequireUpdateApproval](#update-requireupdateapproval)  
--   [Update/UpdateServiceUrl](#update-updateserviceurl)  
-<!--EndHoloLens-->
-
-<!--StartIoTCore-->
-## <a href="" id="iotcore"></a>Update policies supported by IoT Core  
-
--   [Update/AllowNonMicrosoftSignedUpdate](#update-allownonmicrosoftsignedupdate)  
--   [Update/AllowUpdateService](#update-allowupdateservice)  
--   [Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates](#update-autorestartdeadlineperiodindaysforfeatureupdates)  
--   [Update/EngagedRestartDeadlineForFeatureUpdates](#update-engagedrestartdeadlineforfeatureupdates)  
--   [Update/EngagedRestartSnoozeScheduleForFeatureUpdates](#update-engagedrestartsnoozescheduleforfeatureupdates)  
--   [Update/EngagedRestartTransitionScheduleForFeatureUpdates](#update-engagedrestarttransitionscheduleforfeatureupdates)  
--   [Update/PauseDeferrals](#update-pausedeferrals)  
--   [Update/RequireDeferUpgrade](#update-requiredeferupgrade)  
--   [Update/RequireUpdateApproval](#update-requireupdateapproval)  
--   [Update/ScheduledInstallDay](#update-scheduledinstallday)  
--   [Update/ScheduledInstallTime](#update-scheduledinstalltime)  
--   [Update/SetDisablePauseUXAccess](#update-setdisablepauseuxaccess)  
--   [Update/SetDisableUXWUAccess](#update-setdisableuxwuaccess)  
--   [Update/UpdateServiceUrl](#update-updateserviceurl)  
-<!--EndIoTCore-->
-
-<!--StartSurfaceHub-->
-## <a href="" id="surfacehubpolicies"></a>Update policies supported by Microsoft Surface Hub  
-
--   [Update/AllowAutoUpdate](#update-allowautoupdate)  
--   [Update/AllowUpdateService](#update-allowupdateservice)  
--   [Update/AutoRestartNotificationSchedule](#update-autorestartnotificationschedule)  
--   [Update/AutoRestartRequiredNotificationDismissal](#update-autorestartrequirednotificationdismissal)  
--   [Update/BranchReadinessLevel](#update-branchreadinesslevel)  
--   [Update/DeferFeatureUpdatesPeriodInDays](#update-deferfeatureupdatesperiodindays)  
--   [Update/DeferQualityUpdatesPeriodInDays](#update-deferqualityupdatesperiodindays)  
--   [Update/DetectionFrequency](#update-detectionfrequency)  
--   [Update/PauseFeatureUpdates](#update-pausefeatureupdates)  
--   [Update/PauseQualityUpdates](#update-pausequalityupdates)  
--   [Update/ScheduleImminentRestartWarning](#update-scheduleimminentrestartwarning)  
--   [Update/ScheduleRestartWarning](#update-schedulerestartwarning)  
--   [Update/SetAutoRestartNotificationDisable](#update-setautorestartnotificationdisable)  
--   [Update/UpdateServiceUrl](#update-updateserviceurl)  
--   [Update/UpdateServiceUrlAlternate](#update-updateserviceurlalternate)  
-<!--EndSurfaceHub-->
 

windows/client-management/mdm/vpnv2-csp.md

@@ -255,7 +255,14 @@ An optional flag to enable Always On mode. This will automatically connect the V
 
 > **Note**  Always On only works for the active profile. The first profile provisioned that can be auto triggered will automatically be set as active.
 
- 
+Preserving user Always On preference
+
+Windows has a feature to preserve a user’s AlwaysOn preference.  In the event that a user manually unchecks the “Connect    automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList.  
+Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows will not check the box if the profile name exists in the below registry value in order to preserve user preference.
+Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config
+Value: AutoTriggerDisabledProfilesList
+Type: REG_MULTI_SZ
+
 
 Valid values:
 

windows/client-management/mdm/windowslicensing-csp.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 07/16/2018
+ms.date: 07/25/2018
 ---
 
 # WindowsLicensing CSP
@@ -164,7 +164,7 @@ The supported operation is Get.
 Interior node for managing S mode.
 
 <a href="" id="smode-switchingpolicy"></a>**SMode/SwitchingPolicy**  
-Added in Windows 10, next major version. Determines whether a consumer can switch the device out of S mode. This setting is only applicable to devices available in S mode.
+Added in Windows 10, next major version. Determines whether a consumer can switch the device out of S mode. This setting is only applicable to devices available in S mode. For examples, see [Add S mode SwitchingPolicy](#smode-switchingpolicy-add), [Get S mode SwitchingPolicy](#smode-switchingpolicy-get), [Replace S mode SwitchingPolicy](#smode-switchingpolicy-replace) and [Delete S mode SwitchingPolicy](#smode-switchingpolicy-delete)
 
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
@@ -173,12 +173,12 @@ Supported values:
 -  1 - User Blocked: The admin has blocked the user from switching their device out of S mode. Only the admin can switch the device out of S mode through the SMode/SwitchFromSMode node.
 
 <a href="" id="smode-switchfromsmode"></a>**SMode/SwitchFromSMode**  
-Added in Windows 10, next major version. Switches a device out of S mode if possible. Does not reboot.
+Added in Windows 10, next major version. Switches a device out of S mode if possible. Does not reboot. For an example, see [Execute SwitchFromSMode](#smode-switchfromsmode-execute)
 
 Supported operation is Execute.
 
 <a href="" id="smode-status"></a>**SMode/Status**   
-Added in Windows 10, next major version. Returns the status of the latest SwitchFromSMode set request.
+Added in Windows 10, next major version. Returns the status of the latest SwitchFromSMode set request. For an example, see [Get S mode status](#smode-status-example)
 
 Value type is integer. Supported operation is Get.
 
@@ -315,6 +315,140 @@ Value type is integer. Supported operation is Get.
 </SyncML>
 ```
 
+<a href="" id="smode-status-example"></a>**Get S mode status**
+
+```
+<SyncML xmlns="SYNCML:SYNCML1.2">
+  <SyncBody>
+    <Get>
+      <CmdID>6</CmdID>
+      <Item>
+        <Target>
+          <LocURI>
+            ./Vendor/MSFT/WindowsLicensing/SMode/Status
+          </LocURI>
+        </Target>
+      </Item>
+    </Get>
+    <Final/> 
+  </SyncBody>
+</SyncML>
+```
+
+<a href="" id="smode-switchfromsmode-execute"></a>**Execute SwitchFromSMode**
+
+```
+<SyncML xmlns="SYNCML:SYNCML1.2">
+  <SyncBody>
+    <Exec>
+      <CmdID>5</CmdID>
+      <Item>
+        <Target>
+          <LocURI>
+            ./Vendor/MSFT/WindowsLicensing/SMode/SwitchFromSMode
+          </LocURI>
+        </Target>
+        <Meta>
+          <Format xmlns="syncml:metinf">null</Format>
+          <Type>text/plain</Type>
+        </Meta>
+        <Data></Data>
+      </Item>
+    </Exec>
+    <Final/> 
+  </SyncBody>
+</SyncML>
+```
+
+<a href="" id="smode-switchingpolicy-add"></a>**Add S mode SwitchingPolicy**
+
+```
+<SyncML xmlns="SYNCML:SYNCML1.2">
+  <SyncBody>
+    <Add>
+      <CmdID>4</CmdID>
+      <Item>
+        <Target>
+          <LocURI>
+            ./Vendor/MSFT/WindowsLicensing/SMode/SwitchingPolicy
+          </LocURI>
+        </Target>
+        <Meta>
+          <Format xmlns="syncml:metinf">int</Format>
+          <Type>text/plain</Type>
+        </Meta>
+        <Data>1</Data>
+      </Item>
+    </Add>
+    <Final/> 
+  </SyncBody>
+</SyncML>
+```
+
+<a href="" id="smode-switchingpolicy-get"></a>**Get S mode SwitchingPolicy**
+
+```
+<SyncML xmlns="SYNCML:SYNCML1.2">
+  <SyncBody>
+    <Get>
+      <CmdID>2</CmdID>
+      <Item>
+        <Target>
+          <LocURI>
+            ./Vendor/MSFT/WindowsLicensing/SMode/SwitchingPolicy
+          </LocURI>
+        </Target>
+      </Item>
+    </Get>
+    <Final/> 
+  </SyncBody>
+</SyncML>
+```
+
+<a href="" id="smode-switchingpolicy-replace"></a>**Replace S mode SwitchingPolicy**
+
+```
+<SyncML xmlns="SYNCML:SYNCML1.2">
+  <SyncBody>
+    <Replace>
+      <CmdID>1</CmdID>
+      <Item>
+        <Target>
+          <LocURI>
+            ./Vendor/MSFT/WindowsLicensing/SMode/SwitchingPolicy
+          </LocURI>
+        </Target>
+        <Meta>
+          <Format xmlns="syncml:metinf">int</Format>
+          <Type>text/plain</Type>
+        </Meta>
+        <Data>1</Data>
+      </Item>
+    </Replace>
+    <Final/> 
+  </SyncBody>
+</SyncML>
+```
+
+<a href="" id="smode-switchingpolicy-delete"></a>**Delete S mode SwitchingPolicy**
+
+```
+<SyncML xmlns="SYNCML:SYNCML1.2">
+  <SyncBody>
+    <Delete>
+      <CmdID>3</CmdID>
+      <Item>
+        <Target>
+          <LocURI>
+            ./Vendor/MSFT/WindowsLicensing/SMode/SwitchingPolicy
+          </LocURI>
+        </Target>
+      </Item>
+    </Delete>
+    <Final/> 
+  </SyncBody>
+</SyncML>
+```
 ## Related topics
 
 

windows/configuration/TOC.md

@@ -1,13 +1,20 @@
 # [Configure Windows 10](index.md)
 ## [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md)
-## [Configure kiosk and shared devices running Windows 10 desktop editions](kiosk-shared-pc.md)
-### [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)
-### [Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education](setup-kiosk-digital-signage.md)
-### [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md)
-### [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md)
+## [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)
+## [Configure kiosks and digital signs on Windows desktop editions](kiosk-methods.md)
+### [Prepare a device for kiosk configuration](kiosk-prepare.md)
+### [Set up digital signs on Windows 10](setup-digital-signage.md)
+### [Set up a single-app kiosk](kiosk-single-app.md)
+### [Set up a multi-app kiosk](lock-down-windows-10-to-specific-apps.md)
+### [More kiosk methods and reference information](kiosk-additional-reference.md)
+#### [Validate your kiosk configuration](kiosk-validate.md)
+#### [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md)
+#### [Policies enforced on kiosk devices](kiosk-policies.md)
+#### [Assigned access XML reference](kiosk-xml.md)
+#### [Use AppLocker to create a Windows 10 kiosk](lock-down-windows-10-applocker.md)
+#### [Use Shell Launcher to create a Windows 10 kiosk](kiosk-shelllauncher.md)
+#### [Use MDM Bridge WMI Provider to create a Windows 10 kiosk](kiosk-mdm-bridge.md)
 #### [Troubleshoot multi-app kiosk](multi-app-kiosk-troubleshoot.md)
-#### [Use AppLocker to create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-applocker.md)
-### [Assigned Access configuration (kiosk) XML reference](kiosk-xml.md)
 ## [Configure Windows 10 Mobile devices](mobile-devices/configure-mobile.md)
 ### [Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise](mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md)
 ### [Use Windows Configuration Designer to configure Windows 10 Mobile devices](mobile-devices/provisioning-configure-mobile.md)

windows/configuration/change-history-for-configure-windows-10.md

@@ -10,14 +10,18 @@ ms.localizationpriority: medium
 author: jdeckerms
 ms.author: jdecker
 ms.topic: article
-ms.date: 06/27/2018
+ms.date: 07/30/2018
 ---
 
 # Change history for Configure Windows 10
 
 This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
 
+## July 2018
 
+New or changed topic | Description 
+--- | ---
+[Configure kiosks and child topics](kiosk-methods.md) | Reorganized the information for configuring kiosks into new topics, and moved [Set up shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md).
 
 ## June 2018
 
@@ -70,7 +74,7 @@ New or changed topic | Description
 New or changed topic | Description
 --- | ---
 [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) and [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) | Added events and fields that were added in the March update.
-Set up a kiosk on Windows 10 Pro, Enterprise, or Education | Renamed it [Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education](setup-kiosk-digital-signage.md) and reorganized the information to make the choices clearer.
+Set up a kiosk on Windows 10 Pro, Enterprise, or Education | Renamed it **Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education** and reorganized the information to make the choices clearer.
 
 
 ## February 2018

windows/configuration/guidelines-for-assigned-access-app.md

@@ -1,6 +1,6 @@
 ---
 title: Guidelines for choosing an app for assigned access (Windows 10)
-description: You can configure Windows 10 as a kiosk device, so that users can only interact with a single app.
+description: The following guidelines may help you choose an appropriate Windows app for your assigned access experience.
 keywords: ["kiosk", "lockdown", "assigned access"]
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -9,7 +9,7 @@ author: jdeckerms
 ms.localizationpriority: medium
 ms.author: jdecker
 ms.topic: article
-ms.date: 05/31/2018
+ms.date: 07/30/2018
 ---
 
 # Guidelines for choosing an app for assigned access (kiosk mode)
@@ -55,7 +55,7 @@ In Windows 10, version 1803, you can install the **Kiosk Browser** app from Micr
 >[!NOTE]
 >If you configure the kiosk using a provisioning package, you must apply the provisioning package after the device completes the out-of-box experience (OOBE).
 
-#### Kiosk Browser settings
+### Kiosk Browser settings
 
 Kiosk Browser settings | Use this setting to
 --- | ---